diff options
| author | Pierre Joye <pajoye@php.net> | 2007-03-14 11:08:57 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2007-03-14 11:08:57 +0000 |
| commit | 1c0b8e6f15e416f011263f2d20b5c0281de9fafc (patch) | |
| tree | 12d96769f4fd9e548081e22ee043307ba6dccc3f /ext/zip/zip_stream.c | |
| parent | 4f5303ab925c5284decfe47dbaa31a2b9a1b8d5b (diff) | |
| download | php-git-1c0b8e6f15e416f011263f2d20b5c0281de9fafc.tar.gz | |
- rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without
confusing in head without confusion)
- Add safemode and open basedir checks in zip:// wrapper (revert Ilia's
patch). Bug found by Stefan Esser in his MOPB-20-2007
Diffstat (limited to 'ext/zip/zip_stream.c')
| -rw-r--r-- | ext/zip/zip_stream.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c index d4b511cc09..1f305509ea 100644 --- a/ext/zip/zip_stream.c +++ b/ext/zip/zip_stream.c @@ -12,6 +12,7 @@ #include "ext/standard/file.h" #include "ext/standard/php_string.h" #include "fopen_wrappers.h" +#include "php_zip.h" #include "ext/standard/url.h" @@ -112,7 +113,7 @@ php_stream *php_stream_zip_open(char *filename, char *path, char *mode STREAMS_D } if (filename) { - if ((PG(safe_mode) && (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC)) { + if (OPENBASEDIR_CHECKPATH(filename)) { return NULL; } @@ -193,7 +194,7 @@ php_stream *php_stream_zip_opener(php_stream_wrapper *wrapper, php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC); fragment++; - if ((PG(safe_mode) && (!php_checkuid(file_dirname, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(file_dirname TSRMLS_CC)) { + if (OPENBASEDIR_CHECKPATH(file_dirname)) { efree(file_basename); return NULL; } |