--Clx92ZfkiYIKRjnr Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Kristian Koehntopp [krisat_private] a écrit: > PHP3 (http://www.php.net) is a scripting language used in many > webhosting setups. Often in hosting setups so called "safe_mode" > is enabled, which restricts the user in many ways. For example, > in safe_mode you are supposed to be able to execute only > programs from a safe_mode_exec_dir, if one is defined. Within > that directory there should be only a restricted command set > that is considered safe. [.../...] Right... Your patch seems to work only with php-3.0.12. I attach modified version for php-3.0.13. dav. -- David TILLOY - Chef de projets - <d.tilloyat_private> Neuronnexion (nnx) - 19/21, rue des Augustins - F-80000 Amiens Voice (+33 3).22.71.61.90 - Fax (+33 3).22.71.61.99 --Clx92ZfkiYIKRjnr Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="php_popen-3.0.13.patch" --- /tmp/php-3.0.13/functions/file.c Sat Jan 1 05:31:15 2000 +++ functions/file.c Tue Jan 4 23:35:16 2000 @@ -26,7 +26,7 @@ | Authors: Rasmus Lerdorf <rasmusat_private> | +----------------------------------------------------------------------+ */ -/* $Id: file.c,v 1.229 2000/01/01 04:31:15 sas Exp $ */ +/* $Id: file.c,v 1.230 2000/01/03 21:31:31 kk Exp $ */ #include "php.h" #include <stdio.h> @@ -51,6 +51,7 @@ #include "safe_mode.h" #include "php3_list.h" #include "php3_string.h" +#include "exec.h" #include "file.h" #if HAVE_PWD_H #if MSVC5 @@ -575,7 +576,7 @@ pval *arg1, *arg2; FILE *fp; int id; - char *p; + char *p, *tmp=NULL; char *b, buf[1024]; TLS_VARS; @@ -601,6 +602,11 @@ snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val); } fp = popen(buf,p); + + tmp = _php3_escapeshellcmd(buf); + fp = popen(tmp,p); + efree(tmp); /* temporary copy, no longer necessary */ + if (!fp) { php3_error(E_WARNING,"popen(\"%s\",\"%s\") - %s",buf,p,strerror(errno)); RETURN_FALSE; --Clx92ZfkiYIKRjnr--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:09 PDT