jani Tue Oct 9 08:40:47 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/main fopen_wrappers.c
Log:
MFH: ws + cs
http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.175.2.3.2.14&r2=1.175.2.3.2.15&diff_format=u
Index: php-src/main/fopen_wrappers.c
diff -u php-src/main/fopen_wrappers.c:1.175.2.3.2.14
php-src/main/fopen_wrappers.c:1.175.2.3.2.15
--- php-src/main/fopen_wrappers.c:1.175.2.3.2.14 Mon Oct 8 02:49:26 2007
+++ php-src/main/fopen_wrappers.c Tue Oct 9 08:40:47 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fopen_wrappers.c,v 1.175.2.3.2.14 2007/10/08 02:49:26 ab5602 Exp $ */
+/* $Id: fopen_wrappers.c,v 1.175.2.3.2.15 2007/10/09 08:40:47 jani Exp $ */
/* {{{ includes
*/
@@ -81,9 +81,8 @@
/* {{{ php_check_specific_open_basedir
When open_basedir is not NULL, check if the given filename is located in
- open_basedir. Returns -1 if error or not in the open_basedir, else 0
-
- When open_basedir is NULL, always return 0
+ open_basedir. Returns -1 if error or not in the open_basedir, else 0.
+ When open_basedir is NULL, always return 0.
*/
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char
*path TSRMLS_DC)
{
@@ -96,7 +95,7 @@
int resolved_name_len;
int path_len;
int nesting_level = 0;
-
+
/* Special case basedir==".": Use script-directory */
if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir,
MAXPATHLEN)) {
/* Else use the unmodified path */
@@ -113,7 +112,7 @@
if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
return -1;
}
-
+
path_len = strlen(resolved_name);
memcpy(path_tmp, resolved_name, path_len + 1); /* safe */
@@ -122,7 +121,7 @@
if (nesting_level == 0) {
int ret;
char buf[MAXPATHLEN];
-
+
ret = readlink(path_tmp, buf, MAXPATHLEN - 1);
if (ret < 0) {
/* not a broken symlink, move along.. */
@@ -149,7 +148,7 @@
path_len = path_file - path_tmp + 1;
#if defined(PHP_WIN32) || defined(NETWARE)
if (path_len > 1 && path_tmp[path_len - 2] == ':') {
- /* this is c:\, */
+ /* this is c:\ */
path_tmp[path_len] = '\0';
} else {
path_tmp[path_len - 1] = '\0';
@@ -242,8 +241,7 @@
ptr = end;
}
if (warn) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
- "open_basedir restriction in effect. File(%s)
is not within the allowed path(s): (%s)", path, PG(open_basedir));
+ php_error_docref(NULL TSRMLS_CC, E_WARNING,
"open_basedir restriction in effect. File(%s) is not within the allowed
path(s): (%s)", path, PG(open_basedir));
}
efree(pathbuf);
errno = EPERM; /* we deny permission to open it */
@@ -267,11 +265,10 @@
char resolved_name[MAXPATHLEN];
/* Resolve the real path into resolved_name */
- if (expand_filepath(path, resolved_name TSRMLS_CC) ==
NULL)
+ if (expand_filepath(path, resolved_name TSRMLS_CC) ==
NULL) {
return -1;
-
+ }
pathbuf = estrdup(PG(safe_mode_include_dir));
-
ptr = pathbuf;
while (ptr && *ptr) {
@@ -351,7 +348,7 @@
if (pwbuflen < 1) {
return FAILURE;
}
-
+
pwbuf = emalloc(pwbuflen);
#endif
length = s - (path_info + 2);
@@ -369,8 +366,7 @@
pw = getpwnam(user);
#endif
if (pw && pw->pw_dir) {
- spprintf(&filename, 0, "%s%c%s%c%s",
pw->pw_dir, PHP_DIR_SEPARATOR,
- PG(user_dir),
PHP_DIR_SEPARATOR, s+1); /* Safe */
+ spprintf(&filename, 0, "%s%c%s%c%s",
pw->pw_dir, PHP_DIR_SEPARATOR, PG(user_dir), PHP_DIR_SEPARATOR, s + 1); /* Safe
*/
STR_FREE(SG(request_info).path_translated);
SG(request_info).path_translated = filename;
}
@@ -401,9 +397,9 @@
if (!filename) {
/* we have to free SG(request_info).path_translated here because
- php_destroy_request_info assumes that it will get
- freed when the include_names hash is emptied, but
- we're not adding it in this case */
+ * php_destroy_request_info assumes that it will get
+ * freed when the include_names hash is emptied, but
+ * we're not adding it in this case */
STR_FREE(SG(request_info).path_translated);
SG(request_info).path_translated = NULL;
return FAILURE;
@@ -426,9 +422,9 @@
file_handle->opened_path = expand_filepath(filename, NULL TSRMLS_CC);
- if (!(SG(options) & SAPI_OPTION_NO_CHDIR)) {
+ if (!(SG(options) & SAPI_OPTION_NO_CHDIR)) {
VCWD_CHDIR_FILE(filename);
- }
+ }
SG(request_info).path_translated = filename;
file_handle->filename = SG(request_info).path_translated;
@@ -458,13 +454,13 @@
if (opened_path) {
*opened_path = NULL;
}
-
- if(!filename) {
+
+ if (!filename) {
return NULL;
}
filename_length = strlen(filename);
-
+
/* Relative path open */
if (*filename == '.') {
if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM))) {
