iliaa Sun Oct 27 22:45:21 2002 EDT Modified files: /php4/main main.c php_streams.h streams.c Log: A better fix for bug #20110. Index: php4/main/main.c diff -u php4/main/main.c:1.507 php4/main/main.c:1.508 --- php4/main/main.c:1.507 Sun Oct 27 21:46:09 2002 +++ php4/main/main.c Sun Oct 27 22:45:20 2002 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: main.c,v 1.507 2002/10/28 02:46:09 sterling Exp $ */ +/* $Id: main.c,v 1.508 2002/10/28 03:45:20 iliaa Exp $ */ /* {{{ includes */ @@ -702,7 +702,7 @@ { TSRMLS_FETCH(); - return php_stream_open_wrapper_as_file((char *)filename, "rb", ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS, opened_path); + return php_stream_open_wrapper_as_file((char *)filename, "rb", +ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE, +opened_path); } /* }}} */ Index: php4/main/php_streams.h diff -u php4/main/php_streams.h:1.57 php4/main/php_streams.h:1.58 --- php4/main/php_streams.h:1.57 Mon Oct 21 18:54:37 2002 +++ php4/main/php_streams.h Sun Oct 27 22:45:21 2002 @@ -58,9 +58,9 @@ #define php_stream_copy_to_mem_rel(src, buf, maxlen, persistent) _php_stream_copy_to_mem((src), (buf), (maxlen), (persistent) STREAMS_REL_CC TSRMLS_CC) -#define php_stream_fopen_rel(filename, mode, opened) _php_stream_fopen((filename), (mode), (opened) STREAMS_REL_CC TSRMLS_CC) +#define php_stream_fopen_rel(filename, mode, opened, options) +_php_stream_fopen((filename), (mode), (opened), (options) STREAMS_REL_CC TSRMLS_CC) -#define php_stream_fopen_with_path_rel(filename, mode, path, opened) _php_stream_fopen_with_path((filename), (mode), (path), (opened) STREAMS_REL_CC TSRMLS_CC) +#define php_stream_fopen_with_path_rel(filename, mode, path, opened, options) +_php_stream_fopen_with_path((filename), (mode), (path), (opened), (options) +STREAMS_REL_CC TSRMLS_CC) #define php_stream_fopen_from_file_rel(file, mode) _php_stream_fopen_from_file((file), (mode) STREAMS_REL_CC TSRMLS_CC) @@ -426,10 +426,10 @@ /* operations for a stdio FILE; use the php_stream_fopen_XXX funcs below */ PHPAPI extern php_stream_ops php_stream_stdio_ops; /* like fopen, but returns a stream */ -PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char **opened_path STREAMS_DC TSRMLS_DC); -#define php_stream_fopen(filename, mode, opened) _php_stream_fopen((filename), (mode), (opened) STREAMS_CC TSRMLS_CC) +PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char +**opened_path, int options STREAMS_DC TSRMLS_DC); +#define php_stream_fopen(filename, mode, opened) _php_stream_fopen((filename), +(mode), (opened), 0 STREAMS_CC TSRMLS_CC) -PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char *path, char **opened_path STREAMS_DC TSRMLS_DC); +PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char +*path, char **opened_path, int options STREAMS_DC TSRMLS_DC); #define php_stream_fopen_with_path(filename, mode, path, opened) _php_stream_fopen_with_path((filename), (mode), (path), (opened) STREAMS_CC TSRMLS_CC) PHPAPI php_stream *_php_stream_fopen_from_file(FILE *file, const char *mode STREAMS_DC TSRMLS_DC); @@ -491,6 +491,9 @@ /* this flag applies to php_stream_locate_url_wrapper */ #define STREAM_LOCATE_WRAPPERS_ONLY 64 + +/* this flag is only used by include/require functions */ +#define STREAM_OPEN_FOR_INCLUDE 128 #ifdef PHP_WIN32 # define IGNORE_URL_WIN STREAM_MUST_SEEK Index: php4/main/streams.c diff -u php4/main/streams.c:1.120 php4/main/streams.c:1.121 --- php4/main/streams.c:1.120 Sun Oct 27 19:28:11 2002 +++ php4/main/streams.c Sun Oct 27 22:45:21 2002 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: streams.c,v 1.120 2002/10/28 00:28:11 iliaa Exp $ */ +/* $Id: streams.c,v 1.121 2002/10/28 03:45:21 iliaa Exp $ */ #define _GNU_SOURCE #include "php.h" @@ -1493,7 +1493,7 @@ /* }}} */ /* {{{ php_stream_fopen_with_path */ -PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char *path, char **opened_path STREAMS_DC TSRMLS_DC) +PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char +*path, char **opened_path, int options STREAMS_DC TSRMLS_DC) { /* code ripped off from fopen_wrappers.c */ char *pathbuf, *ptr, *end; @@ -1534,7 +1534,7 @@ if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; } - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); } /* @@ -1553,12 +1553,12 @@ if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) /* filename is in safe_mode_include_dir (or subdir) */ - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, +options); if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); } if (!path || (path && !*path)) { @@ -1570,7 +1570,7 @@ if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; } - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); } /* check in provided path */ @@ -1616,7 +1616,7 @@ } else if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { /* UID ok, or trypath is in safe_mode_include_dir */ - stream = php_stream_fopen_rel(trypath, mode, opened_path); + stream = php_stream_fopen_rel(trypath, mode, +opened_path, options); } else { stream = NULL; } @@ -1625,7 +1625,7 @@ return stream; } } - stream = php_stream_fopen_rel(trypath, mode, opened_path); + stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) { efree(pathbuf); return stream; @@ -1640,7 +1640,7 @@ /* }}} */ /* {{{ php_stream_fopen */ -PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char **opened_path STREAMS_DC TSRMLS_DC) +PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char +**opened_path, int options STREAMS_DC TSRMLS_DC) { FILE *fp; char *realpath = NULL; @@ -1652,10 +1652,10 @@ fp = fopen(realpath, mode); if (fp) { - /* this is done to prevent opening of anything other then regular files */ - if (fstat(fileno(fp), &st) == -1 || !S_ISREG(st.st_mode)) { + /* sanity checks for include/require */ + if (options & STREAM_OPEN_FOR_INCLUDE && (fstat(fileno(fp), &st) == -1 +|| !S_ISREG(st.st_mode))) { goto err; - } + } ret = php_stream_fopen_from_file_rel(fp, mode); @@ -1981,7 +1981,7 @@ int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC) { if ((options & USE_PATH) && PG(include_path) != NULL) { - return php_stream_fopen_with_path_rel(path, mode, PG(include_path), opened_path); + return php_stream_fopen_with_path_rel(path, mode, PG(include_path), +opened_path, options); } if (php_check_open_basedir(path TSRMLS_CC)) { @@ -1991,7 +1991,7 @@ if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; - return php_stream_fopen_rel(path, mode, opened_path); + return php_stream_fopen_rel(path, mode, opened_path, options); } static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, php_stream_statbuf *ssb TSRMLS_DC)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php