From: Jani Taskinen Date: Tue, 9 Oct 2007 08:40:47 +0000 (+0000) Subject: MFH: ws + cs X-Git-Tag: php-5.2.5RC1~30 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6d078cea10ba3982016f6b16b4a74c5851b62849;p=php MFH: ws + cs --- diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c index 31c983331b..70b07ef8b2 100644 --- a/main/fopen_wrappers.c +++ b/main/fopen_wrappers.c @@ -81,9 +81,8 @@ /* {{{ php_check_specific_open_basedir When open_basedir is not NULL, check if the given filename is located in - open_basedir. Returns -1 if error or not in the open_basedir, else 0 - - When open_basedir is NULL, always return 0 + open_basedir. Returns -1 if error or not in the open_basedir, else 0. + When open_basedir is NULL, always return 0. */ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path TSRMLS_DC) { @@ -96,7 +95,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path int resolved_name_len; int path_len; int nesting_level = 0; - + /* Special case basedir==".": Use script-directory */ if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) { /* Else use the unmodified path */ @@ -113,7 +112,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) { return -1; } - + path_len = strlen(resolved_name); memcpy(path_tmp, resolved_name, path_len + 1); /* safe */ @@ -122,7 +121,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path if (nesting_level == 0) { int ret; char buf[MAXPATHLEN]; - + ret = readlink(path_tmp, buf, MAXPATHLEN - 1); if (ret < 0) { /* not a broken symlink, move along.. */ @@ -149,7 +148,7 @@ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path path_len = path_file - path_tmp + 1; #if defined(PHP_WIN32) || defined(NETWARE) if (path_len > 1 && path_tmp[path_len - 2] == ':') { - /* this is c:\, */ + /* this is c:\ */ path_tmp[path_len] = '\0'; } else { path_tmp[path_len - 1] = '\0'; @@ -242,8 +241,7 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC) ptr = end; } if (warn) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, - "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir)); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir)); } efree(pathbuf); errno = EPERM; /* we deny permission to open it */ @@ -267,11 +265,10 @@ PHPAPI int php_check_safe_mode_include_dir(const char *path TSRMLS_DC) char resolved_name[MAXPATHLEN]; /* Resolve the real path into resolved_name */ - if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) + if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) { return -1; - + } pathbuf = estrdup(PG(safe_mode_include_dir)); - ptr = pathbuf; while (ptr && *ptr) { @@ -351,7 +348,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) if (pwbuflen < 1) { return FAILURE; } - + pwbuf = emalloc(pwbuflen); #endif length = s - (path_info + 2); @@ -369,8 +366,7 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) pw = getpwnam(user); #endif if (pw && pw->pw_dir) { - spprintf(&filename, 0, "%s%c%s%c%s", pw->pw_dir, PHP_DIR_SEPARATOR, - PG(user_dir), PHP_DIR_SEPARATOR, s+1); /* Safe */ + spprintf(&filename, 0, "%s%c%s%c%s", pw->pw_dir, PHP_DIR_SEPARATOR, PG(user_dir), PHP_DIR_SEPARATOR, s + 1); /* Safe */ STR_FREE(SG(request_info).path_translated); SG(request_info).path_translated = filename; } @@ -401,9 +397,9 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) if (!filename) { /* we have to free SG(request_info).path_translated here because - php_destroy_request_info assumes that it will get - freed when the include_names hash is emptied, but - we're not adding it in this case */ + * php_destroy_request_info assumes that it will get + * freed when the include_names hash is emptied, but + * we're not adding it in this case */ STR_FREE(SG(request_info).path_translated); SG(request_info).path_translated = NULL; return FAILURE; @@ -426,9 +422,9 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC) file_handle->opened_path = expand_filepath(filename, NULL TSRMLS_CC); - if (!(SG(options) & SAPI_OPTION_NO_CHDIR)) { + if (!