diff options
Diffstat (limited to 'dev-lang/php/files/5.0.5/php5.0.5-curl-open_basedir.patch')
-rw-r--r-- | dev-lang/php/files/5.0.5/php5.0.5-curl-open_basedir.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.5/php5.0.5-curl-open_basedir.patch b/dev-lang/php/files/5.0.5/php5.0.5-curl-open_basedir.patch new file mode 100644 index 0000000..4f16430 --- /dev/null +++ b/dev-lang/php/files/5.0.5/php5.0.5-curl-open_basedir.patch @@ -0,0 +1,48 @@ +--- ext/curl/interface.c 2005/06/02 21:04:43 1.46.2.8 ++++ ext/curl/interface.c 2005/11/29 11:03:29 1.46.2.13 +@@ -16,7 +16,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: interface.c,v 1.46.2.8 2005/06/02 21:04:43 tony2001 Exp $ */ ++/* $Id: interface.c,v 1.46.2.13 2005/11/29 11:03:29 dmitry Exp $ */ + + #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS + +@@ -62,8 +62,8 @@ static void _php_curl_close(zend_rsrc_li + #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); + + #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ +- if (PG(open_basedir) && *PG(open_basedir) && \ +- strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ ++ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ ++ strncasecmp(str, "file:", sizeof("file:") - 1) == 0) \ + { \ + php_url *tmp_url; \ + \ +@@ -72,7 +72,7 @@ static void _php_curl_close(zend_rsrc_li + RETURN_FALSE; \ + } \ + \ +- if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ ++ if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ + (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ + ) { \ + php_url_free(tmp_url); \ +@@ -1128,10 +1128,15 @@ PHP_FUNCTION(curl_setopt) + * must be explicitly cast to long in curl_formadd + * use since curl needs a long not an int. */ + if (*postval == '@') { ++ ++postval; ++ /* safe_mode / open_basedir check */ ++ if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { ++ RETURN_FALSE; ++ } + error = curl_formadd(&first, &last, + CURLFORM_COPYNAME, string_key, + CURLFORM_NAMELENGTH, (long)string_key_len - 1, +- CURLFORM_FILE, ++postval, ++ CURLFORM_FILE, postval, + CURLFORM_END); + } else { + error = curl_formadd(&first, &last, |