fix #37191 (chmod takes off sticky bit when safe_mode is On)

strk · Apr 25, 2006 · 90b3dad · 90b3dad
1 parent 1c02dff
commit 90b3dad
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/NEWS b/NEWS
@@ -1,7 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Apr 2006, PHP 5.1.3RC4
-- Fixed bug #37192 (cc fails on hash_adler.c:32). Mike
+- Fixed bug #37192 (cc fails on hash_adler.c:32). (Mike)
+- Fixed bug #37191 (chmod takes off sticky bit when safe_mode is On). (Tony)
 
 20 Apr 2006, PHP 5.1.3RC3
 - Fixed reading stream filters never notified about EOF. (Mike)

diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c
@@ -504,8 +504,23 @@ PHP_FUNCTION(chmod)
 	   Setuiding files could allow users to gain privileges
 	   that safe mode doesn't give them.
 	*/
-	if(PG(safe_mode))
-		imode &= 0777;
+
+	if(PG(safe_mode)) {
+		php_stream_statbuf ssb;
+		if (php_stream_stat_path_ex(Z_STRVAL_PP(filename), 0, &ssb, NULL)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "stat failed for %s", Z_STRVAL_PP(filename));
+			RETURN_FALSE;
+		}
+		if ((imode & 04000) != 0 && (ssb.sb.st_mode & 04000) == 0) {
+			imode ^= 04000;
+		}
+		if ((imode & 02000) != 0 && (ssb.sb.st_mode & 02000) == 0) {
+			imode ^= 02000;
+		}
+		if ((imode & 01000) != 0 && (ssb.sb.st_mode & 01000) == 0) {
+			imode ^= 01000;
+		}
+	}
 
 	ret = VCWD_CHMOD(Z_STRVAL_PP(filename), imode);
 	if (ret == -1) {