(SG(options) & SAPI_OPTION_NO_CHDIR)) { VCWD_CHDIR_FILE(filename); - } + } SG(request_info).path_translated = filename; file_handle->filename = SG(request_info).path_translated; @@ -458,13 +454,13 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c if (opened_path) { *opened_path = NULL; } - - if(!filename) { + + if (!filename) { return NULL; } filename_length = strlen(filename); - + /* Relative path open */ if (*filename == '.') { if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { @@ -472,21 +468,21 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } - + /* * files in safe_mode_include_dir (or subdir) are excluded from * safe mode GID/UID checks */ - + /* Absolute path open */ if (IS_ABSOLUTE_PATH(filename, filename_length)) { - if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) + if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) { /* filename is in safe_mode_include_dir (or subdir) */ return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); - - if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) + } + if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; - + } return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC); } @@ -507,16 +503,15 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c path_length = strlen(path); while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length])); - if ((exec_fname && exec_fname[0] == '[') - || exec_fname_length<=0) { + if ((exec_fname && exec_fname[0] == '[') || exec_fname_length <= 0) { /* [no active file] or no path */ pathbuf = estrdup(path); - } else { - pathbuf = (char *) emalloc(exec_fname_length + path_length +1 +1); + } else { + pathbuf = (char *) emalloc(exec_fname_length + path_length + 1 + 1); memcpy(pathbuf, path, path_length); pathbuf[path_length] = DEFAULT_DIR_SEPARATOR; - memcpy(pathbuf+path_length+1, exec_fname, exec_fname_length); - pathbuf[path_length + exec_fname_length +1] = '\0'; + memcpy(pathbuf + path_length + 1, exec_fname, exec_fname_length); + pathbuf[path_length + exec_fname_length + 1] = '\0'; } } else { pathbuf = estrdup(path); @@ -534,13 +529,14 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c if (PG(safe_mode)) { if (VCWD_STAT(trypath, &sb) == 0) { /* file exists ... check permission */ - if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || - php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) + if (php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0 || + php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM) + ) { /* UID ok, or trypath is in safe_mode_include_dir */ fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC); - else + } else { fp = NULL; - + } efree(pathbuf); return fp; } @@ -557,29 +553,29 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c return NULL; } /* }}} */ - + /* {{{ php_strip_url_passwd */ PHPAPI char *php_strip_url_passwd(char *url) { register char *p, *url_start; - + if (url == NULL) { return ""; } - + p = url; - + while (*p) { - if (*p==':' && *(p+1)=='/' && *(p+2)=='/') { + if (*p == ':' && *(p + 1) == '/' && *(p + 2) == '/') { /* found protocol */ - url_start = p = p+3; - + url_start = p = p + 3; + while (*p) { - if (*p=='@') { + if (*p == '@') { int i; - - for (i=0; i<3 && url_startMAXPATHLEN-1?MAXPATHLEN-1:strlen(filepath); + /* return a relative file path if for any reason + * we cannot cannot getcwd() and the requested, + * relatively referenced file is accessible */ + copy_len = strlen(filepath) > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : strlen(filepath); real_path = estrndup(filepath, copy_len); return real_path; - } - } - else { - cwd[0] = '\0'; } + } else { + cwd[0] = '\0'; } + } new_state.cwd = strdup(cwd); new_state.cwd_length = strlen(cwd); - if(virtual_file_ex(&new_state, filepath, NULL, CWD_FILEPATH)) { + if (virtual_file_ex(&new_state, filepath, NULL, CWD_FILEPATH)) { free(new_state.cwd); return NULL; } - if(real_path) { - int copy_len = new_state.cwd_length>MAXPATHLEN-1?MAXPATHLEN-1:new_state.cwd_length; + if (real_path) { + copy_len = new_state.cwd_length > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : new_state.cwd_length; memcpy(real_path, new_state.cwd, copy_len); - real_path[copy_len]='\0'; + real_path[copy_len] = '\0'; } else { real_path = estrndup(new_state.cwd, new_state.cwd_length); }