diff options
| author | Michael Wallner <mike@php.net> | 2015-03-30 16:25:47 +0200 |
|---|---|---|
| committer | Michael Wallner <mike@php.net> | 2015-03-30 16:25:47 +0200 |
| commit | a4490bb0a2895458a9bb69e94466acf890c8e23d (patch) | |
| tree | a9af19e4119a39bd0f0cb6ea5ec3c05114347459 | |
| parent | a24aefaac230fc4532496a86a085f91784098826 (diff) | |
| parent | 6480725007bdc5bab4f24ac481a4cb082074851d (diff) | |
| download | php-git-a4490bb0a2895458a9bb69e94466acf890c8e23d.tar.gz | |
Merge branch 'PHP-5.5' into PHP-5.6
* PHP-5.5:
Fixed bug #64931
| -rw-r--r-- | ext/phar/phar_object.c | 2 | ||||
| -rw-r--r-- | ext/phar/tests/bug64931/bug64931.phpt | 58 | ||||
| -rw-r--r-- | ext/phar/tests/bug64931/src/.pharignore | 3 |
3 files changed, 62 insertions, 1 deletions
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index e9a64f39c9..8da46c0131 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -3624,7 +3624,7 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam phar_entry_data *data; php_stream *contents_file; - if (filename_len >= sizeof(".phar")-1 && !memcmp(filename, ".phar", sizeof(".phar")-1)) { + if (filename_len >= sizeof(".phar")-1 && !memcmp(filename, ".phar", sizeof(".phar")-1) && (filename[5] == '/' || filename[5] == '\\' || filename[5] == '\0')) { zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "Cannot create any files in magic \".phar\" directory", (*pphar)->fname); return; } diff --git a/ext/phar/tests/bug64931/bug64931.phpt b/ext/phar/tests/bug64931/bug64931.phpt new file mode 100644 index 0000000000..9c1f9dcaf1 --- /dev/null +++ b/ext/phar/tests/bug64931/bug64931.phpt @@ -0,0 +1,58 @@ +--TEST-- +Bug #64931 (phar_add_file is too restrictive on filename) +--SKIPIF-- +<?php extension_loaded("phar") or die("skip need ext/phar support"); ?> +--INI-- +phar.readonly=0 +--FILE-- +<?php + +echo "Test\n"; + +@unlink(__DIR__."/bug64931.phar"); +$phar = new Phar(__DIR__."/bug64931.phar"); +$phar->addFile(__DIR__."/src/.pharignore", ".pharignore"); +try { + $phar->addFile(__DIR__."/src/.pharignore", ".phar/gotcha"); +} catch (Exception $e) { + echo "CAUGHT: ". $e->getMessage() ."\n"; +} + +try { + $phar->addFromString(".phar", "gotcha"); +} catch (Exception $e) { + echo "CAUGHT: ". $e->getMessage() ."\n"; +} + +try { + $phar->addFromString(".phar//", "gotcha"); +} catch (Exception $e) { + echo "CAUGHT: ". $e->getMessage() ."\n"; +} + +try { + $phar->addFromString(".phar\\", "gotcha"); +} catch (Exception $e) { + echo "CAUGHT: ". $e->getMessage() ."\n"; +} + +try { + $phar->addFromString(".phar\0", "gotcha"); +} catch (Exception $e) { + echo "CAUGHT: ". $e->getMessage() ."\n"; +} + +?> +===DONE=== +--CLEAN-- +<?php +@unlink(__DIR__."/bug64931.phar"); +?> +--EXPECT-- +Test +CAUGHT: Cannot create any files in magic ".phar" directory +CAUGHT: Cannot create any files in magic ".phar" directory +CAUGHT: Cannot create any files in magic ".phar" directory +CAUGHT: Cannot create any files in magic ".phar" directory +CAUGHT: Cannot create any files in magic ".phar" directory +===DONE===
\ No newline at end of file diff --git a/ext/phar/tests/bug64931/src/.pharignore b/ext/phar/tests/bug64931/src/.pharignore new file mode 100644 index 0000000000..b42d1c31c1 --- /dev/null +++ b/ext/phar/tests/bug64931/src/.pharignore @@ -0,0 +1,3 @@ +# ignore file +*.tmp +*~ |