@@ -472,21 +468,21 @@
}
return php_fopen_and_set_opened_path(filename, mode,
opened_path TSRMLS_CC);
}
-
+
/*
* files in safe_mode_include_dir (or subdir) are excluded from
* safe mode GID/UID checks
*/
-
+
/* Absolute path open */
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
- if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
+ if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) {
/* filename is in safe_mode_include_dir (or subdir) */
return php_fopen_and_set_opened_path(filename, mode,
opened_path TSRMLS_CC);
-
- if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM)))
+ }
+ if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM))) {
return NULL;
-
+ }
return php_fopen_and_set_opened_path(filename, mode,
opened_path TSRMLS_CC);
}
@@ -507,16 +503,15 @@
path_length = strlen(path);
while ((--exec_fname_length >= 0) &&
!IS_SLASH(exec_fname[exec_fname_length]));
- if ((exec_fname && exec_fname[0] == '[')
- || exec_fname_length<=0) {
+ if ((exec_fname && exec_fname[0] == '[') || exec_fname_length
<= 0) {
/* [no active file] or no path */
pathbuf = estrdup(path);
- } else {
- pathbuf = (char *) emalloc(exec_fname_length +
path_length +1 +1);
+ } else {
+ pathbuf = (char *) emalloc(exec_fname_length +
path_length + 1 + 1);
memcpy(pathbuf, path, path_length);
pathbuf[path_length] = DEFAULT_DIR_SEPARATOR;
- memcpy(pathbuf+path_length+1, exec_fname,
exec_fname_length);
- pathbuf[path_length + exec_fname_length +1] = '\0';
+ memcpy(pathbuf + path_length + 1, exec_fname,
exec_fname_length);
+ pathbuf[path_length + exec_fname_length + 1] = '\0';
}
} else {
pathbuf = estrdup(path);
@@ -534,13 +529,14 @@
if (PG(safe_mode)) {
if (VCWD_STAT(trypath, &sb) == 0) {
/* file exists ... check permission */
- if ((php_check_safe_mode_include_dir(trypath
TSRMLS_CC) == 0) ||
- php_checkuid(trypath, mode,
CHECKUID_CHECK_MODE_PARAM))
+ if (php_check_safe_mode_include_dir(trypath
TSRMLS_CC) == 0 ||
+ php_checkuid(trypath, mode,
CHECKUID_CHECK_MODE_PARAM)
+ ) {
/* UID ok, or trypath is in
safe_mode_include_dir */
fp =
php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
- else
+ } else {
fp = NULL;
-
+ }
efree(pathbuf);
return fp;
}
@@ -557,29 +553,29 @@
return NULL;
}
/* }}} */
-
+
/* {{{ php_strip_url_passwd
*/
PHPAPI char *php_strip_url_passwd(char *url)
{
register char *p, *url_start;
-
+
if (url == NULL) {
return "";
}
-
+
p = url;
-
+
while (*p) {
- if (*p==':' && *(p+1)=='/' && *(p+2)=='/') {
+ if (*p == ':' && *(p + 1) == '/' && *(p + 2) == '/') {
/* found protocol */
- url_start = p = p+3;
-
+ url_start = p = p + 3;
+
while (*p) {
- if (*p=='@') {
+ if (*p == '@') {
int i;
-
- for (i=0; i<3 && url_start<p; i++,
url_start++) {
+
+ for (i = 0; i < 3 && url_start < p;
i++, url_start++) {
*url_start = '.';
}
for (; *p; p++) {
@@ -604,6 +600,7 @@
{
cwd_state new_state;
char cwd[MAXPATHLEN];
+ int copy_len;
if (!filepath[0]) {
return NULL;
@@ -612,35 +609,36 @@
} else {
const char *iam = SG(request_info).path_translated;
char *result = VCWD_GETCWD(cwd, MAXPATHLEN);
+
if (!result && (iam != filepath)) {
int fdtest = -1;
+
fdtest = VCWD_OPEN(filepath, O_RDONLY);
if (fdtest != -1) {
- /* return a relative file path if for any
reason
- we cannot cannot getcwd() and the requested,
- relatively referenced file is accessible */
- int copy_len =
strlen(filepath)>MAXPATHLEN-1?MAXPATHLEN-1:strlen(filepath);
+ /* return a relative file path if for any reason
+ * we cannot cannot getcwd() and the requested,
+ * relatively referenced file is accessible */
+ copy_len = strlen(filepath) > MAXPATHLEN - 1 ?
MAXPATHLEN - 1 : strlen(filepath);
real_path = estrndup(filepath, copy_len);
return real_path;
- }
- }
- else {
- cwd[0] = '\0';
}
+ } else {
+ cwd[0] = '\0';
}
+ }
new_state.cwd = strdup(cwd);
new_state.cwd_length = strlen(cwd);
- if(virtual_file_ex(&new_state, filepath, NULL, CWD_FILEPATH)) {
+ if (virtual_file_ex(&new_state, filepath, NULL, CWD_FILEPATH)) {
free(new_state.cwd);
return NULL;
}
- if(real_path) {
- int copy_len =
new_state.cwd_length>MAXPATHLEN-1?MAXPATHLEN-1:new_state.cwd_length;
+ if (real_path) {
+ copy_len = new_state.cwd_length > MAXPATHLEN - 1 ? MAXPATHLEN -
1 : new_state.cwd_length;
memcpy(real_path, new_state.cwd, copy_len);
- real_path[copy_len]='\0';
+ real_path[copy_len] = '\0';
} else {
real_path = estrndup(new_state.cwd, new_state.cwd_length);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
