[PHP-CVS] cvs: php-src /ext/standard link.c /ext/standard/tests/file symlink_to_symlink.phpt /tests/security open_basedir_symlink.phpt
lbarnaudMon Aug 11 15:29:06 2008 UTC Modified files: /php-src/tests/security open_basedir_symlink.phpt /php-src/ext/standard link.c /php-src/ext/standard/tests/filesymlink_to_symlink.phpt Log: Check the relevant path for open_basedir in symlink() http://cvs.php.net/viewvc.cgi/php-src/tests/security/open_basedir_symlink.phpt?r1=1.3r2=1.4diff_format=u Index: php-src/tests/security/open_basedir_symlink.phpt diff -u php-src/tests/security/open_basedir_symlink.phpt:1.3 php-src/tests/security/open_basedir_symlink.phpt:1.4 --- php-src/tests/security/open_basedir_symlink.phpt:1.3Mon May 26 15:52:05 2008 +++ php-src/tests/security/open_basedir_symlink.phptMon Aug 11 15:29:05 2008 @@ -31,6 +31,12 @@ var_dump(symlink($target, $symlink)); var_dump(unlink($symlink)); + +var_dump(mkdir(ok2)); +$symlink = ($directory./test/ok/ok2/ok.txt); +var_dump(symlink(../ok.txt, $symlink)); // $target == (dirname($symlink)./.$target) == ($directory./test/ok/ok.txt); +var_dump(unlink($symlink)); + test_open_basedir_after(symlink); ? --CLEAN-- @@ -74,4 +80,7 @@ bool(false) bool(true) bool(true) +bool(true) +bool(true) +bool(true) *** Finished testing open_basedir configuration [symlink] *** http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.62r2=1.63diff_format=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.62 php-src/ext/standard/link.c:1.63 --- php-src/ext/standard/link.c:1.62Sun Aug 10 11:54:18 2008 +++ php-src/ext/standard/link.c Mon Aug 11 15:29:06 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.62 2008/08/10 11:54:18 lbarnaud Exp $ */ +/* $Id: link.c,v 1.63 2008/08/11 15:29:06 lbarnaud Exp $ */ #include php.h #include php_filestat.h @@ -49,6 +49,7 @@ #include php_link.h #include ext/standard/file.h +#include php_string.h /* {{{ proto string readlink(string filename) U Return the target of a symbolic link */ @@ -126,6 +127,8 @@ int ret; char source_p[MAXPATHLEN]; char dest_p[MAXPATHLEN]; + char dirname[MAXPATHLEN]; + size_t len; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ZZ, pp_topath, pp_frompath) == FAILURE || @@ -134,7 +137,15 @@ return; } - if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) { + if (!expand_filepath(frompath, source_p TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or directory); + RETURN_FALSE; + } + + memcpy(dirname, source_p, sizeof(source_p)); + len = php_dirname(dirname, strlen(dirname)); + + if (!expand_filepath_ex(topath, dest_p, dirname, len TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or directory); RETURN_FALSE; } http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/symlink_to_symlink.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/standard/tests/file/symlink_to_symlink.phpt diff -u php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1 php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.2 --- php-src/ext/standard/tests/file/symlink_to_symlink.phpt:1.1 Sun Aug 10 11:54:18 2008 +++ php-src/ext/standard/tests/file/symlink_to_symlink.phpt Mon Aug 11 15:29:06 2008 @@ -1,5 +1,11 @@ --TEST-- symlink() using a relative path, and symlink() to a symlink +--SKIPIF-- +?php +if (substr(PHP_OS, 0, 3) == 'WIN') { +die('skip no symlinks on Windows'); +} +? --FILE-- ?php $prefix = __FILE__; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c /ext/standard/tests/file symlink_to_symlink.phpt
