standard filestat.c

Ilia Alshanetsky Sat, 09 Dec 2006 08:01:43 -0800

iliaa           Sat Dec  9 16:01:29 2006 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src/ext/standard       filestat.c 
    /php-src    NEWS 
  Log:
  Fixed bug #29840 (is_executable() does not honor safe_mode_exec_dir
  setting).
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/filestat.c?r1=1.136.2.8.2.5&r2=1.136.2.8.2.6&diff_format=u
Index: php-src/ext/standard/filestat.c
diff -u php-src/ext/standard/filestat.c:1.136.2.8.2.5 
php-src/ext/standard/filestat.c:1.136.2.8.2.6
--- php-src/ext/standard/filestat.c:1.136.2.8.2.5       Wed Nov 29 23:34:49 2006
+++ php-src/ext/standard/filestat.c     Sat Dec  9 16:01:29 2006
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: filestat.c,v 1.136.2.8.2.5 2006/11/29 23:34:49 iliaa Exp $ */
+/* $Id: filestat.c,v 1.136.2.8.2.6 2006/12/09 16:01:29 iliaa Exp $ */
 
 #include "php.h"
 #include "safe_mode.h"
@@ -684,14 +684,27 @@
                              "size", "atime", "mtime", "ctime", "blksize", 
"blocks"};
        char *local;
        php_stream_wrapper *wrapper;
+       char safe_mode_buf[MAXPATHLEN];
 
        if (!filename_length) {
                RETURN_FALSE;
        }
 
        if ((wrapper = php_stream_locate_url_wrapper(filename, &local, 0 
TSRMLS_CC)) == &php_plain_files_wrapper) {
-               if (php_check_open_basedir(local TSRMLS_CC) || (PG(safe_mode) 
&& !php_checkuid_ex(filename, NULL, CHECKUID_ALLOW_FILE_NOT_EXISTS, 
CHECKUID_NO_ERRORS))) {
+               if (php_check_open_basedir(local TSRMLS_CC)) {
                        RETURN_FALSE;
+               } else if (PG(safe_mode)) {
+                       if (type == FS_IS_X) {
+                               if (strstr(local, "..")) {
+                                       RETURN_FALSE;
+                               } else {
+                                       char *b = strrchr(local, 
PHP_DIR_SEPARATOR);
+                                       snprintf(safe_mode_buf, MAXPATHLEN, 
"%s%s%s", PG(safe_mode_exec_dir), (b ? "" : "/"), (b ? b : local));
+                                       local = (char *)&safe_mode_buf;
+                               }
+                       } else if (!php_checkuid_ex(local, NULL, 
CHECKUID_ALLOW_FILE_NOT_EXISTS, CHECKUID_NO_ERRORS)) {
+                               RETURN_FALSE;
+                       }
                }
        }
 
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.416&r2=1.2027.2.547.2.417&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.416 php-src/NEWS:1.2027.2.547.2.417
--- php-src/NEWS:1.2027.2.547.2.416     Sat Dec  9 10:53:45 2006
+++ php-src/NEWS        Sat Dec  9 16:01:29 2006
@@ -165,6 +165,8 @@
 - Fixed bug #36644 (possible crash in variant_date_from_timestamp()). (Ilia)
 - Fixed bug #33282 (Re-assignment by reference does not clear the is_ref flag)
   (Ilia,Dmitry, Matt Wilmas)
+- Fixed bug #29840 (is_executable() does not honor safe_mode_exec_dir
+  setting). (Ilia)
 
 02 Nov 2006, PHP 5.2.0
 - Updated bundled OpenSSL to version 0.9.8d in the Windows distro. (Edin)


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard filestat.c

Reply via email to