- Implemented request #26158/bug #53465 (open arbitrary file descriptor with fopen)

diff --git a/ext/standard/info.c b/ext/standard/info.c
index a79bf5d73b221a550fe9389dba29481dcb93ca3c..9093c8576aa744d8943b6083fc80455ad5f439af 100644 (file)
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -68,7 +68,7 @@ static int php_info_print_html_esc(const char *str, int len) /* {{{ */
        char *new_str;
        TSRMLS_FETCH();
        
-       new_str = php_escape_html_entities((char *) str, len, &new_len, 0, ENT_QUOTES, "utf-8" TSRMLS_CC);
+       new_str = php_escape_html_entities((unsigned char *) str, len, &new_len, 0, ENT_QUOTES, "utf-8" TSRMLS_CC);
        written = php_output_write(new_str, new_len TSRMLS_CC);
        efree(new_str);
        return written;

diff --git a/ext/standard/php_fopen_wrapper.c b/ext/standard/php_fopen_wrapper.c
index 8340da42a8f3c71f850cea5f6b1bbe28159a4fd7..2a7a2793c703a8d3f86b70b67f7eef647db8d336 100644 (file)
--- a/ext/standard/php_fopen_wrapper.c
+++ b/ext/standard/php_fopen_wrapper.c
@@ -257,6 +257,39 @@ php_stream * php_stream_url_wrap_php(php_stream_wrapper *wrapper, char *path, ch
                } else {
                        fd = dup(STDERR_FILENO);
                }
+       } else if (!strncasecmp(path, "fd/", 3)) {
+               char       *start,
+                                  *end;
+               long       fildes_ori;
+               int                dtablesize;
+
+               start = &path[3];
+               fildes_ori = strtol(start, &end, 10);
+               if (end == start || (*end != '\0' && *end != '/')) {
+                       php_stream_wrapper_log_error(wrapper, options TSRMLS_CC,
+                               "php://fd/ stream must be specified in the form php://fd/<orig fd>");
+                       return NULL;
+               }
+
+#if HAVE_UNISTD_H
+               dtablesize = getdtablesize();
+#else
+               dtablesize = INT_MAX;
+#endif
+
+               if (fildes_ori < 0 || fildes_ori >= dtablesize) {
+                       php_stream_wrapper_log_error(wrapper, options TSRMLS_CC,
+                               "The file descriptors must be non-negative numbers smaller than %d", dtablesize);
+                       return NULL;
+               }
+               
+               fd = dup(fildes_ori);
+               if (fd == -1) {
+                       php_stream_wrapper_log_error(wrapper, options TSRMLS_CC,
+                               "Error duping file descriptor %d; possibly it doesn't exist: "
+                               "[%d]: %s", fildes_ori, errno, strerror(errno));
+                       return NULL;
+               }
        } else if (!strncasecmp(path, "filter/", 7)) {
                /* Save time/memory when chain isn't specified */
                if (strchr(mode, 'r') || strchr(mode, '+')) {