lbarnaud Mon Aug 11 15:30:44 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/tests/security open_basedir_symlink.phpt
/php-src/ext/standard link.c
/php-src/ext/standard/tests/file symlink_to_symlink.phpt
Log:
MFH: Check the relevant path for open_basedir in symlink()
http://cvs.php.net/viewvc.cgi/php-src/tests/security/open_basedir_symlink.phpt?r1=1.1.4.2&r2=1.1.4.3&diff_format=u
Index: php-src/tests/security/open_basedir_symlink.phpt
diff -u php-src/tests/security/open_basedir_symlink.phpt:1.1.4.2
php-src/tests/security/open_basedir_symlink.phpt:1.1.4.3
--- php-src/tests/security/open_basedir_symlink.phpt:1.1.4.2 Fri May 9
08:39:44 2008
+++ php-src/tests/security/open_basedir_symlink.phpt Mon Aug 11 15:30:44 2008
@@ -31,6 +31,12 @@
var_dump(symlink($target, $symlink));
var_dump(unlink($symlink));
+
+var_dump(mkdir("ok2"));
+$symlink = ($directory."/test/ok/ok2/ok.txt");
+var_dump(symlink("../ok.txt", $symlink)); // $target ==
(dirname($symlink)."/".$target) == ($directory."/test/ok/ok.txt");
+var_dump(unlink($symlink));
+
test_open_basedir_after("symlink");
?>
--CLEAN--
@@ -74,5 +80,8 @@
bool(false)
bool(true)
bool(true)
+bool(true)
+bool(true)
+bool(true)
*** Finished testing open_basedir configuration [symlink] ***
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.52.2.1.2.3.2.3&r2=1.52.2.1.2.3.2.4&diff_format=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.52.2.1.2.3.2.3
php-src/ext/standard/link.c:1.52.2.1.2.3.2.4
--- php-src/ext/standard/link.c:1.52.2.1.2.3.2.3 Sun Aug 10 11:54:41 2008
+++ php-src/ext/standard/link.c Mon Aug 11 15:30:44 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: link.c,v 1.52.2.1.2.3.2.3 2008/08/10 11:54:41 lbarnaud Exp $ */
+/* $Id: link.c,v 1.52.2.1.2.3.2.4 2008/08/11 15:30:44 lbarnaud Exp $ */
#include "php.h"
#include "php_filestat.h"
@@ -49,6 +49,7 @@
#include "safe_mode.h"
#include "php_link.h"
+#include "php_string.h"
/* {{{ proto string readlink(string filename)
Return the target of a symbolic link */
@@ -116,12 +117,22 @@
int ret;
char source_p[MAXPATHLEN];
char dest_p[MAXPATHLEN];
+ char dirname[MAXPATHLEN];
+ size_t len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &topath,
&topath_len, &frompath, &frompath_len) == FAILURE) {
return;
}
+
+ if (!expand_filepath(frompath, source_p TSRMLS_CC)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or
directory");
+ RETURN_FALSE;
+ }
- if (!expand_filepath(frompath, source_p TSRMLS_CC) ||
!expand_filepath(topath, dest_p TSRMLS_CC)) {
+ memcpy(dirname, source_p, sizeof(source_p));
+ len = php_dirname(dirname, strlen(dirname));
+
+ if (!expand_filepath_ex(topath, dest_p, dirname, len TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "No such file or
directory");
RETURN_FALSE;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/symlink_to_symlink.phpt?r1=1.1.2.2&r2=1.1.2.3&diff_format=u
Index: php-src/ext/standard/tests/file/symlink_to_symlink.phpt
diff -u php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1.2.2
php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1.2.3
--- php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1.2.2 Sun Aug
10 11:54:41 2008
+++ php-src/ext/standard/tests/file/symlink_to_symlink.phpt Mon Aug 11
15:30:44 2008
@@ -1,5 +1,11 @@
--TEST--
symlink() using a relative path, and symlink() to a symlink
+--SKIPIF--
+<?php
+if (substr(PHP_OS, 0, 3) == 'WIN') {
+ die('skip no symlinks on Windows');
+}
+?>
--FILE--
<?php
$prefix = __FILE__;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
