1 files changed, 141 insertions, 0 deletions

diff --git a/dev-lang/php/files/4.3.11/php4.3.11-curl_safemode.patch b/dev-lang/php/files/4.3.11/php4.3.11-curl_safemode.patch
new file mode 100644
index 000000000000..f308dea57dde
--- /dev/null
+++ b/dev-lang/php/files/4.3.11/php4.3.11-curl_safemode.patch
@@ -0,0 +1,141 @@
+--- ext/curl/curl.c	2005-03-14 10:03:09.000000000 +0100
++++ ext/curl/curl.c	2005-10-17 04:42:51.000000000 +0200
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: curl.c,v 1.124.2.29 2005/03/14 09:03:09 sniper Exp $ */
++/* $Id: curl.c,v 1.124.2.30.2.3 2005/10/17 02:42:51 iliaa Exp $ */
+ 
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -66,7 +66,7 @@
+ #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
+ 
+ #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len)													\
+-	if (PG(open_basedir) && *PG(open_basedir) &&                                                \
++	if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&                                                \
+ 	    strncasecmp(str, "file://", sizeof("file://") - 1) == 0)								\
+ 	{ 																							\
+ 		php_url *tmp_url; 																		\
+@@ -76,7 +76,7 @@
+ 			RETURN_FALSE; 																		\
+ 		} 																						\
+ 																								\
+-		if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || 									\
++		if (tmp_url->query || php_check_open_basedir(tmp_url->path TSRMLS_CC) || 									\
+ 			(PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM))	\
+ 		) { 																					\
+ 			php_url_free(tmp_url); 																\
+@@ -436,10 +436,12 @@
+ 		zend_list_addref(ch->id);
+ 		ZVAL_STRINGL(argv[1], data, length, 1);
+ 
++		ch->in_callback = 1;
+ 		error = call_user_function(EG(function_table),
+ 		                           NULL,
+ 		                           t->func,
+ 		                           retval, 2, argv TSRMLS_CC);
++		ch->in_callback = 0;
+ 		if (error == FAILURE) {
+ 			php_error(E_WARNING, "%s(): Couldn't call the CURLOPT_WRITEFUNCTION", 
+ 					  get_active_function_name(TSRMLS_C));
+@@ -495,10 +497,12 @@
+ 		zend_list_addref(t->fd);
+ 		ZVAL_LONG(argv[2], (int) size * nmemb);
+ 
++		ch->in_callback = 1;
+ 		error = call_user_function(EG(function_table),
+ 		                           NULL,
+ 		                           t->func,
+ 		                           retval, 3, argv TSRMLS_CC);
++		ch->in_callback = 0;
+ 		if (error == FAILURE) {
+ 			php_error(E_WARNING, "%s(): Cannot call the CURLOPT_READFUNCTION", 
+ 					  get_active_function_name(TSRMLS_C));
+@@ -553,10 +557,12 @@
+ 			zend_list_addref(ch->id);
+ 			ZVAL_STRINGL(argv[1], data, length, 1);
+ 
++			ch->in_callback = 1;
+ 			error = call_user_function(EG(function_table),
+ 									   NULL,
+ 									   t->func,
+ 									   retval, 2, argv TSRMLS_CC);
++			ch->in_callback = 0;
+ 			if (error == FAILURE) {
+ 				php_error(E_WARNING, "%s(): Couldn't call the CURLOPT_HEADERFUNCTION", 
+ 						  get_active_function_name(TSRMLS_C));
+@@ -606,10 +612,12 @@
+ 	ZVAL_STRING(argv[1], prompt, 1);
+ 	ZVAL_LONG(argv[2], buflen);
+ 
++	ch->in_callback = 1;
+ 	error = call_user_function(EG(function_table),
+ 	                           NULL,
+ 	                           func,
+ 	                           retval, 2, argv TSRMLS_CC);
++	ch->in_callback = 0;
+ 	if (error == FAILURE) {
+ 		php_error(E_WARNING, "%s(): Couldn't call the CURLOPT_PASSWDFUNCTION", get_active_function_name(TSRMLS_C));
+ 	} else if (Z_TYPE_P(retval) == IS_STRING) {
+@@ -680,7 +688,9 @@
+ 	(*ch)->handlers->write_header = ecalloc(1, sizeof(php_curl_write));
+ 	(*ch)->handlers->read  = ecalloc(1, sizeof(php_curl_read));
+ 	memset(&(*ch)->err, 0, sizeof((*ch)->err));
+-	
++
++	(*ch)->in_callback = 0;
++
+ 	zend_llist_init(&(*ch)->to_free.str, sizeof(char *), 
+ 	                (void(*)(void *)) curl_free_string, 0);
+ 	zend_llist_init(&(*ch)->to_free.slist, sizeof(struct curl_slist),
+@@ -982,10 +992,15 @@
+ 				
+ 					postval = Z_STRVAL_PP(current);
+ 					if (*postval == '@') {
++						++postval;
++						/* safe_mode / open_basedir check */
++						if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
++							RETURN_FALSE;
++						}
+ 						error = curl_formadd(&first, &last, 
+ 											 CURLFORM_COPYNAME, string_key,
+ 											 CURLFORM_NAMELENGTH, (long)string_key_len - 1,
+-											 CURLFORM_FILE, ++postval, 
++											 CURLFORM_FILE, postval, 
+ 											 CURLFORM_END);
+ 					}
+ 					else {
+@@ -1337,7 +1352,11 @@
+ 		WRONG_PARAM_COUNT;
+ 	}
+ 	ZEND_FETCH_RESOURCE(ch, php_curl *, zid, -1, le_curl_name, le_curl);
+-	
++
++	if (ch->in_callback) {
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to close CURL handle from a callback");
++		return;
++	}
+ 	zend_list_delete(Z_LVAL_PP(zid));
+ }
+ /* }}} */
+--- ext/curl/php_curl.h	2002-12-31 17:34:15.000000000 +0100
++++ ext/curl/php_curl.h	2005-06-02 23:05:06.000000000 +0200
+@@ -17,7 +17,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: php_curl.h,v 1.29.2.1 2002/12/31 16:34:15 sebastian Exp $ */
++/* $Id: php_curl.h,v 1.29.2.2 2005/06/02 21:05:06 tony2001 Exp $ */
+ 
+ #ifndef _PHP_CURL_H
+ #define _PHP_CURL_H
+@@ -93,6 +93,7 @@
+ 	struct _php_curl_free    to_free;
+ 	long                     id;
+ 	unsigned int             uses;
++	zend_bool                in_callback;
+ } php_curl;
+ 
+ /* streams support */