[PHP-CVS] cvs: php-src /ext/zip php_zip.c php_zip.h /ext/zip/tests bug14962.phpt bug38943.inc bug38943.phpt bug38943_2.phpt bug38944.phpt bug7658.phpt
pajoye Wed Nov 12 11:24:49 2008 UTC Added files: /php-src/ext/zip/tests bug14962.phpt Modified files: /php-src/ext/zipphp_zip.c php_zip.h /php-src/ext/zip/tests bug38943.inc bug38943_2.phpt bug38943.phpt bug38944.phpt bug7658.phpt Log: - fix #14962 (makes 2nd argument really optional) - replace ZEND_ENGINE_2_1 test with PHP_ZIP_USE_OO, version independent - sync tests with 5.3 http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.65r2=1.66diff_format=u Index: php-src/ext/zip/php_zip.c diff -u php-src/ext/zip/php_zip.c:1.65 php-src/ext/zip/php_zip.c:1.66 --- php-src/ext/zip/php_zip.c:1.65 Sun Nov 2 21:10:12 2008 +++ php-src/ext/zip/php_zip.c Wed Nov 12 11:24:48 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_zip.c,v 1.65 2008/11/02 21:10:12 felipe Exp $ */ +/* $Id: php_zip.c,v 1.66 2008/11/12 11:24:48 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -135,7 +135,7 @@ } /* }}} */ -#ifdef ZEND_ENGINE_2_1 +#ifdef PHP_ZIP_USE_OO /* {{{ php_zip_extract_file */ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int file_len TSRMLS_DC) { @@ -740,7 +740,7 @@ /* }}} */ /* {{{ ZE2 OO definitions */ -#ifdef ZEND_ENGINE_2_1 +#ifdef PHP_ZIP_USE_OO static zend_class_entry *zip_class_entry; static zend_object_handlers zip_object_handlers; @@ -760,7 +760,7 @@ #endif /* }}} */ -#ifdef ZEND_ENGINE_2_1 +#ifdef PHP_ZIP_USE_OO static void php_zip_register_prop_handler(HashTable *prop_handler, char *name, zip_read_int_t read_int_func, zip_read_const_char_t read_char_func, zip_read_const_char_from_ze_t read_char_from_obj_func, int rettype TSRMLS_DC) /* {{{ */ { zip_prop_handler hnd; @@ -1423,7 +1423,7 @@ } /* }}} */ -#ifdef ZEND_ENGINE_2_1 +#ifdef PHP_ZIP_USE_OO /* {{{ proto mixed ZipArchive::open(string source [, int flags]) U Create new zip using source uri for output, return TRUE on success or the error code */ static ZIPARCHIVE_METHOD(open) @@ -2413,15 +2413,15 @@ RETURN_FALSE; } -if (php_stream_stat_path(pathto, ssb) 0) { -ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL); -if (!ret) { -RETURN_FALSE; -} -} + if (php_stream_stat_path(pathto, ssb) 0) { + ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL); + if (!ret) { + RETURN_FALSE; + } + } ZIP_FROM_OBJECT(intern, this); - if (zval_files) { + if (zval_files (Z_TYPE_P(zval_files) != IS_NULL)) { switch (Z_TYPE_P(zval_files)) { case IS_UNICODE: if (FAILURE == php_stream_path_param_encode(zval_files, file, file_len, REPORT_ERRORS, FG(default_context))) { @@ -2443,6 +2443,7 @@ RETURN_FALSE; } break; + case IS_ARRAY: nelems = zend_hash_num_elements(Z_ARRVAL_P(zval_files)); if (nelems == 0 ) { @@ -2476,7 +2477,7 @@ } } break; - case IS_LONG: + default: php_error_docref(NULL TSRMLS_CC, E_WARNING, Invalid argument, expect string or array of strings); break; @@ -2659,7 +2660,7 @@ /* {{{ PHP_MINIT_FUNCTION */ static PHP_MINIT_FUNCTION(zip) { -#ifdef ZEND_ENGINE_2_1 +#ifdef PHP_ZIP_USE_OO zend_class_entry ce; memcpy(zip_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); @@ -2742,7 +2743,7 @@ */ static PHP_MSHUTDOWN_FUNCTION(zip) { -#ifdef ZEND_ENGINE_2_1 +#ifdef PHP_ZIP_USE_OO zend_hash_destroy(zip_prop_handlers); php_unregister_url_stream_wrapper(zip TSRMLS_CC); #endif @@ -2757,7 +2758,7 @@ php_info_print_table_start(); php_info_print_table_row(2, Zip, enabled); - php_info_print_table_row(2, Extension Version,$Id: php_zip.c,v 1.65 2008/11/02 21:10:12 felipe Exp $); + php_info_print_table_row(2, Extension Version,$Id: php_zip.c,v 1.66 2008/11/12 11:24:48 pajoye Exp $); php_info_print_table_row(2, Zip version, PHP_ZIP_VERSION_STRING); php_info_print_table_row(2, Libzip version, 0.9.0); http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.h?r1=1.18r2=1.19diff_format=u Index: php-src/ext/zip/php_zip.h diff -u php-src/ext/zip/php_zip.h:1.18 php-src/ext/zip/php_zip.h:1.19 --- php-src/ext/zip/php_zip.h:1.18 Fri Aug 8 18:13:55 2008 +++ php-src/ext/zip/php_zip.h Wed Nov 12 11:24:48 2008 @@ -16,7
