[PHP-CVS] cvs: php-src /main fopen_wrappers.c
rasmus Thu Jun 18 06:39:11 2009 UTC Modified files: /php-src/main fopen_wrappers.c Log: Fix bug #48592 http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.213r2=1.214diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.213 php-src/main/fopen_wrappers.c:1.214 --- php-src/main/fopen_wrappers.c:1.213 Tue Mar 10 23:39:53 2009 +++ php-src/main/fopen_wrappers.c Thu Jun 18 06:39:11 2009 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.213 2009/03/10 23:39:53 helly Exp $ */ +/* $Id: fopen_wrappers.c,v 1.214 2009/06/18 06:39:11 rasmus Exp $ */ /* {{{ includes */ @@ -403,7 +403,9 @@ } } /* if doc_root path_info */ - filename = zend_resolve_path(filename, strlen(filename) TSRMLS_CC); + if(filename) { + filename = zend_resolve_path(filename, strlen(filename) TSRMLS_CC); + } if (!filename) { /* we have to free SG(request_info).path_translated here because -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c /main/streams plain_wrapper.c
iliaa Tue Feb 10 14:22:19 2009 UTC Modified files: /php-src/main/streams plain_wrapper.c /php-src/main fopen_wrappers.c Log: MFB: Added path truncation E_NOTICE to let people now when path resolving caused the file path to be truncated. http://cvs.php.net/viewvc.cgi/php-src/main/streams/plain_wrapper.c?r1=1.98r2=1.99diff_format=u Index: php-src/main/streams/plain_wrapper.c diff -u php-src/main/streams/plain_wrapper.c:1.98 php-src/main/streams/plain_wrapper.c:1.99 --- php-src/main/streams/plain_wrapper.c:1.98 Wed Dec 31 11:12:39 2008 +++ php-src/main/streams/plain_wrapper.cTue Feb 10 14:22:19 2009 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: plain_wrapper.c,v 1.98 2008/12/31 11:12:39 sebastian Exp $ */ +/* $Id: plain_wrapper.c,v 1.99 2009/02/10 14:22:19 iliaa Exp $ */ #include php.h #include php_globals.h @@ -1289,7 +1289,9 @@ /* getcwd() will return always return [DRIVE_LETTER]:/) on windows. */ *(cwd+3) = '\0'; - snprintf(trypath, MAXPATHLEN, %s%s, cwd, filename); + if (snprintf(trypath, MAXPATHLEN, %s%s, cwd, filename) MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, %s/%s path was truncated to %d, cwd, filename, MAXPATHLEN); + } free(cwd); @@ -1341,7 +1343,9 @@ if (*ptr == '\0') { goto stream_skip; } - snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename); + if (snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename) MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, %s/%s path was truncated to %d, ptr, filename, MAXPATHLEN); + } if (((options STREAM_DISABLE_OPEN_BASEDIR) == 0) php_check_open_basedir_ex(trypath, 0 TSRMLS_CC)) { goto stream_skip; http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.210r2=1.211diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.210 php-src/main/fopen_wrappers.c:1.211 --- php-src/main/fopen_wrappers.c:1.210 Wed Dec 31 11:12:38 2008 +++ php-src/main/fopen_wrappers.c Tue Feb 10 14:22:19 2009 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.210 2008/12/31 11:12:38 sebastian Exp $ */ +/* $Id: fopen_wrappers.c,v 1.211 2009/02/10 14:22:19 iliaa Exp $ */ /* {{{ includes */ @@ -636,7 +636,9 @@ *end = '\0'; end++; } - snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename); + if (snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename) MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, %s/%s path was truncated to %d, ptr, filename, MAXPATHLEN); + } fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); if (fp) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c /main/streams plain_wrapper.c
iliaa Tue Feb 10 16:14:35 2009 UTC Modified files: /php-src/main/streams plain_wrapper.c /php-src/main fopen_wrappers.c Log: MFB:Adjust condition http://cvs.php.net/viewvc.cgi/php-src/main/streams/plain_wrapper.c?r1=1.99r2=1.100diff_format=u Index: php-src/main/streams/plain_wrapper.c diff -u php-src/main/streams/plain_wrapper.c:1.99 php-src/main/streams/plain_wrapper.c:1.100 --- php-src/main/streams/plain_wrapper.c:1.99 Tue Feb 10 14:22:19 2009 +++ php-src/main/streams/plain_wrapper.cTue Feb 10 16:14:35 2009 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: plain_wrapper.c,v 1.99 2009/02/10 14:22:19 iliaa Exp $ */ +/* $Id: plain_wrapper.c,v 1.100 2009/02/10 16:14:35 iliaa Exp $ */ #include php.h #include php_globals.h @@ -1289,7 +1289,7 @@ /* getcwd() will return always return [DRIVE_LETTER]:/) on windows. */ *(cwd+3) = '\0'; - if (snprintf(trypath, MAXPATHLEN, %s%s, cwd, filename) MAXPATHLEN) { + if (snprintf(trypath, MAXPATHLEN, %s%s, cwd, filename) = MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, %s/%s path was truncated to %d, cwd, filename, MAXPATHLEN); } @@ -1343,7 +1343,7 @@ if (*ptr == '\0') { goto stream_skip; } - if (snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename) MAXPATHLEN) { + if (snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename) = MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, %s/%s path was truncated to %d, ptr, filename, MAXPATHLEN); } http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.211r2=1.212diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.211 php-src/main/fopen_wrappers.c:1.212 --- php-src/main/fopen_wrappers.c:1.211 Tue Feb 10 14:22:19 2009 +++ php-src/main/fopen_wrappers.c Tue Feb 10 16:14:35 2009 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.211 2009/02/10 14:22:19 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.212 2009/02/10 16:14:35 iliaa Exp $ */ /* {{{ includes */ @@ -636,7 +636,7 @@ *end = '\0'; end++; } - if (snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename) MAXPATHLEN) { + if (snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename) = MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, %s/%s path was truncated to %d, ptr, filename, MAXPATHLEN); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c fopen_wrappers.h
lbarnaudMon Aug 11 15:32:52 2008 UTC Modified files: /php-src/main fopen_wrappers.c fopen_wrappers.h Log: Missing files in previous commit (Check the relevant path for open_basedir in symlink()) http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.208r2=1.209diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.208 php-src/main/fopen_wrappers.c:1.209 --- php-src/main/fopen_wrappers.c:1.208 Mon Aug 4 07:20:44 2008 +++ php-src/main/fopen_wrappers.c Mon Aug 11 15:32:52 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.208 2008/08/04 07:20:44 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.209 2008/08/11 15:32:52 lbarnaud Exp $ */ /* {{{ includes */ @@ -695,6 +695,14 @@ */ PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC) { + return expand_filepath_ex(filepath, real_path, NULL, 0 TSRMLS_CC); +} +/* }}} */ + +/* {{{ expand_filepath_ex + */ +PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len TSRMLS_DC) +{ cwd_state new_state; char cwd[MAXPATHLEN]; int copy_len; @@ -705,7 +713,16 @@ cwd[0] = '\0'; } else { const char *iam = SG(request_info).path_translated; - char *result = VCWD_GETCWD(cwd, MAXPATHLEN); + const char *result; + if (relative_to) { + if (relative_to_len MAXPATHLEN-1U) { + return NULL; + } + result = relative_to; + memcpy(cwd, relative_to, relative_to_len+1U); + } else { + result = VCWD_GETCWD(cwd, MAXPATHLEN); + } if (!result (iam != filepath)) { int fdtest = -1; http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.h?r1=1.52r2=1.53diff_format=u Index: php-src/main/fopen_wrappers.h diff -u php-src/main/fopen_wrappers.h:1.52 php-src/main/fopen_wrappers.h:1.53 --- php-src/main/fopen_wrappers.h:1.52 Wed Mar 5 13:35:02 2008 +++ php-src/main/fopen_wrappers.h Mon Aug 11 15:32:52 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: fopen_wrappers.h,v 1.52 2008/03/05 13:35:02 dmitry Exp $ */ +/* $Id: fopen_wrappers.h,v 1.53 2008/08/11 15:32:52 lbarnaud Exp $ */ #ifndef FOPEN_WRAPPERS_H #define FOPEN_WRAPPERS_H @@ -27,6 +27,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC); PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC); +PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len TSRMLS_DC); PHPAPI int php_check_open_basedir(const char *path TSRMLS_DC); PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c /sapi/cgi cgi_main.c
