From: Michael Wallner <mike@php.net>
Date: Thu, 15 Dec 2005 19:04:00 +0000 (+0000)
Subject: - fix url check in open_basedir check
X-Git-Tag: RELEASE_0_21_0~70
X-Git-Url: https://git.m6w6.name/?a=commitdiff_plain;h=36c32f8383f50e0c30585f9ae09e46b64b1597de;p=m6w6%2Fext-http

- fix url check in open_basedir check
---

diff --git a/php_http_api.h b/php_http_api.h
index 694ddc0..9f8eda9 100644
--- a/php_http_api.h
+++ b/php_http_api.h
@@ -89,12 +89,12 @@ extern void _http_error_ex(long type TSRMLS_DC, long code, const char *format, .
  \
 		if (!strncasecmp(tmp, "file:", lenof("file:"))) { \
 			tmp += lenof("file:"); \
-			while (*tmp == '/' || *tmp == '\\') ++tmp; \
+			while ((tmp - (const char *)file < 7) && (*tmp == '/' || *tmp == '\\')) ++tmp; \
 		} \
  \
- 		if (!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
-		 		(PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) { \
-		 		http_error_ex(HE_WARNING, HTTP_E_INVALID_PARAM, "Permission denied: %s", file); \
+ 		if (	(tmp != file || !strstr(file, "://")) && \
+		 		(!*tmp || php_check_open_basedir(tmp TSRMLS_CC) || \
+		 		(PG(safe_mode) && !php_checkuid(tmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))) { \
 		 		act; \
 		} \
 	}