--- php-4.3.10/ext/curl/curl.c 2005-02-16 23:05:48.000000000 -0700
+++ php4-4.3.10/ext/curl/curl.c 2005-02-16 23:03:50.000000000 -0700
@@ -712,9 +712,18 @@
if (argc > 0) {
char *urlcopy;
+ char *urltmp;
convert_to_string_ex(url);
urlcopy = estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
+
+ urltmp = Z_STRVAL_PP(url);
+ if (strncasecmp(urltmp, "file://", 7) == 0) {
+ urltmp = strstr((urltmp+7), "/");
+ if (php_check_open_basedir(urltmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(urltmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))
+ RETURN_FALSE;
+ }
+
curl_easy_setopt(ch->cp, CURLOPT_URL, urlcopy);
zend_llist_add_element(&ch->to_free.str, &urlcopy);
}
@@ -792,7 +801,6 @@
convert_to_long_ex(zvalue);
error = curl_easy_setopt(ch->cp, option, Z_LVAL_PP(zvalue));
break;
- case CURLOPT_URL:
case CURLOPT_PROXY:
case CURLOPT_USERPWD:
case CURLOPT_PROXYUSERPWD:
@@ -826,6 +834,25 @@
break;
}
+ case CURLOPT_URL: {
+ char *copystr = NULL;
+ char *urltmp = NULL;
+
+ convert_to_string_ex(zvalue);
+ copystr = estrndup(Z_STRVAL_PP(zvalue), Z_STRLEN_PP(zvalue));
+
+ urltmp = Z_STRVAL_PP(zvalue);
+ if (strncasecmp(urltmp, "file://", 7) == 0) {
+ urltmp = strstr((urltmp+7), "/");
+ if (php_check_open_basedir(urltmp TSRMLS_CC) || (PG(safe_mode) && !php_checkuid(urltmp, "rb+", CHECKUID_CHECK_MODE_PARAM)))
+ RETURN_FALSE;
+ }
+
+ error = curl_easy_setopt(ch->cp, option, copystr);
+ zend_llist_add_element(&ch->to_free.str, ©str);
+
+ break;
+ }
case CURLOPT_FILE:
case CURLOPT_INFILE:
case CURLOPT_WRITEHEADER:
