lbarnaud Mon Aug 11 15:30:44 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/tests/security open_basedir_symlink.phpt /php-src/ext/standard link.c /php-src/ext/standard/tests/file symlink_to_symlink.phpt Log: MFH: Check the relevant path for open_basedir in symlink() http://cvs.php.net/viewvc.cgi/php-src/tests/security/open_basedir_symlink.phpt?r1=1.1.4.2&r2=1.1.4.3&diff_format=u Index: php-src/tests/security/open_basedir_symlink.phpt diff -u php-src/tests/security/open_basedir_symlink.phpt:1.1.4.2 php-src/tests/security/open_basedir_symlink.phpt:1.1.4.3 --- php-src/tests/security/open_basedir_symlink.phpt:1.1.4.2 Fri May 9 08:39:44 2008 +++ php-src/tests/security/open_basedir_symlink.phpt Mon Aug 11 15:30:44 2008 @@ -31,6 +31,12 @@ var_dump(symlink($target, $symlink)); var_dump(unlink($symlink)); + +var_dump(mkdir("ok2")); +$symlink = ($directory."/test/ok/ok2/ok.txt"); +var_dump(symlink("../ok.txt", $symlink)); // $target == (dirname($symlink)."/".$target) == ($directory."/test/ok/ok.txt"); +var_dump(unlink($symlink)); + test_open_basedir_after("symlink"); ?> --CLEAN-- @@ -74,5 +80,8 @@ bool(false) bool(true) bool(true) +bool(true) +bool(true) +bool(true) *** Finished testing open_basedir configuration [symlink] *** http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.52.2.1.2.3.2.3&r2=1.52.2.1.2.3.2.4&diff_format=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.52.2.1.2.3.2.3 php-src/ext/standard/link.c:1.52.2.1.2.3.2.4 --- php-src/ext/standard/link.c:1.52.2.1.2.3.2.3 Sun Aug 10 11:54:41 2008 +++ php-src/ext/standard/link.c Mon Aug 11 15:30:44 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: link.c,v 1.52.2.1.2.3.2.3 2008/08/10 11:54:41 lbarnaud Exp $ */ +/* $Id: link.c,v 1.52.2.1.2.3.2.4 2008/08/11 15:30:44 lbarnaud Exp $ */ #include "php.h" #include "php_filestat.h" @@ -49,6 +49,7 @@ #include "safe_mode.h" #include "php_link.h" +#include "php_string.h" /* {{{ proto string readlink(string filename) Return the target of a symbolic link */ @@ -116,12 +117,22 @@ int ret; char source_p[MAXPATHLEN]; char dest_p[MAXPATHLEN]; + char dirname[MAXPATHLEN]; + size_t len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &topath, &topath_len, &frompath, &frompath_len) == FAILURE) { return; } + + if (!expand_filepath(frompath, source_p TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory"); + RETURN_FALSE; + } - if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) { + memcpy(dirname, source_p, sizeof(source_p)); + len = php_dirname(dirname, strlen(dirname)); + + if (!expand_filepath_ex(topath, dest_p, dirname, len TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or directory"); RETURN_FALSE; } http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/symlink_to_symlink.phpt?r1=1.1.2.2&r2=1.1.2.3&diff_format=u Index: php-src/ext/standard/tests/file/symlink_to_symlink.phpt diff -u php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1.2.2 php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1.2.3 --- php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1.2.2 Sun Aug 10 11:54:41 2008 +++ php-src/ext/standard/tests/file/symlink_to_symlink.phpt Mon Aug 11 15:30:44 2008 @@ -1,5 +1,11 @@ --TEST-- symlink() using a relative path, and symlink() to a symlink +--SKIPIF-- +<?php +if (substr(PHP_OS, 0, 3) == 'WIN') { + die('skip no symlinks on Windows'); +} +?> --FILE-- <?php $prefix = __FILE__;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php