dmitry Mon Aug 4 07:20:44 2008 UTC Modified files: /php-src/sapi/cgi cgi_main.c /php-src/main fopen_wrappers.c Log: Removed shebang line check from CGI sapi (it is checked by scanner) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.358r2=1.359diff_format=u Index: php-src/sapi/cgi/cgi_main.c diff -u php-src/sapi/cgi/cgi_main.c:1.358 php-src/sapi/cgi/cgi_main.c:1.359 --- php-src/sapi/cgi/cgi_main.c:1.358 Tue Jul 15 13:38:56 2008 +++ php-src/sapi/cgi/cgi_main.c Mon Aug 4 07:20:44 2008 @@ -21,7 +21,7 @@ +--+ */ -/* $Id: cgi_main.c,v 1.358 2008/07/15 13:38:56 dmitry Exp $ */ +/* $Id: cgi_main.c,v 1.359 2008/08/04 07:20:44 dmitry Exp $ */ #include php.h #include php_globals.h @@ -150,7 +150,6 @@ typedef struct _php_cgi_globals_struct { zend_bool rfc2616_headers; zend_bool nph; - zend_bool check_shebang_line; zend_bool fix_pathinfo; zend_bool force_redirect; zend_bool discard_path; @@ -1294,7 +1293,6 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY(cgi.rfc2616_headers, 0, PHP_INI_ALL, OnUpdateBool, rfc2616_headers, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY(cgi.nph, 0, PHP_INI_ALL, OnUpdateBool, nph, php_cgi_globals_struct, php_cgi_globals) - STD_PHP_INI_ENTRY(cgi.check_shebang_line, 1, PHP_INI_SYSTEM, OnUpdateBool, check_shebang_line, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY(cgi.force_redirect, 1, PHP_INI_SYSTEM, OnUpdateBool, force_redirect, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY(cgi.redirect_status_env, NULL, PHP_INI_SYSTEM, OnUpdateString, redirect_status_env, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY(cgi.fix_pathinfo,1, PHP_INI_SYSTEM, OnUpdateBool, fix_pathinfo, php_cgi_globals_struct, php_cgi_globals) @@ -1311,7 +1309,6 @@ { php_cgi_globals-rfc2616_headers = 0; php_cgi_globals-nph = 0; - php_cgi_globals-check_shebang_line = 1; php_cgi_globals-force_redirect = 1; php_cgi_globals-redirect_status_env = NULL; php_cgi_globals-fix_pathinfo = 1; @@ -1378,7 +1375,6 @@ int exit_status = SUCCESS; int cgi = 0, c, i, len; zend_file_handle file_handle; - int retval = FAILURE; char *s; /* temporary locals */ @@ -1949,65 +1945,37 @@ 1. we are running from shell and got filename was there 2. we are running as cgi or fastcgi */ - retval = FAILURE; if (cgi || SG(request_info).path_translated) { - if (!php_check_open_basedir(SG(request_info).path_translated TSRMLS_CC)) { - retval = php_fopen_primary_script(file_handle TSRMLS_CC); - } - } - /* - if we are unable to open path_translated and we are not - running from shell (so fp == NULL), then fail. - */ - if (retval == FAILURE file_handle.handle.fp == NULL) { - if (errno == EACCES) { - SG(sapi_headers).http_response_code = 403; - PUTS(Access denied.\n); - } else { - SG(sapi_headers).http_response_code = 404; - PUTS(No input file specified.\n); - } - /* we want to serve more requests if this is fastcgi - so cleanup and continue, request shutdown is - handled later */ - if (fastcgi) { - goto fastcgi_request_done; - } + if (php_fopen_primary_script(file_handle TSRMLS_CC) == FAILURE) { + if (errno == EACCES) { + SG(sapi_headers).http_response_code = 403; + PUTS(Access denied.\n); + } else { + SG(sapi_headers).http_response_code = 404; + PUTS(No input file specified.\n); + } + /* we want to serve more requests if this is fastcgi + so cleanup and continue, request shutdown is +
[PHP-CVS] cvs: php-src /main fopen_wrappers.c main.c /sapi/caudium caudium.c
dmitry Mon Jul 21 08:42:35 2008 UTC Modified files: /php-src/main fopen_wrappers.c main.c /php-src/sapi/caudium caudium.c Log: Fixed chdir() into requested file directory inconsistencies http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.206r2=1.207diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.206 php-src/main/fopen_wrappers.c:1.207 --- php-src/main/fopen_wrappers.c:1.206 Thu Mar 27 10:33:52 2008 +++ php-src/main/fopen_wrappers.c Mon Jul 21 08:42:35 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.206 2008/03/27 10:33:52 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.207 2008/07/21 08:42:35 dmitry Exp $ */ /* {{{ includes */ @@ -433,9 +433,6 @@ file_handle-opened_path = expand_filepath(filename, NULL TSRMLS_CC); - if (!(SG(options) SAPI_OPTION_NO_CHDIR)) { - VCWD_CHDIR_FILE(filename); - } SG(request_info).path_translated = filename; file_handle-filename = SG(request_info).path_translated; http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.771r2=1.772diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.771 php-src/main/main.c:1.772 --- php-src/main/main.c:1.771 Wed Jun 25 12:18:51 2008 +++ php-src/main/main.c Mon Jul 21 08:42:35 2008 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.771 2008/06/25 12:18:51 dmitry Exp $ */ +/* $Id: main.c,v 1.772 2008/07/21 08:42:35 dmitry Exp $ */ /* {{{ includes */ @@ -2168,7 +2168,7 @@ PG(during_request_startup) = 0; - if ((primary_file-type == ZEND_HANDLE_FILENAME || primary_file-type == ZEND_HANDLE_STREAM) primary_file-filename) { + if (primary_file-filename !(SG(options) SAPI_OPTION_NO_CHDIR)) { #if HAVE_BROKEN_GETCWD /* this looks nasty to me */ old_cwd_fd = open(., 0); @@ -2257,7 +2257,7 @@ PG(during_request_startup) = 0; - if (primary_file-type == ZEND_HANDLE_FILENAME primary_file-filename) { + if (primary_file-filename !(SG(options) SAPI_OPTION_NO_CHDIR)) { VCWD_GETCWD(old_cwd, OLD_CWD_SIZE-1); VCWD_CHDIR_FILE(primary_file-filename); } http://cvs.php.net/viewvc.cgi/php-src/sapi/caudium/caudium.c?r1=1.40r2=1.41diff_format=u Index: php-src/sapi/caudium/caudium.c diff -u php-src/sapi/caudium/caudium.c:1.40 php-src/sapi/caudium/caudium.c:1.41 --- php-src/sapi/caudium/caudium.c:1.40 Wed Mar 19 16:37:49 2008 +++ php-src/sapi/caudium/caudium.c Mon Jul 21 08:42:35 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: caudium.c,v 1.40 2008/03/19 16:37:49 rasmus Exp $ */ +/* $Id: caudium.c,v 1.41 2008/07/21 08:42:35 dmitry Exp $ */ #include php.h #ifdef HAVE_CAUDIUM @@ -444,7 +444,7 @@ { /* char buf[512]; */ php_info_print_table_start(); - php_info_print_table_row(2, SAPI module version, $Id: caudium.c,v 1.40 2008/03/19 16:37:49 rasmus Exp $); + php_info_print_table_row(2, SAPI module version, $Id: caudium.c,v 1.41 2008/07/21 08:42:35 dmitry Exp $); /* php_info_print_table_row(2, Build date, Ns_InfoBuildDate()); php_info_print_table_row(2, Config file path, Ns_InfoConfigFile()); php_info_print_table_row(2, Error Log path, Ns_InfoErrorLog()); @@ -639,15 +639,6 @@ THREADS_ALLOW(); #endif -#ifdef VIRTUAL_DIR - /* Change virtual directory, if the feature is enabled, which is - * (almost) a requirement for PHP in Caudium. Might want to fail if it - * isn't. Not a problem though, since it's on by default when using ZTS - * which we require. - */ - VCWD_CHDIR_FILE(THIS-filename-str); -#endif - file_handle.type = ZEND_HANDLE_FILENAME; file_handle.filename = THIS-filename-str; file_handle.opened_path = NULL; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
