1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
--- ext/curl/interface.c 2005-06-02 23:04:43.000000000 +0200
+++ ext/curl/interface.c.new 2005-10-31 23:18:13.000000000 +0100
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: interface.c,v 1.46.2.8 2005/06/02 21:04:43 tony2001 Exp $ */
+/* $Id: interface.c,v 1.46.2.11 2005/10/17 02:42:32 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -62,7 +62,7 @@
#define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \
- if (PG(open_basedir) && *PG(open_basedir) && \
+ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \
strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \
{ \
php_url *tmp_url; \
@@ -72,7 +72,7 @@
RETURN_FALSE; \
} \
\
- if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \
+ if (tmp_url->query || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \
(PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \
) { \
php_url_free(tmp_url); \
@@ -1128,10 +1128,15 @@
* must be explicitly cast to long in curl_formadd
* use since curl needs a long not an int. */
if (*postval == '@') {
+ ++postval;
+ /* safe_mode / open_basedir check */
+ if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
+ RETURN_FALSE;
+ }
error = curl_formadd(&first, &last,
CURLFORM_COPYNAME, string_key,
CURLFORM_NAMELENGTH, (long)string_key_len - 1,
- CURLFORM_FILE, ++postval,
+ CURLFORM_FILE, postval,
CURLFORM_END);
} else {
error = curl_formadd(&first, &last,
|
GitWeb
