iliaa Fri May 6 14:42:53 2005 EDT Modified files: /php-src/ext/standard ftp_fopen_wrapper.c Log: Check ftp user name for control characters. http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.80&r2=1.81&ty=u Index: php-src/ext/standard/ftp_fopen_wrapper.c diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.80 php-src/ext/standard/ftp_fopen_wrapper.c:1.81 --- php-src/ext/standard/ftp_fopen_wrapper.c:1.80 Sun Feb 27 12:08:18 2005 +++ php-src/ext/standard/ftp_fopen_wrapper.c Fri May 6 14:42:52 2005 @@ -18,7 +18,7 @@ | Sara Golemon <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: ftp_fopen_wrapper.c,v 1.80 2005/02/27 17:08:18 iliaa Exp $ */ +/* $Id: ftp_fopen_wrapper.c,v 1.81 2005/05/06 18:42:52 iliaa Exp $ */ #include "php.h" #include "php_globals.h" @@ -208,7 +208,20 @@ /* send the user name */ php_stream_write_string(stream, "USER "); if (resource->user != NULL) { - php_raw_url_decode(resource->user, strlen(resource->user)); + unsigned char *s, *e; + int user_len = php_raw_url_decode(resource->user, strlen(resource->user)); + + s = resource->user; + e = s + user_len; + /* check for control characters that should not be present in the user name */ + while (s < e) { + if (iscntrl(*s)) { + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid login %s", resource->user); + goto connect_errexit; + } + s++; + } + php_stream_write_string(stream, resource->user); } else { php_stream_write_string(stream, "anonymous");
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php