dmitry Mon Mar 24 09:30:54 2008 UTC Modified files: /php-src/main fopen_wrappers.c Log: Fixed ws and comment http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.204r2=1.205diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.204 php-src/main/fopen_wrappers.c:1.205 --- php-src/main/fopen_wrappers.c:1.204 Thu Mar 13 14:10:08 2008 +++ php-src/main/fopen_wrappers.c Mon Mar 24 09:30:54 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.204 2008/03/13 14:10:08 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.205 2008/03/24 09:30:54 dmitry Exp $ */ /* {{{ includes */ @@ -460,11 +460,11 @@ return NULL; } - /* Don't resolve patches which contain protocol */ + /* Don't resolve paths which contain protocol */ for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++); -if ((*p == ':') (p - filename 1) (p[1] == '/') (p[2] == '/')) { - return NULL; -} + if ((*p == ':') (p - filename 1) (p[1] == '/') (p[2] == '/')) { + return NULL; + } if ((*filename == '.' (IS_SLASH(filename[1]) || -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c fopen_wrappers.h main.c ZendEngine2 zend.c zend.h zend_vm_def.h zend_vm_execute.h
dmitry Wed Mar 5 13:35:02 2008 UTC Modified files: /ZendEngine2zend.c zend.h zend_vm_def.h zend_vm_execute.h /php-src/main fopen_wrappers.c fopen_wrappers.h main.c Log: Optimized require_once() and include_once() by eliminationg open() syscall on se cond usage. http://cvs.php.net/viewvc.cgi/ZendEngine2/zend.c?r1=1.407r2=1.408diff_format=u Index: ZendEngine2/zend.c diff -u ZendEngine2/zend.c:1.407 ZendEngine2/zend.c:1.408 --- ZendEngine2/zend.c:1.407Sat Feb 23 17:03:51 2008 +++ ZendEngine2/zend.c Wed Mar 5 13:35:01 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: zend.c,v 1.407 2008/02/23 17:03:51 helly Exp $ */ +/* $Id: zend.c,v 1.408 2008/03/05 13:35:01 dmitry Exp $ */ #include zend.h #include zend_extensions.h @@ -65,6 +65,7 @@ ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args); int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); +ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); void (*zend_on_timeout)(int seconds TSRMLS_DC); @@ -1067,6 +1068,7 @@ zend_on_timeout = utility_functions-on_timeout; zend_vspprintf = utility_functions-vspprintf_function; zend_getenv = utility_functions-getenv_function; + zend_resolve_path = utility_functions-resolve_path_function; zend_compile_file = compile_file; zend_compile_string = compile_string; http://cvs.php.net/viewvc.cgi/ZendEngine2/zend.h?r1=1.349r2=1.350diff_format=u Index: ZendEngine2/zend.h diff -u ZendEngine2/zend.h:1.349 ZendEngine2/zend.h:1.350 --- ZendEngine2/zend.h:1.349Tue Jan 22 09:29:29 2008 +++ ZendEngine2/zend.h Wed Mar 5 13:35:01 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: zend.h,v 1.349 2008/01/22 09:29:29 dmitry Exp $ */ +/* $Id: zend.h,v 1.350 2008/03/05 13:35:01 dmitry Exp $ */ #ifndef ZEND_H #define ZEND_H @@ -503,6 +503,7 @@ int (*stream_open_function)(const char *filename, zend_file_handle *handle TSRMLS_DC); int (*vspprintf_function)(char **pbuf, size_t max_len, const char *format, va_list ap); char *(*getenv_function)(char *name, size_t name_len TSRMLS_DC); + char *(*resolve_path_function)(const char *filename, int filename_len TSRMLS_DC); } zend_utility_functions; typedef struct _zend_utility_values { @@ -640,6 +641,7 @@ extern ZEND_API int (*zend_stream_open_function)(const char *filename, zend_file_handle *handle TSRMLS_DC); extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); +extern ZEND_API char *(*zend_resolve_path)(const char *filename, int filename_len TSRMLS_DC); ZEND_API void zend_error(int type, const char *format, ...); http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_def.h?r1=1.217r2=1.218diff_format=u Index: ZendEngine2/zend_vm_def.h diff -u ZendEngine2/zend_vm_def.h:1.217 ZendEngine2/zend_vm_def.h:1.218 --- ZendEngine2/zend_vm_def.h:1.217 Tue Mar 4 11:44:15 2008 +++ ZendEngine2/zend_vm_def.h Wed Mar 5 13:35:01 2008 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: zend_vm_def.h,v 1.217 2008/03/04 11:44:15 dmitry Exp $ */ +/* $Id: zend_vm_def.h,v 1.218 2008/03/05 13:35:01 dmitry Exp $ */ /* If you change this file, please regenerate the zend_vm_execute.h and * zend_vm_opcodes.h files by running: @@ -3155,27 +3155,23 @@ case ZEND_INCLUDE_ONCE: case ZEND_REQUIRE_ONCE: { zend_file_handle file_handle; - - if (IS_ABSOLUTE_PATH(Z_STRVAL_P(inc_filename), Z_STRLEN_P(inc_filename))) { - cwd_state state; - - state.cwd_length = 0; - state.cwd = malloc(1); - state.cwd[0] = 0; - - failure_retval = (!virtual_file_ex(state, Z_STRVAL_P(inc_filename), NULL, 1) - zend_hash_exists(EG(included_files), state.cwd, state.cwd_length+1)); - - free(state.cwd); + char *resolved_path; + + resolved_path = zend_resolve_path(Z_STRVAL_P(inc_filename), Z_STRLEN_P(inc_filename) TSRMLS_CC); + if (resolved_path) { + failure_retval = zend_hash_exists(EG(included_files), resolved_path, strlen(resolved_path)+1); + } else { +
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
dmitry Tue Jan 29 14:25:08 2008 UTC Modified files: /php-src/main fopen_wrappers.c Log: Fixed bug #43491 (Under certain conditions, file_exists() never returns) http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.201r2=1.202diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.201 php-src/main/fopen_wrappers.c:1.202 --- php-src/main/fopen_wrappers.c:1.201 Mon Dec 31 07:12:18 2007 +++ php-src/main/fopen_wrappers.c Tue Jan 29 14:25:07 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.201 2007/12/31 07:12:18 sebastian Exp $ */ +/* $Id: fopen_wrappers.c,v 1.202 2008/01/29 14:25:07 dmitry Exp $ */ /* {{{ includes */ @@ -204,6 +204,9 @@ path_len = path_file - path_tmp + 1; #if defined(PHP_WIN32) || defined(NETWARE) if (path_len 1 path_tmp[path_len - 2] == ':') { + if (path_len != 3) { + return -1; + } /* this is c:\ */ path_tmp[path_len] = '\0'; } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
bjori Thu Dec 27 02:11:05 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: MFB5.3: Fixed bug#43105 (PHP seems to fail to close open files.) http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.199r2=1.200diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.199 php-src/main/fopen_wrappers.c:1.200 --- php-src/main/fopen_wrappers.c:1.199 Tue Oct 9 10:04:19 2007 +++ php-src/main/fopen_wrappers.c Thu Dec 27 02:11:05 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.199 2007/10/09 10:04:19 scottmac Exp $ */ +/* $Id: fopen_wrappers.c,v 1.200 2007/12/27 02:11:05 bjori Exp $ */ /* {{{ includes */ @@ -592,6 +592,7 @@ * relatively referenced file is accessible */ copy_len = strlen(filepath) MAXPATHLEN - 1 ? MAXPATHLEN - 1 : strlen(filepath); real_path = estrndup(filepath, copy_len); + close(fdtest); return real_path; } else { cwd[0] = '\0'; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
janiTue Oct 9 08:40:25 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: ws + cs http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.197r2=1.198diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.197 php-src/main/fopen_wrappers.c:1.198 --- php-src/main/fopen_wrappers.c:1.197 Tue Oct 9 02:41:14 2007 +++ php-src/main/fopen_wrappers.c Tue Oct 9 08:40:25 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.197 2007/10/09 02:41:14 ab5602 Exp $ */ +/* $Id: fopen_wrappers.c,v 1.198 2007/10/09 08:40:25 jani Exp $ */ /* {{{ includes */ @@ -90,7 +90,7 @@ char *base = (char *) ts_resource(*((int *) mh_arg2)); #endif - p = (char **) (base+(size_t) mh_arg1); + p = (char **) (base + (size_t) mh_arg1); if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN) { /* We're in a PHP_INI_SYSTEM context, no restrictions */ @@ -98,8 +98,7 @@ return SUCCESS; } - - /* Elsewise, we're in runtime */ + /* Otherwise we're in runtime */ if (!*p || !**p) { /* open_basedir not set yet, go ahead and give it a value */ *p = new_value; @@ -138,9 +137,8 @@ /* {{{ php_check_specific_open_basedir When open_basedir is not NULL, check if the given filename is located in - open_basedir. Returns -1 if error or not in the open_basedir, else 0 - - When open_basedir is NULL, always return 0 + open_basedir. Returns -1 if error or not in the open_basedir, else 0. + When open_basedir is NULL, always return 0. */ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC) { @@ -153,7 +151,7 @@ int resolved_name_len; int path_len; int nesting_level = 0; - + /* Special case basedir==.: Use script-directory */ if (strcmp(basedir, .) || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) { /* Else use the unmodified path */ @@ -170,7 +168,7 @@ if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) { return -1; } - + path_len = strlen(resolved_name); memcpy(path_tmp, resolved_name, path_len + 1); /* safe */ @@ -179,7 +177,7 @@ if (nesting_level == 0) { int ret; char buf[MAXPATHLEN]; - + ret = readlink(path_tmp, buf, MAXPATHLEN - 1); if (ret 0) { /* not a broken symlink, move along.. */ @@ -206,7 +204,7 @@ path_len = path_file - path_tmp + 1; #if defined(PHP_WIN32) || defined(NETWARE) if (path_len 1 path_tmp[path_len - 2] == ':') { - /* this is c:\, */ + /* this is c:\ */ path_tmp[path_len] = '\0'; } else { path_tmp[path_len - 1] = '\0'; @@ -299,8 +297,7 @@ ptr = end; } if (warn) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, - open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s), path, PG(open_basedir)); + php_error_docref(NULL TSRMLS_CC, E_WARNING, open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s), path, PG(open_basedir)); } efree(pathbuf); errno = EPERM; /* we deny permission to open it */ @@ -359,7 +356,7 @@ if (pwbuflen 1) { return FAILURE; } - + pwbuf = emalloc(pwbuflen); #endif length = s - (path_info + 2); @@ -377,8 +374,7 @@ pw = getpwnam(user); #endif if (pw pw-pw_dir) { - spprintf(filename, 0, %s%c%s%c%s, pw-pw_dir, PHP_DIR_SEPARATOR, - PG(user_dir), PHP_DIR_SEPARATOR, s+1); /* Safe */ + spprintf(filename, 0, %s%c%s%c%s, pw-pw_dir, PHP_DIR_SEPARATOR, PG(user_dir), PHP_DIR_SEPARATOR, s + 1); /* Safe */ STR_FREE(SG(request_info).path_translated); SG(request_info).path_translated = filename; } @@ -409,9 +405,9 @@ if (!filename) { /* we have to free SG(request_info).path_translated here because - php_destroy_request_info assumes that it will get -
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
scottmacTue Oct 9 10:04:20 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: Fix expand_filepath when including relative files, ideally you should test you code... http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.198r2=1.199diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.198 php-src/main/fopen_wrappers.c:1.199 --- php-src/main/fopen_wrappers.c:1.198 Tue Oct 9 08:40:25 2007 +++ php-src/main/fopen_wrappers.c Tue Oct 9 10:04:19 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.198 2007/10/09 08:40:25 jani Exp $ */ +/* $Id: fopen_wrappers.c,v 1.199 2007/10/09 10:04:19 scottmac Exp $ */ /* {{{ includes */ @@ -593,8 +593,10 @@ copy_len = strlen(filepath) MAXPATHLEN - 1 ? MAXPATHLEN - 1 : strlen(filepath); real_path = estrndup(filepath, copy_len); return real_path; + } else { + cwd[0] = '\0'; } - } else { + } else if (!result) { cwd[0] = '\0'; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
tony2001Thu Jul 19 10:03:17 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: use constant http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.195r2=1.196diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.195 php-src/main/fopen_wrappers.c:1.196 --- php-src/main/fopen_wrappers.c:1.195 Tue Jul 10 13:21:30 2007 +++ php-src/main/fopen_wrappers.c Thu Jul 19 10:03:17 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.195 2007/07/10 13:21:30 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.196 2007/07/19 10:03:17 tony2001 Exp $ */ /* {{{ includes */ @@ -593,7 +593,7 @@ new_state.cwd = strdup(cwd); new_state.cwd_length = strlen(cwd); - if(virtual_file_ex(new_state, filepath, NULL, 1)) { + if(virtual_file_ex(new_state, filepath, NULL, CWD_FILEPATH)) { free(new_state.cwd); return NULL; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
dmitry Wed Apr 18 11:59:03 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: Fixed endless loop in open_basedir check http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.192r2=1.193diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.192 php-src/main/fopen_wrappers.c:1.193 --- php-src/main/fopen_wrappers.c:1.192 Tue Apr 10 22:31:27 2007 +++ php-src/main/fopen_wrappers.c Wed Apr 18 11:59:03 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.192 2007/04/10 22:31:27 tony2001 Exp $ */ +/* $Id: fopen_wrappers.c,v 1.193 2007/04/18 11:59:03 dmitry Exp $ */ /* {{{ includes */ @@ -208,6 +208,8 @@ if (path_len 1 path_tmp[path_len - 2] == ':') { /* this is c:\, */ path_tmp[path_len] = '\0'; + } else { + path_tmp[path_len - 1] = '\0'; } #else path_tmp[path_len - 1] = '\0'; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
tony2001Tue Apr 10 22:31:27 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: MFB: fix #40931 (open_basedir bypass via symlink and move_uploaded_file()) http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.191r2=1.192diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.191 php-src/main/fopen_wrappers.c:1.192 --- php-src/main/fopen_wrappers.c:1.191 Sat Feb 24 16:25:55 2007 +++ php-src/main/fopen_wrappers.c Tue Apr 10 22:31:27 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.191 2007/02/24 16:25:55 helly Exp $ */ +/* $Id: fopen_wrappers.c,v 1.192 2007/04/10 22:31:27 tony2001 Exp $ */ /* {{{ includes */ @@ -147,8 +147,12 @@ char resolved_name[MAXPATHLEN]; char resolved_basedir[MAXPATHLEN]; char local_open_basedir[MAXPATHLEN]; + char path_tmp[MAXPATHLEN]; + char *path_file; int resolved_basedir_len; int resolved_name_len; + int path_len; + int nesting_level = 0; /* Special case basedir==.: Use script-directory */ if (strcmp(basedir, .) || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) { @@ -156,8 +160,64 @@ strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir)); } - /* Resolve the real path into resolved_name */ - if ((expand_filepath(path, resolved_name TSRMLS_CC) != NULL) (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) { + path_len = strlen(path); + if (path_len (MAXPATHLEN - 