--- php-4.3.10/ext/curl/curl.c 2005-02-16 23:05:48.000000000 -0700 +++ php4-4.3.10/ext/curl/curl.c 2005-02-16 23:03:50.000000000 -0700 @@ -712,9 +712,18 @@ if (argc > 0) { char *urlcopy; + char *urltmp; convert_to_string_ex(url); urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url)); + + urltmp = Z_STRVAL_PP(url); + if (strncasecmp(urltmp, "file://", 7) == 0) { + urltmp = strstr((urltmp+7), "/"); + if (php_check_open_basedir(urltmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(urltmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) + RETURN_FALSE; + } + curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy); zend_llist_add_element(&ch->to_free.str, &urlcopy); } @@ -792,7 +801,6 @@ convert_to_long_ex(zvalue); error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue)); break; - case CURLOPT_URL: case CURLOPT_PROXY: case CURLOPT_USERPWD: case CURLOPT_PROXYUSERPWD: @@ -826,6 +834,25 @@ break; } + case CURLOPT_URL: { + char *copystr = NULL; + char *urltmp = NULL; + + convert_to_string_ex(zvalue); + copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue)); + + urltmp = Z_STRVAL_PP(zvalue); + if (strncasecmp(urltmp, "file://", 7) == 0) { + urltmp = strstr((urltmp+7), "/"); + if (php_check_open_basedir(urltmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(urltmp, "rb+", CHECKUID_CHECK_MODE_PARAM))) + RETURN_FALSE; + } + + error = curl_easy_setopt(ch->cp, option, copystr); + zend_llist_add_element(&ch->to_free.str, ©str); + + break; + } case CURLOPT_FILE: case CURLOPT_INFILE: case CURLOPT_WRITEHEADER: