[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
shm Tue, 14 Feb 2012 14:14:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323213 Log: * fixed bug #60704 unlink() bug with some files path Reviewed by: rasmus@ Bug: https://bugs.php.net/60704 (Assigned) unlink() bug with some files path Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2012-02-14 13:31:23 UTC (rev 323212) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2012-02-14 14:14:30 UTC (rev 323213) @@ -1010,9 +1010,12 @@ static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, int flags, php_stream_statbuf *ssb, php_stream_context *context TSRMLS_DC) { + char *p; - if (strncmp(url, file://, sizeof(file://) - 1) == 0) { - url += sizeof(file://) - 1; + if ((p = strstr(url, ://)) != NULL) { + if (p strchr(url, '/')) { + url = p + 3; + } } if (PG(safe_mode) (!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) { @@ -1045,7 +1048,9 @@ int ret; if ((p = strstr(url, ://)) != NULL) { - url = p + 3; + if (p strchr(url, '/')) { + url = p + 3; + } } if (options ENFORCE_SAFE_MODE) { @@ -1093,11 +1098,15 @@ #endif if ((p = strstr(url_from, ://)) != NULL) { - url_from = p + 3; + if (p strchr(url_from, '/')) { + url_from = p + 3; + } } if ((p = strstr(url_to, ://)) != NULL) { - url_to = p + 3; + if (p strchr(url_to, '/')) { + url_to = p + 3; + } } if (PG(safe_mode) (!php_checkuid(url_from, NULL, CHECKUID_CHECK_FILE_AND_DIR) || @@ -1168,7 +1177,9 @@ char *p; if ((p = strstr(dir, ://)) != NULL) { - dir = p + 3; + if (p strchr(dir, '/')) { + dir = p + 3; + } } if (!recursive) { Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2012-02-14 13:31:23 UTC (rev 323212) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2012-02-14 14:14:30 UTC (rev 323213) @@ -1001,9 +1001,12 @@ static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, int flags, php_stream_statbuf *ssb, php_stream_context *context TSRMLS_DC) { + char *p; - if (strncmp(url, file://, sizeof(file://) - 1) == 0) { - url += sizeof(file://) - 1; + if ((p = strstr(url, ://)) != NULL) { + if (p strchr(url, '/')) { + url = p + 3; + } } if (php_check_open_basedir_ex(url, (flags PHP_STREAM_URL_STAT_QUIET) ? 0 : 1 TSRMLS_CC)) { @@ -1032,7 +1035,9 @@ int ret; if ((p = strstr(url, ://)) != NULL) { - url = p + 3; + if (p strchr(url, '/')) { + url = p + 3; + } } if (php_check_open_basedir(url TSRMLS_CC)) { @@ -1074,11 +1079,15 @@ #endif if ((p = strstr(url_from, ://)) != NULL) { - url_from = p + 3; + if (p strchr(url_from, '/')) { + url_from = p + 3; + } } if ((p = strstr(url_to, ://)) != NULL) { - url_to = p + 3; + if (p strchr(url_to, '/')) { + url_to = p + 3; + } } if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) { @@ -1144,7 +1153,9 @@ char *p; if ((p = strstr(dir, ://)) != NULL) { - dir = p + 3; + if (p strchr(dir, '/')) { + dir = p + 3; + } } if (!recursive) { @@ -1273,7 +1284,9 @@ #endif if ((p = strstr(url, ://)) != NULL) { - url = p + 3; + if (p strchr(url, '/')) { + url = p + 3; + } } if (php_check_open_basedir(url TSRMLS_CC)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
pajoye Thu, 20 Jan 2011 07:38:00 + Revision: http://svn.php.net/viewvc?view=revisionrevision=307619 Log: - don't continue if no valid option value Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2011-01-20 07:05:34 UTC (rev 307618) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2011-01-20 07:38:00 UTC (rev 307619) @@ -713,6 +713,8 @@ acc = FILE_MAP_READ | FILE_MAP_WRITE; /* TODO: we should assign a name for the mapping */ break; + default: + return PHP_STREAM_OPTION_RETURN_ERR; } /* create a mapping capable of viewing the whole file (this costs no real resources) */ Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2011-01-20 07:05:34 UTC (rev 307618) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2011-01-20 07:38:00 UTC (rev 307619) @@ -713,6 +713,8 @@ acc = FILE_MAP_READ | FILE_MAP_WRITE; /* TODO: we should assign a name for the mapping */ break; + default: + return PHP_STREAM_OPTION_RETURN_ERR; } /* create a mapping capable of viewing the whole file (this costs no real resources) */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/PHP_5_3/main/streams/ plain_wrapper.c
