FAQ
iliaa Sun Apr 17 14:05:04 2005 EDT

Modified files:
/php-src/ext/xmlreader php_xmlreader.c
Log:
Added missing safe_mode & open_basedir checks.


http://cvs.php.net/diff.php/php-src/ext/xmlreader/php_xmlreader.c?r1=1.9&r2=1.10&ty=u
Index: php-src/ext/xmlreader/php_xmlreader.c
diff -u php-src/ext/xmlreader/php_xmlreader.c:1.9 php-src/ext/xmlreader/php_xmlreader.c:1.10
--- php-src/ext/xmlreader/php_xmlreader.c:1.9 Thu Mar 10 17:32:47 2005
+++ php-src/ext/xmlreader/php_xmlreader.c Sun Apr 17 14:05:03 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/

-/* $Id: php_xmlreader.c,v 1.9 2005/03/10 22:32:47 rrichards Exp $ */
+/* $Id: php_xmlreader.c,v 1.10 2005/04/17 18:05:03 iliaa Exp $ */

#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -229,6 +229,14 @@

xmlFreeURI(uri);

+ if (PG(safe_mode) && (!php_checkuid(file_dest, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ return NULL;
+ }
+
+ if (php_check_open_basedir(file_dest TSRMLS_CC)) {
+ return NULL;
+ }
+
return file_dest;
}

Search Discussions

  • Rob Richards at Apr 17, 2005 at 6:17 pm
    Why are the safe_mode checkes required here? As this uses PHP streams,
    the safe_mode and open_basedir checks should be done from the
    php_libxml_streams_IO_open_wrapper function which gets called from the
    libxml2 I/O callbacks. Are these checks somehow getting bypassed?

    Rob

    Ilia Alshanetsky wrote:
    iliaa Sun Apr 17 14:05:04 2005 EDT

    Modified files:
    /php-src/ext/xmlreader php_xmlreader.c
    Log:
    Added missing safe_mode & open_basedir checks.


    http://cvs.php.net/diff.php/php-src/ext/xmlreader/php_xmlreader.c?r1=1.9&r2=1.10&ty=u
    Index: php-src/ext/xmlreader/php_xmlreader.c
    diff -u php-src/ext/xmlreader/php_xmlreader.c:1.9 php-src/ext/xmlreader/php_xmlreader.c:1.10
    --- php-src/ext/xmlreader/php_xmlreader.c:1.9 Thu Mar 10 17:32:47 2005
    +++ php-src/ext/xmlreader/php_xmlreader.c Sun Apr 17 14:05:03 2005
    @@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
    */

    -/* $Id: php_xmlreader.c,v 1.9 2005/03/10 22:32:47 rrichards Exp $ */
    +/* $Id: php_xmlreader.c,v 1.10 2005/04/17 18:05:03 iliaa Exp $ */

    #ifdef HAVE_CONFIG_H
    #include "config.h"
    @@ -229,6 +229,14 @@

    xmlFreeURI(uri);

    + if (PG(safe_mode) && (!php_checkuid(file_dest, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
    + return NULL;
    + }
    +
    + if (php_check_open_basedir(file_dest TSRMLS_CC)) {
    + return NULL;
    + }
    +
    return file_dest;
    }


  • Ilia Alshanetsky at Apr 18, 2005 at 2:42 am
    Hmm... you're right, will revert.

    Ilia

    Rob Richards wrote:
    Why are the safe_mode checkes required here? As this uses PHP streams,
    the safe_mode and open_basedir checks should be done from the
    php_libxml_streams_IO_open_wrapper function which gets called from the
    libxml2 I/O callbacks. Are these checks somehow getting bypassed?

    Rob

    Ilia Alshanetsky wrote:
    iliaa Sun Apr 17 14:05:04 2005 EDT

    Modified files: /php-src/ext/xmlreader
    php_xmlreader.c Log:
    Added missing safe_mode & open_basedir checks.


    http://cvs.php.net/diff.php/php-src/ext/xmlreader/php_xmlreader.c?r1=1.9&r2=1.10&ty=u

    Index: php-src/ext/xmlreader/php_xmlreader.c
    diff -u php-src/ext/xmlreader/php_xmlreader.c:1.9
    php-src/ext/xmlreader/php_xmlreader.c:1.10
    --- php-src/ext/xmlreader/php_xmlreader.c:1.9 Thu Mar 10 17:32:47 2005
    +++ php-src/ext/xmlreader/php_xmlreader.c Sun Apr 17 14:05:03 2005
    @@ -16,7 +16,7 @@

    +----------------------------------------------------------------------+
    */

    -/* $Id: php_xmlreader.c,v 1.9 2005/03/10 22:32:47 rrichards Exp $ */
    +/* $Id: php_xmlreader.c,v 1.10 2005/04/17 18:05:03 iliaa Exp $ */

    #ifdef HAVE_CONFIG_H
    #include "config.h"
    @@ -229,6 +229,14 @@

    xmlFreeURI(uri);

    + if (PG(safe_mode) && (!php_checkuid(file_dest, NULL,
    CHECKUID_CHECK_FILE_AND_DIR))) {
    + return NULL;
    + }
    +
    + if (php_check_open_basedir(file_dest TSRMLS_CC)) {
    + return NULL;
    + }
    +
    return file_dest;
    }


  • Ilia Alshanetsky at Apr 18, 2005 at 2:44 am
    iliaa Sun Apr 17 22:43:43 2005 EDT

    Modified files:
    /php-src/ext/xmlreader php_xmlreader.c
    Log:
    Checks not needed, done by ext/libxml already.


    http://cvs.php.net/diff.php/php-src/ext/xmlreader/php_xmlreader.c?r1=1.10&r2=1.11&ty=u
    Index: php-src/ext/xmlreader/php_xmlreader.c
    diff -u php-src/ext/xmlreader/php_xmlreader.c:1.10 php-src/ext/xmlreader/php_xmlreader.c:1.11
    --- php-src/ext/xmlreader/php_xmlreader.c:1.10 Sun Apr 17 14:05:03 2005
    +++ php-src/ext/xmlreader/php_xmlreader.c Sun Apr 17 22:43:42 2005
    @@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
    */

    -/* $Id: php_xmlreader.c,v 1.10 2005/04/17 18:05:03 iliaa Exp $ */
    +/* $Id: php_xmlreader.c,v 1.11 2005/04/18 02:43:42 iliaa Exp $ */

    #ifdef HAVE_CONFIG_H
    #include "config.h"
    @@ -229,14 +229,6 @@

    xmlFreeURI(uri);

    - if (PG(safe_mode) && (!php_checkuid(file_dest, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
    - return NULL;
    - }
    -
    - if (php_check_open_basedir(file_dest TSRMLS_CC)) {
    - return NULL;
    - }
    -
    return file_dest;
    }

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-cvs @
categoriesphp
postedApr 17, '05 at 6:05p
activeApr 18, '05 at 2:44a
posts4
users3
websitephp.net

People

Translate

site design / logo © 2019 Grokbase