- Fixed open_basedir circumvention for mail.log. (Maksymilian Arciemowicz,
Stas)
+- Fixed bug #49020 (phar misinterprets ustar long filename standard).
+ (Greg)
- Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed).
(Greg)
- Fixed bug #48962 (cURL does not upload files with specified filename).
break;
}
}
+ name[i++] = '/';
for (j = 0; j < 100; j++) {
name[i+j] = hdr->name[j];
if (name[i+j] == '\0') {
memset((char *) &header, 0, sizeof(header));
if (entry->filename_len > 100) {
- if (entry->filename_len > 255) {
+ char *boundary;
+ if (entry->filename_len > 256) {
if (fp->error) {
spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
}
return ZEND_HASH_APPLY_STOP;
}
- memcpy(header.prefix, entry->filename, entry->filename_len - 100);
- memcpy(header.name, entry->filename + (entry->filename_len - 100), 100);
+ boundary = entry->filename + entry->filename_len - 101;
+ while (*boundary && *boundary != '/') {
+ ++boundary;
+ }
+ if (!*boundary || ((boundary - entry->filename) > 155)) {
+ if (fp->error) {
+ spprintf(fp->error, 4096, "tar-based phar \"%s\" cannot be created, filename \"%s\" is too long for tar file format", entry->phar->fname, entry->filename);
+ }
+ return ZEND_HASH_APPLY_STOP;
+ }
+ memcpy(header.prefix, entry->filename, boundary - entry->filename);
+ memcpy(header.name, boundary + 1, entry->filename_len - (boundary + 1 - entry->filename));
} else {
memcpy(header.name, entry->filename, entry->filename_len);
}
<?php
$fname = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.tar';
$fname2 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.2.tar';
+$fname3 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.3.tar';
+$fname4 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.4.tar';
$pname = 'phar://' . $fname;
$p1 = new PharData($fname);
-$p1[str_repeat('a', 100) . 'b'] = 'hi';
-$p1[str_repeat('a', 255)] = 'hi2';
+$p1[str_repeat('a', 100) . '/b'] = 'hi';
+$p1[str_repeat('a', 155) . '/' . str_repeat('b', 100)] = 'hi2';
copy($fname, $fname2);
$p2 = new PharData($fname2);
-echo $p2[str_repeat('a', 100) . 'b']->getContent() . "\n";
-echo $p2[str_repeat('a', 255)]->getContent() . "\n";
+echo $p2[str_repeat('a', 100) . '/b']->getContent() . "\n";
+echo $p2[str_repeat('a', 155) . '/' . str_repeat('b', 100)]->getContent() . "\n";
try {
$p2[str_repeat('a', 400)] = 'yuck';
} catch (Exception $e) {
echo $e->getMessage() . "\n";
}
+
+try {
+ $p2 = new PharData($fname3);
+ $p2[str_repeat('a', 101)] = 'yuck';
+} catch (Exception $e) {
+ echo $e->getMessage() . "\n";
+}
+
+try {
+ $p2 = new PharData($fname4);
+ $p2[str_repeat('b', 160) . '/' . str_repeat('a', 90)] = 'yuck';
+} catch (Exception $e) {
+ echo $e->getMessage() . "\n";
+}
?>
===DONE===
--CLEAN--
<?php
unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.tar');
unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.2.tar');
+@unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.3.tar');
+@unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.4.tar');
?>
--EXPECTF--
hi
hi2
tar-based phar "%sbignames.2.tar" cannot be created, filename "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
+tar-based phar "%sbignames.3.tar" cannot be created, filename "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
+tar-based phar "%sbignames.4.tar" cannot be created, filename "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" is too long for tar file format
===DONE===
foreach ($p1 as $file) {
echo $file->getFileName(), "\n";
}
-echo $p1[str_repeat('a', 101)]->getContent() . "\n";
-echo $p1[str_repeat('a', 255)]->getContent() . "\n";
+echo $p1['a/' . str_repeat('a', 100)]->getContent() . "\n";
+echo $p1[str_repeat('a', 155) . '/' . str_repeat('a', 100)]->getContent() . "\n";
?>
===DONE===
unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.2.tar');
?>
--EXPECT--
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+a
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
hi
hi2
===DONE===
projects / php / commitdiff