isapi php4isapi.c

Shane Caraveo Thu, 27 Mar 2003 09:56:09 -0800

shane           Thu Mar 27 12:57:58 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php4/sapi/cgi      cgi_main.c 
    /php4/sapi/isapi    php4isapi.c 
  Log:
  MFH
  
  
Index: php4/sapi/cgi/cgi_main.c
diff -u php4/sapi/cgi/cgi_main.c:1.190.2.18 php4/sapi/cgi/cgi_main.c:1.190.2.19
--- php4/sapi/cgi/cgi_main.c:1.190.2.18 Sun Mar  9 21:35:59 2003
+++ php4/sapi/cgi/cgi_main.c    Thu Mar 27 12:57:58 2003
@@ -20,7 +20,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: cgi_main.c,v 1.190.2.18 2003/03/10 02:35:59 shane Exp $ */
+/* $Id: cgi_main.c,v 1.190.2.19 2003/03/27 17:57:58 shane Exp $ */
 
 #include "php.h"
 #include "php_globals.h"
@@ -806,7 +806,9 @@
 #endif
                SG(request_info).request_method = 
sapi_cgibin_getenv("REQUEST_METHOD",0 TSRMLS_CC);
                SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING",0 
TSRMLS_CC);
-               if (script_path_translated)
+               /* some server configurations allow '..' to slip through in the
+                  translated path.   We'll just refuse to handle such a path. */
+               if (script_path_translated && !strstr(script_path_translated,".."))
                        SG(request_info).path_translated = 
estrdup(script_path_translated);
                SG(request_info).content_type = (content_type ? content_type : "" );
                SG(request_info).content_length = 
(content_length?atoi(content_length):0);
Index: php4/sapi/isapi/php4isapi.c
diff -u php4/sapi/isapi/php4isapi.c:1.92.2.3 php4/sapi/isapi/php4isapi.c:1.92.2.4
--- php4/sapi/isapi/php4isapi.c:1.92.2.3        Mon Mar 24 06:21:26 2003
+++ php4/sapi/isapi/php4isapi.c Thu Mar 27 12:57:58 2003
@@ -744,16 +744,22 @@
                                         * variable won't be present, so fall back to 
old behaviour.
                                         */
                                        efree( file_handle.filename );
-                                       file_handle.filename = 
SG(request_info.path_translated);
+                                       file_handle.filename = 
SG(request_info).path_translated;
                                        file_handle.free_filename = 0;
                                }
                        }
 #else
-                       file_handle.filename = SG(request_info.path_translated);
+                       file_handle.filename = SG(request_info).path_translated;
                        file_handle.free_filename = 0;
 #endif
                        file_handle.type = ZEND_HANDLE_FILENAME;
                        file_handle.opened_path = NULL;
+                       /* some server configurations allow '..' to slip through in the
+                          translated path.   We'll just refuse to handle such a path. 
*/
+                       if (strstr(SG(request_info).path_translated,"..")) {
+                               SG(sapi_headers).http_response_code = 404;
+                               SG(request_info).path_translated = NULL;
+                       }
 
                        php_request_startup(TSRMLS_C);
                        php_execute_script(&file_handle TSRMLS_CC);




-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php4(PHP_4_3) /sapi/cgi cgi_main.c /sapi/isapi php4isapi.c

Reply via email to