From: Stanislav Malyshev Date: Wed, 28 May 2008 21:42:21 +0000 (+0000) Subject: Fix code path in phar_open_compiled_file() that tries X-Git-Tag: BEFORE_NEW_PARAMETER_PARSE~135 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=370aafc62b0a6126151f06b20303c9338a686c42;p=php Fix code path in phar_open_compiled_file() that tries to open not-yet-loaded phar and fails on compressed files # By Gregory's request # Sorry, can't find how to write test case for that - it reproduces # for me only under bytecode-caching. Suggestions welcome. --- diff --git a/ext/phar/phar.c b/ext/phar/phar.c index 0b595a9c8f..5a203b5347 100644 --- a/ext/phar/phar.c +++ b/ext/phar/phar.c @@ -1886,6 +1886,8 @@ int phar_open_compiled_file(char *alias, int alias_len, char **error TSRMLS_DC) zval *halt_constant; php_stream *fp; int fname_len; + char *actual = NULL; + int ret; if (error) { *error = NULL; @@ -1915,16 +1917,38 @@ int phar_open_compiled_file(char *alias, int alias_len, char **error TSRMLS_DC) halt_offset = Z_LVAL(*halt_constant); FREE_ZVAL(halt_constant); - fp = php_stream_open_wrapper(fname, "rb", IGNORE_URL|STREAM_MUST_SEEK|REPORT_ERRORS, NULL); +#if PHP_MAJOR_VERSION < 6 + if (PG(safe_mode) && (!php_checkuid(fname, NULL, CHECKUID_ALLOW_ONLY_FILE))) { + return FAILURE; + } +#endif + + if (php_check_open_basedir(fname TSRMLS_CC)) { + return FAILURE; + } + + fp = php_stream_open_wrapper(fname, "rb", IGNORE_URL|STREAM_MUST_SEEK|REPORT_ERRORS, &actual); if (!fp) { - if (error) { + if (error) { spprintf(error, 0, "unable to open phar for reading \"%s\"", fname); - } + } + if (actual) { + efree(actual); + } return FAILURE; - } + } - return phar_open_file(fp, fname, fname_len, alias, alias_len, halt_offset, NULL, PHAR_FILE_COMPRESSED_NONE, error TSRMLS_CC); + if (actual) { + fname = actual; + fname_len = strlen(actual); + } + + ret = phar_open_fp(fp, fname, fname_len, alias, alias_len, REPORT_ERRORS, NULL, error TSRMLS_CC); + if (actual) { + efree(actual); + } + return ret; } /* }}} */