iliaa Wed Mar 14 03:52:16 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/bz2 bz2.c
Log:
MFB: Added missing open_basedir & safe_mode checks to bzip:// wrapper.
http://cvs.php.net/viewvc.cgi/php-src/ext/bz2/bz2.c?r1=1.1.2.4.2.7&r2=1.1.2.4.2.8&diff_format=u
Index: php-src/ext/bz2/bz2.c
diff -u php-src/ext/bz2/bz2.c:1.1.2.4.2.7 php-src/ext/bz2/bz2.c:1.1.2.4.2.8
--- php-src/ext/bz2/bz2.c:1.1.2.4.2.7 Mon Jan 1 09:46:40 2007
+++ php-src/ext/bz2/bz2.c Wed Mar 14 03:52:16 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: bz2.c,v 1.1.2.4.2.7 2007/01/01 09:46:40 sebastian Exp $ */
+/* $Id: bz2.c,v 1.1.2.4.2.8 2007/03/14 03:52:16 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -171,6 +171,10 @@
#else
path_copy = path;
#endif
+
+ if ((PG(safe_mode) && (!php_checkuid(path_copy, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(path_copy TSRMLS_CC)) {
+ return NULL;
+ }
/* try and open it directly first */
bz_file = BZ2_bzopen(path_copy, mode);
@@ -182,7 +186,7 @@
if (bz_file == NULL) {
/* that didn't work, so try and get something from the
network/wrapper */
- stream = php_stream_open_wrapper(path, mode, options |
STREAM_WILL_CAST, opened_path);
+ stream = php_stream_open_wrapper(path, mode, options |
STREAM_WILL_CAST | ENFORCE_SAFE_MODE, opened_path);
if (stream) {
int fd;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
