[PHP-CVS] cvs: php-src /ext/standard dir.c
iliaa Wed Sep 19 22:40:02 2007 UTC
Modified files:
/php-src/ext/standard dir.c
Log:
MFB: Fixed regression in glob() when enforcing safe_mode/open_basedir checks
on paths containing '*'
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.169&r2=1.170&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.169 php-src/ext/standard/dir.c:1.170
--- php-src/ext/standard/dir.c:1.169Wed Sep 5 12:55:36 2007
+++ php-src/ext/standard/dir.c Wed Sep 19 22:40:02 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: dir.c,v 1.169 2007/09/05 12:55:36 iliaa Exp $ */
+/* $Id: dir.c,v 1.170 2007/09/19 22:40:02 iliaa Exp $ */
/* {{{ includes/startup/misc */
@@ -421,6 +421,7 @@
glob_t globbuf;
unsigned int n;
int ret;
+ zend_bool basedir_limit = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Z|l", &pppattern,
&flags) == FAILURE ||
php_stream_path_param_encode(pppattern, &pattern, &pattern_len,
REPORT_ERRORS, FG(default_context)) == FAILURE) {
@@ -455,18 +456,6 @@
}
#endif
- if (PG(open_basedir) && *PG(open_basedir)) {
- int pattern_len = strlen(pattern);
- char *basename = estrndup(pattern, pattern_len);
-
- php_dirname(basename, pattern_len);
- if (php_check_open_basedir(basename TSRMLS_CC)) {
- efree(basename);
- RETURN_FALSE;
- }
- efree(basename);
- }
-
memset(&globbuf, 0, sizeof(glob_t));
globbuf.gl_offs = 0;
if (0 != (ret = glob(pattern, flags & GLOB_FLAGMASK, NULL, &globbuf))) {
@@ -480,8 +469,7 @@
can be used for simple glob() calls without further
error
checking.
*/
- array_init(return_value);
- return;
+ goto no_results;
}
#endif
RETURN_FALSE;
@@ -489,12 +477,26 @@
/* now catch the FreeBSD style of "no matches" */
if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
+no_results:
+ if (PG(open_basedir) && *PG(open_basedir)) {
+ struct stat s;
+
+ if (0 != VCWD_STAT(pattern, &s) || S_IFDIR !=
(s.st_mode & S_IFMT)) {
+ RETURN_FALSE;
+ }
+ }
array_init(return_value);
return;
}
array_init(return_value);
for (n = 0; n < globbuf.gl_pathc; n++) {
+ if (PG(open_basedir) && *PG(open_basedir)) {
+ if (php_check_open_basedir_ex(globbuf.gl_pathv[n], 0
TSRMLS_CC)) {
+ basedir_limit = 1;
+ continue;
+ }
+ }
/* we need to do this everytime since GLOB_ONLYDIR does not
guarantee that
* all directories will be filtered. GNU libc documentation
states the
* following:
@@ -531,6 +533,11 @@
}
globfree(&globbuf);
+
+ if (basedir_limit && !zend_hash_num_elements(Z_ARRVAL_P(return_value)))
{
+ zval_dtor(return_value);
+ RETURN_FALSE;
+ }
}
/* }}} */
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard dir.c
iliaa Wed Sep 19 22:37:59 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/standard dir.c
/php-srcNEWS
Log:
Fixed regression in glob() when enforcing safe_mode/open_basedir checks on
paths containing '*'
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.147.2.3.2.11&r2=1.147.2.3.2.12&diff_format=u
Index: php-src/ext/standard/dir.c
diff -u php-src/ext/standard/dir.c:1.147.2.3.2.11
php-src/ext/standard/dir.c:1.147.2.3.2.12
--- php-src/ext/standard/dir.c:1.147.2.3.2.11 Tue Sep 4 12:51:49 2007
+++ php-src/ext/standard/dir.c Wed Sep 19 22:37:58 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: dir.c,v 1.147.2.3.2.11 2007/09/04 12:51:49 iliaa Exp $ */
+/* $Id: dir.c,v 1.147.2.3.2.12 2007/09/19 22:37:58 iliaa Exp $ */
/* {{{ includes/startup/misc */
@@ -396,6 +396,7 @@
glob_t globbuf;
int n;
int ret;
+ zend_bool basedir_limit = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &pattern,
&pattern_len, &flags) == FAILURE) {
return;
@@ -429,22 +430,7 @@
}
#endif
- if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
- int pattern_len = strlen(pattern);
- char *basename = estrndup(pattern, pattern_len);
-
- php_dirname(basename, pattern_len);
- if (PG(safe_mode) && (!php_checkuid(basename, NULL,
CHECKUID_CHECK_FILE_AND_DIR))) {
- efree(basename);
- RETURN_FALSE;
- }
- if (php_check_open_basedir(basename TSRMLS_CC)) {
- efree(basename);
- RETURN_FALSE;
- }
- efree(basename);
- }
-
+
memset(&globbuf, 0, sizeof(glob_t));
globbuf.gl_offs = 0;
if (0 != (ret = glob(pattern, flags & GLOB_FLAGMASK, NULL, &globbuf))) {
@@ -458,8 +444,7 @@
can be used for simple glob() calls without further
error
checking.
*/
- array_init(return_value);
- return;
+ goto no_results;
}
#endif
RETURN_FALSE;
@@ -467,12 +452,29 @@
/* now catch the FreeBSD style of "no matches" */
if (!globbuf.gl_pathc || !globbuf.gl_pathv) {
+no_results:
+ if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ struct stat s;
+
+ if (0 != VCWD_STAT(pattern, &s) || S_IFDIR !=
(s.st_mode & S_IFMT)) {
+ RETURN_FALSE;
+ }
+ }
array_init(return_value);
return;
}
array_init(return_value);
for (n = 0; n < globbuf.gl_pathc; n++) {
+ if (PG(safe_mode) || (PG(open_basedir) && *PG(open_basedir))) {
+ if (PG(safe_mode) &&
(!php_checkuid(globbuf.gl_pathv[n], NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
+ basedir_limit = 1;
+ continue;
+ } else if
(php_check_open_basedir_ex(globbuf.gl_pathv[n], 0 TSRMLS_CC)) {
+ basedir_limit = 1;
+ continue;
+ }
+ }
/* we need to do this everytime since GLOB_ONLYDIR does not
guarantee that
* all directories will be filtered. GNU libc documentation
states the
* following:
@@ -496,6 +498,11 @@
}
globfree(&globbuf);
+
+ if (basedir_limit && !zend_hash_num_elements(Z_ARRVAL_P(return_value)))
{
+ zval_dtor(return_value);
+ RETURN_FALSE;
+ }
}
/* }}} */
#endif
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.956&r2=1.2027.2.547.2.957&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.956 php-src/NEWS:1.2027.2.547.2.957
--- php-src/NEWS:1.2027.2.547.2.956 Wed Sep 19 00:41:10 2007
+++ php-src/NEWSWed Sep 19 22:37:58 2007
@@ -5,6 +5,8 @@
- Added optional parameter $provide_object to debug_backtrace(). (Sebastian)
- Added alpha support for imagefilter() IMG_FILTER_COLORIZE. (Pierre)
+- Fixed regression in glob() when enforcing safe_mode/open_basedir checks on
+ paths containing '*'. (Ilia)
- Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable
in .htaccess due to the security implications - reported by SecurityReason.
(Stas)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/date/tests bug34304.phpt
tony2001Wed Sep 19 11:25:57 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/date/tests bug34304.phpt
Log:
MFH
http://cvs.php.net/viewvc.cgi/php-src/ext/date/tests/bug34304.phpt?r1=1.1.2.1&r2=1.1.2.1.2.1&diff_format=u
Index: php-src/ext/date/tests/bug34304.phpt
diff -u php-src/ext/date/tests/bug34304.phpt:1.1.2.1
php-src/ext/date/tests/bug34304.phpt:1.1.2.1.2.1
--- php-src/ext/date/tests/bug34304.phpt:1.1.2.1Fri Sep 2 09:33:08 2005
+++ php-src/ext/date/tests/bug34304.phptWed Sep 19 11:25:57 2007
@@ -1,5 +1,5 @@
--TEST--
-Bug #34304 ()
+Bug #34304 (date('w') returns wrong number for sunday, 'N' modifier is missing)
--FILE--
http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/date/tests bug34304.phpt
tony2001Wed Sep 19 11:25:51 2007 UTC
Modified files:
/php-src/ext/date/tests bug34304.phpt
Log:
fix test name
http://cvs.php.net/viewvc.cgi/php-src/ext/date/tests/bug34304.phpt?r1=1.2&r2=1.3&diff_format=u
Index: php-src/ext/date/tests/bug34304.phpt
diff -u php-src/ext/date/tests/bug34304.phpt:1.2
php-src/ext/date/tests/bug34304.phpt:1.3
--- php-src/ext/date/tests/bug34304.phpt:1.2Sun Nov 20 20:31:49 2005
+++ php-src/ext/date/tests/bug34304.phptWed Sep 19 11:25:51 2007
@@ -1,5 +1,5 @@
--TEST--
-Bug #34304 ()
+Bug #34304 (date('w') returns wrong number for sunday, 'N' modifier is missing)
--FILE--
http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