lbarnaudSun Aug 10 11:54:18 2008 UTC Added files: /php-src/ext/standard/tests/filesymlink_to_symlink.phpt Modified files: /php-src/ext/standard link.c Log: Do not expand $target in symlink(). This made it impossible to symlink to a symlink. This also caused the target to be wrongly expanded relatively to the CWD when target was not an absolute path. http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.61r2=1.62diff_format=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.61 php-src/ext/standard/link.c:1.62 --- php-src/ext/standard/link.c:1.61Mon Dec 31 07:12:16 2007 +++ php-src/ext/standard/link.c Sun Aug 10 11:54:18 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.61 2007/12/31 07:12:16 sebastian Exp $ */ +/* $Id: link.c,v 1.62 2008/08/10 11:54:18 lbarnaud Exp $ */ #include php.h #include php_filestat.h @@ -154,11 +154,11 @@ RETURN_FALSE; } -#ifndef ZTS - ret = symlink(topath, frompath); -#else - ret = symlink(dest_p, source_p); -#endif + /* For the source, an expanded path must be used (in ZTS an other thread could have changed the CWD). +* For the target the exact string given by the user must be used, relative or not, existing or not. +* The target is relative to the link itself, not to the CWD. */ + ret = symlink(topath, source_p); + if (ret == -1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, %s, strerror(errno)); RETURN_FALSE; http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/file/symlink_to_symlink.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/file/symlink_to_symlink.phpt +++ php-src/ext/standard/tests/file/symlink_to_symlink.phpt --TEST-- symlink() using a relative path, and symlink() to a symlink --FILE-- ?php $prefix = __FILE__; touch($prefix . _file); // symlink to a regular file using a relative dest symlink(basename($prefix . _file), $prefix . _link1); // symlink to a symlink using a relative path symlink(basename($prefix . _link1), $prefix . _link2); // symlink to a non-existent path @unlink($prefix . _nonexistant); symlink(basename($prefix . _nonexistant), $prefix . _link3); // symlink to a regular file using an absolute path symlink($prefix . _file, $prefix . _link4); // symlink to a symlink using an absolute path symlink($prefix . _link4, $prefix . _link5); var_dump(readlink($prefix . _link1)); var_dump(readlink($prefix . _link2)); var_dump(readlink($prefix . _link3)); var_dump(readlink($prefix . _link4)); var_dump(readlink($prefix . _link5)); unlink($prefix . _link5); unlink($prefix . _link4); unlink($prefix . _link3); unlink($prefix . _link2); unlink($prefix . _link1); unlink($prefix . _file); ? --EXPECTF-- %unicode|string%(%d) symlink_to_symlink.php_file %unicode|string%(%d) symlink_to_symlink.php_link1 %unicode|string%(%d) symlink_to_symlink.php_nonexistant %unicode|string%(%d) %s/symlink_to_symlink.php_file %unicode|string%(%d) %s/symlink_to_symlink.php_link4 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c /ext/standard/tests/file symlink_link_linkinfo_is_link_error1.phpt /main fopen_wrappers.c TSRM tsrm_virtual_cwd.c
