diff options
| author | Wez Furlong <wez@php.net> | 2002-08-25 12:10:17 +0000 |
|---|---|---|
| committer | Wez Furlong <wez@php.net> | 2002-08-25 12:10:17 +0000 |
| commit | 95ffc663d9ba09dd7004b7023e92dad2cb539f66 (patch) | |
| tree | 08abba4d3522c6850f4388cfe0a712e94b40ae9d | |
| parent | 5c6ad38c31a42ccdb7a68d775e556575ccf273a1 (diff) | |
| download | php-git-95ffc663d9ba09dd7004b7023e92dad2cb539f66.tar.gz | |
Fix open_basedir.
| -rwxr-xr-x | main/streams.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/main/streams.c b/main/streams.c index 53206246f3..dd6b24b4fc 100755 --- a/main/streams.c +++ b/main/streams.c @@ -1020,6 +1020,11 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char /* Relative path open */ if (*filename == '.') { + + if (php_check_open_basedir(filename TSRMLS_CC)) { + return NULL; + } + if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; } @@ -1033,6 +1038,11 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char /* Absolute path open */ if (IS_ABSOLUTE_PATH(filename, filename_length)) { + + if (php_check_open_basedir(filename TSRMLS_CC)) { + return NULL; + } + if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) /* filename is in safe_mode_include_dir (or subdir) */ return php_stream_fopen_rel(filename, mode, opened_path); @@ -1044,6 +1054,11 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char } if (!path || (path && !*path)) { + + if (php_check_open_basedir(path TSRMLS_CC)) { + return NULL; + } + if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; } @@ -1087,7 +1102,10 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char if (PG(safe_mode)) { if (VCWD_STAT(trypath, &sb) == 0) { /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || + + if (php_check_open_basedir(trypath TSRMLS_CC)) { + stream = NULL; + } else if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { /* UID ok, or trypath is in safe_mode_include_dir */ stream = php_stream_fopen_rel(trypath, mode, opened_path); @@ -1406,6 +1424,10 @@ static php_stream *php_plain_files_stream_opener(php_stream_wrapper *wrapper, ch return php_stream_fopen_with_path_rel(path, mode, PG(include_path), opened_path); } + if (php_check_open_basedir(path TSRMLS_CC)) { + return NULL; + } + if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; |