summaryrefslogtreecommitdiff
path: root/debian/patches/055-gd_safe_mode_checks.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/055-gd_safe_mode_checks.patch')
-rw-r--r--debian/patches/055-gd_safe_mode_checks.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/debian/patches/055-gd_safe_mode_checks.patch b/debian/patches/055-gd_safe_mode_checks.patch
new file mode 100644
index 000000000..db02ad932
--- /dev/null
+++ b/debian/patches/055-gd_safe_mode_checks.patch
@@ -0,0 +1,32 @@
+===================================================================
+RCS file: /repository/php-src/ext/gd/gd.c,v
+retrieving revision 1.294.2.12
+retrieving revision 1.294.2.13
+diff -p --unified=3 -r1.294.2.12 -r1.294.2.13
+--- php-5.0.5/ext/gd/gd.c 2005/05/06 16:49:04 1.294.2.12
++++ php-5.0.5/ext/gd/gd.c 2005/10/06 20:42:56 1.294.2.13
+@@ -1726,7 +1726,7 @@ static void _php_image_output(INTERNAL_F
+ }
+
+ if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
+- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
++ if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
+ RETURN_FALSE;
+ }
+===================================================================
+RCS file: /repository/php-src/ext/gd/gd_ctx.c,v
+retrieving revision 1.20
+retrieving revision 1.20.2.1
+diff -p --unified=3 -r1.20 -r1.20.2.1
+--- php-5.0.5/ext/gd/gd_ctx.c 2004/01/28 16:25:12 1.20
++++ php-5.0.5/ext/gd/gd_ctx.c 2005/10/06 20:42:56 1.20.2.1
+@@ -82,7 +82,7 @@ static void _php_image_output_ctx(INTERN
+ }
+
+ if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
+- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
++ if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
+ RETURN_FALSE;
+ }