Fix bug #71860: Require valid paths for phar filenames

diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 4b9a493926fec4e6d913722b7a94602c7850c27e..17b0affd86ff751cb8e6046d04d91435b53fc6b8 100644 (file)
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -2261,6 +2261,10 @@ int phar_split_fname(char *filename, int filename_len, char **arch, int *arch_le
 #endif
        int ext_len, free_filename = 0;
 
+       if (CHECK_NULL_PATH(filename, filename_len)) {
+               return FAILURE;
+       }
+
        if (!strncasecmp(filename, "phar://", 7)) {
                filename += 7;
                filename_len -= 7;

diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index e21a9829e3146b819e40b5119002ca62a9abe577..83ccab433582746474576da3b9ce46e26649f03b 100644 (file)
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -478,7 +478,7 @@ PHP_METHOD(Phar, mount)
        int fname_len, arch_len, entry_len, path_len, actual_len;
        phar_archive_data **pphar;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &path, &path_len, &actual, &actual_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "pp", &path, &path_len, &actual, &actual_len) == FAILURE) {
                return;
        }
 
@@ -960,7 +960,7 @@ PHP_METHOD(Phar, createDefaultStub)
        int index_len = 0, webindex_len = 0;
        size_t stub_len;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|ss", &index, &index_len, &webindex, &webindex_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|pp", &index, &index_len, &webindex, &webindex_len) == FAILURE) {
                return;
        }
 
@@ -1004,7 +1004,7 @@ PHP_METHOD(Phar, loadPhar)
        char *fname, *alias = NULL, *error;
        int fname_len, alias_len = 0;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s!", &fname, &fname_len, &alias, &alias_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|s!", &fname, &fname_len, &alias, &alias_len) == FAILURE) {
                return;
        }
 
@@ -1083,7 +1083,7 @@ PHP_METHOD(Phar, isValidPharFilename)
        int fname_len, ext_len, is_executable;
        zend_bool executable = 1;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &fname, &fname_len, &executable) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|b", &fname, &fname_len, &executable) == FAILURE) {
                return;
        }
 
@@ -1154,11 +1154,11 @@ PHP_METHOD(Phar, __construct)
        is_data = instanceof_function(Z_OBJCE_P(zobj), phar_ce_data TSRMLS_CC);
 
        if (is_data) {
-               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ls!l", &fname, &fname_len, &flags, &alias, &alias_len, &format) == FAILURE) {
+               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|ls!l", &fname, &fname_len, &flags, &alias, &alias_len, &format) == FAILURE) {
                        return;
                }
        } else {
-               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ls!", &fname, &fname_len, &flags, &alias, &alias_len) == FAILURE) {
+               if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|ls!", &fname, &fname_len, &flags, &alias, &alias_len) == FAILURE) {
                        return;
                }
        }
@@ -1326,7 +1326,7 @@ PHP_METHOD(Phar, unlinkArchive)
        int fname_len, zname_len, arch_len, entry_len;
        phar_archive_data *phar;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &fname, &fname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &fname, &fname_len) == FAILURE) {
                RETURN_FALSE;
        }
 
@@ -1756,7 +1756,7 @@ PHP_METHOD(Phar, buildFromDirectory)
                return;
        }
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &dir, &dir_len, &regex, &regex_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|s", &dir, &dir_len, &regex, &regex_len) == FAILURE) {
                RETURN_FALSE;
        }
 
@@ -2628,7 +2628,7 @@ PHP_METHOD(Phar, delete)
                return;
        }
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &fname, &fname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &fname, &fname_len) == FAILURE) {
                RETURN_FALSE;
        }
 
@@ -3440,7 +3440,7 @@ PHP_METHOD(Phar, copy)
 
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &oldfile, &oldfile_len, &newfile, &newfile_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "pp", &oldfile, &oldfile_len, &newfile, &newfile_len) == FAILURE) {
                return;
        }
 
@@ -3546,7 +3546,7 @@ PHP_METHOD(Phar, offsetExists)
 
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &fname, &fname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &fname, &fname_len) == FAILURE) {
                return;
        }
 
@@ -3583,7 +3583,7 @@ PHP_METHOD(Phar, offsetGet)
        phar_entry_info *entry;
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &fname, &fname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &fname, &fname_len) == FAILURE) {
                return;
        }
 
@@ -3731,8 +3731,8 @@ PHP_METHOD(Phar, offsetSet)
                return;
        }
 
-       if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "sr", &fname, &fname_len, &zresource) == FAILURE
-       && zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &fname, &fname_len, &cont_str, &cont_len) == FAILURE) {
+       if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "pr", &fname, &fname_len, &zresource) == FAILURE
+       && zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ps", &fname, &fname_len, &cont_str, &cont_len) == FAILURE) {
                return;
        }
 
@@ -3770,7 +3770,7 @@ PHP_METHOD(Phar, offsetUnset)
                return;
        }
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &fname, &fname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &fname, &fname_len) == FAILURE) {
                return;
        }
 
