diff options
| author | Anatol Belski <ab@php.net> | 2013-04-10 20:39:17 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2013-04-10 20:39:17 +0200 |
| commit | 968ae4a56a08587d73f81f30a0d57fbd109e4cf4 (patch) | |
| tree | 0a1290a05f487b2e00c515869c069e2e1eb7838d /ext/zip | |
| parent | ecdf8bcc455a660086f85b47f68ecc802c20ac2b (diff) | |
| download | php-git-968ae4a56a08587d73f81f30a0d57fbd109e4cf4.tar.gz | |
Fixed bug #64342 ZipArchive::addFile() has to check for file existence
Diffstat (limited to 'ext/zip')
| -rw-r--r-- | ext/zip/php_zip.c | 7 | ||||
| -rw-r--r-- | ext/zip/tests/bug64342_0.phpt | 42 | ||||
| -rw-r--r-- | ext/zip/tests/bug64342_1.phpt | 37 |
3 files changed, 86 insertions, 0 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index bdd35a2ede..b1a1a3628c 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -28,6 +28,7 @@ #include "ext/standard/file.h" #include "ext/standard/php_string.h" #include "ext/pcre/php_pcre.h" +#include "ext/standard/php_filestat.h" #include "php_zip.h" #include "lib/zip.h" #include "lib/zipint.h" @@ -309,6 +310,7 @@ static int php_zip_add_file(struct zip *za, const char *filename, size_t filenam struct zip_source *zs; int cur_idx; char resolved_path[MAXPATHLEN]; + zval exists_flag; if (ZIP_OPENBASEDIR_CHECKPATH(filename)) { @@ -319,6 +321,11 @@ static int php_zip_add_file(struct zip *za, const char *filename, size_t filenam return -1; } + php_stat(resolved_path, strlen(resolved_path), FS_EXISTS, &exists_flag TSRMLS_CC); + if (!Z_BVAL(exists_flag)) { + return -1; + } + zs = zip_source_file(za, resolved_path, offset_start, offset_len); if (!zs) { return -1; diff --git a/ext/zip/tests/bug64342_0.phpt b/ext/zip/tests/bug64342_0.phpt new file mode 100644 index 0000000000..066d3e6fc2 --- /dev/null +++ b/ext/zip/tests/bug64342_0.phpt @@ -0,0 +1,42 @@ +--TEST-- +Bug #64342 ZipArchive::addFile() has to check file existance (variation 1) +--SKIPIF-- +<?php + if(!extension_loaded('zip')) die('skip'); +?> +--FILE-- +<?php + +$zip = new ZipArchive; +$res = $zip->open(dirname(__FILE__) . '/bug64342.zip', ZipArchive::CREATE); +if ($res === TRUE) { + $f = md5(uniqid()) . '.txt'; + echo "$f\n"; + $res = $zip->addFile($f); + if (true == $res) { + echo "add ok\n"; + } else { + echo "add failed\n"; + } + $res = $zip->close(); + if (true == $res) { + echo "close ok\n"; + } else { + echo "close failed\n"; + } +} else { + echo "open failed\n"; +} + + +?> +DONE +--CLEAN-- +<?php + +@unlink(dirname(__FILE__) . '/bug64342.zip'); +--EXPECTF-- +%s.txt +add failed +close ok +DONE diff --git a/ext/zip/tests/bug64342_1.phpt b/ext/zip/tests/bug64342_1.phpt new file mode 100644 index 0000000000..2b1357d12f --- /dev/null +++ b/ext/zip/tests/bug64342_1.phpt @@ -0,0 +1,37 @@ +--TEST-- +Bug #64342 ZipArchive::addFile() has to check file existance (variation 2) +--SKIPIF-- +<?php +/* $Id$ */ +if(!extension_loaded('zip')) die('skip'); +?> +--FILE-- +<?php + +$dirname = dirname(__FILE__) . '/'; +include $dirname . 'utils.inc'; +$file = $dirname . '__tmp_oo_addfile.zip'; + +copy($dirname . 'test.zip', $file); + +$zip = new ZipArchive; +if (!$zip->open($file)) { + exit('failed'); +} +if (!$zip->addFile($dirname . 'cant_find_me.txt', 'test.php')) { + echo "failed\n"; +} +if ($zip->status == ZIPARCHIVE::ER_OK) { + dump_entries_name($zip); + $zip->close(); +} else { + echo "failed\n"; +} +@unlink($file); +?> +--EXPECTF-- +failed +0 bar +1 foobar/ +2 foobar/baz +3 entry1.txt |