diff options
| author | Wez Furlong <wez@php.net> | 2005-10-22 17:02:10 +0000 |
|---|---|---|
| committer | Wez Furlong <wez@php.net> | 2005-10-22 17:02:10 +0000 |
| commit | 890f7f46b40267663c10b59349a2c146cac95cfb (patch) | |
| tree | 91185eaf0856d0c1a91f3825f6ae5cef3689aa81 | |
| parent | 23d3ddea2532046b86fa33588d25d45cdf15a79b (diff) | |
| download | php-git-890f7f46b40267663c10b59349a2c146cac95cfb.tar.gz | |
Fix #34957; file access checks should use VCWD_ACCESS()
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/standard/filestat.c | 32 | ||||
| -rw-r--r-- | main/streams/php_stream_plain_wrapper.h | 1 |
3 files changed, 33 insertions, 1 deletions
@@ -1,6 +1,7 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? Oct 2005, PHP 5.1 Release Candidate 4 +- Fixed bug #34957 (PHP doesn't respect ACLs for access checks). (Wez) - Fixed fgetcsv() and fputcsv() inconsistency. (Dmitry) - Fixed bug #34934 (offsetExists is not called from array_key_exists). (Dmitry) - Fixed bug #34905 (Digest authentication does not work with Apache 1). (Ilia) diff --git a/ext/standard/filestat.c b/ext/standard/filestat.c index 3d628c7042..7628489018 100644 --- a/ext/standard/filestat.c +++ b/ext/standard/filestat.c @@ -543,6 +543,7 @@ PHP_FUNCTION(clearstatcache) #define IS_LINK_OPERATION(__t) ((__t) == FS_TYPE || (__t) == FS_IS_LINK || (__t) == FS_LSTAT) #define IS_EXISTS_CHECK(__t) ((__t) == FS_EXISTS || (__t) == FS_IS_W || (__t) == FS_IS_R || (__t) == FS_IS_X || (__t) == FS_IS_FILE || (__t) == FS_IS_DIR || (__t) == FS_IS_LINK) #define IS_ABLE_CHECK(__t) ((__t) == FS_IS_R || (__t) == FS_IS_W || (__t) == FS_IS_X) +#define IS_ACCESS_CHECK(__t) (IS_ABLE_CHECK(type) || (__t) == FS_EXISTS) /* {{{ php_stat */ @@ -560,6 +561,35 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ RETURN_FALSE; } + if (IS_ACCESS_CHECK(type)) { + char *local; + + if (php_stream_locate_url_wrapper(filename, &local, 0 TSRMLS_CC) == &php_plain_files_wrapper) { + switch (type) { +#ifdef F_OK + case FS_EXISTS: + RETURN_BOOL(VCWD_ACCESS(local, F_OK) == 0); + break; +#endif +#ifdef W_OK + case FS_IS_W: + RETURN_BOOL(VCWD_ACCESS(local, W_OK) == 0); + break; +#endif +#ifdef R_OK + case FS_IS_R: + RETURN_BOOL(VCWD_ACCESS(local, R_OK) == 0); + break; +#endif +#ifdef X_OK + case FS_IS_X: + RETURN_BOOL(VCWD_ACCESS(local, X_OK) == 0); + break; +#endif + } + } + } + if (IS_LINK_OPERATION(type)) { flags |= PHP_STREAM_URL_STAT_LINK; } @@ -617,7 +647,7 @@ PHPAPI void php_stat(const char *filename, php_stat_len filename_length, int typ php_stream_wrapper *wrapper; wrapper = php_stream_locate_url_wrapper(filename, NULL, 0 TSRMLS_CC); - if (wrapper && wrapper->wops && wrapper->wops->label && strcmp(wrapper->wops->label, "plainfile") == 0) { + if (wrapper == &php_plain_files_wrapper) { if (type == FS_IS_X) { xmask = S_IXROOT; } else { diff --git a/main/streams/php_stream_plain_wrapper.h b/main/streams/php_stream_plain_wrapper.h index d44fb621c6..1d3374f98a 100644 --- a/main/streams/php_stream_plain_wrapper.h +++ b/main/streams/php_stream_plain_wrapper.h @@ -22,6 +22,7 @@ /* operations for a plain file; use the php_stream_fopen_XXX funcs below */ PHPAPI extern php_stream_ops php_stream_stdio_ops; +PHPAPI extern php_stream_wrapper php_plain_files_wrapper; BEGIN_EXTERN_C() |