iliaa Sun Oct 27 22:45:21 2002 EDT
Modified files:
/php4/main main.c php_streams.h streams.c
Log:
A better fix for bug #20110.
Index: php4/main/main.c
diff -u php4/main/main.c:1.507 php4/main/main.c:1.508
--- php4/main/main.c:1.507 Sun Oct 27 21:46:09 2002
+++ php4/main/main.c Sun Oct 27 22:45:20 2002
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: main.c,v 1.507 2002/10/28 02:46:09 sterling Exp $ */
+/* $Id: main.c,v 1.508 2002/10/28 03:45:20 iliaa Exp $ */
/* {{{ includes
*/
@@ -702,7 +702,7 @@
{
TSRMLS_FETCH();
- return php_stream_open_wrapper_as_file((char *)filename, "rb",
ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS, opened_path);
+ return php_stream_open_wrapper_as_file((char *)filename, "rb",
+ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE,
+opened_path);
}
/* }}} */
Index: php4/main/php_streams.h
diff -u php4/main/php_streams.h:1.57 php4/main/php_streams.h:1.58
--- php4/main/php_streams.h:1.57 Mon Oct 21 18:54:37 2002
+++ php4/main/php_streams.h Sun Oct 27 22:45:21 2002
@@ -58,9 +58,9 @@
#define php_stream_copy_to_mem_rel(src, buf, maxlen, persistent)
_php_stream_copy_to_mem((src), (buf), (maxlen), (persistent) STREAMS_REL_CC TSRMLS_CC)
-#define php_stream_fopen_rel(filename, mode, opened) _php_stream_fopen((filename),
(mode), (opened) STREAMS_REL_CC TSRMLS_CC)
+#define php_stream_fopen_rel(filename, mode, opened, options)
+_php_stream_fopen((filename), (mode), (opened), (options) STREAMS_REL_CC TSRMLS_CC)
-#define php_stream_fopen_with_path_rel(filename, mode, path, opened)
_php_stream_fopen_with_path((filename), (mode), (path), (opened) STREAMS_REL_CC
TSRMLS_CC)
+#define php_stream_fopen_with_path_rel(filename, mode, path, opened, options)
+_php_stream_fopen_with_path((filename), (mode), (path), (opened), (options)
+STREAMS_REL_CC TSRMLS_CC)
#define php_stream_fopen_from_file_rel(file, mode)
_php_stream_fopen_from_file((file), (mode) STREAMS_REL_CC TSRMLS_CC)
@@ -426,10 +426,10 @@
/* operations for a stdio FILE; use the php_stream_fopen_XXX funcs below */
PHPAPI extern php_stream_ops php_stream_stdio_ops;
/* like fopen, but returns a stream */
-PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char
**opened_path STREAMS_DC TSRMLS_DC);
-#define php_stream_fopen(filename, mode, opened) _php_stream_fopen((filename),
(mode), (opened) STREAMS_CC TSRMLS_CC)
+PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char
+**opened_path, int options STREAMS_DC TSRMLS_DC);
+#define php_stream_fopen(filename, mode, opened) _php_stream_fopen((filename),
+(mode), (opened), 0 STREAMS_CC TSRMLS_CC)
-PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
*path, char **opened_path STREAMS_DC TSRMLS_DC);
+PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
+*path, char **opened_path, int options STREAMS_DC TSRMLS_DC);
#define php_stream_fopen_with_path(filename, mode, path, opened)
_php_stream_fopen_with_path((filename), (mode), (path), (opened) STREAMS_CC TSRMLS_CC)
PHPAPI php_stream *_php_stream_fopen_from_file(FILE *file, const char *mode
STREAMS_DC TSRMLS_DC);
@@ -491,6 +491,9 @@
/* this flag applies to php_stream_locate_url_wrapper */
#define STREAM_LOCATE_WRAPPERS_ONLY 64
+
+/* this flag is only used by include/require functions */
+#define STREAM_OPEN_FOR_INCLUDE 128
#ifdef PHP_WIN32
# define IGNORE_URL_WIN STREAM_MUST_SEEK
Index: php4/main/streams.c
diff -u php4/main/streams.c:1.120 php4/main/streams.c:1.121
--- php4/main/streams.c:1.120 Sun Oct 27 19:28:11 2002
+++ php4/main/streams.c Sun Oct 27 22:45:21 2002
@@ -20,7 +20,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: streams.c,v 1.120 2002/10/28 00:28:11 iliaa Exp $ */
