From: Ilia Alshanetsky Date: Mon, 28 Oct 2002 03:45:21 +0000 (+0000) Subject: A better fix for bug #20110. X-Git-Tag: php-4.3.0RC1~494 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=728eacbf52b7b1dbc45af06d622d1fe7e4c01793;p=php A better fix for bug #20110. --- diff --git a/main/main.c b/main/main.c index d03e605518..33e255e5f2 100644 --- a/main/main.c +++ b/main/main.c @@ -702,7 +702,7 @@ static FILE *php_fopen_wrapper_for_zend(const char *filename, char **opened_path { TSRMLS_FETCH(); - return php_stream_open_wrapper_as_file((char *)filename, "rb", ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS, opened_path); + return php_stream_open_wrapper_as_file((char *)filename, "rb", ENFORCE_SAFE_MODE|USE_PATH|IGNORE_URL_WIN|REPORT_ERRORS|STREAM_OPEN_FOR_INCLUDE, opened_path); } /* }}} */ diff --git a/main/php_streams.h b/main/php_streams.h index e3b07f785a..7e93aad7ba 100755 --- a/main/php_streams.h +++ b/main/php_streams.h @@ -58,9 +58,9 @@ PHPAPI int php_file_le_pstream(void); #define php_stream_copy_to_mem_rel(src, buf, maxlen, persistent) _php_stream_copy_to_mem((src), (buf), (maxlen), (persistent) STREAMS_REL_CC TSRMLS_CC) -#define php_stream_fopen_rel(filename, mode, opened) _php_stream_fopen((filename), (mode), (opened) STREAMS_REL_CC TSRMLS_CC) +#define php_stream_fopen_rel(filename, mode, opened, options) _php_stream_fopen((filename), (mode), (opened), (options) STREAMS_REL_CC TSRMLS_CC) -#define php_stream_fopen_with_path_rel(filename, mode, path, opened) _php_stream_fopen_with_path((filename), (mode), (path), (opened) STREAMS_REL_CC TSRMLS_CC) +#define php_stream_fopen_with_path_rel(filename, mode, path, opened, options) _php_stream_fopen_with_path((filename), (mode), (path), (opened), (options) STREAMS_REL_CC TSRMLS_CC) #define php_stream_fopen_from_file_rel(file, mode) _php_stream_fopen_from_file((file), (mode) STREAMS_REL_CC TSRMLS_CC) @@ -426,10 +426,10 @@ PHPAPI size_t _php_stream_passthru(php_stream * src STREAMS_DC TSRMLS_DC); /* operations for a stdio FILE; use the php_stream_fopen_XXX funcs below */ PHPAPI extern php_stream_ops php_stream_stdio_ops; /* like fopen, but returns a stream */ -PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char **opened_path STREAMS_DC TSRMLS_DC); -#define php_stream_fopen(filename, mode, opened) _php_stream_fopen((filename), (mode), (opened) STREAMS_CC TSRMLS_CC) +PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char **opened_path, int options STREAMS_DC TSRMLS_DC); +#define php_stream_fopen(filename, mode, opened) _php_stream_fopen((filename), (mode), (opened), 0 STREAMS_CC TSRMLS_CC) -PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char *path, char **opened_path STREAMS_DC TSRMLS_DC); +PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char *path, char **opened_path, int options STREAMS_DC TSRMLS_DC); #define php_stream_fopen_with_path(filename, mode, path, opened) _php_stream_fopen_with_path((filename), (mode), (path), (opened) STREAMS_CC TSRMLS_CC) PHPAPI php_stream *_php_stream_fopen_from_file(FILE *file, const char *mode STREAMS_DC TSRMLS_DC); @@ -492,6 +492,9 @@ PHPAPI int _php_stream_cast(php_stream *stream, int castas, void **ret, int show /* this flag applies to php_stream_locate_url_wrapper */ #define STREAM_LOCATE_WRAPPERS_ONLY 64 +/* this flag is only used by include/require functions */ +#define STREAM_OPEN_FOR_INCLUDE 128 + #ifdef PHP_WIN32 # define IGNORE_URL_WIN STREAM_MUST_SEEK #else diff --git a/main/streams.c b/main/streams.c index a49c7633f4..ee1328b0f1 100755 --- a/main/streams.c +++ b/main/streams.c @@ -1493,7 +1493,7 @@ PHPAPI php_stream_ops php_stream_stdio_ops = { /* }}} */ /* {{{ php_stream_fopen_with_path */ -PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char *path, char **opened_path STREAMS_DC TSRMLS_DC) +PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char *path, char **opened_path, int options STREAMS_DC TSRMLS_DC) { /* code ripped off from fopen_wrappers.c */ char *pathbuf, *ptr, *end; @@ -1534,7 +1534,7 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; } - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); } /* @@ -1553,12 +1553,12 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0) /* filename is in safe_mode_include_dir (or subdir) */ - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); } if (!path || (path && !*path)) { @@ -1570,7 +1570,7 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) { return NULL; } - return php_stream_fopen_rel(filename, mode, opened_path); + return php_stream_fopen_rel(filename, mode, opened_path, options); } /* check in provided path */ @@ -1616,7 +1616,7 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char } else if ((php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0) || php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)) { /* UID ok, or trypath is in safe_mode_include_dir */ - stream = php_stream_fopen_rel(trypath, mode, opened_path); + stream = php_stream_fopen_rel(trypath, mode, opened_path, options); } else { stream = NULL; } @@ -1625,7 +1625,7 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char return stream; } } - stream = php_stream_fopen_rel(trypath, mode, opened_path); + stream = php_stream_fopen_rel(trypath, mode, opened_path, options); if (stream) { efree(pathbuf); return stream; @@ -1640,7 +1640,7 @@ PHPAPI php_stream *_php_stream_fopen_with_path(char *filename, char *mode, char /* }}} */ /* {{{ php_stream_fopen */ -PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char **opened_path STREAMS_DC TSRMLS_DC) +PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, char **opened_path, int options STREAMS_DC TSRMLS_DC) { FILE *fp; char *realpath = NULL; @@ -1652,10 +1652,10 @@ PHPAPI php_stream *_php_stream_fopen(const char *filename, const char *mode, cha fp = fopen(realpath, mode); if (fp) { - /* this is done to prevent opening of anything other then regular files */ - if (fstat(fileno(fp), &st) == -1 || !S_ISREG(st.st_mode)) { + /* sanity checks for include/require */ + if (options & STREAM_OPEN_FOR_INCLUDE && (fstat(fileno(fp), &st) == -1 || !S_ISREG(st.st_mode))) { goto err; - } + } ret = php_stream_fopen_from_file_rel(fp, mode); @@ -1981,7 +1981,7 @@ static php_stream *php_plain_files_stream_opener(php_stream_wrapper *wrapper, ch int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC) { if ((options & USE_PATH) && PG(include_path) != NULL) { - return php_stream_fopen_with_path_rel(path, mode, PG(include_path), opened_path); + return php_stream_fopen_with_path_rel(path, mode, PG(include_path), opened_path, options); } if (php_check_open_basedir(path TSRMLS_CC)) { @@ -1991,7 +1991,7 @@ static php_stream *php_plain_files_stream_opener(php_stream_wrapper *wrapper, ch if ((options & ENFORCE_SAFE_MODE) && PG(safe_mode) && (!php_checkuid(path, mode, CHECKUID_CHECK_MODE_PARAM))) return NULL; - return php_stream_fopen_rel(path, mode, opened_path); + return php_stream_fopen_rel(path, mode, opened_path, options); } static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, php_stream_statbuf *ssb TSRMLS_DC)