diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-03-05 12:20:04 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-06-30 10:46:53 +0200 |
commit | 7f3bc64287588f6a838d1a9524624deba1e5e153 (patch) | |
tree | cd0f8a7511a02a8f4503f68a84b47a0f368ac305 | |
parent | a385cfa7ad7fe3621bb6095ff88bc8d74b358df0 (diff) | |
download | php-git-7f3bc64287588f6a838d1a9524624deba1e5e153.tar.gz |
Fix #70362: Can't copy() large 'data://' with open_basedir
open_basedir is only relevant for plain files, so there is no need to
check it for other URL wrappers.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/standard/file.c | 2 | ||||
-rw-r--r-- | ext/standard/tests/streams/bug70362.phpt | 15 |
3 files changed, 19 insertions, 1 deletions
@@ -19,6 +19,9 @@ PHP NEWS - FTP: . Fixed bug #55857 (ftp_size on large files). (cmb) +- Standard: + . Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb) + ?? ??? ????, PHP 7.3.20 - Core: diff --git a/ext/standard/file.c b/ext/standard/file.c index b2c9ca06f2..dca9cf4fe3 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1669,7 +1669,7 @@ PHP_FUNCTION(copy) Z_PARAM_RESOURCE_EX(zcontext, 1, 0) ZEND_PARSE_PARAMETERS_END(); - if (php_check_open_basedir(source)) { + if (php_stream_locate_url_wrapper(source, NULL, 0) == &php_plain_files_wrapper && php_check_open_basedir(source)) { RETURN_FALSE; } diff --git a/ext/standard/tests/streams/bug70362.phpt b/ext/standard/tests/streams/bug70362.phpt new file mode 100644 index 0000000000..3fbc3fea16 --- /dev/null +++ b/ext/standard/tests/streams/bug70362.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #70362 (Can't copy() large 'data://' with open_basedir) +--INI-- +open_basedir=. +--FILE-- +<?php +$temp = tempnam(__DIR__, 'test'); +$data = str_repeat('0', 4096); +$data = 'data://plain/text;base64,' . base64_encode($data); +var_dump(copy($data, $temp)); +echo file_get_contents($temp); +?> +--EXPECT-- +bool(true) +0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |