$a = new Phar($fname);
$a['index.php'] = '<?php
Phar::mount("testit", dirname(Phar::running(0)) . "/testit");
+echo file_get_contents(Phar::running(1) . "/testit/extfile.php"), "\n";
+echo file_get_contents(Phar::running(1) . "/testit/directory"), "\n";
+echo file_get_contents(Phar::running(1) . "/testit/existing.txt"), "\n";
include "testit/extfile.php";
include "testit/extfile2.php";
?>';
+$a['testit/existing.txt'] = 'oops';
$a->setStub('<?php
set_include_path("phar://" . __FILE__);
include "index.php";
__HALT_COMPILER();');
unset($a);
mkdir(dirname(__FILE__) . '/testit');
+mkdir(dirname(__FILE__) . '/testit/directory');
file_put_contents(dirname(__FILE__) . '/testit/extfile.php', '<?php
var_dump(__FILE__);
?>');
foreach ($out as $b) {
echo "$b\n";
}
+try {
+Phar::mount($pname . '/testit', 'another\\..\\mistake');
+} catch (Exception $e) {
+echo $e->getMessage(), "\n";
+}
+try {
+Phar::mount($pname . '/notfound', dirname(__FILE__) . '/this/does/not/exist');
+} catch (Exception $e) {
+echo $e->getMessage(), "\n";
+}
+try {
+Phar::mount($pname . '/testit', dirname(__FILE__));
+} catch (Exception $e) {
+echo $e->getMessage(), "\n";
+}
+try {
+Phar::mount($pname . '/testit/extfile.php', dirname(__FILE__));
+} catch (Exception $e) {
+echo $e->getMessage(), "\n";
+}
?>
===DONE===
--CLEAN--
@unlink(dirname(__FILE__) . '/tempmanifest1.phar.php');
@unlink(dirname(__FILE__) . '/testit/extfile.php');
@unlink(dirname(__FILE__) . '/testit/extfile2.php');
+@rmdir(dirname(__FILE__) . '/testit/directory');
@rmdir(dirname(__FILE__) . '/testit');
?>
--EXPECTF--
string(%d) "%sextfile.php"
+<?php
+var_dump(__FILE__);
+?>
+
+Warning: file_get_contents(phar://%stempmanifest1.phar.php/testit/directory): failed to open stream: phar error: path "testit/directory" is a directory in phar://%stempmanifest1.phar.php/index.php on line %d
+
+oops
string(%d) "phar://%sextfile.php"
string(%d) "phar://%sextfile2.php"
.
..
+directory
extfile.php
extfile2.php
+phar://%stempmanifest1.phar.php/testit%cdirectory
phar://%stempmanifest1.phar.php/testit%cextfile.php
phar://%stempmanifest1.phar.php/testit%cextfile2.php
+Mounting of /testit to another\..\mistake within phar %stempmanifest1.phar.php failed
+Mounting of /notfound to %stests/this/does/not/exist within phar %stempmanifest1.phar.php failed
+Mounting of /testit to %stests within phar %stests/tempmanifest1.phar.php failed
+Mounting of /testit/extfile.php to %stests within phar %stests/tempmanifest1.phar.php failed
===DONE===
\ No newline at end of file
{
phar_entry_info entry = {0};
php_stream_statbuf ssb;
+ int is_phar;
const char *err;
if (phar_path_check(&path, &path_len, &err) > pcr_is_ok) {
return FAILURE;
}
+ is_phar = (filename_len > 7 && !memcmp(filename, "phar://", 7));
entry.phar = phar;
entry.filename = estrndup(path, path_len);
phar_unixify_path_separators(entry.filename, path_len);
#endif
entry.filename_len = path_len;
- if (strstr(filename, "phar://")) {
+ if (is_phar) {
entry.tmp = estrndup(filename, filename_len);
} else {
entry.tmp = expand_filepath(filename, NULL TSRMLS_CC);
}
}
#if PHP_MAJOR_VERSION < 6
- if (PG(safe_mode) && !strstr(filename, "phar://") && (!php_checkuid(entry.tmp, NULL, CHECKUID_ALLOW_ONLY_FILE))) {
+ if (PG(safe_mode) && !is_phar && (!php_checkuid(entry.tmp, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
efree(entry.tmp);
efree(entry.filename);
return FAILURE;
filename_len = strlen(entry.tmp);
filename = entry.tmp;
/* only check openbasedir for files, not for phar streams */
- if (!strstr(filename, "phar://") && php_check_open_basedir(filename TSRMLS_CC)) {
+ if (!is_phar && php_check_open_basedir(filename TSRMLS_CC)) {
efree(entry.tmp);
efree(entry.filename);
return FAILURE;
}
return NULL;
}
- if (ssb.sb.st_mode & S_IFDIR && dir) {
+ if ((ssb.sb.st_mode & S_IFDIR) == 0 && dir) {
efree(test);
/* user requested a directory, we must return one */
if (error) {
projects / php / commitdiff