php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-27 10:16:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

MFH Fixed bug 33072 - safemode/open_basedir check for runtime save_path

Browse Source 
change
This commit is contained in:
Rasmus Lerdorf
2005-05-21 18:54:57 +00:00
parent 531f14ca6e
commit 3526bcf9cf
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
NEWS
+2
View File
@@ -14,6 +14,8 @@ PHP NEWS
- Fixed bug #33090 (mysqli_prepare doesn't return an error). (Georg)
- Fixed bug #33076 (str_ireplace() incorrectly counts result string length
and may cause segfault). (Tony)
- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path
change) (Rasmus)
- Fixed bug #33059 (crash when moving xml attribute set in dtd). (Ilia)
- Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per
RFC 2616 section 10.3.5) (Rasmus, Choitel)
ext/session/session.c
+14 -1
View File
@@ -131,13 +131,26 @@ static PHP_INI_MH(OnUpdateSerializer)
return SUCCESS;
}
static PHP_INI_MH(OnUpdateSaveDir) {
/* Only do the safemode/open_basedir check at runtime */
if(stage == PHP_INI_STAGE_RUNTIME) {
if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
return FAILURE;
}
if (php_check_open_basedir(new_value TSRMLS_CC)) {
return FAILURE;
}
}
OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
}
/* {{{ PHP_INI
*/
PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals)
PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler)
STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals)