Thanks sara for responding.
Will write a snippet to address this and get back to you.
With regards
Kamesh Jayachandran
On Thu, 11 Aug 2005 07:52:56 -0700, "Sara Golemon" <[EMAIL PROTECTED]>
said:
> > Version PHP 5.1
> > file main/php_init.c
> > function int php_init_config() uses realpath.
> > In NetWare our earlier releases of LibC SDK has no realpath
> > implementation.
> >
> > I could see the following lines in TSRM/tsrm_virtual_cwd.c
> >
> > #ifndef HAVE_REALPATH
> > #define realpath(x,y) strcpy(y,x)
> > #endif
> >
> > Why not this be in TSRM/tsrm_virtual_cwd.h so that it will work in all
> > the cases.
> >
> > Can I go ahead and checkin this?
> >
> I have two concerns with this "solution" (both here and in TSRM).
>
> (1) Security: Both internally with checks such as open_basedir and in
> userspace when evaluating URL parameters (an all too common practice).
>
> (2) Functionality: require_once()/include_once() could be fooled into
> including the same file twice.
>
> Granted #2 requires specific circumstances and #1 can be worked around
> for
> tightly managed systems running no external packages.
>
> How about a more expensive, but more closely aproximating substitute to
> satisfy all of these?
>
> /* psuedo-code */
> #ifndef HAVE_REALPATH
> realpath(...) {
> itterate path from root:
> if symlink, resolve
> if dir, append next portion of remaining path
> otherwise, ergh...whatever realpath() would do in this situation...
> loop
> }
> #endif
>
--
http://www.fastmail.fm - IMAP accessible web-mail
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
