dmitry Mon Aug 4 07:20:44 2008 UTC Modified files: /php-src/sapi/cgi cgi_main.c /php-src/main fopen_wrappers.c Log: Removed shebang line check from CGI sapi (it is checked by scanner) http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.358&r2=1.359&diff_format=u Index: php-src/sapi/cgi/cgi_main.c diff -u php-src/sapi/cgi/cgi_main.c:1.358 php-src/sapi/cgi/cgi_main.c:1.359 --- php-src/sapi/cgi/cgi_main.c:1.358 Tue Jul 15 13:38:56 2008 +++ php-src/sapi/cgi/cgi_main.c Mon Aug 4 07:20:44 2008 @@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: cgi_main.c,v 1.358 2008/07/15 13:38:56 dmitry Exp $ */ +/* $Id: cgi_main.c,v 1.359 2008/08/04 07:20:44 dmitry Exp $ */ #include "php.h" #include "php_globals.h" @@ -150,7 +150,6 @@ typedef struct _php_cgi_globals_struct { zend_bool rfc2616_headers; zend_bool nph; - zend_bool check_shebang_line; zend_bool fix_pathinfo; zend_bool force_redirect; zend_bool discard_path; @@ -1294,7 +1293,6 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("cgi.rfc2616_headers", "0", PHP_INI_ALL, OnUpdateBool, rfc2616_headers, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY("cgi.nph", "0", PHP_INI_ALL, OnUpdateBool, nph, php_cgi_globals_struct, php_cgi_globals) - STD_PHP_INI_ENTRY("cgi.check_shebang_line", "1", PHP_INI_SYSTEM, OnUpdateBool, check_shebang_line, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY("cgi.force_redirect", "1", PHP_INI_SYSTEM, OnUpdateBool, force_redirect, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY("cgi.redirect_status_env", NULL, PHP_INI_SYSTEM, OnUpdateString, redirect_status_env, php_cgi_globals_struct, php_cgi_globals) STD_PHP_INI_ENTRY("cgi.fix_pathinfo", "1", PHP_INI_SYSTEM, OnUpdateBool, fix_pathinfo, php_cgi_globals_struct, php_cgi_globals) @@ -1311,7 +1309,6 @@ { php_cgi_globals->rfc2616_headers = 0; php_cgi_globals->nph = 0; - php_cgi_globals->check_shebang_line = 1; php_cgi_globals->force_redirect = 1; php_cgi_globals->redirect_status_env = NULL; php_cgi_globals->fix_pathinfo = 1; @@ -1378,7 +1375,6 @@ int exit_status = SUCCESS; int cgi = 0, c, i, len; zend_file_handle file_handle; - int retval = FAILURE; char *s; /* temporary locals */ @@ -1949,65 +1945,37 @@ 1. we are running from shell and got filename was there 2. we are running as cgi or fastcgi */ - retval = FAILURE; if (cgi || SG(request_info).path_translated) { - if (!php_check_open_basedir(SG(request_info).path_translated TSRMLS_CC)) { - retval = php_fopen_primary_script(&file_handle TSRMLS_CC); - } - } - /* - if we are unable to open path_translated and we are not - running from shell (so fp == NULL), then fail. - */ - if (retval == FAILURE && file_handle.handle.fp == NULL) { - if (errno == EACCES) { - SG(sapi_headers).http_response_code = 403; - PUTS("Access denied.\n"); - } else { - SG(sapi_headers).http_response_code = 404; - PUTS("No input file specified.\n"); - } - /* we want to serve more requests if this is fastcgi - so cleanup and continue, request shutdown is - handled later */ - if (fastcgi) { - goto fastcgi_request_done; - } + if (php_fopen_primary_script(&file_handle TSRMLS_CC) == FAILURE) { + if (errno == EACCES) { + SG(sapi_headers).http_response_code = 403; + PUTS("Access denied.\n"); + } else { + SG(sapi_headers).http_response_code = 404; + PUTS("No input file specified.