1)) { + /* empty and too long paths are invalid */ + return -1; + } + + /* normalize and expand path */ + if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) { + return -1; + } + + path_len = strlen(resolved_name); + memcpy(path_tmp, resolved_name, path_len + 1); /* safe */ + + while (VCWD_REALPATH(path_tmp, resolved_name) == NULL) { +#ifdef HAVE_SYMLINK + if (nesting_level == 0) { + int ret; + char buf[MAXPATHLEN]; + + ret = readlink(path_tmp, buf, MAXPATHLEN - 1); + if (ret 0) { + /* not a broken symlink, move along.. */ + } else { + /* put the real path into the path buffer */ + memcpy(path_tmp, buf, ret); + path_tmp[ret] = '\0'; + } + } +#endif + +#if defined(PHP_WIN32) || defined(NETWARE) + path_file = strrchr(path_tmp, DEFAULT_SLASH); + if (!path_file) { + path_file = strrchr(path_tmp, '/'); + } +#else + path_file = strrchr(path_tmp, DEFAULT_SLASH); +#endif + if (!path_file) { + /* none of the path components exist. definitely not in open_basedir.. */ + return -1; + } else { + path_len = path_file - path_tmp + 1; +#if defined(PHP_WIN32) || defined(NETWARE) + if (path_len 1 path_tmp[path_len - 2] == ':') { + /* this is c:\, */ + path_tmp[path_len] = '\0'; + } +#else + path_tmp[path_len - 1] = '\0'; +#endif + } + nesting_level++; + } + + /* Resolve open_basedir to resolved_basedir */ + if (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { @@ -167,7 +227,7 @@ } } - if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) { + if (path_tmp[path_len - 1] == PHP_DIR_SEPARATOR) { resolved_name_len = strlen(resolved_name); if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) { resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
tony2001Fri Jan 12 09:10:05 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: plug newly added leak http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.188r2=1.189diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.188 php-src/main/fopen_wrappers.c:1.189 --- php-src/main/fopen_wrappers.c:1.188 Fri Jan 12 01:50:43 2007 +++ php-src/main/fopen_wrappers.c Fri Jan 12 09:10:05 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.188 2007/01/12 01:50:43 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.189 2007/01/12 09:10:05 tony2001 Exp $ */ /* {{{ includes */ @@ -312,6 +312,9 @@ SG(request_info).path_translated = filename; } } +#if defined(ZTS) defined(HAVE_GETPWNAM_R) defined(_SC_GETPW_R_SIZE_MAX) + efree(pwbuf); +#endif } } else #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
bjori Fri Jan 12 14:34:47 2007 UTC Modified files: /php-src/main fopen_wrappers.c Log: MFB: Fix build (wharmby at uk dot ibm dot com) http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.189r2=1.190diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.189 php-src/main/fopen_wrappers.c:1.190 --- php-src/main/fopen_wrappers.c:1.189 Fri Jan 12 09:10:05 2007 +++ php-src/main/fopen_wrappers.c Fri Jan 12 14:34:46 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.189 2007/01/12 09:10:05 tony2001 Exp $ */ +/* $Id: fopen_wrappers.c,v 1.190 2007/01/12 14:34:46 bjori Exp $ */ /* {{{ includes */ @@ -280,6 +280,7 @@ char user[32]; /* to try open the directory */ struct passwd *pw; #if defined(ZTS) defined(HAVE_GETPWNAM_R) defined(_SC_GETPW_R_SIZE_MAX) + struct passwd pwstruc; long pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); char *pwbuf; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c /main/streams plain_wrapper.c
dmitry Fri Nov 10 10:55:43 2006 UTC Modified files: /php-src/main fopen_wrappers.c /php-src/main/streams plain_wrapper.c Log: Removed unnecessary checks for ISREG file and corresponding stat() calls on Wind ows http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.185r2=1.186diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.185 php-src/main/fopen_wrappers.c:1.186 --- php-src/main/fopen_wrappers.c:1.185 Fri Nov 10 09:56:37 2006 +++ php-src/main/fopen_wrappers.c Fri Nov 10 10:55:43 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.185 2006/11/10 09:56:37 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.186 2006/11/10 10:55:43 dmitry Exp $ */ /* {{{ includes */ @@ -263,7 +263,9 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) { FILE *fp; +#ifndef PHP_WIN32 struct stat st; +#endif char *path_info, *filename; int length; @@ -329,11 +331,14 @@ } fp = VCWD_FOPEN(filename, rb); +#ifndef PHP_WIN32 /* refuse to open anything that is not a regular file */ if (fp (0 fstat(fileno(fp), st) || !S_ISREG(st.st_mode))) { fclose(fp); fp = NULL; } +#endif + if (!fp) { STR_FREE(SG(request_info).path_translated); /* for same reason as above */ SG(request_info).path_translated = NULL; http://cvs.php.net/viewvc.cgi/php-src/main/streams/plain_wrapper.c?r1=1.74r2=1.75diff_format=u Index: php-src/main/streams/plain_wrapper.c diff -u php-src/main/streams/plain_wrapper.c:1.74 php-src/main/streams/plain_wrapper.c:1.75 --- php-src/main/streams/plain_wrapper.c:1.74 Thu Oct 19 09:49:56 2006 +++ php-src/main/streams/plain_wrapper.cFri Nov 10 10:55:43 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: plain_wrapper.c,v 1.74 2006/10/19 09:49:56 dmitry Exp $ */ +/* $Id: plain_wrapper.c,v 1.75 2006/11/10 10:55:43 dmitry Exp $ */ #include php.h #include php_globals.h @@ -891,6 +891,8 @@ efree(persistent_id); } + /* WIN32 always set ISREG flag */ +#ifndef PHP_WIN32 /* sanity checks for include/require. * We check these after opening the stream, so that we save * on fstat() syscalls */ @@ -899,15 +901,12 @@ int r; r = do_fstat(self, 0); - if ( -#ifndef PHP_WIN32 - (r != 0) || /* it is OK for fstat to fail under win32 */ -#endif - (r == 0 !S_ISREG(self-sb.st_mode))) { + if ((r == 0 !S_ISREG(self-sb.st_mode))) { php_stream_close(ret); return NULL; } } +#endif return ret; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c fopen_wrappers.h network.c
nlopess Sat Jul 1 11:50:52 2006 UTC Modified files: /php-src/main fopen_wrappers.c fopen_wrappers.h network.c Log: MFB5.2: const keywording http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.182r2=1.183diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.182 php-src/main/fopen_wrappers.c:1.183 --- php-src/main/fopen_wrappers.c:1.182 Fri Mar 17 10:46:02 2006 +++ php-src/main/fopen_wrappers.c Sat Jul 1 11:50:52 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.182 2006/03/17 10:46:02 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.183 2006/07/01 11:50:52 nlopess Exp $ */ /* {{{ includes */ @@ -189,7 +189,7 @@ /* {{{ php_fopen_and_set_opened_path */ -static FILE *php_fopen_and_set_opened_path(const char *path, char *mode, char **opened_path TSRMLS_DC) +static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path TSRMLS_DC) { FILE *fp; @@ -306,7 +306,7 @@ * Tries to open a file with a PATH-style list of directories. * If the filename starts with . or /, the path is ignored. */ -PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC) +PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, char **opened_path TSRMLS_DC) { char *pathbuf, *ptr, *end; char *exec_fname; @@ -331,7 +331,7 @@ return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } - /* Absolute path open */ + /* Absolute path open */ /* FIXME: Andi - Do we actually need the if()? */ if (IS_ABSOLUTE_PATH(filename, filename_length) || (!path || (path !