dmitry Thu Mar 13 14:09:54 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/main fopen_wrappers.c
Log:
Disable path resolution for filenames with stream wrappers
More careful check for relative pathes (./xxx and ../xxx)
http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.175.2.3.2.13.2.7&r2=1.175.2.3.2.13.2.8&diff_format=u
Index: php-src/main/fopen_wrappers.c
diff -u php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.7
php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.8
--- php-src/main/fopen_wrappers.c:1.175.2.3.2.13.2.7 Wed Mar 5 13:34:12 2008
+++ php-src/main/fopen_wrappers.c Thu Mar 13 14:09:54 2008
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: fopen_wrappers.c,v 1.175.2.3.2.13.2.7 2008/03/05 13:34:12 dmitry Exp $
*/
+/* $Id: fopen_wrappers.c,v 1.175.2.3.2.13.2.8 2008/03/13 14:09:54 dmitry Exp $
*/
/* {{{ includes
*/
@@ -446,13 +446,21 @@
{
char resolved_path[MAXPATHLEN];
char trypath[MAXPATHLEN];
- char *ptr, *end;
+ const char *ptr, *end, *p;
if (!filename) {
return NULL;
}
- if (*filename == '.' ||
+ /* Don't resolve patches which contain protocol */
+ for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p ==
'.'; p++);
+ if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
+ return NULL;
+ }
+
+ if ((*filename == '.' &&
+ (IS_SLASH(filename[1]) ||
+ ((filename[1] == '.') && IS_SLASH(filename[2])))) ||
IS_ABSOLUTE_PATH(filename, filename_length) ||
!path ||
!*path) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
