php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-25 08:58:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added missing safe_mode checks and corrected a typo in stdout check.

Browse Source
This commit is contained in:
Ilia Alshanetsky
2003-05-21 00:57:34 +00:00
parent 323eedd1b2
commit b078f60fce
2 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ext/cpdf/cpdf.c
+19 -1
View File
@@ -426,6 +426,11 @@ PHP_FUNCTION(cpdf_open)
if(strcmp(Z_STRVAL_PP(arg2), "-") == 0)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Writing to stdout as described in the ClibPDF manual is not possible if php is used as an Apache module. Write to a memory stream and use cpdf_output_buffer() instead.");
#endif
if (php_check_open_basedir(Z_STRVAL_PP(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg2), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
cpdf_setOutputFilename(cpdf, Z_STRVAL_PP(arg2));
}
cpdf_init(cpdf);
@@ -777,6 +782,10 @@ PHP_FUNCTION(cpdf_set_font_map_file)
CPDF_FETCH_CPDFDOC(arg1);
convert_to_string_ex(arg2);
if (php_check_open_basedir(Z_STRVAL_PP(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg2), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
cpdf_setFontMapFile(pdf, Z_STRVAL_PP(arg2));
RETURN_TRUE;
@@ -1923,10 +1932,14 @@ PHP_FUNCTION(cpdf_save_to_file)
convert_to_string_ex(arg2);
#if APACHE
if(strcmp(Z_STRVAL_P(arg2), "-") == 0)
if(strcmp(Z_STRVAL_PP(arg2), "-") == 0)
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Writing to stdout as described in the ClibPDF manual is not possible if php is used as an Apache module. Use cpdf_output_buffer() instead.");
#endif
if (php_check_open_basedir(Z_STRVAL_PP(arg2) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(arg2), "wb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
cpdf_savePDFmemoryStreamToFile(pdf, Z_STRVAL_PP(arg2));
RETURN_TRUE;
@@ -1948,6 +1961,11 @@ PHP_FUNCTION(cpdf_import_jpeg)
CPDF_FETCH_CPDFDOC(argv[0]);
convert_to_string_ex(argv[1]);
if (php_check_open_basedir(Z_STRVAL_PP(argv[1]) TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(Z_STRVAL_PP(argv[1]), "rb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
convert_to_double_ex(argv[2]);
convert_to_double_ex(argv[3]);
convert_to_double_ex(argv[4]);
ext/pdf/pdf.c
+5
View File
@@ -2335,6 +2335,11 @@ PHP_FUNCTION(pdf_open_file)
if (argc == 2) {
convert_to_string_ex(arg2);
filename = Z_STRVAL_PP(arg2);
if (php_check_open_basedir(filename TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(filename, "wb+", CHECKUID_CHECK_MODE_PARAM))) {
RETURN_FALSE;
}
pdf_file = PDF_open_file(pdf, filename);
} else {
/* open in memory */