diff options
| author | Stanislav Malyshev <stas@php.net> | 2007-08-03 01:16:40 +0000 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2007-08-03 01:16:40 +0000 |
| commit | 6b7f16480390065a1c815fc93ce2a6fbbbe7435d (patch) | |
| tree | 892180def3c33da59ed3007ed802625788b50ca3 | |
| parent | 1b131c46ad7870ca4bc3dffbd45293e76bd26676 (diff) | |
| download | php-git-6b7f16480390065a1c815fc93ce2a6fbbbe7435d.tar.gz | |
correct fix for access control for save_path and .htaccess
| -rw-r--r-- | ext/session/mod_files.c | 8 | ||||
| -rw-r--r-- | ext/session/session.c | 4 |
2 files changed, 2 insertions, 10 deletions
diff --git a/ext/session/mod_files.c b/ext/session/mod_files.c index cd5bda2204..722e389177 100644 --- a/ext/session/mod_files.c +++ b/ext/session/mod_files.c @@ -294,14 +294,6 @@ PS_OPEN_FUNC(files) } save_path = argv[argc - 1]; - if (PG(safe_mode) && (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - - if (PG(open_basedir) && php_check_open_basedir(save_path TSRMLS_CC)) { - return FAILURE; - } - data = emalloc(sizeof(*data)); memset(data, 0, sizeof(*data)); diff --git a/ext/session/session.c b/ext/session/session.c index 3dfda00d6f..7b2e03115c 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -151,7 +151,7 @@ static PHP_INI_MH(OnUpdateSerializer) static PHP_INI_MH(OnUpdateSaveDir) { /* Only do the safemode/open_basedir check at runtime */ - if (stage == PHP_INI_STAGE_RUNTIME) { + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { char *p; if (memchr(new_value, '\0', new_value_length) != NULL) { @@ -168,7 +168,7 @@ static PHP_INI_MH(OnUpdateSaveDir) return FAILURE; } - if (php_check_open_basedir(p TSRMLS_CC)) { + if (PG(open_basedir) && php_check_open_basedir(p TSRMLS_CC)) { return FAILURE; } } |