[PHP-CVS] cvs: php-src /ext/zip php_zip.c php_zip.h
pajoye Fri Jan 18 01:24:29 2008 UTC Modified files: /php-src/ext/zipphp_zip.c php_zip.h Log: - MFB: reflect the correct version http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.56r2=1.57diff_format=u Index: php-src/ext/zip/php_zip.c diff -u php-src/ext/zip/php_zip.c:1.56 php-src/ext/zip/php_zip.c:1.57 --- php-src/ext/zip/php_zip.c:1.56 Fri Jan 18 00:33:15 2008 +++ php-src/ext/zip/php_zip.c Fri Jan 18 01:24:29 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_zip.c,v 1.56 2008/01/18 00:33:15 cellog Exp $ */ +/* $Id: php_zip.c,v 1.57 2008/01/18 01:24:29 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -2205,9 +2205,9 @@ php_info_print_table_start(); php_info_print_table_row(2, Zip, enabled); - php_info_print_table_row(2, Extension Version,$Id: php_zip.c,v 1.56 2008/01/18 00:33:15 cellog Exp $); - php_info_print_table_row(2, Zip version, 2.0.0); - php_info_print_table_row(2, Libzip version, 0.7.1); + php_info_print_table_row(2, Extension Version,$Id: php_zip.c,v 1.57 2008/01/18 01:24:29 pajoye Exp $); + php_info_print_table_row(2, Zip version, PHP_ZIP_VERSION_STRING); + php_info_print_table_row(2, Libzip version, 0.8.0); php_info_print_table_end(); } http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.h?r1=1.16r2=1.17diff_format=u Index: php-src/ext/zip/php_zip.h diff -u php-src/ext/zip/php_zip.h:1.16 php-src/ext/zip/php_zip.h:1.17 --- php-src/ext/zip/php_zip.h:1.16 Mon Dec 31 07:12:17 2007 +++ php-src/ext/zip/php_zip.h Fri Jan 18 01:24:29 2008 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_zip.h,v 1.16 2007/12/31 07:12:17 sebastian Exp $ */ +/* $Id: php_zip.h,v 1.17 2008/01/18 01:24:29 pajoye Exp $ */ #ifndef PHP_ZIP_H #define PHP_ZIP_H @@ -30,6 +30,8 @@ #include lib/zip.h +#define PHP_ZIP_VERSION_STRING 1.8.11 + /* {{{ OPENBASEDIR_CHECKPATH(filename) */ #if (PHP_MAJOR_VERSION 6) #define OPENBASEDIR_CHECKPATH(filename) \ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/zip php_zip.c php_zip.h zip_stream.c
pajoye Wed Mar 14 11:22:13 2007 UTC Modified files: /php-src/ext/zipphp_zip.h php_zip.c zip_stream.c Log: - MFB: - rename SAFEMODE_CHECKFILE to OPENBASEDIR_CHECKPATH (can be used without confusing in head without confusion) - Add safemode and open basedir checks in zip:// wrapper (revert Ilia's patch). Bug found by Stefan Esser in his MOPB-20-2007 http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.h?r1=1.14r2=1.15diff_format=u Index: php-src/ext/zip/php_zip.h diff -u php-src/ext/zip/php_zip.h:1.14 php-src/ext/zip/php_zip.h:1.15 --- php-src/ext/zip/php_zip.h:1.14 Mon Jan 1 09:29:34 2007 +++ php-src/ext/zip/php_zip.h Wed Mar 14 11:22:13 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_zip.h,v 1.14 2007/01/01 09:29:34 sebastian Exp $ */ +/* $Id: php_zip.h,v 1.15 2007/03/14 11:22:13 pajoye Exp $ */ #ifndef PHP_ZIP_H #define PHP_ZIP_H @@ -30,6 +30,16 @@ #include lib/zip.h +/* {{{ OPENBASEDIR_CHECKPATH(filename) */ +#if (PHP_MAJOR_VERSION 6) +#define OPENBASEDIR_CHECKPATH(filename) \ + (PG(safe_mode) (!php_checkuid(filename, NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(filename TSRMLS_CC) +#else +#define OPENBASEDIR_CHECKPATH(filename) \ + php_check_open_basedir(filename TSRMLS_CC) +#endif +/* }}} */ + typedef struct _ze_zip_rsrc { struct zip *za; int index_current; http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.38r2=1.39diff_format=u Index: php-src/ext/zip/php_zip.c diff -u