diff options
| author | Wez Furlong <wez@php.net> | 2002-08-16 09:50:24 +0000 |
|---|---|---|
| committer | Wez Furlong <wez@php.net> | 2002-08-16 09:50:24 +0000 |
| commit | c2cbae6dd3ace83f57e96c994d366f84f3c51bd0 (patch) | |
| tree | 20dbb550ccb9f2390bf91097cf499a74e32cae58 | |
| parent | 613871d403aca4210f92bec678f33788edd708f5 (diff) | |
| download | php-git-c2cbae6dd3ace83f57e96c994d366f84f3c51bd0.tar.gz | |
Enhance Ilia's recent patch to query the wrapper subsystem to determine
if a filename is a URL and thus if safe-mode checks should be skipped.
| -rwxr-xr-x | main/php_streams.h | 4 | ||||
| -rw-r--r-- | main/safe_mode.c | 5 | ||||
| -rwxr-xr-x | main/streams.c | 26 |
3 files changed, 22 insertions, 13 deletions
diff --git a/main/php_streams.h b/main/php_streams.h index 7791ad59de..3b83d2638f 100755 --- a/main/php_streams.h +++ b/main/php_streams.h @@ -370,6 +370,9 @@ PHPAPI int _php_stream_cast(php_stream *stream, int castas, void **ret, int show * */ #define STREAM_WILL_CAST 32 +/* this flag applies to php_stream_locate_url_wrapper */ +#define STREAM_LOCATE_WRAPPERS_ONLY 64 + #ifdef PHP_WIN32 # define IGNORE_URL_WIN IGNORE_URL #else @@ -381,6 +384,7 @@ int php_shutdown_stream_wrappers(TSRMLS_D); PHPAPI int php_register_url_stream_wrapper(char *protocol, php_stream_wrapper *wrapper TSRMLS_DC); PHPAPI int php_unregister_url_stream_wrapper(char *protocol TSRMLS_DC); PHPAPI php_stream *_php_stream_open_wrapper_ex(char *path, char *mode, int options, char **opened_path, php_stream_context *context STREAMS_DC TSRMLS_DC); +PHPAPI php_stream_wrapper *php_stream_locate_url_wrapper(const char *path, char **path_for_open, int options TSRMLS_DC); #define php_stream_open_wrapper(path, mode, options, opened) _php_stream_open_wrapper_ex((path), (mode), (options), (opened), NULL STREAMS_CC TSRMLS_CC) #define php_stream_open_wrapper_ex(path, mode, options, opened, context) _php_stream_open_wrapper_ex((path), (mode), (options), (opened), (context) STREAMS_CC TSRMLS_CC) diff --git a/main/safe_mode.c b/main/safe_mode.c index a56094b33f..b56976ab44 100644 --- a/main/safe_mode.c +++ b/main/safe_mode.c @@ -52,6 +52,7 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) long uid=0L, gid=0L, duid=0L, dgid=0L; char path[MAXPATHLEN]; char *s, filenamecopy[MAXPATHLEN]; + php_stream_wrapper *wrapper = NULL; TSRMLS_FETCH(); strlcpy(filenamecopy, filename, MAXPATHLEN); @@ -73,9 +74,9 @@ PHPAPI int php_checkuid(const char *filename, char *fopen_mode, int mode) * If given filepath is a URL, allow - safe mode stuff * related to URL's is checked in individual functions */ - if (!strncasecmp(filename,"http://", 7) || !strncasecmp(filename,"ftp://", 6) || !strncasecmp(filename,"https://", 8)) { + wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC); + if (wrapper != NULL) return 1; - } /* First we see if the file is owned by the same user... * If that fails, passthrough and check directory... diff --git a/main/streams.c b/main/streams.c index 931e331457..f6e6229fba 100755 --- a/main/streams.c +++ b/main/streams.c @@ -1166,16 +1166,17 @@ static php_stream_wrapper php_plain_files_wrapper = { 0 }; -static php_stream_wrapper *locate_url_wrapper(char *path, char **path_for_open, int options TSRMLS_DC) +PHPAPI php_stream_wrapper *php_stream_locate_url_wrapper(const char *path, char **path_for_open, int options TSRMLS_DC) { php_stream_wrapper *wrapper = NULL; const char *p, *protocol = NULL; int n = 0; - *path_for_open = path; + if (path_for_open) + *path_for_open = (char*)path; if (options & IGNORE_URL) - return &php_plain_files_wrapper; + return (options & STREAM_LOCATE_WRAPPERS_ONLY) ? NULL : &php_plain_files_wrapper; for (p = path; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++) { n++; @@ -1205,20 +1206,23 @@ static php_stream_wrapper *locate_url_wrapper(char *path, char **path_for_open, protocol = NULL; } } + /* TODO: curl based streams probably support file:// properly */ if (!protocol || !strncasecmp(protocol, "file", n)) { if (protocol && path[n+1] == '/' && path[n+2] == '/') { - zend_error(E_WARNING, "remote host file access not supported, %s", path); + if (options & REPORT_ERRORS) + zend_error(E_WARNING, "remote host file access not supported, %s", path); return NULL; } - if (protocol) - *path_for_open = path + n + 1; + if (protocol && path_for_open) + *path_for_open = (char*)path + n + 1; /* fall back on regular file access */ - return &php_plain_files_wrapper; + return (options & STREAM_LOCATE_WRAPPERS_ONLY) ? NULL : &php_plain_files_wrapper; } if (wrapper && wrapper->is_url && !PG(allow_url_fopen)) { - zend_error(E_WARNING, "URL file-access is disabled in the server configuration"); + if (options & REPORT_ERRORS) + zend_error(E_WARNING, "URL file-access is disabled in the server configuration"); return NULL; } @@ -1230,7 +1234,7 @@ PHPAPI int _php_stream_stat_path(char *path, php_stream_statbuf *ssb TSRMLS_DC) php_stream_wrapper *wrapper = NULL; char *path_to_open = path; - wrapper = locate_url_wrapper(path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(path, &path_to_open, ENFORCE_SAFE_MODE TSRMLS_CC); if (wrapper && wrapper->wops->url_stat) { return wrapper->wops->url_stat(wrapper, path_to_open, ssb TSRMLS_CC); } @@ -1250,7 +1254,7 @@ PHPAPI php_stream *_php_stream_opendir(char *path, int options, path_to_open = path; - wrapper = locate_url_wrapper(path, &path_to_open, options TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(path, &path_to_open, options TSRMLS_CC); if (wrapper && wrapper->wops->dir_opener) { stream = wrapper->wops->dir_opener(wrapper, @@ -1322,7 +1326,7 @@ PHPAPI php_stream *_php_stream_open_wrapper_ex(char *path, char *mode, int optio path_to_open = path; - wrapper = locate_url_wrapper(path, &path_to_open, options TSRMLS_CC); + wrapper = php_stream_locate_url_wrapper(path, &path_to_open, options TSRMLS_CC); if (wrapper) { |