Re: [PHP-DEV] patch to allow file-uploads in safe_mode without user-id fiddleing From: Rasmus Lerdorf (rasmus <email protected>)
Date: 01/08/01

Yes, I think we can do this now that we have the new upload handling code.
I mentioned this a while ago but never got to it.

-Rasmus

On Mon, 8 Jan 2001, Thies C. Arntzen wrote:

> Index: main/safe_mode.c
> ===================================================================
> RCS file: /repository/php4/main/safe_mode.c,v
> retrieving revision 1.24
> diff -u -u -r1.24 safe_mode.c
> --- main/safe_mode.c 2000/12/16 20:52:43 1.24
> +++ main/safe_mode.c 2001/01/08 19:01:25
> @@ -121,6 +121,14 @@
> if (duid == (uid=php_getuid())) {
> return 1;
> } else {
> + SLS_FETCH();
> +
> + if (SG(rfc1867_uploaded_files)) {
> + if (zend_hash_exists(SG(rfc1867_uploaded_files),filename,strlen(filename)+1)) {
> + return 1;
> + }
> + }
> +
> php_error(E_WARNING, "SAFE MODE Restriction in effect. The script whose uid is %ld is not allowed to access %s owned by uid %ld", uid, filename, duid);
> return 0;
> }
>
> am i way off or is this something we should allow?
>
> explanation: allow access to every rfc1867_uploaded_files in
> safe_mode even if itÄs not owned by the same UID as the script.
>
> tc
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
> 

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>