Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-php/mod_php/files/php4.4.0-gd_safe_mode.patch
blob: 1e0d49d1373cddf16c780560d551b33e8666c6f1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

--- ext/gd/gd.c	2005/05/06 16:51:54	1.221.2.56
+++ ext/gd/gd.c	2005/10/06 20:44:52	1.221.2.56.2.1
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */

-/* $Id: gd.c,v 1.221.2.56 2005/05/06 16:51:54 tony2001 Exp $ */
+/* $Id: gd.c,v 1.221.2.56.2.1 2005/10/06 20:44:52 iliaa Exp $ */

 /* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
    Cold Spring Harbor Labs. */
@@ -1644,7 +1644,7 @@ static void _php_image_output(INTERNAL_F
 	}

 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
 			RETURN_FALSE;
 		}