From: Ilia Alshanetsky Date: Thu, 14 Jun 2007 23:28:06 +0000 (+0000) Subject: Fixed bug #41693 (scandir() allows empty directory names). X-Git-Tag: php-5.2.4RC1~348 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bab1ce1429d8a571d6135f94d5bbe53d0e003b58;p=php Fixed bug #41693 (scandir() allows empty directory names). --- diff --git a/NEWS b/NEWS index 553c72c649..ef88ccec8e 100644 --- a/NEWS +++ b/NEWS @@ -92,6 +92,7 @@ PHP NEWS - Fixed altering $this via argument named "this". (Dmitry) - Fixed PHP CLI usage of php.ini from the binary location. (Hannes) - Fixed segfault in strripos(). (Tony, Joxean Koret) +- Fixed bug #41693 (scandir() allows empty directory names). (Ilia) - Fixed bug #41673 (json_encode breaks large numbers in arrays). (Ilia) - Fixed bug #41525 (ReflectionParameter::getPosition() not available). (Marcus) - Fixed bug #41511 (Compile failure under IRIX 6.5.30 building md5.c). (Jani) diff --git a/ext/standard/dir.c b/ext/standard/dir.c index cc52f32f29..4d119bfddb 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -482,6 +482,11 @@ PHP_FUNCTION(scandir) return; } + if (dirn_len < 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Directory name cannot be empty"); + RETURN_FALSE; + } + if (zcontext) { context = php_stream_context_from_zval(zcontext, 0); } diff --git a/ext/standard/tests/file/bug41693.phpt b/ext/standard/tests/file/bug41693.phpt new file mode 100644 index 0000000000..6c7ff5bf4b --- /dev/null +++ b/ext/standard/tests/file/bug41693.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #41693 (scandir() allows empty directory names) +--FILE-- + +--EXPECTF-- +Warning: scandir(): Directory name cannot be empty in %s on line %d +bool(false) +Done