Skip to content

Commit bc59416

Browse files
author
Ilia Alshanetsky
committed
Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of
open_basedir).
1 parent 8bd16e2 commit bc59416

File tree

3 files changed

+10
-4
lines changed

3 files changed

+10
-4
lines changed

NEWS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,8 @@ PHP NEWS
1313
- Fixed bug #39067 (getDeclaringClass() and private properties). (Tony)
1414
- Fixed bug #39034 (curl_exec() with return transfer returns TRUE on empty
1515
files). (Ilia)
16+
- Fixed bug #38934 (move_uploaded_file() cannot read uploaded file outside of
17+
open_basedir). (Ilia)
1618
- Fixed bug #38649 (uninit'd optional arg in stream_socket_sendto()). (Sara)
1719
- Fixed bug #38198 (possible crash when COM reports an exception). (Ilia)
1820
- Fixed bug #37262 (var_export() does not escape \0 character). (Ilia)

ext/standard/basic_functions.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6032,8 +6032,7 @@ PHP_FUNCTION(move_uploaded_file)
60326032
VCWD_UNLINK(Z_STRVAL_PP(new_path));
60336033
if (rename(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path)) == 0) {
60346034
successful = 1;
6035-
} else
6036-
if (php_copy_file(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path) TSRMLS_CC) == SUCCESS) {
6035+
} else if (php_copy_file_ex(Z_STRVAL_PP(path), Z_STRVAL_PP(new_path), STREAM_DISABLE_OPEN_BASEDIR TSRMLS_CC) == SUCCESS) {
60376036
VCWD_UNLINK(Z_STRVAL_PP(path));
60386037
successful = 1;
60396038
}

ext/standard/file.c

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1711,9 +1711,14 @@ PHP_FUNCTION(copy)
17111711
}
17121712
/* }}} */
17131713

1714+
PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
1715+
{
1716+
return php_copy_file_ex(src, dest, ENFORCE_SAFE_MODE TSRMLS_CC);
1717+
}
1718+
17141719
/* {{{ php_copy_file
17151720
*/
1716-
PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
1721+
PHPAPI int php_copy_file_ex(char *src, char *dest, int src_chk TSRMLS_DC)
17171722
{
17181723
php_stream *srcstream = NULL, *deststream = NULL;
17191724
int ret = FAILURE;
@@ -1768,7 +1773,7 @@ PHPAPI int php_copy_file(char *src, char *dest TSRMLS_DC)
17681773
}
17691774
safe_to_copy:
17701775

1771-
srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
1776+
srcstream = php_stream_open_wrapper(src, "rb", src_chk | REPORT_ERRORS, NULL);
17721777

17731778
if (!srcstream) {
17741779
return ret;

0 commit comments

Comments
 (0)