[PHP-CVS] cvs: php-src /ext/standard dir.c

Wed, 19 Sep 2007 15:40:15 -0700 

iliaa           Wed Sep 19 22:40:02 2007 UTC

  Modified files:              
    /php-src/ext/standard       dir.c 
  Log:
  
  MFB: Fixed regression in glob() when enforcing safe_mode/open_basedir checks
  on paths containing '*' 
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.169&r2=1.170&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.169 php-src/ext/standard/dir.c:1.170
--- php-src/ext/standard/dir.c:1.169    Wed Sep  5 12:55:36 2007
+++ php-src/ext/standard/dir.c  Wed Sep 19 22:40:02 2007
@@ -16,7 +16,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: dir.c,v 1.169 2007/09/05 12:55:36 iliaa Exp $ */
+/* $Id: dir.c,v 1.170 2007/09/19 22:40:02 iliaa Exp $ */
 
 /* {{{ includes/startup/misc */
 
@@ -421,6 +421,7 @@
        glob_t globbuf;
        unsigned int n;
        int ret;
+       zend_bool basedir_limit = 0;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|l", &pppattern, 
&flags) == FAILURE ||
                php_stream_path_param_encode(pppattern, &pattern, &pattern_len, 
REPORT_ERRORS, FG(default_context)) == FAILURE) {
@@ -455,18 +456,6 @@
        } 
 #endif
 
-       if (PG(open_basedir) && *PG(open_basedir)) {
-               int pattern_len = strlen(pattern);
-               char *basename = estrndup(pattern, pattern_len);
-               
-               php_dirname(basename, pattern_len);
-               if (php_check_open_basedir(basename TSRMLS_CC)) {
-                       efree(basename);
-                       RETURN_FALSE;
-               }
-               efree(basename);
-       }
-
        memset(&globbuf, 0, sizeof(glob_t));
        globbuf.gl_offs = 0;
        if (0 != (ret = glob(pattern, flags & GLOB_FLAGMASK, NULL, &globbuf))) {
@@ -480,8 +469,7 @@
                           can be used for simple glob() calls without further 
error
                           checking.
                        */
-                       array_init(return_value);
-                       return;
+                       goto no_results;
                }
 #endif
                RETURN_FALSE;
@@ -489,12 +477,26 @@
 
        /* now catch the FreeBSD style of "no matches" */
        if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
+no_results:
+               if (PG(open_basedir) && *PG(open_basedir)) {
+                       struct stat s;
+
+                       if (0 != VCWD_STAT(pattern, &s) || S_IFDIR != 
(s.st_mode & S_IFMT)) {
+                               RETURN_FALSE;
+                       }
+               }
                array_init(return_value);
                return;
        }
 
        array_init(return_value);
        for (n = 0; n < globbuf.gl_pathc; n++) {
+               if (PG(open_basedir) && *PG(open_basedir)) {
+                       if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 
TSRMLS_CC)) {
+                               basedir_limit = 1;
+                               continue;
+                       }
+               }
                /* we need to do this everytime since GLOB_ONLYDIR does not 
guarantee that
                 * all directories will be filtered. GNU libc documentation 
states the
                 * following: 
@@ -531,6 +533,11 @@
        }
 
        globfree(&globbuf);
+
+       if (basedir_limit && !zend_hash_num_elements(Z_ARRVAL_P(return_value))) 
{
+               zval_dtor(return_value);
+               RETURN_FALSE;
+       }
 }
 /* }}} */
 #endif 

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to