*path))) { return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.h?r1=1.46r2=1.47diff_format=u Index: php-src/main/fopen_wrappers.h diff -u php-src/main/fopen_wrappers.h:1.46 php-src/main/fopen_wrappers.h:1.47 --- php-src/main/fopen_wrappers.h:1.46 Sun Feb 19 01:19:37 2006 +++ php-src/main/fopen_wrappers.h Sat Jul 1 11:50:52 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: fopen_wrappers.h,v 1.46 2006/02/19 01:19:37 andi Exp $ */ +/* $Id: fopen_wrappers.h,v 1.47 2006/07/01 11:50:52 nlopess Exp $ */ #ifndef FOPEN_WRAPPERS_H #define FOPEN_WRAPPERS_H @@ -31,7 +31,7 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC); PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC); -PHPAPI FILE *php_fopen_with_path(char *filename, char *mode, char *path, char **opened_path TSRMLS_DC); +PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, char **opened_path TSRMLS_DC); PHPAPI int php_is_url(char *path); PHPAPI char *php_strip_url_passwd(char *path); http://cvs.php.net/viewvc.cgi/php-src/main/network.c?r1=1.121r2=1.122diff_format=u Index: php-src/main/network.c diff -u php-src/main/network.c:1.121 php-src/main/network.c:1.122 --- php-src/main/network.c:1.121Sun Mar 19 22:34:26 2006 +++ php-src/main/network.c Sat Jul 1 11:50:52 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: network.c,v 1.121 2006/03/19 22:34:26 tony2001 Exp $ */ +/* $Id: network.c,v 1.122 2006/07/01 11:50:52 nlopess Exp $ */ /*#define DEBUG_MAIN_NETWORK 1*/ @@ -103,7 +103,7 @@ # define PHP_GAI_STRERROR(x) (php_gai_strerror(x)) /* {{{ php_gai_strerror */ -static char *php_gai_strerror(int code) +static const char *php_gai_strerror(int code) { static struct { int code; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
dmitry Fri Mar 17 10:46:02 2006 UTC Modified files: /php-src/main fopen_wrappers.c Log: Eliminated unnecessary getcwd() syscall http://cvs.php.net/viewcvs.cgi/php-src/main/fopen_wrappers.c?r1=1.181r2=1.182diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.181 php-src/main/fopen_wrappers.c:1.182 --- php-src/main/fopen_wrappers.c:1.181 Wed Mar 8 14:41:45 2006 +++ php-src/main/fopen_wrappers.c Fri Mar 17 10:46:02 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.181 2006/03/08 14:41:45 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.182 2006/03/17 10:46:02 dmitry Exp $ */ /* {{{ includes */ @@ -433,9 +433,13 @@ char cwd[MAXPATHLEN]; char *result; - result = VCWD_GETCWD(cwd, MAXPATHLEN); - if (!result) { + if (IS_ABSOLUTE_PATH(filepath, strlen(filepath))) { cwd[0] = '\0'; + } else{ + result = VCWD_GETCWD(cwd, MAXPATHLEN); + if (!result) { + cwd[0] = '\0'; + } } new_state.cwd = strdup(cwd); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c main.c /main/streams plain_wrapper.c
andiSun Feb 19 01:10:13 2006 UTC Modified files: /php-src/main fopen_wrappers.c main.c /php-src/main/streams plain_wrapper.c Log: - Some more safe_mode nuking http://cvs.php.net/viewcvs.cgi/php-src/main/fopen_wrappers.c?r1=1.177r2=1.178diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.177 php-src/main/fopen_wrappers.c:1.178 --- php-src/main/fopen_wrappers.c:1.177 Sun Jan 1 13:09:57 2006 +++ php-src/main/fopen_wrappers.c Sun Feb 19 01:10:13 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.177 2006/01/01 13:09:57 sniper Exp $ */ +/* $Id: fopen_wrappers.c,v 1.178 2006/02/19 01:10:13 andi Exp $ */ /* {{{ includes */ @@ -379,9 +379,6 @@ /* Relative path open */ if (*filename == '.') { - if (PG(safe_mode) (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } @@ -396,16 +393,10 @@ /* filename is in safe_mode_include_dir (or subdir) */ return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - if (PG(safe_mode) (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) - return NULL; - return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } if (!path || (path !*path)) { - if (PG(safe_mode) (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { - return NULL; - } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } http://cvs.php.net/viewcvs.cgi/php-src/main/main.c?r1=1.662r2=1.663diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.662 php-src/main/main.c:1.663 --- php-src/main/main.c:1.662 Fri Feb 3 09:33:31 2006 +++ php-src/main/main.c Sun Feb 19 01:10:13 2006 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.662 2006/02/03 09:33:31 dmitry Exp $ */ +/* $Id: main.c,v 1.663 2006/02/19 01:10:13 andi Exp $ */ /* {{{ includes */ @@ -1601,8 +1601,8 @@ orig_unicode = UG(unicode); UG(unicode) = 0; - /* Disable realpath cache if safe_mode or open_basedir are set */ - if (PG(safe_mode) || (PG(open_basedir) *PG(open_basedir))) { + /* Disable realpath cache if open_basedir are set */ + if ((PG(open_basedir) *PG(open_basedir))) { CWDG(realpath_cache_size_limit) = 0; } http://cvs.php.net/viewcvs.cgi/php-src/main/streams/plain_wrapper.c?r1=1.59r2=1.60diff_format=u Index: php-src/main/streams/plain_wrapper.c diff -u php-src/main/streams/plain_wrapper.c:1.59 php-src/main/streams/plain_wrapper.c:1.60 --- php-src/main/streams/plain_wrapper.c:1.59 Tue Jan 17 12:18:53 2006 +++ php-src/main/streams/plain_wrapper.cSun Feb 19 01:10:13 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: plain_wrapper.c,v 1.59 2006/01/17 12:18:53 dmitry Exp $ */ +/* $Id: plain_wrapper.c,v 1.60 2006/02/19 01:10:13 andi Exp $ */ #include php.h #include php_globals.h @@ -813,10 +813,6 @@ return NULL; } - if (PG(safe_mode) (!php_checkuid(path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return NULL; - } - dir = VCWD_OPENDIR(path); #ifdef PHP_WIN32 @@ -935,9 +931,6 @@ return NULL; } - if ((options ENFORCE_SAFE_MODE) PG(safe_mode) (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) - return NULL; - return php_stream_fopen_rel(path, mode, opened_path, options); } @@ -948,10 +941,6 @@ url += sizeof(file://) - 1; } - if (PG(safe_mode) (!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) { - return -1; - } - if (php_check_open_basedir_ex(url, (flags PHP_STREAM_URL_STAT_QUIET) ? 0 : 1 TSRMLS_CC)) { return -1; } @@ -975,11 +964,8 @@ url = p + 3; } + /* FIXME: Andi - Pending email I sent to internals@ re: ENFORCE_SAFE_MODE */ if (options ENFORCE_SAFE_MODE) { - if (PG(safe_mode) !php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR)) { - return 0; - } - if (php_check_open_basedir(url TSRMLS_CC)) { return 0; } @@ -1019,11 +1005,6 @@ url_to = p + 3; } -
[PHP-CVS] cvs: php-src /main fopen_wrappers.c fopen_wrappers.h /main/streams plain_wrapper.c
