From: Anatol Belski <ab@php.net>
Date: Sun, 14 Feb 2016 19:49:03 +0000 (+0100)
Subject: Merge branch 'PHP-5.6' into PHP-7.0
X-Git-Tag: php-7.0.4RC1~23
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=724ee191115dcb2389b38a94a963574581bf54c2;p=php

Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6:
  Fixed bug #71559 Built-in HTTP server, we can downlaod file in web by bug
---

724ee191115dcb2389b38a94a963574581bf54c2
diff --cc sapi/cli/php_cli_server.c
index 4ee85bf538,169c05b88e..ac41c44def
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@@ -1952,12 -2055,25 +1952,25 @@@ static int php_cli_server_begin_send_st
  
  	if (client->request.path_translated && strlen(client->request.path_translated) != client->request.path_translated_len) {
  		/* can't handle paths that contain nul bytes */
 -		return php_cli_server_send_error_page(server, client, 400 TSRMLS_CC);
 +		return php_cli_server_send_error_page(server, client, 400);
  	}
  
+ #ifdef PHP_WIN32
+ 	/* The win32 namespace will cut off trailing dots and spaces. Since the
+ 	   VCWD functionality isn't used here, a sophisticated functionality
+ 	   would have to be reimplemented to know ahead there are no files
+ 	   with invalid names there. The simplest is just to forbid invalid
+ 	   filenames, which is done here. */
+ 	if (client->request.path_translated &&
+ 		('.' == client->request.path_translated[client->request.path_translated_len-1] ||
+ 		 ' ' == client->request.path_translated[client->request.path_translated_len-1])) {
+ 		return php_cli_server_send_error_page(server, client, 500);
+ 	}
+ #endif
+ 
  	fd = client->request.path_translated ? open(client->request.path_translated, O_RDONLY): -1;
  	if (fd < 0) {
 -		return php_cli_server_send_error_page(server, client, 404 TSRMLS_CC);
 +		return php_cli_server_send_error_page(server, client, 404);
  	}
  
  	php_cli_server_content_sender_ctor(&client->content_sender);