*** empty log message ***

2026-03-29 19:52:20 +02:00 · 2005-11-01 17:04:29 +00:00
parent 35d80e39d2
commit 60084a7507
3 changed files with 16 additions and 18 deletions
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -692,7 +692,7 @@ PHP_FUNCTION(imageloadfont)

 	convert_to_string_ex(file);

-	stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+	stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
 	if (stream == NULL) {
 		RETURN_FALSE;
 	}
@@ -1505,7 +1505,7 @@ static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type,

 	fn = Z_STRVAL_PP(file);

-	stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+	stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
 	if (stream == NULL)	{
 		RETURN_FALSE;
 	}
@@ -1713,10 +1713,7 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
 	}

 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-		if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
-			RETURN_FALSE;
-		}
+		PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");

 		fp = VCWD_FOPEN(fn, "wb");
 		if (!fp) {
@@ -3809,16 +3806,10 @@ static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type )
 	}

 	/* Check origin file */
-	if (!fn_org || php_check_open_basedir(fn_org TSRMLS_CC)) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org);
-		RETURN_FALSE;
-	}
+	PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename");

 	/* Check destination file */
-	if (!fn_dest || php_check_open_basedir(fn_dest TSRMLS_CC)) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest);
-		RETURN_FALSE;
-	}
+	PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename");

 	/* Open origin file */
 	org = VCWD_FOPEN(fn_org, "rb");
--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
@@ -81,10 +81,8 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
 		}
 	}
 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
-		if (!fn || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
-			RETURN_FALSE;
-		}
+
+		PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");

 		fp = VCWD_FOPEN(fn, "wb");
 		if (!fp) {
--- a/ext/gd/php_gd.h
+++ b/ext/gd/php_gd.h
@@ -30,6 +30,15 @@

 #if HAVE_LIBGD

+/* open_basedir and safe_mode checks */
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg)                                   \
+	if (!filename || php_check_open_basedir(filename TSRMLS_CC) ||                      \
+		(PG(safe_mode) && !php_checkuid(filename, "rb+", CHECKUID_CHECK_FILE_AND_DIR))  \
+	) {                                                                                 \
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg);                          \
+		RETURN_FALSE;                                                                   \
+	}
+
 #define PHP_GDIMG_TYPE_GIF      1
 #define PHP_GDIMG_TYPE_PNG      2
 #define PHP_GDIMG_TYPE_JPG      3