archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added target ownership check in function copy for safe_mode operations

Browse source
This commit is contained in:
Romolo Manfredini 2001-03-23 09:30:51 +00:00
parent 6d41bf1492
commit 01ac20050e
2 changed files with 11 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/standard/basic_functions.c
View file

@ -2491,6 +2491,10 @@ PHP_FUNCTION(move_uploaded_file)
RETURN_FALSE; RETURN_FALSE;
} }
if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(new_path), NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
V_UNLINK(Z_STRVAL_PP(new_path)); V_UNLINK(Z_STRVAL_PP(new_path));
if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path))==0) { if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path))==0) {
successful=1; successful=1;

4
ext/standard/file.c
View file

@ -1703,6 +1703,10 @@ PHP_FUNCTION(copy)
RETURN_FALSE; RETURN_FALSE;
} }
if (PG(safe_mode) &&(!php_checkuid((*target)->value.str.val, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
RETURN_FALSE;
}
if (php_copy_file(Z_STRVAL_PP(source), Z_STRVAL_PP(target))==SUCCESS) { if (php_copy_file(Z_STRVAL_PP(source), Z_STRVAL_PP(target))==SUCCESS) {
RETURN_TRUE; RETURN_TRUE;
} else { } else {