cvs: php-src(PHP_5_2) / NEWS /main safe_mode.c
felipe Mon Jul 21 19:34:45 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src NEWS
/php-src/main safe_mode.c
Log:
- MFB: Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
(patch by Christian Hoffmann)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1177&r2=1.2027.2.547.2.1178&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1177 php-src/NEWS:1.2027.2.547.2.1178
--- php-src/NEWS:1.2027.2.547.2.1177 Fri Jul 18 17:41:59 2008
+++ php-src/NEWS Mon Jul 21 19:34:44 2008
@@ -1,6 +1,9 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2008, PHP 5.2.7
+- Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
+ (Christian Hoffmann)
+
- Reverted fix for bug #44197 due to change in behaviour in minor version.
(Felipe)
http://cvs.php.net/viewvc.cgi/php-src/main/safe_mode.c?r1=1.62.2.1.2.15&r2=1.62.2.1.2.16&diff_format=u
Index: php-src/main/safe_mode.c
diff -u php-src/main/safe_mode.c:1.62.2.1.2.15 php-src/main/safe_mode.c:1.62.2.1.2.16
--- php-src/main/safe_mode.c:1.62.2.1.2.15 Mon Dec 31 07:20:15 2007
+++ php-src/main/safe_mode.c Mon Jul 21 19:34:45 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: safe_mode.c,v 1.62.2.1.2.15 2007/12/31 07:20:15 sebastian Exp $ */
+/* $Id: safe_mode.c,v 1.62.2.1.2.16 2008/07/21 19:34:45 felipe Exp $ */
#include "php.h"
@@ -73,14 +73,6 @@
mode = CHECKUID_CHECK_FILE_AND_DIR;
}
}
-
- /*
- * If given filepath is a URL, allow - safe mode stuff
- * related to URL's is checked in individual functions
- */
- wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
- if (wrapper != NULL)
- return 1;
/* First we see if the file is owned by the same user...
* If that fails, passthrough and check directory...