andiSun Feb 19 01:19:37 2006 UTC Modified files: /php-src/main fopen_wrappers.c fopen_wrappers.h /php-src/main/streams plain_wrapper.c Log: Nuke php_check_safe_mode_include_dir http://cvs.php.net/viewcvs.cgi/php-src/main/fopen_wrappers.c?r1=1.178r2=1.179diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.178 php-src/main/fopen_wrappers.c:1.179 --- php-src/main/fopen_wrappers.c:1.178 Sun Feb 19 01:10:13 2006 +++ php-src/main/fopen_wrappers.c Sun Feb 19 01:19:37 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.178 2006/02/19 01:10:13 andi Exp $ */ +/* $Id: fopen_wrappers.c,v 1.179 2006/02/19 01:19:37 andi Exp $ */ /* {{{ includes */ @@ -187,55 +187,6 @@ } /* }}} */ -/* {{{ php_check_safe_mode_include_dir - */ -PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) -{ - if (PG(safe_mode)) { - if (PG(safe_mode_include_dir) *PG(safe_mode_include_dir)) { - char *pathbuf; - char *ptr; - char *end; - char resolved_name[MAXPATHLEN]; - - /* Resolve the real path into resolved_name */ - if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) - return -1; - - pathbuf = estrdup(PG(safe_mode_include_dir)); - - ptr = pathbuf; - - while (ptr *ptr) { - end = strchr(ptr, DEFAULT_DIR_SEPARATOR); - if (end != NULL) { - *end = '\0'; - end++; - } - - /* Check the path */ -#ifdef PHP_WIN32 - if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0) -#else - if (strncmp(ptr, resolved_name, strlen(ptr)) == 0) -#endif - { - /* File is in the right directory */ - efree(pathbuf); - return 0; - } - - ptr = end; - } - efree(pathbuf); - } - return -1; - } - - /* Nothing to check... */ - return 0; -} -/* }}} */ /* {{{ php_fopen_and_set_opened_path */ @@ -387,16 +338,9 @@ * safe mode GID/UID checks */ - /* Absolute path open */ - if (IS_ABSOLUTE_PATH(filename, filename_length)) { - if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) - /* filename is in safe_mode_include_dir (or subdir) */ - return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - - return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - } - - if (!path || (path !*path)) { + /* Absolute path open */ + /* FIXME: Andi - Do we actually need the if()? */ + if (IS_ABSOLUTE_PATH(filename, filename_length) || (!path || (path !*path))) { return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } @@ -434,20 +378,7 @@ end++; } snprintf(trypath, MAXPATHLEN, %s/%s, ptr, filename); - if (PG(safe_mode)) { - if (VCWD_STAT(trypath, sb) == 0) { - /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) - /* UID ok, or trypath is in safe_mode_include_dir */ - fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); - else - fp = NULL; - - efree(pathbuf); - return fp; - } - } + fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); if (fp) { efree(pathbuf); http://cvs.php.net/viewcvs.cgi/php-src/main/fopen_wrappers.h?r1=1.45r2=1.46diff_format=u Index: php-src/main/fopen_wrappers.h diff -u php-src/main/fopen_wrappers.h:1.45 php-src/main/fopen_wrappers.h:1.46 --- php-src/main/fopen_wrappers.h:1.45 Sun Jan 1 13:09:57 2006 +++ php-src/main/fopen_wrappers.h Sun Feb 19
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
iliaa Tue Sep 27 11:07:39 2005 EDT Modified files: /php-src/main fopen_wrappers.c Log: Fixed bug #32937 (open_basedir looses trailing / in the limiter). Patch by Adam Conrad http://cvs.php.net/diff.php/php-src/main/fopen_wrappers.c?r1=1.175r2=1.176ty=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.175 php-src/main/fopen_wrappers.c:1.176 --- php-src/main/fopen_wrappers.c:1.175 Wed Aug 3 10:08:28 2005 +++ php-src/main/fopen_wrappers.c Tue Sep 27 11:07:38 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.175 2005/08/03 14:08:28 sniper Exp $ */ +/* $Id: fopen_wrappers.c,v 1.176 2005/09/27 15:07:38 iliaa Exp $ */ /* {{{ includes */ @@ -108,8 +108,8 @@ /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { - if (resolved_basedir[resolved_basedir_len - 1] == '/') { - resolved_basedir[resolved_basedir_len - 1] = PHP_DIR_SEPARATOR; + if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) { + resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c main.c
hyanantha Sat Jul 16 08:21:35 2005 EDT Modified files: /php-src/main fopen_wrappers.c main.c Log: main/fopen_wrappers.c NetWare file names are case insensitive main/main.c NetWare has no sendmail binary. It uses the smart host mailing code avaiolable in php distro. Could not find a better place to put this than main/main.c. -- Kamesh http://cvs.php.net/diff.php/php-src/main/fopen_wrappers.c?r1=1.173r2=1.174ty=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.173 php-src/main/fopen_wrappers.c:1.174 --- php-src/main/fopen_wrappers.c:1.173 Wed Feb 23 03:56:47 2005 +++ php-src/main/fopen_wrappers.c Sat Jul 16 08:21:34 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.173 2005/02/23 08:56:47 hyanantha Exp $ */ +/* $Id: fopen_wrappers.c,v 1.174 2005/07/16 12:21:34 hyanantha Exp $ */ /* {{{ includes */ @@ -123,7 +123,7 @@ } /* Check the path */ -#ifdef PHP_WIN32 +#if defined(PHP_WIN32) || defined(NETWARE) if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { http://cvs.php.net/diff.php/php-src/main/main.c?r1=1.636r2=1.637ty=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.636 php-src/main/main.c:1.637 --- php-src/main/main.c:1.636 Tue Jul 12 12:53:29 2005 +++ php-src/main/main.c Sat Jul 16 08:21:34 2005 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.636 2005/07/12 16:53:29 iliaa Exp $ */ +/* $Id: main.c,v 1.637 2005/07/16 12:21:34 hyanantha Exp $ */ /* {{{ includes */ @@ -222,7 +222,7 @@ # define PHP_SAFE_MODE_EXEC_DIR #endif -#ifdef PHP_PROG_SENDMAIL +#if defined(PHP_PROG_SENDMAIL) !defined(NETWARE) # define DEFAULT_SENDMAIL_PATH PHP_PROG_SENDMAIL -t -i #else # define DEFAULT_SENDMAIL_PATH NULL -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
hyanantha Wed Feb 23 03:56:51 2005 EDT Modified files: /php-src/main fopen_wrappers.c Log: NetWare LibC has pwd.h http://cvs.php.net/diff.php/php-src/main/fopen_wrappers.c?r1=1.172r2=1.173ty=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.172 php-src/main/fopen_wrappers.c:1.173 --- php-src/main/fopen_wrappers.c:1.172 Wed Feb 2 18:43:17 2005 +++ php-src/main/fopen_wrappers.c Wed Feb 23 03:56:47 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.172 2005/02/02 23:43:17 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.173 2005/02/23 08:56:47 hyanantha Exp $ */ /* {{{ includes */ @@ -48,8 +48,6 @@ #if HAVE_PWD_H #ifdef PHP_WIN32 #include win32/pwd.h -#elif defined(NETWARE) -#include netware/pwd.h #else #include pwd.h #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
iliaa Wed Feb 2 18:43:17 2005 EDT Modified files: /php-src/main fopen_wrappers.c Log: Fixed bug #31514 (open_basedir uses path_translated rather then cwd for . translation). http://cvs.php.net/diff.php/php-src/main/fopen_wrappers.c?r1=1.171r2=1.172ty=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.171 php-src/main/fopen_wrappers.c:1.172 --- php-src/main/fopen_wrappers.c:1.171 Thu Sep 23 11:43:54 2004 +++ php-src/main/fopen_wrappers.c Wed Feb 2 18:43:17 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.171 2004/09/23 15:43:54 hyanantha Exp $ */ +/* $Id: fopen_wrappers.c,v 1.172 2005/02/02 23:43:17 iliaa Exp $ */ /* {{{ includes */ @@ -96,24 +96,11 @@ char resolved_name[MAXPATHLEN]; char resolved_basedir[MAXPATHLEN]; char local_open_basedir[MAXPATHLEN]; - int local_open_basedir_pos; int resolved_basedir_len; int resolved_name_len; /* Special case basedir==.: Use script-directory */ - if ((strcmp(basedir, .) == 0) - SG(request_info).path_translated - *SG(request_info).path_translated - ) { - strlcpy(local_open_basedir, SG(request_info).path_translated, sizeof(local_open_basedir)); - local_open_basedir_pos = strlen(local_open_basedir) - 1; - - /* Strip filename */ - while (!IS_SLASH(local_open_basedir[local_open_basedir_pos]) -(local_open_basedir_pos = 0)) { - local_open_basedir[local_open_basedir_pos--] = 0; - } - } else { + if (strcmp(basedir, .) || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) { /* Else use the unmodified path */ strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir)); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
