Fix #79491: Search for .user.ini extends up to root dir

The `start` parameter of `php_cgi_ini_activate_user_config` is supposed
to hold the byte offset of the doc root in the given `path`.  However,
the current expression which fixes a potential type incompatibility
will ever only evaluate to zero or one, because it uses the *logical*
and operator (`&&`).  Furthermore we notice that subtracting one from
`doc_root_len` is not necessary, so there is even no need for the
`start` parameter at all.

diff --git a/NEWS b/NEWS
index 8f00881b2956b82ae38d16754befa5eb4a06033d..84b0a46b1a1156a6a84b445b5ae366207c6fdae2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ PHP                                                                        NEWS
   . Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
     (cmb)
 
+- FCGI:
+  . Fixed bug #79491 (Search for .user.ini extends up to root dir). (cmb)
+
 - MBString:
   . Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
     (Girgias)

diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index d6449ba2285865d4bab6c726bdf03df137162bf1..8c8e1463d5529c5279dc4ecba19388156f6ebe2a 100644 (file)
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -789,7 +789,7 @@ static void sapi_cgi_log_message(char *message, int syslog_type_int)
 
 /* {{{ php_cgi_ini_activate_user_config
  */
-static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len, int start)
+static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const char *doc_root, size_t doc_root_len)
 {
        user_config_cache_entry *new_entry, *entry;
        time_t request_time = (time_t)sapi_get_request_time();
@@ -842,7 +842,7 @@ static void php_cgi_ini_activate_user_config(char *path, size_t path_len, const
 #else
                if (strncmp(s1, s2, s_len) == 0) {
 #endif
-                       char *ptr = s2 + start;  /* start is the point where doc_root ends! */
+                       char *ptr = s2 + doc_root_len;
                        while ((ptr = strchr(ptr, DEFAULT_SLASH)) != NULL) {
                                *ptr = 0;
                                php_parse_user_ini_file(path, PG(user_ini_filename), entry->user_config);
@@ -938,7 +938,7 @@ static int sapi_cgi_activate(void)
                                doc_root = estrndup(doc_root, doc_root_len);
                                zend_str_tolower(doc_root, doc_root_len);
 #endif
-                               php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len, (doc_root_len > 0 && (doc_root_len - 1)));
+                               php_cgi_ini_activate_user_config(path, path_len, doc_root, doc_root_len);
 
 #ifdef PHP_WIN32
                                efree(doc_root);