[PHP-CVS-DAILY] cvs: ZendEngine2 / ChangeLog
changelog Thu Sep 20 01:33:04 2007 UTC Modified files: /ZendEngine2ChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/ZendEngine2/ChangeLog?r1=1.1169r2=1.1170diff_format=u Index: ZendEngine2/ChangeLog diff -u ZendEngine2/ChangeLog:1.1169 ZendEngine2/ChangeLog:1.1170 --- ZendEngine2/ChangeLog:1.1169Wed Sep 19 01:32:46 2007 +++ ZendEngine2/ChangeLog Thu Sep 20 01:33:04 2007 @@ -1,3 +1,10 @@ +2007-09-19 Antony Dovgal [EMAIL PROTECTED] + +* tests/bug40509.phpt + tests/bug40705.phpt + tests/bug41929.phpt: + fix test names + 2007-09-18 Jani Taskinen [EMAIL PROTECTED] * zend_extensions.c @@ -18950,7 +18957,7 @@ 2003-06-10 Jani Taskinen [EMAIL PROTECTED] * zend_multiply.h: - - Missing $Id: ChangeLog,v 1.1169 2007/09/19 01:32:46 changelog Exp $ tag + - Missing $Id: ChangeLog,v 1.1170 2007/09/20 01:33:04 changelog Exp $ tag 2003-06-10 James Cox [EMAIL PROTECTED] @@ -20674,7 +20681,7 @@ zend_types.h zend_variables.c zend_variables.h: - - Added some missing CVS $Id: ChangeLog,v 1.1169 2007/09/19 01:32:46 changelog Exp $ tags, headers and footers. + - Added some missing CVS $Id: ChangeLog,v 1.1170 2007/09/20 01:33:04 changelog Exp $ tags, headers and footers. 2003-01-30 Ilia Alshanetsky [EMAIL PROTECTED]
[PHP-CVS] cvs: php-src /ext/date/tests bug34304.phpt
tony2001Wed Sep 19 11:25:51 2007 UTC Modified files: /php-src/ext/date/tests bug34304.phpt Log: fix test name http://cvs.php.net/viewvc.cgi/php-src/ext/date/tests/bug34304.phpt?r1=1.2r2=1.3diff_format=u Index: php-src/ext/date/tests/bug34304.phpt diff -u php-src/ext/date/tests/bug34304.phpt:1.2 php-src/ext/date/tests/bug34304.phpt:1.3 --- php-src/ext/date/tests/bug34304.phpt:1.2Sun Nov 20 20:31:49 2005 +++ php-src/ext/date/tests/bug34304.phptWed Sep 19 11:25:51 2007 @@ -1,5 +1,5 @@ --TEST-- -Bug #34304 () +Bug #34304 (date('w') returns wrong number for sunday, 'N' modifier is missing) --FILE-- ?php date_default_timezone_set(UTC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/date/tests bug34304.phpt
tony2001Wed Sep 19 11:25:57 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/date/tests bug34304.phpt Log: MFH http://cvs.php.net/viewvc.cgi/php-src/ext/date/tests/bug34304.phpt?r1=1.1.2.1r2=1.1.2.1.2.1diff_format=u Index: php-src/ext/date/tests/bug34304.phpt diff -u php-src/ext/date/tests/bug34304.phpt:1.1.2.1 php-src/ext/date/tests/bug34304.phpt:1.1.2.1.2.1 --- php-src/ext/date/tests/bug34304.phpt:1.1.2.1Fri Sep 2 09:33:08 2005 +++ php-src/ext/date/tests/bug34304.phptWed Sep 19 11:25:57 2007 @@ -1,5 +1,5 @@ --TEST-- -Bug #34304 () +Bug #34304 (date('w') returns wrong number for sunday, 'N' modifier is missing) --FILE-- ?php date_default_timezone_set(UTC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard dir.c
iliaa Wed Sep 19 22:37:59 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard dir.c /php-srcNEWS Log: Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*' http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.147.2.3.2.11r2=1.147.2.3.2.12diff_format=u Index: php-src/ext/standard/dir.c diff -u php-src/ext/standard/dir.c:1.147.2.3.2.11 php-src/ext/standard/dir.c:1.147.2.3.2.12 --- php-src/ext/standard/dir.c:1.147.2.3.2.11 Tue Sep 4 12:51:49 2007 +++ php-src/ext/standard/dir.c Wed Sep 19 22:37:58 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: dir.c,v 1.147.2.3.2.11 2007/09/04 12:51:49 iliaa Exp $ */ +/* $Id: dir.c,v 1.147.2.3.2.12 2007/09/19 22:37:58 iliaa Exp $ */ /* {{{ includes/startup/misc */ @@ -396,6 +396,7 @@ glob_t globbuf; int n; int ret; + zend_bool basedir_limit = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, s|l, pattern, pattern_len, flags) == FAILURE) { return; @@ -429,22 +430,7 @@ } #endif - if (PG(safe_mode) || (PG(open_basedir) *PG(open_basedir))) { - int pattern_len = strlen(pattern); - char *basename = estrndup(pattern, pattern_len); - - php_dirname(basename, pattern_len); - if (PG(safe_mode) (!php_checkuid(basename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - efree(basename); - RETURN_FALSE; - } - if (php_check_open_basedir(basename TSRMLS_CC)) { - efree(basename); - RETURN_FALSE; - } - efree(basename); - } - + memset(globbuf, 0, sizeof(glob_t)); globbuf.gl_offs = 0; if (0 != (ret = glob(pattern, flags GLOB_FLAGMASK, NULL, globbuf))) { @@ -458,8 +444,7 @@ can be used for simple glob() calls without further error checking. */ - array_init(return_value); - return; + goto no_results; } #endif RETURN_FALSE; @@ -467,12 +452,29 @@ /* now catch the FreeBSD style of no matches */ if (!globbuf.gl_pathc || !globbuf.gl_pathv) { +no_results: + if (PG(safe_mode) || (PG(open_basedir) *PG(open_basedir))) { + struct stat s; + + if (0 != VCWD_STAT(pattern, s) || S_IFDIR != (s.st_mode S_IFMT)) { + RETURN_FALSE; + } + } array_init(return_value); return; } array_init(return_value); for (n = 0; n globbuf.gl_pathc; n++) { + if (PG(safe_mode) || (PG(open_basedir) *PG(open_basedir))) { + if (PG(safe_mode) (!php_checkuid(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + basedir_limit = 1; + continue; + } else if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { + basedir_limit = 1; + continue; + } + } /* we need to do this everytime since GLOB_ONLYDIR does not guarantee that * all directories will be filtered. GNU libc documentation states the * following: @@ -496,6 +498,11 @@ } globfree(globbuf); + + if (basedir_limit !zend_hash_num_elements(Z_ARRVAL_P(return_value))) { + zval_dtor(return_value); + RETURN_FALSE; + } } /* }}} */ #endif http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.956r2=1.2027.2.547.2.957diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.956 php-src/NEWS:1.2027.2.547.2.957 --- php-src/NEWS:1.2027.2.547.2.956 Wed Sep 19 00:41:10 2007 +++ php-src/NEWSWed Sep 19 22:37:58 2007 @@ -5,6 +5,8 @@ - Added optional parameter $provide_object to debug_backtrace(). (Sebastian) - Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre) +- Fixed regression in glob() when enforcing safe_mode/open_basedir checks on + paths containing '*'. (Ilia) - Fixed mail.force_extra_parameters php.ini directive not to be modifiable in .htaccess due to the security implications - reported by SecurityReason. (Stas) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dir.c
iliaa Wed Sep 19 22:40:02 2007 UTC Modified files: /php-src/ext/standard dir.c Log: MFB: Fixed regression in glob() when enforcing safe_mode/open_basedir checks on paths containing '*' http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.169r2=1.170diff_format=u Index: php-src/ext/standard/dir.c diff -u php-src/ext/standard/dir.c:1.169 php-src/ext/standard/dir.c:1.170 --- php-src/ext/standard/dir.c:1.169Wed Sep 5 12:55:36 2007 +++ php-src/ext/standard/dir.c Wed Sep 19 22:40:02 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: dir.c,v 1.169 2007/09/05 12:55:36 iliaa Exp $ */ +/* $Id: dir.c,v 1.170 2007/09/19 22:40:02 iliaa Exp $ */ /* {{{ includes/startup/misc */ @@ -421,6 +421,7 @@ glob_t globbuf; unsigned int n; int ret; + zend_bool basedir_limit = 0; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|l, pppattern, flags) == FAILURE || php_stream_path_param_encode(pppattern, pattern, pattern_len, REPORT_ERRORS, FG(default_context)) == FAILURE) { @@ -455,18 +456,6 @@ } #endif - if (PG(open_basedir) *PG(open_basedir)) { - int pattern_len = strlen(pattern); - char *basename = estrndup(pattern, pattern_len); - - php_dirname(basename, pattern_len); - if (php_check_open_basedir(basename TSRMLS_CC)) { - efree(basename); - RETURN_FALSE; - } - efree(basename); - } - memset(globbuf, 0, sizeof(glob_t)); globbuf.gl_offs = 0; if (0 != (ret = glob(pattern, flags GLOB_FLAGMASK, NULL, globbuf))) { @@ -480,8 +469,7 @@ can be used for simple glob() calls without further error checking. */ - array_init(return_value); - return; + goto no_results; } #endif RETURN_FALSE; @@ -489,12 +477,26 @@ /* now catch the FreeBSD style of no matches */ if (!globbuf.gl_pathc || !globbuf.gl_pathv) { +no_results: + if (PG(open_basedir) *PG(open_basedir)) { + struct stat s; + + if (0 != VCWD_STAT(pattern, s) || S_IFDIR != (s.st_mode S_IFMT)) { + RETURN_FALSE; + } + } array_init(return_value); return; } array_init(return_value); for (n = 0; n globbuf.gl_pathc; n++) { + if (PG(open_basedir) *PG(open_basedir)) { + if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) { + basedir_limit = 1; + continue; + } + } /* we need to do this everytime since GLOB_ONLYDIR does not guarantee that * all directories will be filtered. GNU libc documentation states the * following: @@ -531,6 +533,11 @@ } globfree(globbuf); + + if (basedir_limit !zend_hash_num_elements(Z_ARRVAL_P(return_value))) { + zval_dtor(return_value); + RETURN_FALSE; + } } /* }}} */ #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php