Hi,
I just want to bring this to everyones attention that this
affects quite some functions (fileperms, fileinode, filesize,
fileowner, blabla, just do a grep FileFunction filestat.c in
ext/standard).
Maybe I missed a reason why this was never done?
- Markus
On Mon, May 20, 2002 at 05:18:19PM -0000, Markus Fischer wrote :
> mfischer Mon May 20 13:18:19 2002 EDT
>
> Modified files:
> /php4/ext/standard filestat.c
> Log:
> - Add open_basedir check for all functions using php_stat() (filesize, stat,
> etc), closes #11563.
>
>
> Index: php4/ext/standard/filestat.c
> diff -u php4/ext/standard/filestat.c:1.92 php4/ext/standard/filestat.c:1.93
> --- php4/ext/standard/filestat.c:1.92 Wed May 15 21:07:21 2002
> +++ php4/ext/standard/filestat.c Mon May 20 13:18:18 2002
> @@ -16,7 +16,7 @@
> +----------------------------------------------------------------------+
> */
>
> -/* $Id: filestat.c,v 1.92 2002/05/16 01:07:21 sniper Exp $ */
> +/* $Id: filestat.c,v 1.93 2002/05/20 17:18:18 mfischer Exp $ */
>
> #include "php.h"
> #include "safe_mode.h"
> @@ -552,6 +552,10 @@
> int rmask=S_IROTH, wmask=S_IWOTH, xmask=S_IXOTH; /* access rights defaults to
>other */
> char *stat_sb_names[13]={"dev", "ino", "mode", "nlink", "uid", "gid", "rdev",
> "size", "atime", "mtime", "ctime", "blksize", "blocks"};
> +
> + if (php_check_open_basedir(filename)) {
> + RETURN_FALSE;
> + }
>
> stat_sb = &BG(sb);
>
>
>
>
> --
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
---------------------------------------------------------
"I mean "When in doubt, blame mcrypt" is more often right than wrong :)"
"Always right, never wrong :)"
- Two PHP developers who want to remain unnamed
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
