]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38d7ea3)
Added control character checks for cURL extension's open_basedir/safe_mode
authorIlia Alshanetsky <iliaa@php.net>
Sun, 21 May 2006 16:31:57 +0000 (16:31 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Sun, 21 May 2006 16:31:57 +0000 (16:31 +0000)
checks.

NEWS patch | blob | history
ext/curl/interface.c patch | blob | history

diff --git a/NEWS b/NEWS
index 6b8575ee487de3d670897949ee02b3b43d21583d..63bdef303fceef9ed9b9a0a240dbe885d51eb21e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2006, PHP 5.2.0
+- Added control character checks for cURL extension's open_basedir/safe_mode
+  checks. (Ilia)
 - Disable realpath cache when open_basedir or safe_mode are enabled on a 
   per-request basis. (Ilia)
 - Optimized zend_try/zend_catch macroses (eliminated memcpy()). (Dmitry)
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 62375483e0e88a13be386c4562f1a6d840bf257a..bf8b804f5c843f9239dac35204d1772c39ea7411 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -161,11 +161,16 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
            strncasecmp(str, "file:", sizeof("file:") - 1) == 0)                                                                \
        {                                                                                                                                                                                       \
                php_url *tmp_url;                                                                                                                                               \
-                                                                                                                                                                                               \
+                                                                                                                       \
                if (!(tmp_url = php_url_parse_ex(str, len))) {                                                                                  \
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid url '%s'", str);                           \
                        RETURN_FALSE;                                                                                                                                           \
                }                                                                                                                                                                               \
+                                                                                                                       \
+               if (php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {                                \
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Url '%s' contains unencoded control characters.", str);    \
+                       RETURN_FALSE;                                                                                   \
+               }                                                                                                       \
                                                                                                                                                                                                \
                if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC) ||                                                                   \
                        (PG(safe_mode) && !php_checkuid(tmp_url->path, "rb+", CHECKUID_CHECK_MODE_PARAM))       \
Unnamed repository; edit this file 'description' to name the repository.