dmitry Mon, 30 Jan 2012 10:08:11 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=322927
Log: Fixed bug #51860 (Include fails with toplevel symlink to /) Bug: https://bugs.php.net/51860 (Assigned) Include fails with toplevel symlink to / Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c U php/php-src/trunk/TSRM/tsrm_virtual_cwd.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_3/NEWS 2012-01-30 10:08:11 UTC (rev 322927) @@ -12,6 +12,7 @@ (Dmitry, Laruence) . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) + . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). Modified: php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c =================================================================== --- php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_3/TSRM/tsrm_virtual_cwd.c 2012-01-30 10:08:11 UTC (rev 322927) @@ -773,6 +773,9 @@ while (1) { if (len <= start) { + if (link_is_dir) { + *link_is_dir = 1; + } return start; } @@ -789,6 +792,10 @@ continue; } else if (i == len - 2 && path[i] == '.' && path[i+1] == '.') { /* remove '..' and previous directory */ + is_dir = 1; + if (link_is_dir) { + *link_is_dir = 1; + } if (i - 1 <= start) { return start ? start : len; } @@ -1214,9 +1221,14 @@ return 1; } memcpy(resolved_path, state->cwd, state_cwd_length); - resolved_path[state_cwd_length] = DEFAULT_SLASH; - memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); - path_length += state_cwd_length + 1; + if (resolved_path[state_cwd_length-1] == DEFAULT_SLASH) { + memcpy(resolved_path + state_cwd_length, path, path_length + 1); + path_length += state_cwd_length; + } else { + resolved_path[state_cwd_length] = DEFAULT_SLASH; + memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); + path_length += state_cwd_length + 1; + } } } else { #ifdef TSRM_WIN32 Modified: php/php-src/branches/PHP_5_4/NEWS =================================================================== --- php/php-src/branches/PHP_5_4/NEWS 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_4/NEWS 2012-01-30 10:08:11 UTC (rev 322927) @@ -4,6 +4,7 @@ - Core: . Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre) + . Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry) - OpenSSL: . Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. Modified: php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c =================================================================== --- php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/branches/PHP_5_4/TSRM/tsrm_virtual_cwd.c 2012-01-30 10:08:11 UTC (rev 322927) @@ -760,6 +760,9 @@ while (1) { if (len <= start) { + if (link_is_dir) { + *link_is_dir = 1; + } return start; } @@ -776,6 +779,10 @@ continue; } else if (i == len - 2 && path[i] == '.' && path[i+1] == '.') { /* remove '..' and previous directory */ + is_dir = 1; + if (link_is_dir) { + *link_is_dir = 1; + } if (i - 1 <= start) { return start ? start : len; } @@ -1200,9 +1207,14 @@ return 1; } memcpy(resolved_path, state->cwd, state_cwd_length); - resolved_path[state_cwd_length] = DEFAULT_SLASH; - memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); - path_length += state_cwd_length + 1; + if (resolved_path[state_cwd_length-1] == DEFAULT_SLASH) { + memcpy(resolved_path + state_cwd_length, path, path_length + 1); + path_length += state_cwd_length; + } else { + resolved_path[state_cwd_length] = DEFAULT_SLASH; + memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); + path_length += state_cwd_length + 1; + } } } else { #ifdef TSRM_WIN32 Modified: php/php-src/trunk/TSRM/tsrm_virtual_cwd.c =================================================================== --- php/php-src/trunk/TSRM/tsrm_virtual_cwd.c 2012-01-30 09:17:44 UTC (rev 322926) +++ php/php-src/trunk/TSRM/tsrm_virtual_cwd.c 2012-01-30 10:08:11 UTC (rev 322927) @@ -760,6 +760,9 @@ while (1) { if (len <= start) { + if (link_is_dir) { + *link_is_dir = 1; + } return start; } @@ -776,6 +779,10 @@ continue; } else if (i == len - 2 && path[i] == '.' && path[i+1] == '.') { /* remove '..' and previous directory */ + is_dir = 1; + if (link_is_dir) { + *link_is_dir = 1; + } if (i - 1 <= start) { return start ? start : len; } @@ -1200,9 +1207,14 @@ return 1; } memcpy(resolved_path, state->cwd, state_cwd_length); - resolved_path[state_cwd_length] = DEFAULT_SLASH; - memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); - path_length += state_cwd_length + 1; + if (resolved_path[state_cwd_length-1] == DEFAULT_SLASH) { + memcpy(resolved_path + state_cwd_length, path, path_length + 1); + path_length += state_cwd_length; + } else { + resolved_path[state_cwd_length] = DEFAULT_SLASH; + memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1); + path_length += state_cwd_length + 1; + } } } else { #ifdef TSRM_WIN32
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php