Commit: 968ae4a56a08587d73f81f30a0d57fbd109e4cf4 Author: Anatol Belski <a...@php.net> Wed, 10 Apr 2013 20:39:17 +0200 Parents: ecdf8bcc455a660086f85b47f68ecc802c20ac2b Branches: PHP-5.3 PHP-5.4 PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=968ae4a56a08587d73f81f30a0d57fbd109e4cf4 Log: Fixed bug #64342 ZipArchive::addFile() has to check for file existence Bugs: https://bugs.php.net/64342 Changed paths: M NEWS M ext/zip/php_zip.c A ext/zip/tests/bug64342_0.phpt A ext/zip/tests/bug64342_1.phpt Diff: diff --git a/NEWS b/NEWS index 688f4f9..a5cd7f2 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,10 @@ PHP NEWS segfault). (Laruence) . Fixed bugs #47675 and #64577 (fd leak on Solaris) +- Zip: + . Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). + (Anatol) + 11 Apr 2013, PHP 5.3.24 - Core diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index bdd35a2..b1a1a36 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -28,6 +28,7 @@ #include "ext/standard/file.h" #include "ext/standard/php_string.h" #include "ext/pcre/php_pcre.h" +#include "ext/standard/php_filestat.h" #include "php_zip.h" #include "lib/zip.h" #include "lib/zipint.h" @@ -309,6 +310,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, size_t filenam struct zip_source *zs; int cur_idx; char resolved_path[MAXPATHLEN]; + zval exists_flag; if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { @@ -319,6 +321,11 @@ static int php_zip_add_file(struct zip *za, const char *filename, size_t filenam return -1; } + php_stat(resolved_path, strlen(resolved_path), FS_EXISTS, &exists_flag TSRMLS_CC); + if (!Z_BVAL(exists_flag)) { + return -1; + } + zs = zip_source_file(za, resolved_path, offset_start, offset_len); if (!zs) { return -1; diff --git a/ext/zip/tests/bug64342_0.phpt b/ext/zip/tests/bug64342_0.phpt new file mode 100644 index 0000000..066d3e6 --- /dev/null +++ b/ext/zip/tests/bug64342_0.phpt @@ -0,0 +1,42 @@ +--TEST-- +Bug #64342 ZipArchive::addFile() has to check file existance (variation 1) +--SKIPIF-- +<?php + if(!extension_loaded('zip')) die('skip'); +?> +--FILE-- +<?php + +$zip = new ZipArchive; +$res = $zip->open(dirname(__FILE__) . '/bug64342.zip', ZipArchive::CREATE); +if ($res === TRUE) { + $f = md5(uniqid()) . '.txt'; + echo "$f\n"; + $res = $zip->addFile($f); + if (true == $res) { + echo "add ok\n"; + } else { + echo "add failed\n"; + } + $res = $zip->close(); + if (true == $res) { + echo "close ok\n"; + } else { + echo "close failed\n"; + } +} else { + echo "open failed\n"; +} + + +?> +DONE +--CLEAN-- +<?php + +@unlink(dirname(__FILE__) . '/bug64342.zip'); +--EXPECTF-- +%s.txt +add failed +close ok +DONE diff --git a/ext/zip/tests/bug64342_1.phpt b/ext/zip/tests/bug64342_1.phpt new file mode 100644 index 0000000..2b1357d --- /dev/null +++ b/ext/zip/tests/bug64342_1.phpt @@ -0,0 +1,37 @@ +--TEST-- +Bug #64342 ZipArchive::addFile() has to check file existance (variation 2) +--SKIPIF-- +<?php +/* $Id$ */ +if(!extension_loaded('zip')) die('skip'); +?> +--FILE-- +<?php + +$dirname = dirname(__FILE__) . '/'; +include $dirname . 'utils.inc'; +$file = $dirname . '__tmp_oo_addfile.zip'; + +copy($dirname . 'test.zip', $file); + +$zip = new ZipArchive; +if (!$zip->open($file)) { + exit('failed'); +} +if (!$zip->addFile($dirname . 'cant_find_me.txt', 'test.php')) { + echo "failed\n"; +} +if ($zip->status == ZIPARCHIVE::ER_OK) { + dump_entries_name($zip); + $zip->close(); +} else { + echo "failed\n"; +} +@unlink($file); +?> +--EXPECTF-- +failed +0 bar +1 foobar/ +2 foobar/baz +3 entry1.txt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
