[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard dir.c /ext/standard/tests/file bug41655_1.phpt bug41655_2.phpt

[Pierre-Alain Joye]

pajoye          Fri Jun 22 12:28:06 2007 UTC

  Added files:                 (Branch: PHP_4_4)
    /php-src/ext/standard/tests/file    bug41655_1.phpt bug41655_2.phpt 

  Modified files:              
    /php-src    NEWS 
    /php-src/ext/standard       dir.c 
  Log:
  - fix build
  - fix regression in glob introduced by #41655 fix and add test cases
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.240&r2=1.1247.2.920.2.241&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.240 php-src/NEWS:1.1247.2.920.2.241
--- php-src/NEWS:1.1247.2.920.2.240     Fri Jun 22 00:10:27 2007
+++ php-src/NEWS        Fri Jun 22 12:28:05 2007
@@ -5,6 +5,8 @@
 - Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
   (Ilia)
 - Fixed integer overlow in str[c]spn(). (Stas)
+- Fixed regression in glob when open_basedir is on introduced by #41655 fix
+  (Pierre)
 - Fixed money_format() not to accept multiple %i or %n tokens. (Stas, Ilia)
 - Addded "max_input_nesting_level" php.ini option to limit nesting level of 
   input variables. Fix for MOPB-03-2007. (Stas)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.109.2.18.2.6&r2=1.109.2.18.2.7&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.109.2.18.2.6 
php-src/ext/standard/dir.c:1.109.2.18.2.7
--- php-src/ext/standard/dir.c:1.109.2.18.2.6   Tue Jun 12 13:48:02 2007
+++ php-src/ext/standard/dir.c  Fri Jun 22 12:28:06 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dir.c,v 1.109.2.18.2.6 2007/06/12 13:48:02 scottmac Exp $ */
+/* $Id: dir.c,v 1.109.2.18.2.7 2007/06/22 12:28:06 pajoye Exp $ */
 
 /* {{{ includes/startup/misc */
 
@@ -384,19 +384,18 @@
 #endif
 
        if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
-               size_t base_len = php_dirname(pattern, strlen(pattern));
-               char pos = pattern[base_len];
+               char *dirname = estrdup(pattern);
+               php_dirname(dirname, strlen(dirname));
 
-               pattern[base_len] = '\0';
-
-               if (PG(safe_mode) && (!php_checkuid(pattern, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+               if (PG(safe_mode) && (!php_checkuid(dirname, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+                       efree(dirname);
                        RETURN_FALSE;
                }
-               if (php_check_open_basedir(pattern TSRMLS_CC)) {
+               if (php_check_open_basedir(dirname TSRMLS_CC)) {
+                       efree(dirname);
                        RETURN_FALSE;
                }
-
-               pattern[base_len] = pos;
+               efree(dirname);
        }
 
        globbuf.gl_offs = 0;

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/bug41655_1.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/file/bug41655_1.phpt
+++ php-src/ext/standard/tests/file/bug41655_1.phpt

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/bug41655_2.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/file/bug41655_2.phpt
+++ php-src/ext/standard/tests/file/bug41655_2.phpt

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php