- fix open_basedir vulnerability in php4 and php5 [1]

- add an alert on safe_mode intrinsic insecurity and suggest to install the suhosin extension - enable the suhosin patch by deafult also in php4 Submitted by: Thomas Vogt <thomas@bsdunix.ch> [1] Obtained from: PHP CVS [1] Approved by: portmgr (clement)
author: Alex Dupre <ale@FreeBSD.org> 2006-10-16 09:30:58 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2006-10-16 09:30:58 +0000
commit: d754180768ceb88d6503eb611b91f8153d84da04 (patch)
tree: 194f945e56fcc78457c3972839630e2725b992a3 /lang/php4/files/patch-ext_standard_dir.c
parent: - follow devel/libticalcs 4.6.1 library version (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/lang/php4/files/patch-ext_standard_dir.c b/lang/php4/files/patch-ext_standard_dir.c
new file mode 100644
index 000000000000..ef819306883b
--- /dev/null
+++ b/lang/php4/files/patch-ext_standard_dir.c
@@ -0,0 +1,20 @@
+--- ext/standard/dir.c.orig	Mon Oct 16 06:59:56 2006
++++ ext/standard/dir.c	Mon Oct 16 07:00:06 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: dir.c,v 1.109.2.18.2.2 2006/01/01 13:46:57 sniper Exp $ */
++/* $Id: dir.c,v 1.109.2.18.2.3 2006/10/04 23:20:02 iliaa Exp $ */
+ 
+ /* {{{ includes/startup/misc */
+ 
+@@ -275,7 +275,7 @@
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
++	if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
+ 		RETURN_FALSE;
+ 	}
+ 	ret = VCWD_CHDIR(str);
author	Alex Dupre <ale@FreeBSD.org>	2006-10-16 09:30:58 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2006-10-16 09:30:58 +0000
commit	d754180768ceb88d6503eb611b91f8153d84da04 (patch)
tree	194f945e56fcc78457c3972839630e2725b992a3 /lang/php4/files/patch-ext_standard_dir.c
parent	- follow devel/libticalcs 4.6.1 library version (diff)