#37799 [Opn->Csd]: ftp_ssl_connect falls back to ftp_connect silently

Tue, 13 Feb 2007 10:33:27 -0800 

 ID:               37799
 Updated by:       [EMAIL PROTECTED]
 Reported By:      antispam at brokenhill dot net
-Status:           Open
+Status:           Closed
-Bug Type:         Documentation problem
+Bug Type:         FTP related
 Operating System: Mac OS X
-PHP Version:      Irrelevant
+PHP Version:      5,HEAD
 New Comment:

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation
better.

I'll also add a note to the manual in a minute.


Previous Comments:
------------------------------------------------------------------------

[2006-06-14 03:00:34] antispam at brokenhill dot net

Description:
------------
One thing that seems clear from my experience, but which is not
documented, is that ftp_ssl_connect silently falls back to ftp_connect
if ftps is not available. 

Test case: make a ftps connection to a server which does not support
ftps. You will still get a connection and be able to use all ftp_
functions. The connection will simply fall back to ftp_connect. 

This should be documented as it could lead to a false sense of
security.

Reproduce code:
---------------
        public function connect($host, $user, $pass, $type=self::FTP) {
                $this->_host = $host;
                $this->_user = $user;
                $this->_pw = $pass;
                $this->_type = $type;   
                if ($this->_type==self::FTPS) $this->_conn =
ftp_ssl_connect($this->_host);
                else $this->_conn = ftp_connect($this->_host);
                $loginResult = ftp_login($this->_conn, $this->_user, 
$this->_pw);
                if (!$this->_conn) {
                        cx_log("Could not connect to FTP server", __FUNCTION__, 
__FILE__,
CX_ERR_CRITICAL);
                        return FALSE;
                } else if (!$loginResult) {
                        cx_log("Could not login to FTP server", __FUNCTION__, 
__FILE__,
CX_ERR_CRITICAL);
                        return FALSE;
                } else {
                        return TRUE;
                }
        }


Expected result:
----------------
I would expect to have a ftps connection made, or an error stating that
ftps is not available. 



Actual result:
--------------
Instead it silently gives me an ftp_connect (non SSL) connection, which
leads to a false sense of security.

Found this out by running tcpdump and seeing that nothing was
encrypted.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=37799&edit=1

Reply via email to