Added control character checks for cURL extension's open_basedir/safe_mode

checks.
author: Ilia Alshanetsky <iliaa@php.net> 2006-05-21 16:32:10 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2006-05-21 16:32:10 +0000
commit: ef29a49de6f2e4590cbfa776a4a84e0abef3e6c5 (patch)
tree: 42ce4b634a15c520e3be1f854d66c55a01c80834
parent: a4d6c5a6f003288955dc8f41eba9cc4ab2582724 (diff)
download: php-git-ef29a49de6f2e4590cbfa776a4a84e0abef3e6c5.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index a203578712..0c9fb40d59 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -161,11 +161,16 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
 	    strncasecmp(str, "file:", sizeof("file:") - 1) == 0)								\
 	{ 																							\
 		php_url *tmp_url; 																		\
-																								\
+															\
 		if (!(tmp_url = php_url_parse_ex(str, len))) {											\
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid url '%s'", str);				\
 			RETURN_FALSE; 																		\
 		} 																						\
+															\
+		if (php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {				\
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Url '%s' contains unencoded control characters.", str);	\
+			RETURN_FALSE;											\
+		}													\
 																								\
 		if (tmp_url->query || tmp_url->fragment || php_check_open_basedir(tmp_url->path TSRMLS_CC)) { \
 			php_url_free(tmp_url); 																\
author	Ilia Alshanetsky <iliaa@php.net>	2006-05-21 16:32:10 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2006-05-21 16:32:10 +0000
commit	ef29a49de6f2e4590cbfa776a4a84e0abef3e6c5 (patch)
tree	42ce4b634a15c520e3be1f854d66c55a01c80834
parent	a4d6c5a6f003288955dc8f41eba9cc4ab2582724 (diff)
download	php-git-ef29a49de6f2e4590cbfa776a4a84e0abef3e6c5.tar.gz