From 067f51c23a1e6f413d0abb965b71fc97d18a6421 Mon Sep 17 00:00:00 2001 From: Alex Dupre Date: Thu, 4 Sep 2008 13:55:11 +0000 Subject: Fix for CVE-2008-2665 and CVE-2008-2666. Obtained from: PHP CVS --- lang/php5/files/patch-main_safe_mode.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lang/php5/files/patch-main_safe_mode.c (limited to 'lang/php5/files') diff --git a/lang/php5/files/patch-main_safe_mode.c b/lang/php5/files/patch-main_safe_mode.c new file mode 100644 index 000000000000..4b0d4e1c531c --- /dev/null +++ b/lang/php5/files/patch-main_safe_mode.c @@ -0,0 +1,17 @@ +--- main/safe_mode.c.orig 2008-09-04 15:52:19.000000000 +0200 ++++ main/safe_mode.c 2008-09-04 15:52:35.000000000 +0200 +@@ -74,14 +74,6 @@ + } + } + +- /* +- * If given filepath is a URL, allow - safe mode stuff +- * related to URL's is checked in individual functions +- */ +- wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC); +- if (wrapper != NULL) +- return 1; +- + /* First we see if the file is owned by the same user... + * If that fails, passthrough and check directory... + */ -- cgit v1.2.3