[PHP-CVS] com php-src: Check if soap.wsdl_cache_dir confirms to open_basedir: ext/soap/soap.c

2013-02-12 Thread Stanislav Malyshev
Commit:c5b33c754c5c4aea219c74a316db0a872ac5f70d
Author:Dmitry Stogov  Thu, 7 Feb 2013 13:04:47 
+0400
Committer: Stanislav Malyshev   Sun, 10 Feb 2013 01:05:20 
-0800
Parents:   fdf1231f66a31514e8be129b7e6d5e91d8e5c99e
Branches:  PHP-5.4.12

Link:   
http://git.php.net/?p=php-src.git;a=commitdiff;h=c5b33c754c5c4aea219c74a316db0a872ac5f70d

Log:
Check if soap.wsdl_cache_dir confirms to open_basedir

Changed paths:
  M  ext/soap/soap.c


Diff:
diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 13f163a..8c25b26 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -479,10 +479,44 @@ ZEND_INI_MH(OnUpdateCacheMode)
return SUCCESS;
 }
 
+static PHP_INI_MH(OnUpdateCacheDir)
+{
+   /* Only do the safemode/open_basedir check at runtime */
+   if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
+   char *p;
+
+   if (memchr(new_value, '\0', new_value_length) != NULL) {
+   return FAILURE;
+   }
+
+   /* we do not use zend_memrchr() since path can contain ; itself 
*/
+   if ((p = strchr(new_value, ';'))) {
+   char *p2;
+   p++;
+   if ((p2 = strchr(p, ';'))) {
+   p = p2 + 1;
+   }
+   } else {
+   p = new_value;
+   }
+
+   if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+   return FAILURE;
+   }
+
+   if (PG(open_basedir) && *p && php_check_open_basedir(p 
TSRMLS_CC)) {
+   return FAILURE;
+   }
+   }
+
+   OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, 
mh_arg3, stage TSRMLS_CC);
+   return SUCCESS;
+}
+
 PHP_INI_BEGIN()
 STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, 
OnUpdateBool,
   cache_enabled, zend_soap_globals, soap_globals)
-STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, 
OnUpdateString,
+STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, 
OnUpdateCacheDir,
   cache_dir, zend_soap_globals, soap_globals)
 STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, 
OnUpdateLong,
   cache_ttl, zend_soap_globals, soap_globals)


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[PHP-CVS] com php-src: Check if soap.wsdl_cache_dir confirms to open_basedir: ext/soap/soap.c

2013-02-07 Thread Dmitry Stogov
Commit:cc4c318b0c71e1a9c9cf803b5ee5d437344d64db
Author:Dmitry Stogov  Thu, 7 Feb 2013 13:04:47 
+0400
Parents:   a80fdc47b3b5046188aee6a9ef310879322cf4e9
Branches:  PHP-5.3 PHP-5.4 PHP-5.5 master

Link:   
http://git.php.net/?p=php-src.git;a=commitdiff;h=cc4c318b0c71e1a9c9cf803b5ee5d437344d64db

Log:
Check if soap.wsdl_cache_dir confirms to open_basedir

Changed paths:
  M  ext/soap/soap.c


Diff:
diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 843f49b..6851a9b 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -568,10 +568,44 @@ ZEND_INI_MH(OnUpdateCacheMode)
return SUCCESS;
 }
 
+static PHP_INI_MH(OnUpdateCacheDir)
+{
+   /* Only do the safemode/open_basedir check at runtime */
+   if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) {
+   char *p;
+
+   if (memchr(new_value, '\0', new_value_length) != NULL) {
+   return FAILURE;
+   }
+
+   /* we do not use zend_memrchr() since path can contain ; itself 
*/
+   if ((p = strchr(new_value, ';'))) {
+   char *p2;
+   p++;
+   if ((p2 = strchr(p, ';'))) {
+   p = p2 + 1;
+   }
+   } else {
+   p = new_value;
+   }
+
+   if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
+   return FAILURE;
+   }
+
+   if (PG(open_basedir) && *p && php_check_open_basedir(p 
TSRMLS_CC)) {
+   return FAILURE;
+   }
+   }
+
+   OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, 
mh_arg3, stage TSRMLS_CC);
+   return SUCCESS;
+}
+
 PHP_INI_BEGIN()
 STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, 
OnUpdateBool,
   cache_enabled, zend_soap_globals, soap_globals)
-STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, 
OnUpdateString,
+STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, 
OnUpdateCacheDir,
   cache_dir, zend_soap_globals, soap_globals)
 STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, 
OnUpdateLong,
   cache_ttl, zend_soap_globals, soap_globals)


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php