@@ -3817,7 +3817,7 @@ PHP_METHOD(Phar, addEmptyDir)
 
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &dirname, &dirname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &dirname, &dirname_len) == FAILURE) {
                return;
        }
 
@@ -3842,7 +3842,7 @@ PHP_METHOD(Phar, addFile)
 
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s", &fname, &fname_len, &localname, &localname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|s", &fname, &fname_len, &localname, &localname_len) == FAILURE) {
                return;
        }
 
@@ -3886,7 +3886,7 @@ PHP_METHOD(Phar, addFromString)
 
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &localname, &localname_len, &cont_str, &cont_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ps", &localname, &localname_len, &cont_str, &cont_len) == FAILURE) {
                return;
        }
 
@@ -4313,7 +4313,7 @@ PHP_METHOD(Phar, extractTo)
 
        PHAR_ARCHIVE_OBJECT();
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|z!b", &pathto, &pathto_len, &zval_files, &overwrite) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|z!b", &pathto, &pathto_len, &zval_files, &overwrite) == FAILURE) {
                return;
        }
 
@@ -4452,7 +4452,7 @@ PHP_METHOD(PharFileInfo, __construct)
        phar_archive_data *phar_data;
        zval *zobj = getThis(), arg1;
 
-       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &fname, &fname_len) == FAILURE) {
+       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &fname, &fname_len) == FAILURE) {
                return;
        }
 

diff --git a/ext/phar/tests/badparameters.phpt b/ext/phar/tests/badparameters.phpt
index 317969799aa9cd3d9d97cbaaba17956c9c3d6103..c33426e9d9a24e9346b0a48b99f12ebd14fdb27c 100644 (file)
--- a/ext/phar/tests/badparameters.phpt
+++ b/ext/phar/tests/badparameters.phpt
@@ -126,19 +126,19 @@ echo $e->getMessage() . "\n";
 --EXPECTF--
 Warning: Phar::mungServer() expects parameter 1 to be array, %string given in %sbadparameters.php on line %d
 
-Warning: Phar::createDefaultStub() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::createDefaultStub() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
-Warning: Phar::loadPhar() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::loadPhar() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
 Warning: Phar::canCompress() expects parameter 1 to be long, %string given in %sbadparameters.php on line %d
 
-Warning: Phar::__construct() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::__construct() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
 Warning: Phar::convertToExecutable() expects parameter 1 to be long, array given in %sbadparameters.php on line %d
 
 Warning: Phar::convertToData() expects parameter 1 to be long, array given in %sbadparameters.php on line %d
 
-Warning: PharData::delete() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: PharData::delete() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 Cannot write out phar archive, phar is read-only
 Entry oops does not exist and cannot be deleted
 %sfiles/frontcontroller10.phar
@@ -165,18 +165,18 @@ Phar is readonly, cannot change compression
 Warning: Phar::copy() expects exactly 2 parameters, 1 given in %sbadparameters.php on line %d
 Cannot copy "a" to "b", phar is read-only
 
-Warning: Phar::offsetExists() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::offsetExists() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
-Warning: Phar::offsetGet() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::offsetGet() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
 Warning: Phar::offsetSet() expects exactly 2 parameters, 1 given in %sbadparameters.php on line %d
 
-Warning: PharData::offsetUnset() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: PharData::offsetUnset() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 Write operations disabled by the php.ini setting phar.readonly
 
-Warning: Phar::addEmptyDir() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::addEmptyDir() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
-Warning: Phar::addFile() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d
+Warning: Phar::addFile() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d
 
 Warning: Phar::addFromString() expects exactly 2 parameters, 1 given in %sbadparameters.php on line %d
 Write operations disabled by the php.ini setting phar.readonly

diff --git a/ext/phar/tests/bug64931/bug64931.phpt b/ext/phar/tests/bug64931/bug64931.phpt
index 9c1f9dcaf1da5a53e306fe42a8eec52d916a8303..29e0c7b4e325f78c21183b20f0a9f4b36f442a7e 100644 (file)
--- a/ext/phar/tests/bug64931/bug64931.phpt
+++ b/ext/phar/tests/bug64931/bug64931.phpt
@@ -48,11 +48,12 @@ try {
 <?php
 @unlink(__DIR__."/bug64931.phar");
 ?>
---EXPECT--
+--EXPECTF--
 Test
 CAUGHT: Cannot create any files in magic ".phar" directory
 CAUGHT: Cannot create any files in magic ".phar" directory
 CAUGHT: Cannot create any files in magic ".phar" directory
 CAUGHT: Cannot create any files in magic ".phar" directory
-CAUGHT: Cannot create any files in magic ".phar" directory
+
+Warning: Phar::addFromString() expects parameter 1 to be a valid path, string given in %s/bug64931.php on line %d
 ===DONE===
\ No newline at end of file

