On Wed, Jan 05, 2000 at 04:27:48AM +0100, David TILLOY <d.tilloyat_private> wrote: > > Kristian Koehntopp [krisat_private] a écrit: > > PHP3 (http://www.php.net) is a scripting language used in many > > webhosting setups. Often in hosting setups so called "safe_mode" > > is enabled, which restricts the user in many ways. For example, > > in safe_mode you are supposed to be able to execute only > > programs from a safe_mode_exec_dir, if one is defined. Within > > that directory there should be only a restricted command set > > that is considered safe. > > [.../...] > > Right... Your patch seems to work only with php-3.0.12. > I attach modified version for php-3.0.13. > > dav. > --- /tmp/php-3.0.13/functions/file.c Sat Jan 1 05:31:15 2000 > +++ functions/file.c Tue Jan 4 23:35:16 2000 > @@ -26,7 +26,7 @@ > | Authors: Rasmus Lerdorf <rasmusat_private> | > +----------------------------------------------------------------------+ > */ > -/* $Id: file.c,v 1.229 2000/01/01 04:31:15 sas Exp $ */ > +/* $Id: file.c,v 1.230 2000/01/03 21:31:31 kk Exp $ */ > #include "php.h" > > #include <stdio.h> > @@ -51,6 +51,7 @@ > #include "safe_mode.h" > #include "php3_list.h" > #include "php3_string.h" > +#include "exec.h" > #include "file.h" > #if HAVE_PWD_H > #if MSVC5 > @@ -575,7 +576,7 @@ > pval *arg1, *arg2; > FILE *fp; > int id; > - char *p; > + char *p, *tmp=NULL; > char *b, buf[1024]; > TLS_VARS; > > @@ -601,6 +602,11 @@ > snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val); > } > fp = popen(buf,p); Not removing this line leaves the problem in PHP3. You'd better remove it :-) > + > + tmp = _php3_escapeshellcmd(buf); > + fp = popen(tmp,p); > + efree(tmp); /* temporary copy, no longer necessary */ > + > if (!fp) { > php3_error(E_WARNING,"popen(\"%s\",\"%s\") - %s",buf,p,strerror(errno)); > RETURN_FALSE; CU, Thomas -- Thomas Köhler Email: jean-lucat_private | LCARS - Linux for <>< WWW: http://home.pages.de/~jeanluc/ | Computers on All IRC: jeanluc | Real Starships PGP public key: http://www.mayn.de/users/jean-luc/PGP-Public.asc
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:37 PDT