\n"); + } + /* we want to serve more requests if this is fastcgi + so cleanup and continue, request shutdown is + handled later */ + if (fastcgi) { + goto fastcgi_request_done; + } - STR_FREE(SG(request_info).path_translated); + STR_FREE(SG(request_info).path_translated); - if (free_query_string && SG(request_info).query_string) { - free(SG(request_info).query_string); - SG(request_info).query_string = NULL; - } + if (free_query_string && SG(request_info).query_string) { + free(SG(request_info).query_string); + SG(request_info).query_string = NULL; + } - php_request_shutdown((void *) 0); - SG(server_context) = NULL; - php_module_shutdown(TSRMLS_C); - sapi_shutdown(); + php_request_shutdown((void *) 0); + SG(server_context) = NULL; + php_module_shutdown(TSRMLS_C); + sapi_shutdown(); #ifdef ZTS - tsrm_shutdown(); + tsrm_shutdown(); #endif - return FAILURE; - } - - if (CGIG(check_shebang_line) && file_handle.handle.fp && (file_handle.handle.fp != stdin)) { - /* #!php support */ - c = fgetc(file_handle.handle.fp); - if (c == '#') { - while (c != '\n' && c != '\r') { - c = fgetc(file_handle.handle.fp); /* skip to end of line */ - } - /* handle situations where line is terminated by \r\n */ - if (c == '\r') { - if (fgetc(file_handle.handle.fp) != '\n') { - long pos = ftell(file_handle.handle.fp); - fseek(file_handle.handle.fp, pos - 1, SEEK_SET); - } - } - CG(start_lineno) = 2; - } else { - rewind(file_handle.handle.fp); + return FAILURE; } } http://cvs.php.net/viewvc.cgi/php-src/main/fopen_wrappers.c?r1=1.207&r2=1.208&diff_format=u Index: php-src/main/fopen_wrappers.c diff -u php-src/main/fopen_wrappers.c:1.207 php-src/main/fopen_wrappers.c:1.208 --- php-src/main/fopen_wrappers.c:1.207 Mon Jul 21 08:42:35 2008 +++ php-src/main/fopen_wrappers.c Mon Aug 4 07:20:44 2008 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: fopen_wrappers.c,v 1.207 2008/07/21 08:42:35 dmitry Exp $ */ +/* $Id: fopen_wrappers.c,v 1.208 2008/08/04 07:20:44 dmitry Exp $ */ /* {{{ includes */ @@ -334,12 +334,9 @@ */ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) { - FILE *fp; -#ifndef PHP_WIN32 - struct stat st; -#endif char *path_info, *filename; int length; + zend_bool orig_display_errors; filename = SG(request_info).path_translated; path_info = SG(request_info).request_uri; @@ -406,6 +403,8 @@ } } /* if doc_root && path_info */ + filename = zend_resolve_path(filename, strlen(filename) TSRMLS_CC); + if (!filename) { /* we have to free SG(request_info).path_translated here because * php_destroy_request_info assumes that it will get @@ -414,31 +413,20 @@ STR_FREE(SG(request_info).path_translated); SG(request_info).path_translated = NULL; return FAILURE; + } else { + STR_FREE(SG(request_info).path_translated); + SG(request_info).path_translated = filename; } - fp = VCWD_FOPEN(filename, "rb"); - -#ifndef PHP_WIN32 - /* refuse to open anything that is not a regular file */ - if (fp && (0 > fstat(fileno(fp), &st) || !S_ISREG(st.st_mode))) { - fclose(fp); - fp = NULL; - } -#endif - if (!fp) { + orig_display_errors = PG(display_errors); + PG(display_errors) = 0; + if (zend_stream_open(filename, file_handle TSRMLS_CC) == FAILURE) { + PG(display_errors) = orig_display_errors; STR_FREE(SG(request_info).path_translated); /* for same reason as above */ SG(request_info).path_translated = NULL; return FAILURE; } - - file_handle->opened_path = expand_filepath(filename, NULL TSRMLS_CC); - - SG(request_info).path_translated = filename; - - file_handle->filename = SG(request_info).path_translated; - file_handle->free_filename = 0; - file_handle->handle.fp = fp; - file_handle->type = ZEND_HANDLE_FP; + PG(display_errors) = orig_display_errors; return SUCCESS; }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php