News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > bugtraq > 2000
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: PHP3 safe_mode and popen()
In netuse.lists.bugtraq you write: > Right... Your patch seems to work only with php-3.0.12. > I attach modified version for php-3.0.13. Actually, my patch is against the current CVS of PHP and the diff I posted was being generated directly from the CVS. Get yourself a copy of current PHP directly from the CVS and all is well. >@@ -601,6 +602,11 @@ > snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val); > } > fp = popen(buf,p); >+ >+ tmp = _php3_escapeshellcmd(buf); >+ fp = popen(tmp,p); >+ efree(tmp); /* temporary copy, no longer necessary */ >+ Your patch does popen twice and the first popen() is unescaped. This is broken and should not be used. Again, please use the CVS to get a properly patched version of PHP or wait for the bugfix release of PHP which will be out RSN. Kristian
|
