MFH: Check ftp user name for control characters.

author: Ilia Alshanetsky <iliaa@php.net> 2005-05-06 18:43:31 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2005-05-06 18:43:31 +0000
commit: 6b582b2c8532b3747f1804b920c74b168dd722df (patch)
tree: 2cddda43fa8119cf3e7c1cda281c29e70d9f773c /ext
parent: 91f96ef1d766ecf30102f409df202c8c6975957c (diff)
download: php-git-6b582b2c8532b3747f1804b920c74b168dd722df.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/ext/standard/ftp_fopen_wrapper.c b/ext/standard/ftp_fopen_wrapper.c
index 7c1930f92d..b9b600e251 100644
--- a/ext/standard/ftp_fopen_wrapper.c
+++ b/ext/standard/ftp_fopen_wrapper.c
@@ -246,7 +246,20 @@ php_stream * php_stream_url_wrap_ftp(php_stream_wrapper *wrapper, char *path, ch
 	/* send the user name */
 	php_stream_write_string(stream, "USER ");
 	if (resource->user != NULL) {
-		php_raw_url_decode(resource->user, strlen(resource->user));
+		unsigned char *s, *e;
+		int user_len = php_raw_url_decode(resource->user, strlen(resource->user));
+		
+		s = resource->user;
+		e = s + user_len;
+		/* check for control characters that should not be present in the user name */
+		while (s < e) {
+			if (iscntrl(*s)) {
+				php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid login %s", resource->user);
+				goto connect_errexit;
+			}
+			s++;
+		}
+		
 		php_stream_write_string(stream, resource->user);
 	} else {
 		php_stream_write_string(stream, "anonymous");
author	Ilia Alshanetsky <iliaa@php.net>	2005-05-06 18:43:31 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2005-05-06 18:43:31 +0000
commit	6b582b2c8532b3747f1804b920c74b168dd722df (patch)
tree	2cddda43fa8119cf3e7c1cda281c29e70d9f773c /ext
parent	91f96ef1d766ecf30102f409df202c8c6975957c (diff)
download	php-git-6b582b2c8532b3747f1804b920c74b168dd722df.tar.gz