php-src/ext/zip/php_zip.c:1.38 php-src/ext/zip/php_zip.c:1.39 --- php-src/ext/zip/php_zip.c:1.38 Mon Jan 29 16:01:55 2007 +++ php-src/ext/zip/php_zip.c Wed Mar 14 11:22:13 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_zip.c,v 1.38 2007/01/29 16:01:55 pajoye Exp $ */ +/* $Id: php_zip.c,v 1.39 2007/03/14 11:22:13 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -122,6 +122,11 @@ } php_basename(file, file_len, NULL, 0, file_basename, (unsigned int *)file_basename_len TSRMLS_CC); + if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) { + efree(file_dirname_fullpath); + efree(file_basename); + return 0; + } } /* let see if the path already exists */ if (php_stream_stat_path(file_dirname_fullpath, ssb) 0) { @@ -149,6 +154,16 @@ return 0; } + /* check again the full path, not sure if it +* is required, does a file can have a different +* safemode status as its parent folder? +*/ + if (OPENBASEDIR_CHECKPATH(fullpath)) { + efree(file_dirname_fullpath); + efree(file_basename); + return 0; + } + zf = zip_fopen(za, file, 0); if (zf == NULL) { efree(fullpath); @@ -609,6 +624,9 @@ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z, filename_zval) == FAILURE) { return; } + if (OPENBASEDIR_CHECKPATH(filename)) { + RETURN_FALSE; + } if (FAILURE == php_stream_path_param_encode(filename_zval, filename, filename_len, REPORT_ERRORS, FG(default_context))) { RETURN_FALSE; @@ -2083,7 +2101,7 @@ php_info_print_table_start(); php_info_print_table_row(2, Zip, enabled); - php_info_print_table_row(2, Extension Version,$Id: php_zip.c,v 1.38 2007/01/29 16:01:55 pajoye Exp $); + php_info_print_table_row(2, Extension Version,$Id: php_zip.c,v 1.39 2007/03/14 11:22:13 pajoye Exp $); php_info_print_table_row(2, Zip version, 2.0.0); php_info_print_table_row(2, Libzip version, 0.7.1); http://cvs.php.net/viewvc.cgi/php-src/ext/zip/zip_stream.c?r1=1.5r2=1.6diff_format=u Index: php-src/ext/zip/zip_stream.c diff -u php-src/ext/zip/zip_stream.c:1.5 php-src/ext/zip/zip_stream.c:1.6 --- php-src/ext/zip/zip_stream.c:1.5Mon Jan 1 09:29:34 2007 +++ php-src/ext/zip/zip_stream.cWed Mar 14 11:22:13 2007 @@ -1,4 +1,4 @@ -/* $Id: zip_stream.c,v 1.5 2007/01/01 09:29:34 sebastian Exp $ */ +/* $Id: zip_stream.c,v 1.6 2007/03/14 11:22:13 pajoye Exp $ */ #ifdef HAVE_CONFIG_H # include config.h #endif @@ -12,6 +12,7 @@ #include ext/standard/file.h #include ext/standard/php_string.h #include fopen_wrappers.h +#include php_zip.h #include ext/standard/url.h @@ -112,6 +113,10 @@ } if (filename) { + if (OPENBASEDIR_CHECKPATH(filename)) { + return NULL; + } + /* duplicate to make the stream za independent (esp. for MSHUTDOWN) */ stream_za = zip_open(filename, ZIP_CREATE, err); if (!stream_za) { @@ -189,6 +194,11 @@
Re: [PHP-CVS] cvs: php-src /ext/zip php_zip.c php_zip.h zip_stream.c
Revert? You just changed the code into a macro. Ilia -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/zip php_zip.c php_zip.h zip_stream.c
On 3/14/07, Ilia Alshanetsky [EMAIL PROTECTED] wrote: Revert? You just changed the code into a macro. It was already a macro, you should have used it. So yes, I revert yours, rename the macro to make its goal clearer and use it. --Pierre -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/zip php_zip.c php_zip.h /ext/zip/tests bug38943.phpt bug38944.phpt oo_extract.phpt
