diff options
| author | foobar <sniper@php.net> | 2005-03-14 09:02:23 +0000 |
|---|---|---|
| committer | foobar <sniper@php.net> | 2005-03-14 09:02:23 +0000 |
| commit | 5718cb15a34b7ba748a511fcb71f166c38804807 (patch) | |
| tree | e60017e28c902f7db420c06efff4d978a1bd6276 /ext/curl/interface.c | |
| parent | 81629076f8a268ee3c5f6bffd7e5cc0d86bea755 (diff) | |
| download | php-git-5718cb15a34b7ba748a511fcb71f166c38804807.tar.gz | |
- Fixed bug #30609 (cURL functions bypass open_basedir)
Diffstat (limited to 'ext/curl/interface.c')
| -rw-r--r-- | ext/curl/interface.c | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c index c6668491d6..c844a31096 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -49,6 +49,7 @@ #include "ext/standard/php_smart_str.h" #include "ext/standard/info.h" #include "ext/standard/file.h" +#include "ext/standard/url.h" #include "php_curl.h" static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); @@ -60,6 +61,26 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); #define CAAS(s, v) add_assoc_string_ex(return_value, s, sizeof(s), (char *) v, 1); #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); +#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ + if (PG(open_basedir) && *PG(open_basedir) && \ + strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ + { \ + php_url *tmp_url; \ + \ + if (!(tmp_url = php_url_parse_ex(str, len))) { \ + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid url '%s'", str); \ + RETURN_FALSE; \ + } \ + \ + if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ + (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ + ) { \ + php_url_free(tmp_url); \ + RETURN_FALSE; \ + } \ + php_url_free(tmp_url); \ + } + /* {{{ curl_functions[] */ function_entry curl_functions[] = { @@ -779,6 +800,11 @@ PHP_FUNCTION(curl_init) WRONG_PARAM_COUNT; } + if (argc > 0) { + convert_to_string_ex(url); + PHP_CURL_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); + } + cp = curl_easy_init(); if (!cp) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Could not initialize a new cURL handle"); @@ -815,7 +841,6 @@ PHP_FUNCTION(curl_init) if (argc > 0) { char *urlcopy; - convert_to_string_ex(url); urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); @@ -861,7 +886,7 @@ PHP_FUNCTION(curl_copy_handle) } /* }}} */ -/* {{{ proto bool curl_setopt(resource ch, string option, mixed value) +/* {{{ proto bool curl_setopt(resource ch, int option, mixed value) Set an option for a CURL transfer */ PHP_FUNCTION(curl_setopt) { @@ -966,8 +991,12 @@ PHP_FUNCTION(curl_setopt) char *copystr = NULL; convert_to_string_ex(zvalue); - copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); + if (option == CURLOPT_URL) { + PHP_CURL_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); + } + + copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); error = curl_easy_setopt(ch->cp, option, copystr); zend_llist_add_element(&ch->to_free.str, ©str); |