--- ext/curl/curl.c 2005-03-14 10:03:09.000000000 +0100 +++ ext/curl/curl.c 2005-10-17 04:42:51.000000000 +0200 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: curl.c,v 1.124.2.29 2005/03/14 09:03:09 sniper Exp $ */ +/* $Id: curl.c,v 1.124.2.30.2.3 2005/10/17 02:42:51 iliaa Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -66,7 +66,7 @@ #define CAAZ(s, v) add_assoc_zval_ex(return_value, s, sizeof(s), (zval *) v); #define PHP_CURL_CHECK_OPEN_BASEDIR(str, len) \ - if (PG(open_basedir) && *PG(open_basedir) && \ + if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) && \ strncasecmp(str, "file://", sizeof("file://") - 1) == 0) \ { \ php_url *tmp_url; \ @@ -76,7 +76,7 @@ RETURN_FALSE; \ } \ \ - if (php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ + if (tmp_url->query || php_check_open_basedir(tmp_url->path TSRMLS_CC) || \ (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM)) \ ) { \ php_url_free(tmp_url); \ @@ -436,10 +436,12 @@ zend_list_addref(ch->id); ZVAL_STRINGL(argv[1], data, length, 1); + ch->in_callback = 1; error = call_user_function(EG(function_table), NULL, t->func, retval, 2, argv TSRMLS_CC); + ch->in_callback = 0; if (error == FAILURE) { php_error(E_WARNING, "%s(): Couldn't call the CURLOPT_WRITEFUNCTION", get_active_function_name(TSRMLS_C)); @@ -495,10 +497,12 @@ zend_list_addref(t->fd); ZVAL_LONG(argv[2], (int) size * nmemb); + ch->in_callback = 1; error = call_user_function(EG(function_table), NULL, t->func, retval, 3, argv TSRMLS_CC); + ch->in_callback = 0; if (error == FAILURE) { php_error(E_WARNING, "%s(): Cannot call the CURLOPT_READFUNCTION", get_active_function_name(TSRMLS_C)); @@ -553,10 +557,12 @@ zend_list_addref(ch->id); ZVAL_STRINGL(argv[1], data, length, 1); + ch->in_callback = 1; error = call_user_function(EG(function_table), NULL, t->func, retval, 2, argv TSRMLS_CC); + ch->in_callback = 0; if (error == FAILURE) { php_error(E_WARNING, "%s(): Couldn't call the CURLOPT_HEADERFUNCTION", get_active_function_name(TSRMLS_C)); @@ -606,10 +612,12 @@ ZVAL_STRING(argv[1], prompt, 1); ZVAL_LONG(argv[2], buflen); + ch->in_callback = 1; error = call_user_function(EG(function_table), NULL, func, retval, 2, argv TSRMLS_CC); + ch->in_callback = 0; if (error == FAILURE) { php_error(E_WARNING, "%s(): Couldn't call the CURLOPT_PASSWDFUNCTION", get_active_function_name(TSRMLS_C)); } else if (Z_TYPE_P(retval) == IS_STRING) { @@ -680,7 +688,9 @@ (*ch)->handlers->write_header = ecalloc(1, sizeof(php_curl_write)); (*ch)->handlers->read = ecalloc(1, sizeof(php_curl_read)); memset(&(*ch)->err, 0, sizeof((*ch)->err)); - + + (*ch)->in_callback = 0; + zend_llist_init(&(*ch)->to_free.str, sizeof(char *), (void(*)(void *)) curl_free_string, 0); zend_llist_init(&(*ch)->to_free.slist, sizeof(struct curl_slist), @@ -982,10 +992,15 @@ postval = Z_STRVAL_PP(current); if (*postval == '@') { + ++postval; + /* safe_mode / open_basedir check */ + if (php_check_open_basedir(postval TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(postval, "rb+", CHECKUID_CHECK_MODE_PARAM))) { + RETURN_FALSE; + } error = curl_formadd(&first, &last, CURLFORM_COPYNAME, string_key, CURLFORM_NAMELENGTH, (long)string_key_len - 1, - CURLFORM_FILE, ++postval, + CURLFORM_FILE, postval, CURLFORM_END); } else { @@ -1337,7 +1352,11 @@ WRONG_PARAM_COUNT; } ZEND_FETCH_RESOURCE(ch, php_curl *, zid, -1, le_curl_name, le_curl); - + + if (ch->in_callback) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempt to close CURL handle from a callback"); + return; + } zend_list_delete(Z_LVAL_PP(zid)); } /* }}} */ --- ext/curl/php_curl.h 2002-12-31 17:34:15.000000000 +0100 +++ ext/curl/php_curl.h 2005-06-02 23:05:06.000000000 +0200 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_curl.h,v 1.29.2.1 2002/12/31 16:34:15 sebastian Exp $ */ +/* $Id: php_curl.h,v 1.29.2.2 2005/06/02 21:05:06 tony2001 Exp $ */ #ifndef _PHP_CURL_H #define _PHP_CURL_H @@ -93,6 +93,7 @@ struct _php_curl_free to_free; long id; unsigned int uses; + zend_bool in_callback; } php_curl; /* streams support */