[PHP-CVS] cvs: php-src /main fopen_wrappers.c

[Dmitry Stogov]

dmitry          Thu Mar 13 14:10:08 2008 UTC

  Modified files:              
    /php-src/main       fopen_wrappers.c 
  Log:
  Disable path resolution for filenames with stream wrappers
  More careful check for relative pathes (./xxx and ../xxx)
  
  
http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.203&r2=1.204&diff_format=u
Index: php-src/main/fopen_wrappers.c
diff -u php-src/main/fopen_wrappers.c:1.203 php-src/main/fopen_wrappers.c:1.204
--- php-src/main/fopen_wrappers.c:1.203 Wed Mar  5 13:35:01 2008
+++ php-src/main/fopen_wrappers.c       Thu Mar 13 14:10:08 2008
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: fopen_wrappers.c,v 1.203 2008/03/05 13:35:01 dmitry Exp $ */
+/* $Id: fopen_wrappers.c,v 1.204 2008/03/13 14:10:08 dmitry Exp $ */
 
 /* {{{ includes
  */
@@ -454,13 +454,21 @@
 {
        char resolved_path[MAXPATHLEN];
        char trypath[MAXPATHLEN];
-       char *ptr, *end;
+       const char *ptr, *end, *p;
 
        if (!filename) {
                return NULL;
        }
 
-       if (*filename == '.' ||
+       /* Don't resolve patches which contain protocol */
+       for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == 
'.'; p++);
+    if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
+       return NULL;
+    }
+
+       if ((*filename == '.' && 
+            (IS_SLASH(filename[1]) || 
+             ((filename[1] == '.') && IS_SLASH(filename[2])))) ||
            IS_ABSOLUTE_PATH(filename, filename_length) ||
            !path ||
            !*path) {



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php