[PHP-CVS] cvs: php-src /ext/standard link.c /ext/standard/tests/file symlink_to_symlink.phpt /tests/security open_basedir_symlink.phpt
lbarnaudMon Aug 11 15:29:06 2008 UTC
Modified files:
/php-src/tests/security open_basedir_symlink.phpt
/php-src/ext/standard link.c
/php-src/ext/standard/tests/filesymlink_to_symlink.phpt
Log:
Check the relevant path for open_basedir in symlink()
http://cvs.php.net/viewvc.cgi/php-src/tests/security/open_basedir_symlink.phpt?r1=1.3r2=1.4diff_format=u
Index: php-src/tests/security/open_basedir_symlink.phpt
diff -u php-src/tests/security/open_basedir_symlink.phpt:1.3
php-src/tests/security/open_basedir_symlink.phpt:1.4
--- php-src/tests/security/open_basedir_symlink.phpt:1.3Mon May 26
15:52:05 2008
+++ php-src/tests/security/open_basedir_symlink.phptMon Aug 11 15:29:05 2008
@@ -31,6 +31,12 @@
var_dump(symlink($target, $symlink));
var_dump(unlink($symlink));
+
+var_dump(mkdir(ok2));
+$symlink = ($directory./test/ok/ok2/ok.txt);
+var_dump(symlink(../ok.txt, $symlink)); // $target ==
(dirname($symlink)./.$target) == ($directory./test/ok/ok.txt);
+var_dump(unlink($symlink));
+
test_open_basedir_after(symlink);
?
--CLEAN--
@@ -74,4 +80,7 @@
bool(false)
bool(true)
bool(true)
+bool(true)
+bool(true)
+bool(true)
*** Finished testing open_basedir configuration [symlink] ***
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.62r2=1.63diff_format=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.62 php-src/ext/standard/link.c:1.63
--- php-src/ext/standard/link.c:1.62Sun Aug 10 11:54:18 2008
+++ php-src/ext/standard/link.c Mon Aug 11 15:29:06 2008
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: link.c,v 1.62 2008/08/10 11:54:18 lbarnaud Exp $ */
+/* $Id: link.c,v 1.63 2008/08/11 15:29:06 lbarnaud Exp $ */
#include php.h
#include php_filestat.h
@@ -49,6 +49,7 @@
#include php_link.h
#include ext/standard/file.h
+#include php_string.h
/* {{{ proto string readlink(string filename) U
Return the target of a symbolic link */
@@ -126,6 +127,8 @@
int ret;
char source_p[MAXPATHLEN];
char dest_p[MAXPATHLEN];
+ char dirname[MAXPATHLEN];
+ size_t len;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ZZ, pp_topath,
pp_frompath) == FAILURE ||
@@ -134,7 +137,15 @@
return;
}
- if (!expand_filepath(frompath, source_p TSRMLS_CC) ||
!expand_filepath(topath, dest_p TSRMLS_CC)) {
+ if (!expand_filepath(frompath, source_p TSRMLS_CC)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or
directory);
+ RETURN_FALSE;
+ }
+
+ memcpy(dirname, source_p, sizeof(source_p));
+ len = php_dirname(dirname, strlen(dirname));
+
+ if (!expand_filepath_ex(topath, dest_p, dirname, len TSRMLS_CC)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or
directory);
RETURN_FALSE;
}
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/symlink_to_symlink.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/standard/tests/file/symlink_to_symlink.phpt
diff -u php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1
php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.2
--- php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1 Sun Aug 10
11:54:18 2008
+++ php-src/ext/standard/tests/file/symlink_to_symlink.phpt Mon Aug 11
15:29:06 2008
@@ -1,5 +1,11 @@
--TEST--
symlink() using a relative path, and symlink() to a symlink
+--SKIPIF--
+?php
+if (substr(PHP_OS, 0, 3) == 'WIN') {
+die('skip no symlinks on Windows');
+}
+?
--FILE--
?php
$prefix = __FILE__;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c /ext/standard/tests/file symlink_to_symlink.phpt
lbarnaudSun Aug 10 11:54:18 2008 UTC
Added files:
/php-src/ext/standard/tests/filesymlink_to_symlink.phpt
Modified files:
/php-src/ext/standard link.c
Log:
Do not expand $target in symlink(). This made it impossible to symlink to a
symlink. This also caused the target to be wrongly expanded relatively to
the CWD when target was not an absolute path.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.61r2=1.62diff_format=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.61 php-src/ext/standard/link.c:1.62
--- php-src/ext/standard/link.c:1.61Mon Dec 31 07:12:16 2007
+++ php-src/ext/standard/link.c Sun Aug 10 11:54:18 2008
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: link.c,v 1.61 2007/12/31 07:12:16 sebastian Exp $ */
+/* $Id: link.c,v 1.62 2008/08/10 11:54:18 lbarnaud Exp $ */
#include php.h
#include php_filestat.h
@@ -154,11 +154,11 @@
RETURN_FALSE;
}
-#ifndef ZTS
- ret = symlink(topath, frompath);
-#else
- ret = symlink(dest_p, source_p);
-#endif
+ /* For the source, an expanded path must be used (in ZTS an other
thread could have changed the CWD).
+* For the target the exact string given by the user must be used,
relative or not, existing or not.
+* The target is relative to the link itself, not to the CWD. */
+ ret = symlink(topath, source_p);
+
if (ret == -1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, %s,
strerror(errno));
RETURN_FALSE;
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/symlink_to_symlink.phpt?view=markuprev=1.1
Index: php-src/ext/standard/tests/file/symlink_to_symlink.phpt
+++ php-src/ext/standard/tests/file/symlink_to_symlink.phpt
--TEST--
symlink() using a relative path, and symlink() to a symlink
--FILE--
?php
$prefix = __FILE__;
touch($prefix . _file);
// symlink to a regular file using a relative dest
symlink(basename($prefix . _file), $prefix . _link1);
// symlink to a symlink using a relative path
symlink(basename($prefix . _link1), $prefix . _link2);
// symlink to a non-existent path
@unlink($prefix . _nonexistant);
symlink(basename($prefix . _nonexistant), $prefix . _link3);
// symlink to a regular file using an absolute path
symlink($prefix . _file, $prefix . _link4);
// symlink to a symlink using an absolute path
symlink($prefix . _link4, $prefix . _link5);
var_dump(readlink($prefix . _link1));
var_dump(readlink($prefix . _link2));
var_dump(readlink($prefix . _link3));
var_dump(readlink($prefix . _link4));
var_dump(readlink($prefix . _link5));
unlink($prefix . _link5);
unlink($prefix . _link4);
unlink($prefix . _link3);
unlink($prefix . _link2);
unlink($prefix . _link1);
unlink($prefix . _file);
?
--EXPECTF--
%unicode|string%(%d) symlink_to_symlink.php_file
%unicode|string%(%d) symlink_to_symlink.php_link1
%unicode|string%(%d) symlink_to_symlink.php_nonexistant
%unicode|string%(%d) %s/symlink_to_symlink.php_file
%unicode|string%(%d) %s/symlink_to_symlink.php_link4
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c /ext/standard/tests/file symlink_link_linkinfo_is_link_error1.phpt /main fopen_wrappers.c TSRM tsrm_virtual_cwd.c
dmitry Tue Jul 10 13:21:31 2007 UTC
Modified files:
/TSRM tsrm_virtual_cwd.c
/php-src/main fopen_wrappers.c
/php-src/ext/standard link.c
/php-src/ext/standard/tests/file
symlink_link_linkinfo_is_link_error1.phpt
Log:
Fixed symlink(, somthing) and link(, somthing) in ZTS mode
http://cvs.php.net/viewvc.cgi/TSRM/tsrm_virtual_cwd.c?r1=1.111r2=1.112diff_format=u
Index: TSRM/tsrm_virtual_cwd.c
