Commit: 71c63bcfc5456a59b090754cf0b0ba2815e1bf16 Author: Dmitry Stogov <dmi...@zend.com> Thu, 7 Feb 2013 13:04:47 +0400 Committer: Johannes Schlüter <johan...@php.net> Wed, 13 Feb 2013 21:51:02 +0100 Parents: 8285a82070d7279624b876b0e13e88f629000e66 Branches: PHP-5.3.22
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=71c63bcfc5456a59b090754cf0b0ba2815e1bf16 Log: Check if soap.wsdl_cache_dir confirms to open_basedir (cherry picked from commit cc4c318b0c71e1a9c9cf803b5ee5d437344d64db) Changed paths: M ext/soap/soap.c Diff: diff --git a/ext/soap/soap.c b/ext/soap/soap.c index 843f49b..6851a9b 100644 --- a/ext/soap/soap.c +++ b/ext/soap/soap.c @@ -568,10 +568,44 @@ ZEND_INI_MH(OnUpdateCacheMode) return SUCCESS; } +static PHP_INI_MH(OnUpdateCacheDir) +{ + /* Only do the safemode/open_basedir check at runtime */ + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { + char *p; + + if (memchr(new_value, '\0', new_value_length) != NULL) { + return FAILURE; + } + + /* we do not use zend_memrchr() since path can contain ; itself */ + if ((p = strchr(new_value, ';'))) { + char *p2; + p++; + if ((p2 = strchr(p, ';'))) { + p = p2 + 1; + } + } else { + p = new_value; + } + + if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + return FAILURE; + } + + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { + return FAILURE; + } + } + + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + PHP_INI_BEGIN() STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateBool, cache_enabled, zend_soap_globals, soap_globals) -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, cache_dir, zend_soap_globals, soap_globals) STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, cache_ttl, zend_soap_globals, soap_globals) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php