php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-29 19:23:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added missing safe_mode & open_basedir checks.

Browse Source
This commit is contained in:
Ilia Alshanetsky
2003-05-20 00:37:00 +00:00
parent dab706ee2a
commit 31f0d1c949
1 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ext/pdf/pdf.c
+25 -1
View File
@@ -1838,7 +1838,11 @@ static void _php_pdf_open_image(INTERNAL_FUNCTION_PARAMETERS, char *type)
#else
image = Z_STRVAL_PP(arg2);
#endif
if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
pdf_image = PDF_open_image_file(pdf, type, image, "", 0);
RETURN_LONG(pdf_image+PDFLIB_IMAGE_OFFSET);
@@ -1912,6 +1916,10 @@ PHP_FUNCTION(pdf_open_image_file)
image = Z_STRVAL_PP(arg3);
#endif
if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
if (argc == 3) {
pdf_image = PDF_open_image_file(pdf, Z_STRVAL_PP(arg2), image, "", 0);
} else {
@@ -2535,6 +2543,10 @@ PHP_FUNCTION(pdf_open_ccitt)
image = Z_STRVAL_PP(arg2);
#endif
if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
convert_to_long_ex(arg3);
convert_to_long_ex(arg4);
convert_to_long_ex(arg5);
@@ -2584,6 +2596,10 @@ PHP_FUNCTION(pdf_open_image)
image = Z_STRVAL_PP(arg4);
#endif
if (php_check_open_basedir(image TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(image, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
pdf_image = PDF_open_image(pdf,
Z_STRVAL_PP(arg2),
Z_STRVAL_PP(arg3),
@@ -2622,6 +2638,10 @@ PHP_FUNCTION(pdf_attach_file)
convert_to_string_ex(arg9);
convert_to_string_ex(arg10);
if (php_check_open_basedir(Z_STRVAL_PP(arg6) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg6), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
PDF_attach_file(pdf,
(float) Z_DVAL_PP(arg2),
(float) Z_DVAL_PP(arg3),
@@ -2762,6 +2782,10 @@ PHP_FUNCTION(pdf_open_pdi)
file = Z_STRVAL_PP(arg2);
#endif
if (php_check_open_basedir(file TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(file, "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
pdi_handle = PDF_open_pdi(pdf,
file,
Z_STRVAL_PP(arg3),