# # Description: fix safe_mode restriction bypass via unrestricted variable settings. # Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508021 # Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u # Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u # diff -Nur php5-5.2.6/ext/standard/basic_functions.c php5-5.2.6.new/ext/standard/basic_functions.c --- php5-5.2.6/ext/standard/basic_functions.c 2009-01-26 09:18:56.000000000 -0500 +++ php5-5.2.6.new/ext/standard/basic_functions.c 2009-01-26 09:19:08.000000000 -0500 @@ -3919,6 +3919,8 @@ memset(&BG(mblen_state), 0, sizeof(BG(mblen_state))); #endif BG(incomplete_class) = incomplete_class_entry; + BG(page_uid) = -1; + BG(page_gid) = -1; } @@ -4221,6 +4223,8 @@ PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU); + BG(page_uid) = -1; + BG(page_gid) = -1; return SUCCESS; } diff -Nur php5-5.2.6/sapi/apache/mod_php5.c php5-5.2.6.new/sapi/apache/mod_php5.c --- php5-5.2.6/sapi/apache/mod_php5.c 2009-01-26 09:18:56.000000000 -0500 +++ php5-5.2.6.new/sapi/apache/mod_php5.c 2009-01-26 09:19:47.000000000 -0500 @@ -597,6 +597,8 @@ return OK; } + SG(server_context) = r; + zend_first_try { /* Make sure file exists */ @@ -654,8 +656,6 @@ /* Init timeout */ hard_timeout("send", r); - SG(server_context) = r; - php_save_umask(); add_common_vars(r); add_cgi_vars(r);