Hi,

    I just want to bring this to everyones attention that this
    affects quite some functions (fileperms, fileinode, filesize,
    fileowner, blabla, just do a grep FileFunction filestat.c in
    ext/standard).

    Maybe I missed a reason why this was never done?

    - Markus

On Mon, May 20, 2002 at 05:18:19PM -0000, Markus Fischer wrote : 
> mfischer              Mon May 20 13:18:19 2002 EDT
> 
>   Modified files:              
>     /php4/ext/standard        filestat.c 
>   Log:
>   - Add open_basedir check for all functions using php_stat() (filesize, stat,
>     etc), closes #11563.
>   
>   
> Index: php4/ext/standard/filestat.c
> diff -u php4/ext/standard/filestat.c:1.92 php4/ext/standard/filestat.c:1.93
> --- php4/ext/standard/filestat.c:1.92 Wed May 15 21:07:21 2002
> +++ php4/ext/standard/filestat.c      Mon May 20 13:18:18 2002
> @@ -16,7 +16,7 @@
>     +----------------------------------------------------------------------+
>   */
>  
> -/* $Id: filestat.c,v 1.92 2002/05/16 01:07:21 sniper Exp $ */
> +/* $Id: filestat.c,v 1.93 2002/05/20 17:18:18 mfischer Exp $ */
>  
>  #include "php.h"
>  #include "safe_mode.h"
> @@ -552,6 +552,10 @@
>       int rmask=S_IROTH, wmask=S_IWOTH, xmask=S_IXOTH; /* access rights defaults to 
>other */
>       char *stat_sb_names[13]={"dev", "ino", "mode", "nlink", "uid", "gid", "rdev",
>                             "size", "atime", "mtime", "ctime", "blksize", "blocks"};
> +
> +     if (php_check_open_basedir(filename)) {
> +             RETURN_FALSE;
> +     }
>  
>       stat_sb = &BG(sb);
>  
> 
> 
> 
> -- 
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

-- 
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
---------------------------------------------------------
"I mean "When in doubt, blame mcrypt" is more often right than wrong :)"
"Always right, never wrong :)"
- Two PHP developers who want to remain unnamed

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to