From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Sat, 2 May 2020 14:57:24 +0000 (+0200)
Subject: Fix #79467: data:// wrappers are writable
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=69888c3ff1f2301ead8e37b23ff8481d475e29d2;p=php

Fix #79467: data:// wrappers are writable

Despite the docs claiming that data: wrappers would not be writable[1],
they are implemented as writing to a memory stream.  That does not seem
to be particularly sensible, so we disallow writing altogether.

[1] <https://www.php.net/manual/en/wrappers.data.php#refsect1-wrappers.data-options>
---

diff --git a/NEWS b/NEWS
index 94e8e4855f..5536119a80 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,7 @@ PHP                                                                        NEWS
     (cmb)
   . Use SSE2 instructions do locale independent strtolower. (Laruence)
   . Fixed bug #79521 (Check __set_state structure). (carusogabriel)
+  . Fixed bug #79467 (data:// wrappers are writable). (cmb)
 
 - BZ2:
   . Fixed bug #71263 (fread() does not report bzip2.decompress errors). (cmb)
diff --git a/UPGRADING b/UPGRADING
index fc832ba2e3..5345111acc 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -181,6 +181,7 @@ PHP 8.0 UPGRADE NOTES
   . Disabled functions are now treated exactly like non-existent functions.
     Calling a disabled function will report it as unknown, and redefining a
     disabled function is now possible.
+  . data: wrappers are no longer writable, what matches the documented behavior.
 
 - COM:
   . Removed the ability to import case-insensitive constants from type
diff --git a/ext/standard/tests/streams/bug79467.phpt b/ext/standard/tests/streams/bug79467.phpt
new file mode 100644
index 0000000000..061160173d
--- /dev/null
+++ b/ext/standard/tests/streams/bug79467.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bug #79467 (data:// wrappers are writable)
+--FILE--
+<?php
+var_dump(file_put_contents('data://text/plain,cccc', 'data'));
+?>
+--EXPECTF--
+Notice: file_put_contents(): Stream is not writable in %s on line %d
+bool(false)
diff --git a/main/streams/memory.c b/main/streams/memory.c
index 6929ee480d..35be57d3c3 100644
--- a/main/streams/memory.c
+++ b/main/streams/memory.c
@@ -619,7 +619,7 @@ PHPAPI php_stream *_php_stream_temp_open(int mode, size_t max_memory_usage, char
 /* }}} */
 
 PHPAPI const php_stream_ops php_stream_rfc2397_ops = {
-	php_stream_temp_write, php_stream_temp_read,
+	NULL, php_stream_temp_read,
 	php_stream_temp_close, php_stream_temp_flush,
 	"RFC2397",
 	php_stream_temp_seek,