From: antispam at brokenhill dot net
Operating system: Mac OS X
PHP version: Irrelevant
PHP Bug Type: Documentation problem
Bug description: ftp_ssl_connect falls back to ftp_connect silently
Description:
------------
One thing that seems clear from my experience, but which is not
documented, is that ftp_ssl_connect silently falls back to ftp_connect if
ftps is not available.
Test case: make a ftps connection to a server which does not support ftps.
You will still get a connection and be able to use all ftp_ functions. The
connection will simply fall back to ftp_connect.
This should be documented as it could lead to a false sense of security.
Reproduce code:
---------------
public function connect($host, $user, $pass, $type=self::FTP) {
$this->_host = $host;
$this->_user = $user;
$this->_pw = $pass;
$this->_type = $type;
if ($this->_type==self::FTPS) $this->_conn =
ftp_ssl_connect($this->_host);
else $this->_conn = ftp_connect($this->_host);
$loginResult = ftp_login($this->_conn, $this->_user,
$this->_pw);
if (!$this->_conn) {
cx_log("Could not connect to FTP server", __FUNCTION__,
__FILE__,
CX_ERR_CRITICAL);
return FALSE;
} else if (!$loginResult) {
cx_log("Could not login to FTP server", __FUNCTION__,
__FILE__,
CX_ERR_CRITICAL);
return FALSE;
} else {
return TRUE;
}
}
Expected result:
----------------
I would expect to have a ftps connection made, or an error stating that
ftps is not available.
Actual result:
--------------
Instead it silently gives me an ftp_connect (non SSL) connection, which
leads to a false sense of security.
Found this out by running tcpdump and seeing that nothing was encrypted.
--
Edit bug report at http://bugs.php.net/?id=37799&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=37799&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=37799&r=trysnapshot52
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=37799&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=37799&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=37799&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=37799&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=37799&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=37799&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=37799&r=support
Expected behavior: http://bugs.php.net/fix.php?id=37799&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=37799&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=37799&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=37799&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=37799&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=37799&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=37799&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=37799&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=37799&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=37799&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=37799&r=mysqlcfg
