iliaa Fri May 6 14:42:53 2005 EDT
Modified files:
/php-src/ext/standard ftp_fopen_wrapper.c
Log:
Check ftp user name for control characters.
http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.80&r2=1.81&ty=u
Index: php-src/ext/standard/ftp_fopen_wrapper.c
diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.80
php-src/ext/standard/ftp_fopen_wrapper.c:1.81
--- php-src/ext/standard/ftp_fopen_wrapper.c:1.80 Sun Feb 27 12:08:18 2005
+++ php-src/ext/standard/ftp_fopen_wrapper.c Fri May 6 14:42:52 2005
@@ -18,7 +18,7 @@
| Sara Golemon <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: ftp_fopen_wrapper.c,v 1.80 2005/02/27 17:08:18 iliaa Exp $ */
+/* $Id: ftp_fopen_wrapper.c,v 1.81 2005/05/06 18:42:52 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -208,7 +208,20 @@
/* send the user name */
php_stream_write_string(stream, "USER ");
if (resource->user != NULL) {
- php_raw_url_decode(resource->user, strlen(resource->user));
+ unsigned char *s, *e;
+ int user_len = php_raw_url_decode(resource->user,
strlen(resource->user));
+
+ s = resource->user;
+ e = s + user_len;
+ /* check for control characters that should not be present in
the user name */
+ while (s < e) {
+ if (iscntrl(*s)) {
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "Invalid login %s", resource->user);
+ goto connect_errexit;
+ }
+ s++;
+ }
+
php_stream_write_string(stream, resource->user);
} else {
php_stream_write_string(stream, "anonymous");
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
