summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'dev-lang/php/files/5.0.5/php5.0.5-gd-safe_mode.patch')
-rw-r--r--dev-lang/php/files/5.0.5/php5.0.5-gd-safe_mode.patch95
1 files changed, 95 insertions, 0 deletions
diff --git a/dev-lang/php/files/5.0.5/php5.0.5-gd-safe_mode.patch b/dev-lang/php/files/5.0.5/php5.0.5-gd-safe_mode.patch
new file mode 100644
index 000000000000..8b094320b510
--- /dev/null
+++ b/dev-lang/php/files/5.0.5/php5.0.5-gd-safe_mode.patch
@@ -0,0 +1,95 @@
+--- ext/gd/gd.c 2005-12-08 15:44:36.000000000 +0100
++++ ext/gd/gd.c 2005-12-08 17:21:55.000000000 +0100
+@@ -705,7 +705,7 @@
+
+ convert_to_string_ex(file);
+
+- stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
++ stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+ if (stream == NULL) {
+ RETURN_FALSE;
+ }
+@@ -889,6 +889,10 @@
+ convert_to_boolean_ex(dither);
+ convert_to_long_ex(ncolors);
+
++ if (Z_LVAL_PP(ncolors) <= 0) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of colors has to be greater than zero");
++ RETURN_FALSE;
++ }
+ gdImageTrueColorToPalette(im, Z_LVAL_PP(dither), Z_LVAL_PP(ncolors));
+
+ RETURN_TRUE;
+@@ -1518,7 +1522,7 @@
+
+ fn = Z_STRVAL_PP(file);
+
+- stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
++ stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+ if (stream == NULL) {
+ RETURN_FALSE;
+ }
+@@ -1726,10 +1730,7 @@
+ }
+
+ if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
+- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
+- RETURN_FALSE;
+- }
++ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
+
+ fp = VCWD_FOPEN(fn, "wb");
+ if (!fp) {
+@@ -3824,16 +3825,10 @@
+ }
+
+ /* Check origin file */
+- if (!fn_org || fn_org == empty_string || php_check_open_basedir(fn_org TSRMLS_CC)) {
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org);
+- RETURN_FALSE;
+- }
++ PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename");
+
+ /* Check destination file */
+- if (!fn_dest || fn_dest == empty_string || php_check_open_basedir(fn_dest TSRMLS_CC)) {
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest);
+- RETURN_FALSE;
+- }
++ PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename");
+
+ /* Open origin file */
+ org = VCWD_FOPEN(fn_org, "rb");
+--- ext/gd/gd_ctx.c 2005-12-08 15:44:42.000000000 +0100
++++ ext/gd/gd_ctx.c 2005-12-08 17:25:24.000000000 +0100
+@@ -82,10 +82,8 @@
+ }
+
+ if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
+- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC)) {
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
+- RETURN_FALSE;
+- }
++
++ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
+
+ fp = VCWD_FOPEN(fn, "wb");
+ if (!fp) {
+--- ext/gd/php_gd.h 2005-12-08 15:44:49.000000000 +0100
++++ ext/gd/php_gd.h 2005-12-08 17:29:53.000000000 +0100
+@@ -30,6 +30,15 @@
+
+ #if HAVE_LIBGD
+
++/* open_basedir and safe_mode checks */
++#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
++ if (!filename || php_check_open_basedir(filename TSRMLS_CC) || \
++ (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \
++ ) { \
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
++ RETURN_FALSE; \
++ }
++
+ #define PHP_GDIMG_TYPE_GIF 1
+ #define PHP_GDIMG_TYPE_PNG 2
+ #define PHP_GDIMG_TYPE_JPG 3