PHP :: Bug #35071 :: Wrong fopen mode used in GD safe-mode checks
- ️Wed Nov 02 2005
| Bug #35071 | Wrong fopen mode used in GD safe-mode checks | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Submitted: | 2005-11-02 21:04 UTC | Modified: | 2005-11-03 21:28 UTC |
|
||||||||||
| From: | webmaster at iksaif dot net | Assigned: | ||||||||||||
| Status: | Closed | Package: | GD related | |||||||||||
| PHP Version: | 4.4.1 | OS: | * | |||||||||||
| Private report: | No | CVE-ID: | None |
[2005-11-02 21:04 UTC] webmaster at iksaif dot net
Description:
------------
in ext/gd.c ext/gd_ctx.c
(PG(safe_mode) && !php_checkuid(fn, "rb+",
CHECKUID_CHECK_FILE_AND_DIR)))
should be :
(PG(safe_mode) && !php_checkuid(fn, "wb+",
CHECKUID_CHECK_FILE_AND_DIR)))
because with "rb+" it's impossible to create a new file
with imagepng,imagejpeg, etc ....
("r" change mode from CHECKUID_CHECK_FILE_AND_DIR to
CHECKUID_DISALLOW_FILE_NOT_EXISTS).
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commitsRelated reports
[2005-11-02 21:25 UTC] moron at industrial dot org
This is the same issue covered in bug #35060 (though you do suggest a potential fix). sniper@php.net claims this is a documentation problem, not a bug.
[2005-11-02 22:28 UTC] sniper@php.net
Fixed in HEAD and PHP_5_1 branches.
[2005-11-03 21:21 UTC] sniper@php.net
This bug has been fixed in CVS. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better.