diff options
| author | Rasmus Lerdorf <rasmus@php.net> | 2002-05-11 19:23:05 +0000 |
|---|---|---|
| committer | Rasmus Lerdorf <rasmus@php.net> | 2002-05-11 19:23:05 +0000 |
| commit | 2d7369972164f6a6c4df27b77d9a668efe29a85d (patch) | |
| tree | 7de3508c9e21455c1a2f5a39b673c4580635e0e3 | |
| parent | 4caca1d6ebff2791bd1cc2348a660fb0fcb18221 (diff) | |
| download | php-git-2d7369972164f6a6c4df27b77d9a668efe29a85d.tar.gz | |
MFH - parse_ini_file() safe-mode fix
| -rw-r--r-- | ext/standard/basic_functions.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c index 26aef54e7b..9376d834d0 100644 --- a/ext/standard/basic_functions.c +++ b/ext/standard/basic_functions.c @@ -2501,6 +2501,15 @@ PHP_FUNCTION(parse_ini_file) } convert_to_string_ex(filename); + + if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_ONLY_FILE))) { + RETURN_FALSE; + } + + if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { + RETURN_FALSE; + } + fh.handle.fp = VCWD_FOPEN(Z_STRVAL_PP(filename), "r"); if (!fh.handle.fp) { php_error(E_WARNING, "Cannot open '%s' for reading", Z_STRVAL_PP(filename)); |