diff -u TSRM/tsrm_virtual_cwd.c:1.111 TSRM/tsrm_virtual_cwd.c:1.112
--- TSRM/tsrm_virtual_cwd.c:1.111 Tue Jul 3 14:48:37 2007
+++ TSRM/tsrm_virtual_cwd.c Tue Jul 10 13:21:30 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: tsrm_virtual_cwd.c,v 1.111 2007/07/03 14:48:37 dmitry Exp $ */
+/* $Id: tsrm_virtual_cwd.c,v 1.112 2007/07/10 13:21:30 dmitry Exp $ */
#include sys/types.h
#include sys/stat.h
@@ -481,7 +481,7 @@
use_cache = ((use_realpath != CWD_EXPAND)
CWDG(realpath_cache_size_limit));
if (path_length == 0)
- return (0);
+ return (1);
if (path_length = MAXPATHLEN)
return (1);
@@ -769,9 +769,24 @@
{
cwd_state new_state;
char *retval;
+ char cwd[MAXPATHLEN];
+
+ /* realpath() returns CWD */
+ if (!*path) {
+ new_state.cwd = (char*)malloc(1);
+ new_state.cwd[0] = '\0';
+ new_state.cwd_length = 0;
+ if (VCWD_GETCWD(cwd, MAXPATHLEN)) {
+ path = cwd;
+ }
+ } else if (!IS_ABSOLUTE_PATH(path, strlen(path))) {
+ CWD_STATE_COPY(new_state, CWDG(cwd));
+ } else {
+ new_state.cwd = (char*)malloc(1);
+ new_state.cwd[0] = '\0';
+ new_state.cwd_length = 0;
+ }
- CWD_STATE_COPY(new_state, CWDG(cwd));
-
if (virtual_file_ex(new_state, path, NULL, CWD_REALPATH)==0) {
int len =
new_state.cwd_lengthMAXPATHLEN-1?MAXPATHLEN-1:new_state.cwd_length;
@@ -1202,7 +1217,15 @@
cwd_state new_state;
char cwd[MAXPATHLEN];
- if (!IS_ABSOLUTE_PATH(path, strlen(path))
+ /* realpath() returns CWD */
+ if (!*path) {
+ new_state.cwd = (char*)malloc(1);
+ new_state.cwd[0] = '\0';
+ new_state.cwd_length = 0;
+ if (VCWD_GETCWD(cwd, MAXPATHLEN)) {
+ path = cwd;
+ }
+ } else if (!IS_ABSOLUTE_PATH(path, strlen(path))
VCWD_GETCWD(cwd, MAXPATHLEN)) {
new_state.cwd = strdup(cwd);
new_state.cwd_length = strlen(cwd);
http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.194r2=1.195diff_format=u
Index: php-src/main/fopen_wrappers.c
diff -u php-src/main/fopen_wrappers.c:1.194 php-src/main/fopen_wrappers.c:1.195
--- php-src/main/fopen_wrappers.c:1.194 Fri Jun 1 13:33:48 2007
+++ php-src/main/fopen_wrappers.c Tue Jul 10 13:21:30 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: fopen_wrappers.c,v 1.194 2007/06/01 13:33:48 tony2001 Exp $ */
+/* $Id: fopen_wrappers.c,v 1.195 2007/07/10 13:21:30 dmitry Exp $ */
/* {{{ includes
*/
@@ -579,7 +579,9 @@
char cwd[MAXPATHLEN];
char *result;
- if (IS_ABSOLUTE_PATH(filepath, strlen(filepath))) {
+ if (!filepath[0]) {
+ return NULL;
+ } else if (IS_ABSOLUTE_PATH(filepath, strlen(filepath))) {
cwd[0] = '\0';
} else{
result = VCWD_GETCWD(cwd, MAXPATHLEN);
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.59r2=1.60diff_format=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.59 php-src/ext/standard/link.c:1.60
--- php-src/ext/standard/link.c:1.59Mon Jan 1 09:29:32 2007
+++ php-src/ext/standard/link.c Tue Jul 10 13:21:31 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: link.c,v 1.59 2007/01/01 09:29:32 sebastian Exp $ */
+/* $Id: link.c,v 1.60 2007/07/10 13:21:31 dmitry Exp $ */
#include php.h
#include php_filestat.h
@@ -135,6 +135,7 @@
}
if (!expand_filepath(frompath, source_p TSRMLS_CC) ||
!expand_filepath(topath, dest_p TSRMLS_CC)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or
directory);
RETURN_FALSE;
}
@@ -185,6 +186,7 @@
}
if (!expand_filepath(frompath, source_p TSRMLS_CC) ||
!expand_filepath(topath, dest_p TSRMLS_CC)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or
directory);
RETURN_FALSE;
}
[PHP-CVS] cvs: php-src /ext/standard link.c
andrei Thu Oct 26 20:25:45 2006 UTC
Modified files:
/php-src/ext/standard link.c
Log:
Unicode support for link functions.
