archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 06:58:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added target ownership check in function copy for safe_mode operations

Browse source
This commit is contained in:
Romolo Manfredini 2001-03-23 09:30:51 +00:00
parent 6d41bf1492
commit 01ac20050e
2 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ext/standard/basic_functions.c
View file

@ -2490,7 +2490,11 @@ PHP_FUNCTION(move_uploaded_file)
if (!zend_hash_exists(SG(rfc1867_uploaded_files), Z_STRVAL_PP(path), Z_STRLEN_PP(path)+1)) {
RETURN_FALSE;
}
if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_path), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
V_UNLINK(Z_STRVAL_PP(new_path));
if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path))==0) {
successful=1;

8
ext/standard/file.c
View file

@ -1691,7 +1691,7 @@ PHP_FUNCTION(copy)
{
pval **source, **target;
PLS_FETCH();
if (ARG_COUNT(ht) != 2 || zend_get_parameters_ex(2, &source, &target) == FAILURE) {
WRONG_PARAM_COUNT;
}
@ -1702,7 +1702,11 @@ PHP_FUNCTION(copy)
if (PG(safe_mode) &&(!php_checkuid((*source)->value.str.val, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (PG(safe_mode) &&(!php_checkuid((*target)->value.str.val, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_copy_file(Z_STRVAL_PP(source), Z_STRVAL_PP(target))==SUCCESS) {
RETURN_TRUE;
} else {