[PHP-CVS] cvs: php4 /ext/standard basic_functions.c file.c

Fri, 23 Mar 2001 01:17:49 -0800 

romolo          Fri Mar 23 01:30:51 2001 EDT

  Modified files:              
    /php4/ext/standard  basic_functions.c file.c 
  Log:
  
  Added target ownership check in function copy for safe_mode operations
  
  
Index: php4/ext/standard/basic_functions.c
diff -u php4/ext/standard/basic_functions.c:1.320 
php4/ext/standard/basic_functions.c:1.321
--- php4/ext/standard/basic_functions.c:1.320   Thu Mar 22 06:43:48 2001
+++ php4/ext/standard/basic_functions.c Fri Mar 23 01:30:51 2001
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: basic_functions.c,v 1.320 2001/03/22 14:43:48 elixer Exp $ */
+/* $Id: basic_functions.c,v 1.321 2001/03/23 09:30:51 romolo Exp $ */
 
 #include "php.h"
 #include "php_main.h"
@@ -2490,7 +2490,11 @@
        if (!zend_hash_exists(SG(rfc1867_uploaded_files), Z_STRVAL_PP(path), 
Z_STRLEN_PP(path)+1)) {
                RETURN_FALSE;
        }
-
+       
+       if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_path), NULL, 
+CHECKUID_CHECK_FILE_AND_DIR))) {
+               RETURN_FALSE;
+       }
+       
        V_UNLINK(Z_STRVAL_PP(new_path));
        if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path))==0) {
                successful=1;
Index: php4/ext/standard/file.c
diff -u php4/ext/standard/file.c:1.148 php4/ext/standard/file.c:1.149
--- php4/ext/standard/file.c:1.148      Sun Mar 11 02:08:27 2001
+++ php4/ext/standard/file.c    Fri Mar 23 01:30:51 2001
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: file.c,v 1.148 2001/03/11 10:08:27 sasha Exp $ */
+/* $Id: file.c,v 1.149 2001/03/23 09:30:51 romolo Exp $ */
 
 /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */
 
@@ -1691,7 +1691,7 @@
 {
        pval **source, **target;
        PLS_FETCH();
-       
+
        if (ARG_COUNT(ht) != 2 || zend_get_parameters_ex(2, &source, &target) == 
FAILURE) {
                WRONG_PARAM_COUNT;
        }
@@ -1702,7 +1702,11 @@
        if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                RETURN_FALSE;
        }
-       
+
+       if (PG(safe_mode) &&(!php_checkuid((*target)->value.str.val, NULL, 
+CHECKUID_CHECK_FILE_AND_DIR))) {
+               RETURN_FALSE;
+       }
+
        if (php_copy_file(Z_STRVAL_PP(source), Z_STRVAL_PP(target))==SUCCESS) {
                RETURN_TRUE;
        } else {



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to