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.57r2=1.58diff_format=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.57 php-src/ext/standard/link.c:1.58
--- php-src/ext/standard/link.c:1.57Sat Sep 16 18:31:07 2006
+++ php-src/ext/standard/link.c Thu Oct 26 20:25:45 2006
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: link.c,v 1.57 2006/09/16 18:31:07 iliaa Exp $ */
+/* $Id: link.c,v 1.58 2006/10/26 20:25:45 andrei Exp $ */
#include php.h
#include php_filestat.h
@@ -48,25 +48,29 @@
#include ctype.h
#include php_link.h
+#include ext/standard/file.h
-/* {{{ proto string readlink(string filename)
+/* {{{ proto string readlink(string filename) U
Return the target of a symbolic link */
PHP_FUNCTION(readlink)
{
- zval **filename;
+ zval **pp_link;
+ char *link;
+ UChar *target;
+ int link_len, target_len;
char buff[MAXPATHLEN];
int ret;
- if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, filename) ==
FAILURE) {
- WRONG_PARAM_COUNT;
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z, pp_link) ==
FAILURE ||
+ php_stream_path_param_encode(pp_link, link, link_len,
REPORT_ERRORS, FG(default_context)) == FAILURE) {
+ return;
}
- convert_to_string_ex(filename);
- if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+ if (php_check_open_basedir(link TSRMLS_CC)) {
RETURN_FALSE;
}
- ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
+ ret = readlink(link, buff, MAXPATHLEN-1);
if (ret == -1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, %s,
strerror(errno));
@@ -75,24 +79,34 @@
/* Append NULL to the end of the string */
buff[ret] = '\0';
- RETURN_RT_STRING(buff, 1);
+ if (UG(unicode)) {
+ if (SUCCESS == php_stream_path_decode(NULL, target,
target_len, buff, strlen(buff), REPORT_ERRORS, FG(default_context))) {
+ RETURN_UNICODEL(target, target_len, 0);
+ } else {
+ RETURN_FALSE;
+ }
+ } else {
+ RETURN_STRING(buff, 1);
+ }
}
/* }}} */
-/* {{{ proto int linkinfo(string filename)
+/* {{{ proto int linkinfo(string filename) U
Returns the st_dev field of the UNIX C stat structure describing the link */
PHP_FUNCTION(linkinfo)
{
- zval **filename;
+ zval **pp_link;
+ char *link;
+ int link_len;
struct stat sb;
int ret;
- if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, filename) ==
FAILURE) {
- WRONG_PARAM_COUNT;
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z, pp_link) ==
FAILURE ||
+ php_stream_path_param_encode(pp_link, link, link_len,
REPORT_ERRORS, FG(default_context)) == FAILURE) {
+ return;
}
- convert_to_string_ex(filename);
- ret = VCWD_LSTAT(Z_STRVAL_PP(filename), sb);
+ ret = VCWD_LSTAT(link, sb);
if (ret == -1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, %s,
strerror(errno));
RETURN_LONG(-1L);
@@ -102,22 +116,25 @@
}
/* }}} */
-/* {{{ proto int symlink(string target, string link)
+/* {{{ proto int symlink(string target, string link) U
Create a symbolic link */
PHP_FUNCTION(symlink)
{
- zval **topath, **frompath;
+ zval **pp_topath, **pp_frompath;
+ char *topath, *frompath;
+ int topath_len, frompath_len;
int ret;
char source_p[MAXPATHLEN];
char dest_p[MAXPATHLEN];
- if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, topath,
frompath) == FAILURE) {
- WRONG_PARAM_COUNT;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ZZ, pp_topath,
pp_frompath) == FAILURE ||
+ php_stream_path_param_encode(pp_topath, topath, topath_len,
REPORT_ERRORS, FG(default_context)) == FAILURE ||