dmitry Tue Jul 10 13:21:31 2007 UTC Modified files: /TSRM tsrm_virtual_cwd.c /php-src/main fopen_wrappers.c /php-src/ext/standard link.c /php-src/ext/standard/tests/file symlink_link_linkinfo_is_link_error1.phpt Log: Fixed symlink(, somthing) and link(, somthing) in ZTS mode http://cvs.php.net/viewvc.cgi/TSRM/tsrm_virtual_cwd.c?r1=1.111r2=1.112diff_format=u Index: TSRM/tsrm_virtual_cwd.c diff -u TSRM/tsrm_virtual_cwd.c:1.111 TSRM/tsrm_virtual_cwd.c:1.112 --- TSRM/tsrm_virtual_cwd.c:1.111 Tue Jul 3 14:48:37 2007 +++ TSRM/tsrm_virtual_cwd.c Tue Jul 10 13:21:30 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: tsrm_virtual_cwd.c,v 1.111 2007/07/03 14:48:37 dmitry Exp $ */ +/* $Id: tsrm_virtual_cwd.c,v 1.112 2007/07/10 13:21:30 dmitry Exp $ */ #include sys/types.h #include sys/stat.h @@ -481,7 +481,7 @@ use_cache = ((use_realpath != CWD_EXPAND) CWDG(realpath_cache_size_limit)); if (path_length == 0) - return (0); + return (1); if (path_length = MAXPATHLEN) return (1); @@ -769,9 +769,24 @@ { cwd_state new_state; char *retval; + char cwd[MAXPATHLEN]; + + /* realpath() returns CWD */ + if (!*path) { + new_state.cwd = (char*)malloc(1); + new_state.cwd[0] = '\0'; + new_state.cwd_length = 0; + if (VCWD_GETCWD(cwd, MAXPATHLEN)) { + path = cwd; + } + } else if (!IS_ABSOLUTE_PATH(path, strlen(path))) { + CWD_STATE_COPY(new_state, CWDG(cwd)); + } else { + new_state.cwd = (char*)malloc(1); + new_state.cwd[0] = '\0'; + new_state.cwd_length = 0; + } - CWD_STATE_COPY(new_state, CWDG(cwd)); - if (virtual_file_ex(new_state, path, NULL, CWD_REALPATH)==0) { int len = new_state.cwd_lengthMAXPATHLEN-1?MAXPATHLEN-1:new_state.cwd_length; @@ -1202,7 +1217,15 @@ cwd_state new_state; char cwd[MAXPATHLEN]; - if (!IS_ABSOLUTE_PATH(path, strlen(path)) + /* realpath() returns CWD */ + if (!*path) { + new_state.cwd = (char*)malloc(1); + new_state.cwd[0] = '\0'; + new_state.cwd_length = 0; + if (VCWD_GETCWD(cwd, MAXPATHLEN)) { + path = cwd; + } + } else if (!IS_ABSOLUTE_PATH(path, strlen(path)) VCWD_GETCWD(cwd, MAXPATHLEN)) { new_state.cwd = strdup(cwd); new_state.cwd_length = strlen(cwd); http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.194r2=1.195diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.194 php-src/main/fopen_wrappers.c:1.195 --- php-src/main/fopen_wrappers.c:1.194 Fri Jun 1 13:33:48 2007 +++ php-src/main/fopen_wrappers.c Tue Jul 10 13:21:30 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: fopen_wrappers.c,v 1.194 2007/06/01 13:33:48 tony2001 Exp $ */ +/* $Id: fopen_wrappers.c,v 1.195 2007/07/10 13:21:30 dmitry Exp $ */ /* {{{ includes */ @@ -579,7 +579,9 @@ char cwd[MAXPATHLEN]; char *result; - if (IS_ABSOLUTE_PATH(filepath, strlen(filepath))) { + if (!filepath[0]) { + return NULL; + } else if (IS_ABSOLUTE_PATH(filepath, strlen(filepath))) { cwd[0] = '\0'; } else{ result = VCWD_GETCWD(cwd, MAXPATHLEN); http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.59r2=1.60diff_format=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.59 php-src/ext/standard/link.c:1.60 --- php-src/ext/standard/link.c:1.59Mon Jan 1 09:29:32 2007 +++ php-src/ext/standard/link.c Tue Jul 10 13:21:31 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.59 2007/01/01 09:29:32 sebastian Exp $ */ +/* $Id: link.c,v 1.60 2007/07/10 13:21:31 dmitry Exp $ */ #include php.h #include php_filestat.h @@ -135,6 +135,7 @@ } if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or directory); RETURN_FALSE; } @@ -185,6 +186,7 @@ } if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, No such file or directory); RETURN_FALSE; }
[PHP-CVS] cvs: php-src /ext/standard link.c
