Does anyone see a problem with this patch?
--
· André Langhorst t: +49 331 5811560 ·
· [EMAIL PROTECTED] m: +49 173 9558736 ·
* PHP Quality Assurance http://qa.php.net *
|
Does someone see problems in merging the
following patches in 4_0_5
They patch two serius problems in
4_0_5
copy function:
the safe mode check, checks only ownership of source,
then it call php_copy_file, so if the httpd process have OS right to open the
target file, any user can overwrite a file writable by httpd with a file owned
by himself.
move_uploaded_file
similar problem as user can overwrite
any file with the uploaded one.
waiting for comments.
Romolo Manfredini
|
diff
--
PHP Quality Assurance Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
