- complete open_basedir checks

diff --git a/KnownIssues.txt b/KnownIssues.txt
index adfcfe3464083657f8b31ac903379010b841309a..4a846092666ff92ffc4a549e3e5cd9980f48e733 100644 (file)
--- a/KnownIssues.txt
+++ b/KnownIssues.txt
@@ -4,8 +4,6 @@ $Id$
 
 HttpResponse class is only available for PHP >= 5.1
 
-Not all places where files are handled check for open_basedir and/or safe_mode.
-
 If you keep getting "SSL connect error" when trying to issue requests on
 Windows, try another (newer) libeay32.dll/ssleay32.dll pair.
 

diff --git a/http_request_api.c b/http_request_api.c
index 34126d8858c52d84e06e6f9665c38e0b5e91e60e..fd1a176f9f7805488a694d271f2f466956ef6394 100644 (file)
--- a/http_request_api.c
+++ b/http_request_api.c
@@ -167,15 +167,25 @@ PHP_MSHUTDOWN_FUNCTION(http_request)
        }
 
 #define HTTP_CURL_OPT(OPTION, p) curl_easy_setopt(request->ch, CURLOPT_##OPTION, (p))
-#define HTTP_CURL_OPT_STRING(keyname) HTTP_CURL_OPT_STRING_EX(keyname, keyname)
-#define HTTP_CURL_OPT_SSL_STRING(keyname) HTTP_CURL_OPT_STRING_EX(keyname, SSL##keyname)
-#define HTTP_CURL_OPT_SSL_STRING_(keyname) HTTP_CURL_OPT_STRING_EX(keyname, SSL_##keyname)
-#define HTTP_CURL_OPT_STRING_EX(keyname, optname) \
+#define HTTP_CURL_OPT_STRING(keyname, obdc) HTTP_CURL_OPT_STRING_EX(keyname, keyname, obdc)
+#define HTTP_CURL_OPT_SSL_STRING(keyname, obdc) HTTP_CURL_OPT_STRING_EX(keyname, SSL##keyname, obdc)
+#define HTTP_CURL_OPT_SSL_STRING_(keyname,obdc ) HTTP_CURL_OPT_STRING_EX(keyname, SSL_##keyname, obdc)
+#define HTTP_CURL_OPT_STRING_EX(keyname, optname, obdc) \
        if (!strcasecmp(key, #keyname)) { \
-               convert_to_string(*param); \
-               HTTP_CURL_OPT(optname, Z_STRVAL_PP(param)); \
+               int ok = 1; \
+               zval *orig = *param; \
+               convert_to_string_ex(param); \
+               if (obdc) { \
+                       HTTP_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(param), ok = 0); \
+               } \
                key = NULL; \
-               continue; \
+               if (ok) { \
+                       HTTP_CURL_OPT(optname, Z_STRVAL_PP(param)); \
+                       if (orig != *param) zval_ptr_dtor(param); \
+                       continue; \
+               } \
+               if (orig != *param) zval_ptr_dtor(param); \
+               return FAILURE; \
        }
 #define HTTP_CURL_OPT_LONG(keyname) HTTP_OPT_SSL_LONG_EX(keyname, keyname)
 #define HTTP_CURL_OPT_SSL_LONG(keyname) HTTP_CURL_OPT_LONG_EX(keyname, SSL##keyname)
@@ -526,6 +536,7 @@ PHP_HTTP_API STATUS _http_request_prepare(http_request *request, HashTable *opti
 
        /* cookiestore, read initial cookies from that file and store cookies back into that file */
        if ((zoption = http_request_option(request, options, "cookiestore", IS_STRING)) && Z_STRLEN_P(zoption)) {
+               HTTP_CHECK_OPEN_BASEDIR(Z_STRVAL_P(zoption), return FAILURE);
                HTTP_CURL_OPT(COOKIEFILE, Z_STRVAL_P(zoption));
                HTTP_CURL_OPT(COOKIEJAR, Z_STRVAL_P(zoption));
        }
@@ -574,25 +585,25 @@ PHP_HTTP_API STATUS _http_request_prepare(http_request *request, HashTable *opti
 
                FOREACH_KEYVAL(pos, zoption, key, idx, param) {
                        if (key) {
-                               HTTP_CURL_OPT_SSL_STRING(CERT);
-                               HTTP_CURL_OPT_SSL_STRING(CERTTYPE);
-                               HTTP_CURL_OPT_SSL_STRING(CERTPASSWD);
+                               HTTP_CURL_OPT_SSL_STRING(CERT, 1);
+                               HTTP_CURL_OPT_SSL_STRING(CERTTYPE, 0);
+                               HTTP_CURL_OPT_SSL_STRING(CERTPASSWD, 0);
 
-                               HTTP_CURL_OPT_SSL_STRING(KEY);
-                               HTTP_CURL_OPT_SSL_STRING(KEYTYPE);
-                               HTTP_CURL_OPT_SSL_STRING(KEYPASSWD);
+                               HTTP_CURL_OPT_SSL_STRING(KEY, 0);
+                               HTTP_CURL_OPT_SSL_STRING(KEYTYPE, 0);
+                               HTTP_CURL_OPT_SSL_STRING(KEYPASSWD, 0);
 
-                               HTTP_CURL_OPT_SSL_STRING(ENGINE);
+                               HTTP_CURL_OPT_SSL_STRING(ENGINE, 0);
                                HTTP_CURL_OPT_SSL_LONG(VERSION);
 
                                HTTP_CURL_OPT_SSL_LONG_(VERIFYPEER);
                                HTTP_CURL_OPT_SSL_LONG_(VERIFYHOST);
-                               HTTP_CURL_OPT_SSL_STRING_(CIPHER_LIST);
+                               HTTP_CURL_OPT_SSL_STRING_(CIPHER_LIST, 0);
 
-                               HTTP_CURL_OPT_STRING(CAINFO);
-                               HTTP_CURL_OPT_STRING(CAPATH);
-                               HTTP_CURL_OPT_STRING(RANDOM_FILE);
-                               HTTP_CURL_OPT_STRING(EGDSOCKET);
+                               HTTP_CURL_OPT_STRING(CAINFO, 1);
+                               HTTP_CURL_OPT_STRING(CAPATH, 1);
+                               HTTP_CURL_OPT_STRING(RANDOM_FILE, 1);
+                               HTTP_CURL_OPT_STRING(EGDSOCKET, 1);
 
                                /* reset key */
                                key = NULL;
@@ -700,7 +711,6 @@ PHP_HTTP_API void _http_request_info(http_request *request, HashTable *info)
        HTTP_CURL_INFO(CONTENT_LENGTH_DOWNLOAD);
        HTTP_CURL_INFO(CONTENT_LENGTH_UPLOAD);
        HTTP_CURL_INFO(CONTENT_TYPE);
-       /*HTTP_CURL_INFO(PRIVATE);*/
        HTTP_CURL_INFO(HTTPAUTH_AVAIL);
        HTTP_CURL_INFO(PROXYAUTH_AVAIL);
        /*HTTP_CURL_INFO(OS_ERRNO);*/