fd fix

14 years ago · 6e51989501
2 changed files with 18 additions and 0 deletions
--- a/4
+++ b/4
@ -22,6 +22,7 @@ PHP                                                                        NEWS
  . Fixed bug #61713 (Logic error in charset detection for htmlentities).
    (Anatoliy)
  . Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
+  . Changed php://fd to be available only for CLI.

 - Fileinfo:
  . Fixed bug #61812 (Uninitialised value used in libmagic). 
@ -35,6 +36,9 @@ PHP                                                                        NEWS
  . Fixed bug #61755 (A parsing bug in the prepared statements can lead to
    access violations). (Johannes)

+- Phar:
+  . Fix bug #61065 (Secunia SA44335). (Rasmus)
+
 - Iconv extension:
  . Fixed a bug that iconv extension fails to link to the correct library
    when another extension makes use of a library that links to the iconv
--- a/ext/standard/php_fopen_wrapper.c
+++ b/ext/standard/php_fopen_wrapper.c
@ -263,6 +263,20 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, ch
 		long	   fildes_ori;
 		int		   dtablesize;

+		if (strcmp(sapi_module.name, "cli")) {
+			if (options & REPORT_ERRORS) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Direct access to file descriptors is only available from command-line PHP");
+			}
+			return NULL;
+		}
+
+		if ((options & STREAM_OPEN_FOR_INCLUDE) && !PG(allow_url_include) ) {
+			if (options & REPORT_ERRORS) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL file-access is disabled in the server configuration");
+			}
+			return NULL;
+		}
+
 		start = &path[3];
 		fildes_ori = strtol(start, &end, 10);
 		if (end == start || *end != '\0') {