hyanantha Thu Sep 23 11:43:54 2004 EDT Modified files: /php-src/main fopen_wrappers.c Log: removed redundant checks for NETWARE http://cvs.php.net/diff.php/php-src/main/fopen_wrappers.c?r1=1.170r2=1.171ty=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.170 php-src/main/fopen_wrappers.c:1.171 --- php-src/main/fopen_wrappers.c:1.170 Mon Mar 15 19:31:22 2004 +++ php-src/main/fopen_wrappers.c Thu Sep 23 11:43:54 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.170 2004/03/16 00:31:22 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.171 2004/09/23 15:43:54 hyanantha Exp $ */ /* {{{ includes */ @@ -35,14 +35,6 @@ #ifdef PHP_WIN32 #define O_RDONLY _O_RDONLY #include win32/param.h -#elif defined(NETWARE) -/*#include ws2nlm.h*/ -/*#include sys/socket.h*/ -#ifdef NEW_LIBC -#include sys/param.h -#else -#include netware/param.h -#endif #else #include sys/param.h #endif @@ -75,7 +67,6 @@ #ifdef PHP_WIN32 #include winsock2.h #elif defined(NETWARE) defined(USE_WINSOCK) -/*#include ws2nlm.h*/ #include novsock2.h #else #include netinet/in.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
iliaa Tue Feb 10 11:08:56 2004 EDT Modified files: /php-src/main fopen_wrappers.c Log: Fixed bug #26653 (open_basedir incorrectly resolved on win32). http://cvs.php.net/diff.php/php-src/main/fopen_wrappers.c?r1=1.168r2=1.169ty=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.168 php-src/main/fopen_wrappers.c:1.169 --- php-src/main/fopen_wrappers.c:1.168 Thu Jan 8 03:17:53 2004 +++ php-src/main/fopen_wrappers.c Tue Feb 10 11:08:54 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.168 2004/01/08 08:17:53 andi Exp $ */ +/* $Id: fopen_wrappers.c,v 1.169 2004/02/10 16:08:54 iliaa Exp $ */ /* {{{ includes */ @@ -131,15 +131,15 @@ if ((expand_filepath(path, resolved_name TSRMLS_CC) != NULL) (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) { /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); - if (basedir[strlen(basedir)-1] == PHP_DIR_SEPARATOR resolved_basedir[resolved_basedir_len -1] != PHP_DIR_SEPARATOR) { - resolved_basedir[resolved_basedir_len] = '/'; + if (resolved_basedir[resolved_basedir_len -1] != PHP_DIR_SEPARATOR) { + resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) { resolved_name_len = strlen(resolved_name); if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) { - resolved_name[resolved_name_len] = '/'; + resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR; resolved_name[++resolved_name_len] = '\0'; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
iliaa Wed Jul 30 13:55:06 2003 EDT Modified files: /php-src/main fopen_wrappers.c Log: Fixed bug #24873 (incorrect handling of / inside open_basedir) Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.165 php-src/main/fopen_wrappers.c:1.166 --- php-src/main/fopen_wrappers.c:1.165 Mon Jul 21 21:32:01 2003 +++ php-src/main/fopen_wrappers.c Wed Jul 30 13:55:06 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.165 2003/07/22 01:32:01 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.166 2003/07/30 17:55:06 iliaa Exp $ */ /* {{{ includes */ @@ -129,19 +129,19 @@ /* Resolve the real path into resolved_name */ if ((expand_filepath(path, resolved_name TSRMLS_CC) != NULL) (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) { - /* Handler for basedirs that end with a / */ - if (basedir[strlen(basedir)-1] == PHP_DIR_SEPARATOR) { - resolved_basedir_len = strlen(resolved_basedir); + /* Handler for basedirs that end with a / */ + resolved_basedir_len = strlen(resolved_basedir); + if (basedir[strlen(basedir)-1] == PHP_DIR_SEPARATOR resolved_basedir[resolved_basedir_len -1] != PHP_DIR_SEPARATOR) { resolved_basedir[resolved_basedir_len] = '/'; resolved_basedir[++resolved_basedir_len] = '\0'; - } else { - resolved_basedir_len = strlen(resolved_basedir); } if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) { resolved_name_len = strlen(resolved_name); - resolved_name[resolved_name_len] = '/'; - resolved_name[++resolved_name_len] = '\0'; + if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_name_len] = '/'; + resolved_name[++resolved_name_len] = '\0'; + } } /* Check the path */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
iliaa Mon Jul 21 21:32:01 2003 EDT Modified files: /php-src/main fopen_wrappers.c Log: Make php_check_safe_mode_include_dir check independent of unrelated open_basedir directive and make it properly handle undefined/empty safe_mode_include_dir directive when safe_mode is enabled. Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.164 php-src/main/fopen_wrappers.c:1.165 --- php-src/main/fopen_wrappers.c:1.164 Tue Jun 24 10:36:01 2003 +++ php-src/main/fopen_wrappers.c Mon Jul 21 21:32:01 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.164 2003/06/24 14:36:01 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.165 2003/07/22 01:32:01 iliaa Exp $ */ /* {{{ includes */ @@ -213,45 +213,44 @@ */ PHPAPI int php_check_safe_mode_include_dir(char *path TSRMLS_DC) { - /* Only check when safe_mode or open_basedir is on and safe_mode_include_dir is available */ - if (((PG(open_basedir) *PG(open_basedir)) || PG(safe_mode)) - PG(safe_mode_include_dir) *PG(safe_mode_include_dir)) - { - char *pathbuf; - char *ptr; - char *end; - char resolved_name[MAXPATHLEN]; - - /* Resolve the real path into resolved_name */ - if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) - return -1; - - pathbuf = estrdup(PG(safe_mode_include_dir)); + if (PG(safe_mode)) { + if (PG(safe_mode_include_dir) *PG(safe_mode_include_dir)) { + char *pathbuf; + char *ptr; + char *end; + char resolved_name[MAXPATHLEN]; + + /* Resolve the real path into resolved_name */ + if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) + return -1; + + pathbuf = estrdup(PG(safe_mode_include_dir)); + + ptr = pathbuf; + + while (ptr *ptr) { + end = strchr(ptr, DEFAULT_DIR_SEPARATOR); + if (end != NULL) { + *end = '\0'; + end++; + } - ptr = pathbuf; - - while (ptr *ptr) { - end = strchr(ptr, DEFAULT_DIR_SEPARATOR); - if (end != NULL) { - *end = '\0'; - end++; - } - - /* Check the path */ + /* Check the path */ #ifdef PHP_WIN32 - if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0) + if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0) #else - if (strncmp(ptr, resolved_name, strlen(ptr)) == 0) + if (strncmp(ptr, resolved_name, strlen(ptr)) == 0) #endif - { - /* File is in the right directory */ - efree(pathbuf); - return 0; - } + { + /* File is in the right directory */ + efree(pathbuf); + return 0; + } - ptr = end; + ptr = end; + } + efree(pathbuf); } - efree(pathbuf); return -1; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main fopen_wrappers.c
iliaa Tue Jun 24 10:36:01 2003 EDT Modified files: /php-src/main fopen_wrappers.c Log: Fixed typo. Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.163 php-src/main/fopen_wrappers.c:1.164 --- php-src/main/fopen_wrappers.c:1.163 Tue Jun 24 09:56:25 2003 +++ php-src/main/fopen_wrappers.c Tue Jun 24 10:36:01 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.163 2003/06/24 13:56:25 iliaa Exp $ */ +/* $Id: fopen_wrappers.c,v 1.164 2003/06/24 14:36:01 iliaa Exp $ */ /* {{{ includes */ @@ -164,7 +164,7 @@ PHPAPI int php_check_open_basedir(const char *path TSRMLS_DC) { - return php_check_open_basedir_ex(path, 1 TSRMLS_DC); + return php_check_open_basedir_ex(path, 1 TSRMLS_CC); } /* {{{ php_check_open_basedir -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php