iliaa Fri May 6 14:43:13 2005 EDT
Modified files: (Branch: PHP_5_0)
/php-src/ext/standard ftp_fopen_wrapper.c
Log:
MFH: Check ftp user name for control characters.
http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.74.2.4&r2=1.74.2.5&ty=u
Index: php-src/ext/standard/ftp_fopen_wrapper.c
diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.4
php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.5
--- php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.4 Mon Mar 21 03:42:34 2005
+++ php-src/ext/standard/ftp_fopen_wrapper.c Fri May 6 14:43:13 2005
@@ -18,7 +18,7 @@
| Sara Golemon <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: ftp_fopen_wrapper.c,v 1.74.2.4 2005/03/21 08:42:34 hyanantha Exp $ */
+/* $Id: ftp_fopen_wrapper.c,v 1.74.2.5 2005/05/06 18:43:13 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -209,7 +209,20 @@
/* send the user name */
php_stream_write_string(stream, "USER ");
if (resource->user != NULL) {
- php_raw_url_decode(resource->user, strlen(resource->user));
+ unsigned char *s, *e;
+ int user_len = php_raw_url_decode(resource->user,
strlen(resource->user));
+
+ s = resource->user;
+ e = s + user_len;
+ /* check for control characters that should not be present in
the user name */
+ while (s < e) {
+ if (iscntrl(*s)) {
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "Invalid login %s", resource->user);
+ goto connect_errexit;
+ }
+ s++;
+ }
+
php_stream_write_string(stream, resource->user);
} else {
php_stream_write_string(stream, "anonymous");
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
