pollita Thu Jan 9 16:57:45 2003 EDT Modified files: /php4/ext/standard filestat.c /php4/main safe_mode.c safe_mode.h Log: Bug #21531 file_exists() and other filestat functions throw errors when in safe mode and file/directory does not exist. Extended php_checkuid function to add "flags" field via rename to php_checkuid_ex with alias for BC in functions that do want safe mode errors thrown. Index: php4/ext/standard/filestat.c diff -u php4/ext/standard/filestat.c:1.117 php4/ext/standard/filestat.c:1.118 --- php4/ext/standard/filestat.c:1.117 Sat Jan 4 19:56:17 2003 +++ php4/ext/standard/filestat.c Thu Jan 9 16:57:44 2003 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: filestat.c,v 1.117 2003/01/05 00:56:17 derick Exp $ */ +/* $Id: filestat.c,v 1.118 2003/01/09 21:57:44 pollita Exp $ */ #include "php.h" #include "safe_mode.h" @@ -564,7 +564,7 @@ char *stat_sb_names[13]={"dev", "ino", "mode", "nlink", "uid", "gid", "rdev", "size", "atime", "mtime", "ctime", "blksize", "blocks"}; - if (PG(safe_mode) &&(!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (PG(safe_mode) &&(!php_checkuid_ex(filename, NULL, +CHECKUID_CHECK_FILE_AND_DIR, IS_EXISTS_CHECK(type) ? CHECKUID_NO_ERRORS : 0))) { RETURN_FALSE; } Index: php4/main/safe_mode.c diff -u php4/main/safe_mode.c:1.52 php4/main/safe_mode.c:1.53 --- php4/main/safe_mode.c:1.52 Tue Dec 31 10:58:54 2002 +++ php4/main/safe_mode.c Thu Jan 9 16:57:45 2003 @@ -15,7 +15,7 @@ | Author: Rasmus Lerdorf <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: safe_mode.c,v 1.52 2002/12/31 15:58:54 sebastian Exp $ */ +/* $Id: safe_mode.c,v 1.53 2003/01/09 21:57:45 pollita Exp $ */ #include "php.h" @@ -44,7 +44,7 @@ * 5 - only check file */ -PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) +PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, int +flags) { struct stat sb; int ret, nofile=0; @@ -85,12 +85,16 @@ ret = VCWD_STAT(path, &sb); if (ret < 0) { if (mode == CHECKUID_DISALLOW_FILE_NOT_EXISTS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); + if (flags & CHECKUID_NO_ERRORS == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, +"Unable to access %s", filename); + } return 0; } else if (mode == CHECKUID_ALLOW_FILE_NOT_EXISTS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); + if (flags & CHECKUID_NO_ERRORS == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, +"Unable to access %s", filename); + } return 1; - } + } nofile = 1; } else { uid = sb.st_uid; @@ -129,7 +133,9 @@ /* check directory */ ret = VCWD_STAT(path, &sb); if (ret < 0) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to access %s", filename); + if (flags & CHECKUID_NO_ERRORS == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to +access %s", filename); + } return 0; } duid = sb.st_uid; @@ -162,15 +168,21 @@ gid = dgid; filename = path; } - - if (PG(safe_mode_gid)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access %s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid); - } else { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", php_getuid(), filename, uid); - } + + if (flags & CHECKUID_NO_ERRORS == 0) { + if (PG(safe_mode_gid)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE +Restriction in effect. The script whose uid/gid is %ld/%ld is not allowed to access +%s owned by uid/gid %ld/%ld", php_getuid(), php_getgid(), filename, uid, gid); + } else { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "SAFE MODE +Restriction in effect. The script whose uid is %ld is not allowed to access %s owned +by uid %ld", php_getuid(), filename, uid); + } + } + return 0; } +PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) { + return php_checkuid_ex(filename, fopen_mode, mode, 0); +} PHPAPI char *php_get_current_user() { Index: php4/main/safe_mode.h diff -u php4/main/safe_mode.h:1.7 php4/main/safe_mode.h:1.8 --- php4/main/safe_mode.h:1.7 Fri Jul 13 14:21:21 2001 +++ php4/main/safe_mode.h Thu Jan 9 16:57:45 2003 @@ -9,7 +9,11 @@ #define CHECKUID_CHECK_MODE_PARAM 4 #define CHECKUID_ALLOW_ONLY_FILE 5 +/* flags for php_checkuid_ex() */ +#define CHECKUID_NO_ERRORS 0x01 + extern PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode); +extern PHPAPI int php_checkuid_ex(const char *filename, char *fopen_mode, int mode, +int flags); extern PHPAPI char *php_get_current_user(void); #endif
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php