php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #35225 Wrong fopen mode used in GD safe-mode checks
Submitted: 2005-11-15 10:49 UTC Modified: 2005-11-23 01:00 UTC
From: virus at tgu dot ru Assigned:
Status: No Feedback Package: GD related
PHP Version: 4CVS-2005-11-15 (snap) OS:
Private report: No CVE-ID: None
 [2005-11-15 10:49 UTC] virus at tgu dot ru
Description:
------------
Bug #35071 doesn't seem to be fixed in CVS.
(We still have !php_checkuid(filename, "rb+", CHECKUID_CHECK_FILE_AND_DIR) in php_gd.h)
Bug #35060 is still reproduceable.


Reproduce code:
---------------
<?php
// safe_mode is enabled
$img_out=imagecreatetruecolor(200,200);
imagejpeg($img_out,'files/thingy/test.jpg',100);
imagedestroy($img_out);
?>


Expected result:
----------------
new image created "files/thingy/test.jpg"


Actual result:
--------------
Warning: imagejpeg(): Unable to access files/thingy/test.jpg in /home/moron/www/test.php on line 3

Warning: imagejpeg(): Invalid filename 'files/thingy/test.jpg' in /home/moron/www/test.php on line 3



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-15 10:52 UTC] tony2001@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Should be in the next snapshot.
 [2005-11-23 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 19:01:30 2024 UTC