wez Sat Oct 22 13:02:11 2005 EDT
Modified files: (Branch: PHP_5_1)
/php-src/ext/standard filestat.c
/php-src NEWS
/php-src/main/streams php_stream_plain_wrapper.h
Log:
Fix #34957; file access checks should use VCWD_ACCESS()
http://cvs.php.net/diff.php/php-src/ext/standard/filestat.c?r1=1.136&r2=1.136.2.1&ty=u
Index: php-src/ext/standard/filestat.c
diff -u php-src/ext/standard/filestat.c:1.136
php-src/ext/standard/filestat.c:1.136.2.1
--- php-src/ext/standard/filestat.c:1.136 Wed Aug 3 10:07:59 2005
+++ php-src/ext/standard/filestat.c Sat Oct 22 13:02:06 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: filestat.c,v 1.136 2005/08/03 14:07:59 sniper Exp $ */
+/* $Id: filestat.c,v 1.136.2.1 2005/10/22 17:02:06 wez Exp $ */
#include "php.h"
#include "safe_mode.h"
@@ -543,6 +543,7 @@
#define IS_LINK_OPERATION(__t) ((__t) == FS_TYPE || (__t) == FS_IS_LINK ||
(__t) == FS_LSTAT)
#define IS_EXISTS_CHECK(__t) ((__t) == FS_EXISTS || (__t) == FS_IS_W || (__t)
== FS_IS_R || (__t) == FS_IS_X || (__t) == FS_IS_FILE || (__t) == FS_IS_DIR ||
(__t) == FS_IS_LINK)
#define IS_ABLE_CHECK(__t) ((__t) == FS_IS_R || (__t) == FS_IS_W || (__t) ==
FS_IS_X)
+#define IS_ACCESS_CHECK(__t) (IS_ABLE_CHECK(type) || (__t) == FS_EXISTS)
/* {{{ php_stat
*/
@@ -560,6 +561,35 @@
RETURN_FALSE;
}
+ if (IS_ACCESS_CHECK(type)) {
+ char *local;
+
+ if (php_stream_locate_url_wrapper(filename, &local, 0
TSRMLS_CC) == &php_plain_files_wrapper) {
+ switch (type) {
+#ifdef F_OK
+ case FS_EXISTS:
+ RETURN_BOOL(VCWD_ACCESS(local, F_OK) ==
0);
+ break;
+#endif
+#ifdef W_OK
+ case FS_IS_W:
+ RETURN_BOOL(VCWD_ACCESS(local, W_OK) ==
0);
+ break;
+#endif
+#ifdef R_OK
+ case FS_IS_R:
+ RETURN_BOOL(VCWD_ACCESS(local, R_OK) ==
0);
+ break;
+#endif
+#ifdef X_OK
+ case FS_IS_X:
+ RETURN_BOOL(VCWD_ACCESS(local, X_OK) ==
0);
+ break;
+#endif
+ }
+ }
+ }
+
if (IS_LINK_OPERATION(type)) {
flags |= PHP_STREAM_URL_STAT_LINK;
}
@@ -617,7 +647,7 @@
php_stream_wrapper *wrapper;
wrapper = php_stream_locate_url_wrapper(filename, NULL, 0
TSRMLS_CC);
- if (wrapper && wrapper->wops && wrapper->wops->label &&
strcmp(wrapper->wops->label, "plainfile") == 0) {
+ if (wrapper == &php_plain_files_wrapper) {
if (type == FS_IS_X) {
xmask = S_IXROOT;
} else {
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.2027.2.152&r2=1.2027.2.153&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.152 php-src/NEWS:1.2027.2.153
--- php-src/NEWS:1.2027.2.152 Fri Oct 21 11:19:37 2005
+++ php-src/NEWS Sat Oct 22 13:02:09 2005
@@ -1,6 +1,7 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Oct 2005, PHP 5.1 Release Candidate 4
+- Fixed bug #34957 (PHP doesn't respect ACLs for access checks). (Wez)
- Fixed fgetcsv() and fputcsv() inconsistency. (Dmitry)
- Fixed bug #34934 (offsetExists is not called from array_key_exists). (Dmitry)
- Fixed bug #34905 (Digest authentication does not work with Apache 1). (Ilia)
http://cvs.php.net/diff.php/php-src/main/streams/php_stream_plain_wrapper.h?r1=1.7&r2=1.7.2.1&ty=u
Index: php-src/main/streams/php_stream_plain_wrapper.h
diff -u php-src/main/streams/php_stream_plain_wrapper.h:1.7
php-src/main/streams/php_stream_plain_wrapper.h:1.7.2.1
--- php-src/main/streams/php_stream_plain_wrapper.h:1.7 Wed Aug 3 10:08:42 2005
+++ php-src/main/streams/php_stream_plain_wrapper.h Sat Oct 22 13:02:10 2005
@@ -16,12 +16,13 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_stream_plain_wrapper.h,v 1.7 2005/08/03 14:08:42 sniper Exp $ */
+/* $Id: php_stream_plain_wrapper.h,v 1.7.2.1 2005/10/22 17:02:10 wez Exp $ */
/* definitions for the plain files wrapper */
/* operations for a plain file; use the php_stream_fopen_XXX funcs below */
PHPAPI extern php_stream_ops php_stream_stdio_ops;
+PHPAPI extern php_stream_wrapper php_plain_files_wrapper;
BEGIN_EXTERN_C()
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
