Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch')
-rw-r--r--dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch b/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch
new file mode 100644
index 0000000..91424e4
--- /dev/null
+++ b/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch
@@ -0,0 +1,46 @@
+--- ext/curl/interface.c 2005-06-02 23:04:43.000000000 +0200
++++ ext/curl/interface.c.new 2005-10-31 23:18:13.000000000 +0100
+@@ -16,7 +16,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: interface.c,v 1.46.2.8 2005/06/02 21:04:43 tony2001 Exp $ */
++/* $Id: interface.c,v 1.46.2.11 2005/10/17 02:42:32 iliaa Exp $ */
+
+ #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
+
+@@ -62,7 +62,7 @@
+ #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v);
+
+ #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \
+- if (PG(open_basedir) && *PG(open_basedir) && \
++ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \
+ strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \
+ { \
+ php_url *tmp_url; \
+@@ -72,7 +72,7 @@
+ RETURN_FALSE; \
+ } \
+ \
+- if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \
++ if (tmp_url->query || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \
+ (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \
+ ) { \
+ php_url_free(tmp_url); \
+@@ -1128,10 +1128,15 @@
+ * must be explicitly cast to long in curl_formadd
+ * use since curl needs a long not an int. */
+ if (*postval == '@') {
++ ++postval;
++ /* safe_mode / open_basedir check */
++ if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
++ RETURN_FALSE;
++ }
+ error = curl_formadd(&first, &last,
+ CURLFORM_COPYNAME, string_key,
+ CURLFORM_NAMELENGTH, (long)string_key_len - 1,
+- CURLFORM_FILE, ++postval,
++ CURLFORM_FILE, postval,
+ CURLFORM_END);
+ } else {
+ error = curl_formadd(&first, &last,