Skip to content

Commit dd5c63b

Browse files
rlerdorfrlerdorf
committed
Fixed bug #33072 - Add a safemode/open_basedir check for runtime save_path
change
1 parent 50292aa commit dd5c63b

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

NEWS

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@ PHP 4 NEWS
77
them sort based on the current locale. (Derick)
88
- Changed sha1_file() and md5_file() functions to use streams instead of
99
low level IO. (Uwe)
10+
- Fixed bug #33072 (Add a safemode/open_basedir check for runtime save_path
11+
change) (Rasmus)
1012
- Fixed bug #33057 (Don't send extraneous entity-headers on a 304 as per
1113
RFC 2616 section 10.3.5) (Rasmus, Choitel)
1214
- Fixed bug #33019 (socket errors cause memory leaks in php_strerror()).

ext/session/session.c

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -117,16 +117,29 @@ static PHP_INI_MH(OnUpdateSerializer)
117117
return SUCCESS;
118118
}
119119

120+
static PHP_INI_MH(OnUpdateSaveDir) {
121+
/* Only do the safemode/open_basedir check at runtime */
122+
if(stage == PHP_INI_STAGE_RUNTIME) {
123+
if (PG(safe_mode) && (!php_checkuid(new_value, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
124+
return FAILURE;
125+
}
126+
127+
if (php_check_open_basedir(new_value TSRMLS_CC)) {
128+
return FAILURE;
129+
}
130+
}
131+
OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);
132+
}
120133

121134
/* {{{ PHP_INI
122135
*/
123136
PHP_INI_BEGIN()
124137
STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals)
125138
STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals)
126139
#ifdef PHP_WIN32
127-
STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals, ps_globals)
140+
STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals)
128141
#else
129-
STD_PHP_INI_ENTRY("session.save_path", "/tmp", PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals, ps_globals)
142+
STD_PHP_INI_ENTRY("session.save_path", "/tmp", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals)
130143
#endif
131144
STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals)
132145
PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler)

0 commit comments

Comments
 (0)