Imported Debian patch 5.0.5-2debian/5.0.5-2

1 files changed, 32 insertions, 0 deletions

diff --git a/debian/patches/055-gd_safe_mode_checks.patch b/debian/patches/055-gd_safe_mode_checks.patch
new file mode 100644
index 000000000..db02ad932
--- /dev/null
+++ b/debian/patches/055-gd_safe_mode_checks.patch
@@ -0,0 +1,32 @@
+===================================================================
+RCS file: /repository/php-src/ext/gd/gd.c,v
+retrieving revision 1.294.2.12
+retrieving revision 1.294.2.13
+diff -p --unified=3 -r1.294.2.12 -r1.294.2.13
+--- php-5.0.5/ext/gd/gd.c	2005/05/06 16:49:04	1.294.2.12
++++ php-5.0.5/ext/gd/gd.c	2005/10/06 20:42:56	1.294.2.13
+@@ -1726,7 +1726,7 @@ static void _php_image_output(INTERNAL_F
+ 	}
+
+ 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
+-		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
++		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
+ 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
+ 			RETURN_FALSE;
+ 		}
+===================================================================
+RCS file: /repository/php-src/ext/gd/gd_ctx.c,v
+retrieving revision 1.20
+retrieving revision 1.20.2.1
+diff -p --unified=3 -r1.20 -r1.20.2.1
+--- php-5.0.5/ext/gd/gd_ctx.c	2004/01/28 16:25:12	1.20
++++ php-5.0.5/ext/gd/gd_ctx.c	2005/10/06 20:42:56	1.20.2.1
+@@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERN
+ 	}
+
+ 	if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
+-		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
++		if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
+ 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
+ 			RETURN_FALSE;
+ 		}