pajoye Sun Aug 13 21:09:59 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/zip php_zip.c
/php-src/ext/zip/lib zip.h zip_open.c zip_replace.c
Log:
- MFP:
- add overwrite mode to ZipArchive::open, always starts a new archive
- Fix safe mode checks on extract
- Fix possible leaks when a safe mode error has been raised
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.2&r2=1.1.2.3&diff_format=u
Index: php-src/ext/zip/php_zip.c
diff -u php-src/ext/zip/php_zip.c:1.1.2.2 php-src/ext/zip/php_zip.c:1.1.2.3
--- php-src/ext/zip/php_zip.c:1.1.2.2 Sun Aug 13 00:52:59 2006
+++ php-src/ext/zip/php_zip.c Sun Aug 13 21:09:59 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_zip.c,v 1.1.2.2 2006/08/13 00:52:59 pajoye Exp $ */
+/* $Id: php_zip.c,v 1.1.2.3 2006/08/13 21:09:59 pajoye Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -113,7 +113,11 @@
php_basename(file, file_len, NULL, 0, &file_basename,
&file_basename_len TSRMLS_CC);
- SAFEMODE_CHECKFILE(file_dirname_fullpath);
+ if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) {
+ efree(file_dirname_fullpath);
+ efree(file_basename);
+ return 0;
+ }
/* let see if the path already exists */
if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
@@ -143,7 +147,11 @@
* is required, does a file can have a different
* safemode status as its parent folder?
*/
- SAFEMODE_CHECKFILE(fullpath);
+ if (SAFEMODE_CHECKFILE(fullpath)) {
+ efree(file_dirname_fullpath);
+ efree(file_basename);
+ return 0;
+ }
zf = zip_fopen(za, file, 0);
if (zf == NULL) {
@@ -1880,6 +1888,8 @@
REGISTER_ZIP_CLASS_CONST_LONG("CREATE", ZIP_CREATE);
REGISTER_ZIP_CLASS_CONST_LONG("EXCL", ZIP_EXCL);
REGISTER_ZIP_CLASS_CONST_LONG("CHECKCONS", ZIP_CHECKCONS);
+ REGISTER_ZIP_CLASS_CONST_LONG("OVERWRITE", ZIP_OVERWRITE);
+
REGISTER_ZIP_CLASS_CONST_LONG("FL_NOCASE", ZIP_FL_NOCASE);
REGISTER_ZIP_CLASS_CONST_LONG("FL_NODIR", ZIP_FL_NODIR);
REGISTER_ZIP_CLASS_CONST_LONG("FL_COMPRESSED", ZIP_FL_COMPRESSED);
@@ -1951,7 +1961,7 @@
php_info_print_table_start();
php_info_print_table_row(2, "Zip", "enabled");
- php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v
1.1.2.2 2006/08/13 00:52:59 pajoye Exp $");
+ php_info_print_table_row(2, "Extension Version","$Id: php_zip.c,v
1.1.2.3 2006/08/13 21:09:59 pajoye Exp $");
php_info_print_table_row(2, "Zip version", "1.4.0");
php_info_print_table_row(2, "Libzip version", "0.7.1");
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/lib/zip.h?r1=1.1&r2=1.1.2.1&diff_format=u
Index: php-src/ext/zip/lib/zip.h
diff -u php-src/ext/zip/lib/zip.h:1.1 php-src/ext/zip/lib/zip.h:1.1.2.1
--- php-src/ext/zip/lib/zip.h:1.1 Mon Jul 24 16:58:58 2006
+++ php-src/ext/zip/lib/zip.h Sun Aug 13 21:09:59 2006
@@ -53,6 +53,7 @@
#define ZIP_CREATE 1
#define ZIP_EXCL 2
#define ZIP_CHECKCONS 4
+#define ZIP_OVERWRITE 8
/* flags for zip_name_locate, zip_fopen, zip_stat, ... */
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/lib/zip_open.c?r1=1.1&r2=1.1.2.1&diff_format=u
Index: php-src/ext/zip/lib/zip_open.c
diff -u php-src/ext/zip/lib/zip_open.c:1.1
php-src/ext/zip/lib/zip_open.c:1.1.2.1
--- php-src/ext/zip/lib/zip_open.c:1.1 Mon Jul 24 16:58:58 2006
+++ php-src/ext/zip/lib/zip_open.c Sun Aug 13 21:09:59 2006
@@ -74,9 +74,9 @@
set_error(zep, NULL, ZIP_ER_INVAL);
return NULL;
}
-
- if (stat(fn, &st) != 0) {
- if (flags & ZIP_CREATE) {
+
+ if (flags & ZIP_OVERWRITE || stat(fn, &st) != 0) {
+ if ((flags & ZIP_CREATE) || (flags & ZIP_OVERWRITE)) {
if ((za=_zip_new(&error)) == NULL) {
set_error(zep, &error, 0);
return NULL;
@@ -99,14 +99,15 @@
set_error(zep, NULL, ZIP_ER_EXISTS);
return NULL;
}
+
+
/* ZIP_CREATE gets ignored if file exists and not ZIP_EXCL,
just like open() */
-
- if ((fp=fopen(fn, "rb")) == NULL) {
- set_error(zep, NULL, ZIP_ER_OPEN);
- return NULL;
- }
-
+ if ((fp=fopen(fn, "rb")) == NULL) {
+ set_error(zep, NULL, ZIP_ER_OPEN);
+ return NULL;
+ }
+
clearerr(fp);
fseek(fp, 0, SEEK_END);
len = ftell(fp);
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/lib/zip_replace.c?r1=1.1&r2=1.1.2.1&diff_format=u
Index: php-src/ext/zip/lib/zip_replace.c
diff -u php-src/ext/zip/lib/zip_replace.c:1.1
php-src/ext/zip/lib/zip_replace.c:1.1.2.1
--- php-src/ext/zip/lib/zip_replace.c:1.1 Mon Jul 24 16:58:58 2006
+++ php-src/ext/zip/lib/zip_replace.c Sun Aug 13 21:09:59 2006
@@ -66,11 +66,14 @@
return -1;
idx = za->nentry - 1;
}
-
+
+
_zip_unchange_data(za->entry+idx);
if (name && _zip_set_name(za, idx, name) != 0)
return -1;
+
+
za->entry[idx].state = ((za->cdir == NULL || idx >= za->cdir->nentry)
? ZIP_ST_ADDED : ZIP_ST_REPLACED);
za->entry[idx].source = source;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php