Edit report at https://bugs.php.net/bug.php?id=64931&edit=1
ID: 64931 Comment by: hanskrentel at yahoo dot de Reported by: william dot martin at power-lan dot com Summary: phar_add_file is too restrive on filename Status: Open Type: Bug Package: PHAR related Operating System: Linux PHP Version: 5.4.15 Block user comment: N Private report: N New Comment: The related bug is: Sec Bug #65414 Previous Comments: ------------------------------------------------------------------------ [2013-08-07 10:54:51] hanskrentel at yahoo dot de According to the code, the error message is different to what the code does: http://lxr.php.net/xref/PHP_5_4/ext/phar/phar_object.c#3708 The code checks if the filename starts with ".phar". The message says there would be a ".phar" directory (and that one is magic). I don't know what is magic about ".phar". I guess the error message is not lying and it's about directory. And indeed one can find some more references to that string containing files like: ".phar/stub.php" ".phar/alias.txt" A more proper check would probably to check for the sole string ".phar" (fixed length) or ".phar/" (for the start). There are multiple places where the check is not done that consequently, for example as well in http://lxr.php.net/xref/PHP_5_4/ext/phar/phar_object.c#3825 Taking the knowledge from those settings reveals the feature to create such files: <?php touch(".pharignore"); $phar = new \Phar("foo.phar", 0, "foo.phar"); $phar->addFile(".pharignore", "/.pharignore"); ?> This code creates the file ".pharignore" inside. It's also possible to add files inside the magic ".phar" folder for wich I'll create a new ticket. ------------------------------------------------------------------------ [2013-05-27 15:43:35] william dot martin at power-lan dot com Description: ------------ The function phar_add_file start by test if we try to write something in the ".phar" magic directory, but the test is in really : Does a filepath start by ".phar" ? So if you try to pack files likes ".pharignore", php throw an exception: "Error: Cannot create any files in magic ".phar" directory". Test script: --------------- <?php touch(".pharignore"); $phar = new \Phar("foo.phar", 0, "foo.phar"); $phar->addFile(".pharignore", ".pharignore"); ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64931&edit=1
