1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
--- ext/gd/gd.c 2005-10-06 22:44:52.000000000 +0200
+++ ext/gd/gd.c 2005-11-03 21:42:59.000000000 +0100
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: gd.c,v 1.221.2.56.2.1 2005/10/06 20:44:52 iliaa Exp $ */
+/* $Id: gd.c,v 1.221.2.56.2.3 2005/11/03 20:20:04 sniper Exp $ */
/* gd 1.2 is copyright 1994, 1995, Quest Protein Database Center,
Cold Spring Harbor Labs. */
@@ -623,7 +623,7 @@
convert_to_string_ex(file);
- stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
+ stream = php_stream_open_wrapper(Z_STRVAL_PP(file), "rb", ENFORCE_SAFE_MODE | IGNORE_PATH | IGNORE_URL_WIN | REPORT_ERRORS, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
@@ -807,6 +807,10 @@
convert_to_boolean_ex(dither);
convert_to_long_ex(ncolors);
+ if (Z_LVAL_PP(ncolors) <= 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Number of colors has to be greater than zero");
+ RETURN_FALSE;
+ }
gdImageTrueColorToPalette(im, Z_LVAL_PP(dither), Z_LVAL_PP(ncolors));
RETURN_TRUE;
@@ -1436,7 +1440,7 @@
fn = Z_STRVAL_PP(file);
- stream = php_stream_open_wrapper(fn, "rb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+ stream = php_stream_open_wrapper(fn, "rb", ENFORCE_SAFE_MODE|REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
if (stream == NULL) {
RETURN_FALSE;
}
@@ -1644,10 +1648,7 @@
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
fp = VCWD_FOPEN(fn, "wb");
if (!fp) {
@@ -3742,16 +3743,10 @@
}
/* Check origin file */
- if (!fn_org || fn_org == empty_string || php_check_open_basedir(fn_org TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid origin filename '%s'", fn_org);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn_org, "Invalid origin filename");
/* Check destination file */
- if (!fn_dest || fn_dest == empty_string || php_check_open_basedir(fn_dest TSRMLS_CC)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid destination filename '%s'", fn_dest);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn_dest, "Invalid destination filename");
/* Open origin file */
org = VCWD_FOPEN(fn_org, "rb");
--- ext/gd/gd_ctx.c 2005-10-06 22:44:52.000000000 +0200
+++ ext/gd/gd_ctx.c 2005-11-03 21:42:59.000000000 +0100
@@ -73,10 +73,7 @@
}
if ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))) {
- if (!fn || fn == empty_string || php_check_open_basedir(fn TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(fn, "rb+", CHECKUID_CHECK_FILE_AND_DIR))) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid filename '%s'", fn);
- RETURN_FALSE;
- }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
fp = VCWD_FOPEN(fn, "wb");
if (!fp) {
--- ext/gd/php_gd.h 2003-03-31 10:49:30.000000000 +0200
+++ ext/gd/php_gd.h 2005-11-15 11:15:27.000000000 +0100
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_gd.h,v 1.44.2.5 2003/03/31 08:49:30 sniper Exp $ */
+/* $Id: php_gd.h,v 1.44.2.5.8.2 2005/11/15 08:15:36 sniper Exp $ */
#ifndef PHP_GD_H
#define PHP_GD_H
@@ -30,6 +30,15 @@
#if HAVE_LIBGD
+/* open_basedir and safe_mode checks */
+#define PHP_GD_CHECK_OPEN_BASEDIR(filename, errormsg) \
+ if (!filename || filename == empty_string || php_check_open_basedir(filename TSRMLS_CC) || \
+ (PG(safe_mode) && !php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR)) \
+ ) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, errormsg); \
+ RETURN_FALSE; \
+ }
+
#define PHP_GDIMG_TYPE_GIF 1
#define PHP_GDIMG_TYPE_PNG 2
#define PHP_GDIMG_TYPE_JPG 3
|
GitWeb