summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelipe Pena <felipe@php.net>2008-07-21 19:32:21 (GMT)
committerFelipe Pena <felipe@php.net>2008-07-21 19:32:21 (GMT)
commitdab8b811c28a1f9f45c7db717bf890dc9d9db97a (patch)
tree3fc7f035d966da6d244666c246ed99aa3220d64a
parente19f52047cb8b6683cce156a5e44d0fdac27dcb4 (diff)
downloadphp-dab8b811c28a1f9f45c7db717bf890dc9d9db97a.tar.gz
- Fixed securities issue detailed in CVE-2008-2665 and CVE-2008-2666.
(patch by Christian Hoffmann)
-rw-r--r--main/safe_mode.c8
1 files changed, 0 insertions, 8 deletions
diff --git a/main/safe_mode.c b/main/safe_mode.c
index b791351..d9d1a4f 100644
--- a/main/safe_mode.c
+++ b/main/safe_mode.c
@@ -73,14 +73,6 @@ PHPAPI int php_checkuid_ex(const char *filename, const char *fopen_mode, int mod
mode = CHECKUID_CHECK_FILE_AND_DIR;
}
}
-
- /*
- * If given filepath is a URL, allow - safe mode stuff
- * related to URL's is checked in individual functions
- */
- wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
- if (wrapper != NULL)
- return 1;
/* First we see if the file is owned by the same user...
* If that fails, passthrough and check directory...