diff options
| author | Sara Golemon <pollita@php.net> | 2003-05-17 04:20:12 +0000 |
|---|---|---|
| committer | Sara Golemon <pollita@php.net> | 2003-05-17 04:20:12 +0000 |
| commit | bab2866e213767bbd712b51733fd19153978f3b9 (patch) | |
| tree | 2e72e2551e1e41069f179f7ce8665c85071eb294 | |
| parent | f026645177b97e2f8ed30025ec6d133b885a4f39 (diff) | |
| download | php-git-bab2866e213767bbd712b51733fd19153978f3b9.tar.gz | |
Bug #14369. ftp extension allows circumvention of safe_mode restrictions
| -rw-r--r-- | ext/ftp/php_ftp.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ext/ftp/php_ftp.c b/ext/ftp/php_ftp.c index e6de1d548f..b125fa98db 100644 --- a/ext/ftp/php_ftp.c +++ b/ext/ftp/php_ftp.c @@ -598,9 +598,19 @@ PHP_FUNCTION(ftp_get) resumepos = 0; } + if (php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; + } + if (ftp->autoseek && resumepos) { + if (PG(safe_mode) && (!php_checkuid(local, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } outstream = php_stream_fopen(local, "rb+", NULL); if (outstream == NULL) { + if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } outstream = php_stream_fopen(local, "wb", NULL); } if (outstream != NULL) { @@ -613,6 +623,9 @@ PHP_FUNCTION(ftp_get) } } } else { + if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } outstream = php_stream_fopen(local, "wb", NULL); } @@ -656,9 +669,19 @@ PHP_FUNCTION(ftp_nb_get) resumepos = 0; } + if (php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; + } + if (ftp->autoseek && resumepos) { + if (PG(safe_mode) && (!php_checkuid(local, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } outstream = php_stream_fopen(local, "rb+", NULL); if (outstream == NULL) { + if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } outstream = php_stream_fopen(local, "wb", NULL); } if (outstream != NULL) { @@ -671,6 +694,9 @@ PHP_FUNCTION(ftp_nb_get) } } } else { + if (PG(safe_mode) && (!php_checkuid(local, "wb", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } outstream = php_stream_fopen(local, "wb", NULL); } @@ -852,6 +878,13 @@ PHP_FUNCTION(ftp_put) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); XTYPE(xtype, mode); + if (php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; + } + if (PG(safe_mode) && (!php_checkuid(local, "rb", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + instream = php_stream_fopen(local, "rb", NULL); if (instream == NULL) { @@ -907,6 +940,13 @@ PHP_FUNCTION(ftp_nb_put) ZEND_FETCH_RESOURCE(ftp, ftpbuf_t*, &z_ftp, -1, le_ftpbuf_name, le_ftpbuf); XTYPE(xtype, mode); + if (php_check_open_basedir(local TSRMLS_CC)) { + RETURN_FALSE; + } + if (PG(safe_mode) && (!php_checkuid(local, "rb", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } + instream = php_stream_fopen(local, "rb", NULL); if (instream == NULL) { |