Another safe-mode fix. parse_ini_file() did not check

@ safe-mode fix for parse_ini_file() (Rasmus)
author: Rasmus Lerdorf <rasmus@php.net> 2002-05-11 19:19:49 +0000
committer: Rasmus Lerdorf <rasmus@php.net> 2002-05-11 19:19:49 +0000
commit: 465b2d54db115581c30d356e36b4addfed66dbfe (patch)
tree: fe04e196f63259c4c0435758d32afe97cb091397
parent: 9cbcc9b822c40d1a20ec7ebab80eed7722e528a4 (diff)
download: php-git-465b2d54db115581c30d356e36b4addfed66dbfe.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index 27452efa19..be97f01373 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -2471,6 +2471,15 @@ PHP_FUNCTION(parse_ini_file)
 	}
 
 	convert_to_string_ex(filename);
+
+	if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_ALLOW_ONLY_FILE))) {
+		RETURN_FALSE;
+	}
+
+	if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+		RETURN_FALSE;
+	}
+
 	fh.handle.fp = VCWD_FOPEN(Z_STRVAL_PP(filename), "r");
 	if (!fh.handle.fp) {
 		php_error(E_WARNING, "Cannot open '%s' for reading", Z_STRVAL_PP(filename));
author	Rasmus Lerdorf <rasmus@php.net>	2002-05-11 19:19:49 +0000
committer	Rasmus Lerdorf <rasmus@php.net>	2002-05-11 19:19:49 +0000
commit	465b2d54db115581c30d356e36b4addfed66dbfe (patch)
tree	fe04e196f63259c4c0435758d32afe97cb091397
parent	9cbcc9b822c40d1a20ec7ebab80eed7722e528a4 (diff)
download	php-git-465b2d54db115581c30d356e36b4addfed66dbfe.tar.gz