diff options
Diffstat (limited to 'dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch')
-rw-r--r-- | dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch b/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch new file mode 100644 index 0000000..91424e4 --- /dev/null +++ b/dev-lang/php/files/5.0.5/php5.0.5-curl_safemode.patch @@ -0,0 +1,46 @@ +--- ext/curl/interface.c 2005-06-02 23:04:43.000000000 +0200 ++++ ext/curl/interface.c.new 2005-10-31 23:18:13.000000000 +0100 +@@ -16,7 +16,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: interface.c,v 1.46.2.8 2005/06/02 21:04:43 tony2001 Exp $ */ ++/* $Id: interface.c,v 1.46.2.11 2005/10/17 02:42:32 iliaa Exp $ */ + + #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS + +@@ -62,7 +62,7 @@ + #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); + + #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ +- if (PG(open_basedir) && *PG(open_basedir) && \ ++ if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ + strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ + { \ + php_url *tmp_url; \ +@@ -72,7 +72,7 @@ + RETURN_FALSE; \ + } \ + \ +- if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ ++ if (tmp_url->query || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ + (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ + ) { \ + php_url_free(tmp_url); \ +@@ -1128,10 +1128,15 @@ + * must be explicitly cast to long in curl_formadd + * use since curl needs a long not an int. */ + if (*postval == '@') { ++ ++postval; ++ /* safe_mode / open_basedir check */ ++ if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { ++ RETURN_FALSE; ++ } + error = curl_formadd(&first, &last, + CURLFORM_COPYNAME, string_key, + CURLFORM_NAMELENGTH, (long)string_key_len - 1, +- CURLFORM_FILE, ++postval, ++ CURLFORM_FILE, postval, + CURLFORM_END); + } else { + error = curl_formadd(&first, &last, |