andrei Thu Oct 26 20:25:45 2006 UTC Modified files: /php-src/ext/standard link.c Log: Unicode support for link functions. http://cvs.php.net/viewvc.cgi/php-src/ext/standard/link.c?r1=1.57r2=1.58diff_format=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.57 php-src/ext/standard/link.c:1.58 --- php-src/ext/standard/link.c:1.57Sat Sep 16 18:31:07 2006 +++ php-src/ext/standard/link.c Thu Oct 26 20:25:45 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.57 2006/09/16 18:31:07 iliaa Exp $ */ +/* $Id: link.c,v 1.58 2006/10/26 20:25:45 andrei Exp $ */ #include php.h #include php_filestat.h @@ -48,25 +48,29 @@ #include ctype.h #include php_link.h +#include ext/standard/file.h -/* {{{ proto string readlink(string filename) +/* {{{ proto string readlink(string filename) U Return the target of a symbolic link */ PHP_FUNCTION(readlink) { - zval **filename; + zval **pp_link; + char *link; + UChar *target; + int link_len, target_len; char buff[MAXPATHLEN]; int ret; - if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, filename) == FAILURE) { - WRONG_PARAM_COUNT; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z, pp_link) == FAILURE || + php_stream_path_param_encode(pp_link, link, link_len, REPORT_ERRORS, FG(default_context)) == FAILURE) { + return; } - convert_to_string_ex(filename); - if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { + if (php_check_open_basedir(link TSRMLS_CC)) { RETURN_FALSE; } - ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1); + ret = readlink(link, buff, MAXPATHLEN-1); if (ret == -1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, %s, strerror(errno)); @@ -75,24 +79,34 @@ /* Append NULL to the end of the string */ buff[ret] = '\0'; - RETURN_RT_STRING(buff, 1); + if (UG(unicode)) { + if (SUCCESS == php_stream_path_decode(NULL, target, target_len, buff, strlen(buff), REPORT_ERRORS, FG(default_context))) { + RETURN_UNICODEL(target, target_len, 0); + } else { + RETURN_FALSE; + } + } else { + RETURN_STRING(buff, 1); + } } /* }}} */ -/* {{{ proto int linkinfo(string filename) +/* {{{ proto int linkinfo(string filename) U Returns the st_dev field of the UNIX C stat structure describing the link */ PHP_FUNCTION(linkinfo) { - zval **filename; + zval **pp_link; + char *link; + int link_len; struct stat sb; int ret; - if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, filename) == FAILURE) { - WRONG_PARAM_COUNT; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z, pp_link) == FAILURE || + php_stream_path_param_encode(pp_link, link, link_len, REPORT_ERRORS, FG(default_context)) == FAILURE) { + return; } - convert_to_string_ex(filename); - ret = VCWD_LSTAT(Z_STRVAL_PP(filename), sb); + ret = VCWD_LSTAT(link, sb); if (ret == -1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, %s, strerror(errno)); RETURN_LONG(-1L); @@ -102,22 +116,25 @@ } /* }}} */ -/* {{{ proto int symlink(string target, string link) +/* {{{ proto int symlink(string target, string link) U Create a symbolic link */ PHP_FUNCTION(symlink) { - zval **topath, **frompath; + zval **pp_topath, **pp_frompath; + char *topath, *frompath; + int topath_len, frompath_len; int ret; char source_p[MAXPATHLEN]; char dest_p[MAXPATHLEN]; - if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, topath, frompath) == FAILURE) { - WRONG_PARAM_COUNT; + + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, ZZ, pp_topath, pp_frompath) == FAILURE || + php_stream_path_param_encode(pp_topath, topath, topath_len, REPORT_ERRORS, FG(default_context)) == FAILURE || + php_stream_path_param_encode(pp_frompath, frompath, frompath_len, REPORT_ERRORS, FG(default_context)) == FAILURE) { + return; } - convert_to_string_ex(topath); - convert_to_string_ex(frompath); - if (!expand_filepath(Z_STRVAL_PP(frompath), source_p TSRMLS_CC) || !expand_filepath(Z_STRVAL_PP(topath), dest_p TSRMLS_CC)) { + if (!expand_filepath(frompath, source_p TSRMLS_CC) || !expand_filepath(topath, dest_p TSRMLS_CC)) { RETURN_FALSE; } @@ -137,7 +154,7 @@ } #ifndef ZTS - ret = symlink(Z_STRVAL_PP(topath), Z_STRVAL_PP(frompath)); + ret = symlink(topath, frompath); #else ret =
[PHP-CVS] cvs: php-src /ext/standard link.c
hyanantha Mon Feb 21 04:12:44 2005 EDT Modified files: /php-src/ext/standard link.c Log: NetWare LibC has pwd.h http://cvs.php.net/diff.php/php-src/ext/standard/link.c?r1=1.50r2=1.51ty=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.50 php-src/ext/standard/link.c:1.51 --- php-src/ext/standard/link.c:1.50Mon Nov 1 19:37:32 2004 +++ php-src/ext/standard/link.c Mon Feb 21 04:12:44 2005 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.50 2004/11/02 00:37:32 iliaa Exp $ */ +/* $Id: link.c,v 1.51 2005/02/21 09:12:44 hyanantha Exp $ */ #include php.h #include php_filestat.h @@ -33,8 +33,6 @@ #if HAVE_PWD_H #ifdef PHP_WIN32 #include win32/pwd.h -#elif defined(NETWARE) -#include netware/pwd.h #else #include pwd.h #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c
iliaa Mon Nov 1 19:37:36 2004 EDT Modified files: /php-src/ext/standard link.c Log: Fixed open_basedir safe_mode bypass inside readlink() function. http://cvs.php.net/diff.php/php-src/ext/standard/link.c?r1=1.49r2=1.50ty=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.49 php-src/ext/standard/link.c:1.50 --- php-src/ext/standard/link.c:1.49Sat Sep 25 10:23:32 2004 +++ php-src/ext/standard/link.c Mon Nov 1 19:37:32 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.49 2004/09/25 14:23:32 hyanantha Exp $ */ +/* $Id: link.c,v 1.50 2004/11/02 00:37:32 iliaa Exp $ */ #include php.h #include php_filestat.h @@ -65,6 +65,14 @@ } convert_to_string_ex(filename); + if (PG(safe_mode) !php_checkuid(Z_STRVAL_PP(filename), NULL, CHECKUID_CHECK_FILE_AND_DIR)) { + RETURN_FALSE; + } + + if (php_check_open_basedir(Z_STRVAL_PP(filename) TSRMLS_CC)) { + RETURN_FALSE; + } + ret = readlink(Z_STRVAL_PP(filename), buff, MAXPATHLEN-1); if (ret == -1) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard link.c
hyanantha Sat Sep 25 10:23:32 2004 EDT Modified files: /php-src/ext/standard link.c Log: Now NetWare LibC supports proper stat structure no need of CLIB_STAT_PATCH and all such checks http://cvs.php.net/diff.php/php-src/ext/standard/link.c?r1=1.48r2=1.49ty=u Index: php-src/ext/standard/link.c diff -u php-src/ext/standard/link.c:1.48 php-src/ext/standard/link.c:1.49 --- php-src/ext/standard/link.c:1.48Thu Jan 8 03:17:33 2004 +++ php-src/ext/standard/link.c Sat Sep 25 10:23:32 2004 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: link.c,v 1.48 2004/01/08 08:17:33 andi Exp $ */ +/* $Id: link.c,v 1.49 2004/09/25 14:23:32 hyanantha Exp $ */ #include php.h #include php_filestat.h @@ -83,11 +83,7 @@ PHP_FUNCTION(linkinfo) { zval **filename; -#if defined(NETWARE) defined(CLIB_STAT_PATCH) - struct stat_libc sb; -#else struct stat sb; -#endif int ret; if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, filename) == FAILURE) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php