diff --git a/ext/phar/tests/create_path_error.phpt b/ext/phar/tests/create_path_error.phpt
index 886ba81925a1989a6d421cb13f913b25f5b8df39..d457deb22decd0a05f007c572222d82a424b90fb 100644 (file)
--- a/ext/phar/tests/create_path_error.phpt
+++ b/ext/phar/tests/create_path_error.phpt
@@ -80,6 +80,5 @@ string(5) "query"
 11:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character
 12:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character
 13:Error: file_put_contents(phar:///%s): failed to open stream: phar error: invalid path "%s" contains illegal character
-Exception: Entry a does not exist and cannot be created: phar error: invalid path "a" contains illegal character
-===DONE===
+Error: Phar::offsetSet() expects parameter 1 to be a valid path, string given===DONE===
 

diff --git a/ext/phar/tests/phar_extract.phpt b/ext/phar/tests/phar_extract.phpt
index 01d65f9091de09ffe2b0be48c03342ce0647a549..2ff4a78f7427add1b16baa7358aa12f24ef9bf44 100644 (file)
--- a/ext/phar/tests/phar_extract.phpt
+++ b/ext/phar/tests/phar_extract.phpt
@@ -138,7 +138,7 @@ string(3) "hi2"
 bool(false)
 Invalid argument, expected a filename (string) or array of filenames
 
-Warning: Phar::extractTo() expects parameter 1 to be %string, array given in %sphar_extract.php on line %d
+Warning: Phar::extractTo() expects parameter 1 to be a valid path, array given in %sphar_extract.php on line %d
 Invalid argument, extraction path must be non-zero length
 Unable to use path "%soops" for extraction, it is a file, must be a directory
 Invalid argument, array of filenames to extract contains non-string value

diff --git a/ext/phar/tests/phar_isvalidpharfilename.phpt b/ext/phar/tests/phar_isvalidpharfilename.phpt
index dee9b7dc03e0a37cefc2a8f2ece98a206bf1780a..da07bec2876f0069448032d622ffef31580cb39a 100644 (file)
--- a/ext/phar/tests/phar_isvalidpharfilename.phpt
+++ b/ext/phar/tests/phar_isvalidpharfilename.phpt
@@ -76,7 +76,7 @@ var_dump(Phar::isValidPharFilename('dir.phar.php', false));
 <?php
 rmdir(dirname(__FILE__) . '/.phar');
 --EXPECTF--
-Warning: Phar::isValidPharFilename() expects parameter 1 to be %string, array given in %sphar_isvalidpharfilename.php on line %d
+Warning: Phar::isValidPharFilename() expects parameter 1 to be a valid path, array given in %sphar_isvalidpharfilename.php on line %d
 *
 bool(false)
 bool(false)

diff --git a/ext/phar/tests/phar_unlinkarchive.phpt b/ext/phar/tests/phar_unlinkarchive.phpt
index 4800c5272d9460d0ee5651f49df8b24e8489961b..2f441bace507da6fb72c00558ee972e58de1ed66 100644 (file)
--- a/ext/phar/tests/phar_unlinkarchive.phpt
+++ b/ext/phar/tests/phar_unlinkarchive.phpt
@@ -90,7 +90,7 @@ Unknown phar archive ""
 Unknown phar archive "%sphar_unlinkarchive.phar"
 Unknown phar archive "%sphar_unlinkarchive.phar.tar": internal corruption of phar "%sphar_unlinkarchive.phar.tar" (truncated entry)
 
-Warning: Phar::unlinkArchive() expects parameter 1 to be %string, array given in %sphar_unlinkarchive.php on line %d
+Warning: Phar::unlinkArchive() expects parameter 1 to be a valid path, array given in %sphar_unlinkarchive.php on line %d
 bool(false)
 string(48) "<?php echo "first stub\n"; __HALT_COMPILER(); ?>"
 phar archive "%sphar_unlinkarchive.phar" has open file handles or objects.  fclose() all file handles, and unset() all objects prior to calling unlinkArchive()

diff --git a/ext/phar/tests/pharfileinfo_construct.phpt b/ext/phar/tests/pharfileinfo_construct.phpt
index 2610095e6e18be8971eb1191d673e2ea651dd175..6a41a52a308ca6f6b4825955f28beaf92c73064a 100644 (file)
--- a/ext/phar/tests/pharfileinfo_construct.phpt
+++ b/ext/phar/tests/pharfileinfo_construct.phpt
@@ -47,7 +47,7 @@ echo $e->getMessage() . "\n";
 --EXPECTF--
 Cannot open phar file 'phar://%spharfileinfo_construct.phar/oops': internal corruption of phar "%spharfileinfo_construct.phar" (truncated entry)
 
-Warning: PharFileInfo::__construct() expects parameter 1 to be %string, array given in %spharfileinfo_construct.php on line %d
+Warning: PharFileInfo::__construct() expects parameter 1 to be a valid path, array given in %spharfileinfo_construct.php on line %d
 Cannot access phar file entry '/oops/I/do/not/exist' in archive '%spharfileinfo_construct.phar'
 Cannot call constructor twice
 '%spharfileinfo_construct.php' is not a valid phar archive URL (must have at least phar://filename.phar)