+ php_stream_path_param_encode(pp_frompath, frompath,
frompath_len, REPORT_ERRORS, FG(default_context)) == FAILURE) {
+ return;
}
- convert_to_string_ex(topath);
- convert_to_string_ex(frompath);
- if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) ||
!expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) {
+ if (!expand_filepath(frompath, source_p TSRMLS_CC) ||
!expand_filepath(topath, dest_p TSRMLS_CC)) {
RETURN_FALSE;
}
@@ -137,7 +154,7 @@
}
#ifndef ZTS
- ret = symlink(Z_STRVAL_PP(topath), Z_STRVAL_PP(frompath));
+ ret = symlink(topath, frompath);
#else
ret =
[PHP-CVS] cvs: php-src /ext/standard link.c
hyanantha Mon Feb 21 04:12:44 2005 EDT Modified files: /php-src/ext/standard link.c Log: NetWare LibC has pwd.h http://cvs.php.net/diff.php/php-src/ext/standard/link.c?r1=1.50r2=1.51ty=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.50 php-src/ext/standard/link.c:1.51 --- php-src/ext/standard/link.c:1.50Mon Nov 1 19:37:32 2004 +++ php-src/ext/standard/link.c Mon Feb 21 04:12:44 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.50 2004/11/02 00:37:32 iliaa Exp $ */ +/* $Id: link.c,v 1.51 2005/02/21 09:12:44 hyanantha Exp $ */ #include php.h #include php_filestat.h @@ -33,8 +33,6 @@ #if HAVE_PWD_H #ifdef PHP_WIN32 #include win32/pwd.h -#elif defined(NETWARE) -#include netware/pwd.h #else #include pwd.h #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c
iliaa Mon Nov 1 19:37:36 2004 EDT
Modified files:
/php-src/ext/standard link.c
Log:
Fixed open_basedir safe_mode bypass inside readlink() function.
http://cvs.php.net/diff.php/php-src/ext/standard/link.c?r1=1.49r2=1.50ty=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.49 php-src/ext/standard/link.c:1.50
--- php-src/ext/standard/link.c:1.49Sat Sep 25 10:23:32 2004
+++ php-src/ext/standard/link.c Mon Nov 1 19:37:32 2004
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: link.c,v 1.49 2004/09/25 14:23:32 hyanantha Exp $ */
+/* $Id: link.c,v 1.50 2004/11/02 00:37:32 iliaa Exp $ */
#include php.h
#include php_filestat.h
@@ -65,6 +65,14 @@
}
convert_to_string_ex(filename);
+ if (PG(safe_mode) !php_checkuid(Z_STRVAL_PP(filename), NULL,
CHECKUID_CHECK_FILE_AND_DIR)) {
+ RETURN_FALSE;
+ }
+
+ if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) {
+ RETURN_FALSE;
+ }
+
ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1);
if (ret == -1) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c
hyanantha Sat Sep 25 10:23:32 2004 EDT
Modified files:
/php-src/ext/standard link.c
Log:
Now NetWare LibC supports proper stat structure no need of CLIB_STAT_PATCH and all
such checks
http://cvs.php.net/diff.php/php-src/ext/standard/link.c?r1=1.48r2=1.49ty=u
Index: php-src/ext/standard/link.c
diff -u php-src/ext/standard/link.c:1.48 php-src/ext/standard/link.c:1.49
--- php-src/ext/standard/link.c:1.48Thu Jan 8 03:17:33 2004
+++ php-src/ext/standard/link.c Sat Sep 25 10:23:32 2004
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: link.c,v 1.48 2004/01/08 08:17:33 andi Exp $ */
+/* $Id: link.c,v 1.49 2004/09/25 14:23:32 hyanantha Exp $ */
#include php.h
#include php_filestat.h
@@ -83,11 +83,7 @@
PHP_FUNCTION(linkinfo)
{
zval **filename;
-#if defined(NETWARE) defined(CLIB_STAT_PATCH)
- struct stat_libc sb;
-#else
struct stat sb;
-#endif
int ret;
if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, filename) == FAILURE) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
