php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #35843 imagettftext don't check open_basedir and safe_mode
Submitted: 2005-12-29 19:55 UTC Modified: 2006-01-07 01:00 UTC
From: vmlinuz386 at yahoo dot com dot ar Assigned:
Status: No Feedback Package: Feature/Change Request
PHP Version: 5.1.1, 4.4.1 OS: GNU/Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: vmlinuz386 at yahoo dot com dot ar
New email:
PHP Version: OS:

 

 [2005-12-29 19:55 UTC] vmlinuz386 at yahoo dot com dot ar 
Description:
------------
In file ext/gd/gdttf.c this call to freetype without any check open_basedir and safe_mode:
        if ((err = TT_Open_Face(*b->engine, a->fontname, &a->face))) {

this is also in 5.1.1

If you need a font in your scripts the font will be in some directory asigned for you.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-30 10:42 UTC] tony2001@php.net 
I don't see any harm in this particular case: you can't get the file contents or change it.
And in this same time this makes possible to use system fonts.
 [2006-01-07 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Jul 14 14:01:31 2025 UTC