Hi, I just want to bring this to everyones attention that this affects quite some functions (fileperms, fileinode, filesize, fileowner, blabla, just do a grep FileFunction filestat.c in ext/standard).
Maybe I missed a reason why this was never done? - Markus On Mon, May 20, 2002 at 05:18:19PM -0000, Markus Fischer wrote : > mfischer Mon May 20 13:18:19 2002 EDT > > Modified files: > /php4/ext/standard filestat.c > Log: > - Add open_basedir check for all functions using php_stat() (filesize, stat, > etc), closes #11563. > > > Index: php4/ext/standard/filestat.c > diff -u php4/ext/standard/filestat.c:1.92 php4/ext/standard/filestat.c:1.93 > --- php4/ext/standard/filestat.c:1.92 Wed May 15 21:07:21 2002 > +++ php4/ext/standard/filestat.c Mon May 20 13:18:18 2002 > @@ -16,7 +16,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: filestat.c,v 1.92 2002/05/16 01:07:21 sniper Exp $ */ > +/* $Id: filestat.c,v 1.93 2002/05/20 17:18:18 mfischer Exp $ */ > > #include "php.h" > #include "safe_mode.h" > @@ -552,6 +552,10 @@ > int rmask=S_IROTH, wmask=S_IWOTH, xmask=S_IXOTH; /* access rights defaults to >other */ > char *stat_sb_names[13]={"dev", "ino", "mode", "nlink", "uid", "gid", "rdev", > "size", "atime", "mtime", "ctime", "blksize", "blocks"}; > + > + if (php_check_open_basedir(filename)) { > + RETURN_FALSE; > + } > > stat_sb = &BG(sb); > > > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Please always Cc to me when replying to me on the lists. GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc --------------------------------------------------------- "I mean "When in doubt, blame mcrypt" is more often right than wrong :)" "Always right, never wrong :)" - Two PHP developers who want to remain unnamed -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php