+/* $Id: streams.c,v 1.121 2002/10/28 03:45:21 iliaa Exp $ */
#define _GNU_SOURCE
#include "php.h"
@@ -1493,7 +1493,7 @@
/* }}} */
/* {{{ php_stream_fopen_with_path */
-PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
*path, char **opened_path STREAMS_DC TSRMLS_DC)
+PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char
+*path, char **opened_path, int options STREAMS_DC TSRMLS_DC)
{
/* code ripped off from fopen_wrappers.c */
char *pathbuf, *ptr, *end;
@@ -1534,7 +1534,7 @@
if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM))) {
return NULL;
}
- return php_stream_fopen_rel(filename, mode, opened_path);
+ return php_stream_fopen_rel(filename, mode, opened_path, options);
}
/*
@@ -1553,12 +1553,12 @@
if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
/* filename is in safe_mode_include_dir (or subdir) */
- return php_stream_fopen_rel(filename, mode, opened_path);
+ return php_stream_fopen_rel(filename, mode, opened_path,
+options);
if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM)))
return NULL;
- return php_stream_fopen_rel(filename, mode, opened_path);
+ return php_stream_fopen_rel(filename, mode, opened_path, options);
}
if (!path || (path && !*path)) {
@@ -1570,7 +1570,7 @@
if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM))) {
return NULL;
}
- return php_stream_fopen_rel(filename, mode, opened_path);
+ return php_stream_fopen_rel(filename, mode, opened_path, options);
}
/* check in provided path */
@@ -1616,7 +1616,7 @@
} else if ((php_check_safe_mode_include_dir(trypath
TSRMLS_CC) == 0) ||
php_checkuid(trypath, mode,
CHECKUID_CHECK_MODE_PARAM)) {
/* UID ok, or trypath is in
safe_mode_include_dir */
- stream = php_stream_fopen_rel(trypath, mode,
opened_path);
+ stream = php_stream_fopen_rel(trypath, mode,
+opened_path, options);
} else {
stream = NULL;
}
@@ -1625,7 +1625,7 @@
return stream;
}
}
- stream = php_stream_fopen_rel(trypath, mode, opened_path);
+ stream = php_stream_fopen_rel(trypath, mode, opened_path, options);
if (stream) {
efree(pathbuf);
return stream;
@@ -1640,7 +1640,7 @@
/* }}} */
/* {{{ php_stream_fopen */
-PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char
**opened_path STREAMS_DC TSRMLS_DC)
+PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char
+**opened_path, int options STREAMS_DC TSRMLS_DC)
{
FILE *fp;
char *realpath = NULL;
@@ -1652,10 +1652,10 @@
fp = fopen(realpath, mode);
if (fp) {
- /* this is done to prevent opening of anything other then regular
files */
- if (fstat(fileno(fp), &st) == -1 || !S_ISREG(st.st_mode)) {
+ /* sanity checks for include/require */
+ if (options & STREAM_OPEN_FOR_INCLUDE && (fstat(fileno(fp), &st) == -1
+|| !S_ISREG(st.st_mode))) {
goto err;
- }
+ }
ret = php_stream_fopen_from_file_rel(fp, mode);
@@ -1981,7 +1981,7 @@
int options, char **opened_path, php_stream_context *context
STREAMS_DC TSRMLS_DC)
{
if ((options & USE_PATH) && PG(include_path) != NULL) {
- return php_stream_fopen_with_path_rel(path, mode, PG(include_path),
opened_path);
+ return php_stream_fopen_with_path_rel(path, mode, PG(include_path),
+opened_path, options);
}
if (php_check_open_basedir(path TSRMLS_CC)) {
@@ -1991,7 +1991,7 @@
if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path,
mode, CHECKUID_CHECK_MODE_PARAM)))
return NULL;
- return php_stream_fopen_rel(path, mode, opened_path);
+ return php_stream_fopen_rel(path, mode, opened_path, options);
}
static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url,
php_stream_statbuf *ssb TSRMLS_DC)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
