Fix #70362: Can't copy() large 'data://' with open_basedir

open_basedir is only relevant for plain files, so there is no need to
check it for other URL wrappers.

diff --git a/NEWS b/NEWS
index 2c8da20466cdebd120a9635ae0ce1a8ec83320d1..57b389921573f05362853a471075784fe0812e28 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ PHP                                                                        NEWS
 - FTP:
   . Fixed bug #55857 (ftp_size on large files). (cmb)
 
+- Standard:
+  . Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
+
 ?? ??? ????, PHP 7.3.20
 
 - Core:

diff --git a/ext/standard/file.c b/ext/standard/file.c
index b2c9ca06f2169f48323b40578b09cb71e5ecd919..dca9cf4fe33c83106c0864cc591a3d07795dd03d 100644 (file)
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1669,7 +1669,7 @@ PHP_FUNCTION(copy)
                Z_PARAM_RESOURCE_EX(zcontext, 1, 0)
        ZEND_PARSE_PARAMETERS_END();
 
-       if (php_check_open_basedir(source)) {
+       if (php_stream_locate_url_wrapper(source, NULL, 0) == &php_plain_files_wrapper && php_check_open_basedir(source)) {
                RETURN_FALSE;
        }
 

diff --git a/ext/standard/tests/streams/bug70362.phpt b/ext/standard/tests/streams/bug70362.phpt
new file mode 100644 (file)
index 0000000..3fbc3fe
--- /dev/null
+++ b/ext/standard/tests/streams/bug70362.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #70362 (Can't copy() large 'data://' with open_basedir)
+--INI--
+open_basedir=.
+--FILE--
+<?php
+$temp = tempnam(__DIR__, 'test');
+$data = str_repeat('0', 4096);
+$data = 'data://plain/text;base64,' . base64_encode($data);
+var_dump(copy($data, $temp));
+echo file_get_contents($temp);
+?>
+--EXPECT--
+bool(true)
+0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000