- start open_basedir checks

author Michael Wallner <mike@php.net>

Thu, 15 Dec 2005 17:08:22 +0000 (17:08 +0000)

committer Michael Wallner <mike@php.net>

Thu, 15 Dec 2005 17:08:22 +0000 (17:08 +0000)
author Michael Wallner <mike@php.net>
Thu, 15 Dec 2005 17:08:22 +0000 (17:08 +0000)
committer Michael Wallner <mike@php.net>
Thu, 15 Dec 2005 17:08:22 +0000 (17:08 +0000)
diff --git a/http_api.c b/http_api.c

index 04e012133e8d94ace630d136b7c0e6908c201dcb..27986373b2f328895cd22ecb7c5c933e0506b2b3 100644 (file)
--- a/http_api.c
+++ b/http_api.c
@@ -211,6 +211,8 @@ void _http_log_ex(char *file, const char *ident, const char *message TSRMLS_DC)
         struct tm nowtm;
         char datetime[128];
         
+       HTTP_CHECK_OPEN_BASEDIR(file, return);
+       
         time(&now);
         strftime(datetime, sizeof(datetime), "%Y-%m-%d %H:%M:%S", php_localtime_r(&now, &nowtm));
  
diff --git a/http_request_body_api.c b/http_request_body_api.c

index eb82c4266f194d0018f01a298a939f22ceaa2128..8386bf884b77cc07a16267348ab03247bf6076f7 100644 (file)
--- a/http_request_body_api.c
+++ b/http_request_body_api.c
@@ -93,7 +93,11 @@ PHP_HTTP_API http_request_body *_http_request_body_fill(http_request_body *body,
                                                 SUCCESS != zend_hash_find(Z_ARRVAL_PP(data), "file", sizeof("file"), (void **) &file)) {
                                 http_error(HE_NOTICE, HTTP_E_INVALID_PARAM, "Post file array entry misses either 'name', 'type' or 'file' entry");
                         } else {
-                               CURLcode err = curl_formadd(&http_post_data[0], &http_post_data[1],
+                               CURLcode err;
+                               
+                               HTTP_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(file), curl_formfree(http_post_data[0]); return NULL);
+                               
+                               err = curl_formadd(&http_post_data[0], &http_post_data[1],
                                         CURLFORM_COPYNAME,              Z_STRVAL_PP(name),
                                         CURLFORM_FILE,                  Z_STRVAL_PP(file),
                                         CURLFORM_CONTENTTYPE,   Z_STRVAL_PP(type),
@@ -121,7 +125,7 @@ PHP_HTTP_API http_request_body *_http_request_body_fill(http_request_body *body,
                 return http_request_body_init_rel(body, HTTP_REQUEST_BODY_CSTRING, encoded, encoded_len, 1);
         }
  }
-/* }}} */
+
  
  /* {{{ void http_request_body_dtor(http_request_body *) */
  PHP_HTTP_API void _http_request_body_dtor(http_request_body *body TSRMLS_DC)
diff --git a/http_send_api.c b/http_send_api.c

index 9c30e6cf3d8abf527123a9c28cd2b4a51acfe9a0..cfb088ae4929d40bbdcdd93c72aff7cf324ae95d 100644 (file)
--- a/http_send_api.c
+++ b/http_send_api.c
@@ -456,9 +456,13 @@ PHP_HTTP_API char *_http_guess_content_type(const char *magicfile, long magicmod
         char *ct = NULL;
  
  #ifdef HTTP_HAVE_MAGIC
+       struct magic_set *magic;
+       
+       HTTP_CHECK_OPEN_BASEDIR(magicfile, return NULL);
+       
         /*      magic_load() fails if MAGIC_MIME is set because it 
                 cowardly adds .mime to the file name */
-       struct magic_set *magic = magic_open(magicmode &~ MAGIC_MIME);
+       magic = magic_open(magicmode &~ MAGIC_MIME);
         
         if (!magic) {
                 http_error_ex(HE_WARNING, HTTP_E_INVALID_PARAM, "Invalid magic mode: %ld", magicmode);
@@ -487,6 +491,7 @@ PHP_HTTP_API char *_http_guess_content_type(const char *magicfile, long magicmod
                         break;
                         
                         default:
+                               HTTP_CHECK_OPEN_BASEDIR(data_ptr, magic_close(magic); return NULL);
                                 ctype = magic_file(magic, data_ptr);
                         break;
                 }
diff --git a/php_http.h b/php_http.h

index 198196dd5dd9ef689f815e1565ccb32f3ecd4eeb..b4c4ab3419d693ceae29cc8b1adb7dd6dd97a407 100644 (file)
--- a/php_http.h
+++ b/php_http.h
@@ -15,7 +15,7 @@
  #ifndef PHP_EXT_HTTP_H
  #define PHP_EXT_HTTP_H
  
-#define PHP_EXT_HTTP_VERSION "0.20.0"
+#define PHP_EXT_HTTP_VERSION "0.21.0dev"
  
  #include "php.h"
  #include "php_http_std_defs.h"
diff --git a/php_http_api.h b/php_http_api.h

index c6d08d20b95088da63f584ffd5a817f4ee4bfe4f..694ddc015de9fdfb1b26c8f1bcf1312e51c2f337 100644 (file)
--- a/php_http_api.h
+++ b/php_http_api.h
@@ -82,6 +82,22 @@ extern void _http_error_ex(long type TSRMLS_DC, long code, const char *format, .
                 action; \
         }
  
+#define HTTP_CHECK_OPEN_BASEDIR(file, act) \
+       if ((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) \
+       { \
+               const char *tmp = file; \
+ \
+               if (!strncasecmp(tmp, "file:", lenof("file:"))) { \
+                       tmp += lenof("file:"); \
+                       while (*tmp == '/' || *tmp == '\\') ++tmp; \
+               } \
+ \
+               if (!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
+                               (PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { \
+                               http_error_ex(HE_WARNING, HTTP_E_INVALID_PARAM, "Permission denied: %s", file); \
+                               act; \
+               } \
+       }
  
  #define http_log(f, i, m) _http_log_ex((f), (i), (m) TSRMLS_CC)
  extern void http_log_ex(char *file, const char *ident, const char *message TSRMLS_DC);
author	Michael Wallner <mike@php.net>
	Thu, 15 Dec 2005 17:08:22 +0000 (17:08 +0000)
committer	Michael Wallner <mike@php.net>
	Thu, 15 Dec 2005 17:08:22 +0000 (17:08 +0000)
http_api.c		patch \| blob \| history
http_request_body_api.c		patch \| blob \| history
http_send_api.c		patch \| blob \| history
php_http.h		patch \| blob \| history
php_http_api.h		patch \| blob \| history