diff options
Diffstat (limited to 'debian/patches/055-gd_safe_mode_checks.patch')
-rw-r--r-- | debian/patches/055-gd_safe_mode_checks.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches/055-gd_safe_mode_checks.patch b/debian/patches/055-gd_safe_mode_checks.patch new file mode 100644 index 000000000..db02ad932 --- /dev/null +++ b/debian/patches/055-gd_safe_mode_checks.patch @@ -0,0 +1,32 @@ +=================================================================== +RCS file: /repository/php-src/ext/gd/gd.c,v +retrieving revision 1.294.2.12 +retrieving revision 1.294.2.13 +diff -p --unified=3 -r1.294.2.12 -r1.294.2.13 +--- php-5.0.5/ext/gd/gd.c 2005/05/06 16:49:04 1.294.2.12 ++++ php-5.0.5/ext/gd/gd.c 2005/10/06 20:42:56 1.294.2.13 +@@ -1726,7 +1726,7 @@ static void _php_image_output(INTERNAL_F + } + + if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { +- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) { ++ if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); + RETURN_FALSE; + } +=================================================================== +RCS file: /repository/php-src/ext/gd/gd_ctx.c,v +retrieving revision 1.20 +retrieving revision 1.20.2.1 +diff -p --unified=3 -r1.20 -r1.20.2.1 +--- php-5.0.5/ext/gd/gd_ctx.c 2004/01/28 16:25:12 1.20 ++++ php-5.0.5/ext/gd/gd_ctx.c 2005/10/06 20:42:56 1.20.2.1 +@@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERN + } + + if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) { +- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) { ++ if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn); + RETURN_FALSE; + } |