1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
--- ext/gd/gd.c 2005-12-08 15:44:36.000000000 +0100
+++ ext/gd/gd.c 2005-12-08 17:21:55.000000000 +0100
@@ -705,7 +705,7 @@
convert_to_string_ex(file);
- stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
@@ -889,6 +889,10 @@
convert_to_boolean_ex(dither);
convert_to_long_ex(ncolors);
+ if (Z_LVAL_PP(ncolors) <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of colors has to be greater than zero");
+ RETURN_FALSE;
+ }
gdImageTrueColorToPalette(im, Z_LVAL_PP(dither), Z_LVAL_PP(ncolors));
RETURN_TRUE;
@@ -1518,7 +1522,7 @@
fn = Z_STRVAL_PP(file);
- stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+ stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
@@ -1726,10 +1730,7 @@
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
fp = VCWD_FOPEN(fn, "wb");
if (!fp) {
@@ -3824,16 +3825,10 @@
}
/* Check origin file */
- if (!fn_org || fn_org == empty_string || php_check_open_basedir(fn_org TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename");
/* Check destination file */
- if (!fn_dest || fn_dest == empty_string || php_check_open_basedir(fn_dest TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename");
/* Open origin file */
org = VCWD_FOPEN(fn_org, "rb");
--- ext/gd/gd_ctx.c 2005-12-08 15:44:42.000000000 +0100
+++ ext/gd/gd_ctx.c 2005-12-08 17:25:24.000000000 +0100
@@ -82,10 +82,8 @@
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
- RETURN_FALSE;
- }
+
+ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
fp = VCWD_FOPEN(fn, "wb");
if (!fp) {
--- ext/gd/php_gd.h 2005-12-08 15:44:49.000000000 +0100
+++ ext/gd/php_gd.h 2005-12-08 17:29:53.000000000 +0100
@@ -30,6 +30,15 @@
#if HAVE_LIBGD
+/* open_basedir and safe_mode checks */
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
+ if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \
+ (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \
+ ) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
+ RETURN_FALSE; \
+ }
+
#define PHP_GDIMG_TYPE_GIF 1
#define PHP_GDIMG_TYPE_PNG 2
#define PHP_GDIMG_TYPE_JPG 3
|