From: Anatol Belski <ab@php.net>
Date: Sun, 14 Feb 2016 19:47:23 +0000 (+0100)
Subject: Fixed bug #71559 Built-in HTTP server, we can downlaod file in web by bug
X-Git-Tag: php-7.0.4RC1~23^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ce4a2f0fc60309f429e4c04160a71befc283338a;p=php

Fixed bug #71559 Built-in HTTP server, we can downlaod file in web by bug
---

diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index f85d1265cf..169c05b88e 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -2058,6 +2058,19 @@ static int php_cli_server_begin_send_static(php_cli_server *server, php_cli_serv
 		return php_cli_server_send_error_page(server, client, 400 TSRMLS_CC);
 	}
 
+#ifdef PHP_WIN32
+	/* The win32 namespace will cut off trailing dots and spaces. Since the
+	   VCWD functionality isn't used here, a sophisticated functionality
+	   would have to be reimplemented to know ahead there are no files
+	   with invalid names there. The simplest is just to forbid invalid
+	   filenames, which is done here. */
+	if (client->request.path_translated &&
+		('.' == client->request.path_translated[client->request.path_translated_len-1] ||
+		 ' ' == client->request.path_translated[client->request.path_translated_len-1])) {
+		return php_cli_server_send_error_page(server, client, 500);
+	}
+#endif
+
 	fd = client->request.path_translated ? open(client->request.path_translated, O_RDONLY): -1;
 	if (fd < 0) {
 		return php_cli_server_send_error_page(server, client, 404 TSRMLS_CC);