pajoye Wed, 01 Sep 2010 10:13:46 + Revision: http://svn.php.net/viewvc?view=revisionrevision=302969 Log: - sb needed only in safemode Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-09-01 10:03:06 UTC (rev 302968) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-09-01 10:13:46 UTC (rev 302969) @@ -1306,7 +1306,6 @@ char *pathbuf, *ptr, *end; char *exec_fname; char trypath[MAXPATHLEN]; - struct stat sb; php_stream *stream; int path_length; int filename_length; @@ -1448,6 +1447,8 @@ } if (PG(safe_mode)) { + struct stat sb; + if (VCWD_STAT(trypath, sb) == 0) { /* file exists ... check permission */ if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
pajoye Wed, 01 Sep 2010 10:16:48 + Revision: http://svn.php.net/viewvc?view=revisionrevision=302970 Log: - WS Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-09-01 10:13:46 UTC (rev 302969) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-09-01 10:16:48 UTC (rev 302970) @@ -1147,7 +1147,7 @@ #else php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, %s, strerror(errno)); #endif -return 0; + return 0; } /* Clear stat cache (and realpath cache) */ @@ -1229,7 +1229,7 @@ if (*p == '\0') { *p = DEFAULT_SLASH; if ((*(p+1) != '\0') - (ret = VCWD_MKDIR(buf, (mode_t)mode)) 0) { + (ret = VCWD_MKDIR(buf, (mode_t)mode)) 0) { if (options REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, %s, strerror(errno)); } Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2010-09-01 10:13:46 UTC (rev 302969) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2010-09-01 10:16:48 UTC (rev 302970) @@ -1117,7 +1117,7 @@ #else php_error_docref2(NULL TSRMLS_CC, url_from, url_to, E_WARNING, %s, strerror(errno)); #endif -return 0; + return 0; } /* Clear stat cache (and realpath cache) */ @@ -1199,7 +1199,7 @@ if (*p == '\0') { *p = DEFAULT_SLASH; if ((*(p+1) != '\0') - (ret = VCWD_MKDIR(buf, (mode_t)mode)) 0) { + (ret = VCWD_MKDIR(buf, (mode_t)mode)) 0) { if (options REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, %s, strerror(errno)); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
pajoye Sun, 21 Feb 2010 17:44:25 + Revision: http://svn.php.net/viewvc?view=revisionrevision=295308 Log: - get the right error on windows Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-02-21 17:34:25 UTC (rev 295307) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-02-21 17:44:25 UTC (rev 295308) @@ -866,6 +866,10 @@ dir = VCWD_OPENDIR(path); #ifdef PHP_WIN32 + if (!dir) { + php_win32_docref2_from_error(GetLastError(), path, path TSRMLS_CC); + } + if (dir dir-finished) { closedir(dir); dir = NULL; Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2010-02-21 17:34:25 UTC (rev 295307) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2010-02-21 17:44:25 UTC (rev 295308) @@ -863,6 +863,10 @@ dir = VCWD_OPENDIR(path); #ifdef PHP_WIN32 + if (!dir) { + php_win32_docref2_from_error(GetLastError(), path, path TSRMLS_CC); + } + if (dir dir-finished) { closedir(dir); dir = NULL; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
pajoye Wed, 27 Jan 2010 01:18:43 + Revision: http://svn.php.net/viewvc?view=revisionrevision=294069 Log: - prevent bad things to happen when invalid path are passed to MoveFileEx Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-01-27 00:59:33 UTC (rev 294068) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-01-27 01:18:43 UTC (rev 294069) @@ -38,6 +38,10 @@ #endif #include SAPI.h +#ifdef PHP_WIN32 +# include ext/standard/php_string.h +#endif + #include php_streams_int.h #define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC) @@ -1060,6 +1064,28 @@ return 0; } +#ifdef PHP_WIN32 + /* Prevent bad things to happen when passing ' ' to MoveFileEx */ + { + int url_from_len = strlen(url_from); + int url_to_len = strlen(url_to); + char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC); + int trimed_len = strlen(trimed); + + if (trimed_len == 0 || trimed_len != url_from_len) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } + + trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC); + trimed_len = strlen(trimed); + if (trimed_len == 0 || trimed_len != url_to_len) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } + } +#endif + if ((p = strstr(url_from, ://)) != NULL) { url_from = p + 3; } @@ -1076,7 +1102,7 @@ if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) { return 0; } - +__debugbreak(); ret = VCWD_RENAME(url_from, url_to); if (ret == -1) { Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2010-01-27 00:59:33 UTC (rev 294068) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2010-01-27 01:18:43 UTC (rev 294069) @@ -1042,6 +1042,28 @@ return 0; } +#ifdef PHP_WIN32 + /* Prevent bad things to happen when passing ' ' to MoveFileEx */ + { + int url_from_len = strlen(url_from); + int url_to_len = strlen(url_to); + char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC); + int trimed_len = strlen(trimed); + + if (trimed_len == 0 || trimed_len != url_from_len) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } + + trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC); + trimed_len = strlen(trimed); + if (trimed_len == 0 || trimed_len != url_to_len) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } + } +#endif + if ((p = strstr(url_from, ://)) != NULL) { url_from = p + 3; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
pajoye Wed, 27 Jan 2010 02:03:41 + Revision: http://svn.php.net/viewvc?view=revisionrevision=294070 Log: - removed debug breakpoint and improve inline comment Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-01-27 01:18:43 UTC (rev 294069) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2010-01-27 02:03:41 UTC (rev 294070) @@ -1065,7 +1065,7 @@ } #ifdef PHP_WIN32 - /* Prevent bad things to happen when passing ' ' to MoveFileEx */ + /* Prevent bad things to happen when invalid path are used with MoveFileEx */ { int url_from_len = strlen(url_from); int url_to_len = strlen(url_to); @@ -1102,7 +1102,7 @@ if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) { return 0; } -__debugbreak(); + ret = VCWD_RENAME(url_from, url_to); if (ret == -1) { Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2010-01-27 01:18:43 UTC (rev 294069) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2010-01-27 02:03:41 UTC (rev 294070) @@ -1043,7 +1043,7 @@ } #ifdef PHP_WIN32 - /* Prevent bad things to happen when passing ' ' to MoveFileEx */ + /* Prevent bad things to happen when invalid path are used with MoveFileEx */ { int url_from_len = strlen(url_from); int url_to_len = strlen(url_to); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/branches/ PHP_5_3/main/streams/plain_wrapper.c PHP_5_3_1/NEWS PHP_5_3_1/main/streams/plain_wrapper.c
johannes Thu, 12 Nov 2009 15:05:03 + Revision: http://svn.php.net/viewvc?view=revisionrevision=290578 Log: Fix #50063 (safe_mode_include_dir fails) Bug: http://bugs.php.net/50063 (Open) safe_mode_include_dir fails Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/branches/PHP_5_3_1/NEWS U php/php-src/branches/PHP_5_3_1/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2009-11-12 14:28:14 UTC (rev 290577) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2009-11-12 15:05:03 UTC (rev 290578) @@ -988,6 +988,10 @@ return NULL; } + if ((php_check_safe_mode_include_dir(path TSRMLS_CC)) == 0) { + return php_stream_fopen_rel(path, mode, opened_path, options); + } + if ((options ENFORCE_SAFE_MODE) PG(safe_mode) (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; Modified: php/php-src/branches/PHP_5_3_1/NEWS === --- php/php-src/branches/PHP_5_3_1/NEWS 2009-11-12 14:28:14 UTC (rev 290577) +++ php/php-src/branches/PHP_5_3_1/NEWS 2009-11-12 15:05:03 UTC (rev 290578) @@ -1,8 +1,9 @@ PHPNEWS ||| ?? ??? 2009, PHP 5.3.1 RC4 +- Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at + elmerot dot se) - 03 Nov 2009, PHP 5.3.1 RC3 - Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 100 by default, to prevent possible @@ -10,7 +11,7 @@ - Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) -- Fuxed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). +- Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). (Pierre) - Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe) Modified: php/php-src/branches/PHP_5_3_1/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3_1/main/streams/plain_wrapper.c 2009-11-12 14:28:14 UTC (rev 290577) +++ php/php-src/branches/PHP_5_3_1/main/streams/plain_wrapper.c 2009-11-12 15:05:03 UTC (rev 290578) @@ -988,6 +988,10 @@ return NULL; } + if ((php_check_safe_mode_include_dir(path TSRMLS_CC)) == 0) { + return php_stream_fopen_rel(path, mode, opened_path, options); + } + if ((options ENFORCE_SAFE_MODE) PG(safe_mode) (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php