pajoye Tue Oct 31 14:27:09 2006 UTC Modified files: /php-src/ext/zipphp_zip.c php_zip.h /php-src/ext/zip/tests bug38943.phpt bug38944.phpt oo_extract.phpt Log: - initial unicode support . entry names will be converted to ascii. zip works with cp437 when 7zip support will be added, unicode string will be supported . path and filenames are now encoded using php_stream_path_param_encode if the filename/path is used as entry name, it is converted to ascii . the stream (getStream and zip://) needs some tweak. I'm not sure if it should return unicode or binary, neither how to change the default. For now it returns unicode (seems to be the default :) comments/suggestions welcome http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.22r2=1.23diff_format=u Index: php-src/ext/zip/php_zip.c diff -u php-src/ext/zip/php_zip.c:1.22 php-src/ext/zip/php_zip.c:1.23 --- php-src/ext/zip/php_zip.c:1.22 Mon Oct 30 23:00:54 2006 +++ php-src/ext/zip/php_zip.c Tue Oct 31 14:27:09 2006 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_zip.c,v 1.22 2006/10/30 23:00:54 pajoye Exp $ */ +/* $Id: php_zip.c,v 1.23 2006/10/31 14:27:09 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -183,13 +183,13 @@ #define RETURN_SB(sb) \ { \ array_init(return_value); \ - add_assoc_string(return_value, name, (char *)(sb)-name, 1); \ - add_assoc_long(return_value, index, (long) (sb)-index); \ - add_assoc_long(return_value, crc, (long) (sb)-crc); \ - add_assoc_long(return_value, size, (long) (sb)-size); \ - add_assoc_long(return_value, mtime, (long) (sb)-mtime); \ - add_assoc_long(return_value, comp_size, (long) (sb)-comp_size); \ - add_assoc_long(return_value, comp_method, (long) (sb)-comp_method); \ + add_ascii_assoc_string(return_value, name, (char *)(sb)-name, 1); \ + add_ascii_assoc_long(return_value, index, (long) (sb)-index); \ + add_ascii_assoc_long(return_value, crc, (long) (sb)-crc); \ + add_ascii_assoc_long(return_value, size, (long) (sb)-size); \ + add_ascii_assoc_long(return_value, mtime, (long) (sb)-mtime); \ + add_ascii_assoc_long(return_value, comp_size, (long) (sb)-comp_size); \ + add_ascii_assoc_long(return_value, comp_method, (long) (sb)-comp_method); \ } /* }}} */ @@ -238,7 +238,6 @@ return NULL; } /* }}} */ - #endif /* {{{ zend_function_entry */ @@ -851,11 +850,12 @@ /* }}} */ #ifdef ZEND_ENGINE_2_1 -/* {{{ proto mixed open(string source [, int flags]) +/* {{{ proto mixed open(string source [, int flags]) U Create new zip using source uri for output, return TRUE on success or the error code */ ZIPARCHIVE_METHOD(open) { struct zip *intern; + zval **filename_zval; char *filename; int filename_len; int err = 0; @@ -865,7 +865,7 @@ zval *this = getThis(); ze_zip_object *ze_obj = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, s|l, filename, filename_len, flags) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, Z|l, filename_zval, flags) == FAILURE) { return; } @@ -874,6 +874,10 @@ ze_obj = (ze_zip_object*) zend_object_store_get_object(this TSRMLS_CC); } + if (FAILURE == php_stream_path_param_encode(filename_zval, filename, filename_len, REPORT_ERRORS, FG(default_context))) { + RETURN_FALSE; + } + if (filename_len == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Empty string as source); RETURN_FALSE; @@ -902,7 +906,7 @@ } /* }}} */ -/* {{{ proto bool close() +/* {{{ proto bool close() U close the zip archive */ ZIPARCHIVE_METHOD(close) { @@ -931,19 +935,20 @@ } /* }}} */ -/* {{{ proto bool addFile(string filepath[, string entryname[, int start [, int length]]]) +/* {{{ proto bool addFile(string filepath[, string entryname[, int start [, int length]]]) U Add a file in a Zip archive using its path and the name to use. */ ZIPARCHIVE_METHOD(addFile) { struct zip *intern; zval *this = getThis(); + zval **filename_zval; char *filename; int filename_len; char *entry_name = NULL; int entry_name_len = 0; struct zip_source *zs; long offset_start = 0, offset_len = 0; - int cur_idx; + int cur_idx, res; char resolved_path[MAXPATHLEN + 1]; if (!this) { @@ -952,19 +957,36 @@ ZIP_FROM_OBJECT(intern, this); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, s|sll, - filename, filename_len, entry_name, entry_name_len, offset_start, offset_len) ==