diff options
| author | Pierre Joye <pajoye@php.net> | 2010-02-07 20:15:58 +0000 |
|---|---|---|
| committer | Pierre Joye <pajoye@php.net> | 2010-02-07 20:15:58 +0000 |
| commit | 658e86b847b843e08c9576b21af31e3f1e316531 (patch) | |
| tree | 654da51c9016d55ab2c6a5baec3a330aa691fd97 /main/streams/plain_wrapper.c | |
| parent | c58f63a38ae19caaab339c61486fc3bd7e5894f9 (diff) | |
| download | php-git-658e86b847b843e08c9576b21af31e3f1e316531.tar.gz | |
- prevent unexpectable behaviors (for the user) with invalid path
Diffstat (limited to 'main/streams/plain_wrapper.c')
| -rw-r--r-- | main/streams/plain_wrapper.c | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 6a74f91c76..f3722d9fc5 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -38,12 +38,11 @@ #endif #include "SAPI.h" +#include "php_streams_int.h" #ifdef PHP_WIN32 -# include "ext/standard/php_string.h" +# include "win32/winutil.h" #endif -#include "php_streams_int.h" - #define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC) #define php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_REL_CC TSRMLS_CC) #define php_stream_fopen_from_file_int(file, mode) _php_stream_fopen_from_file_int((file), (mode) STREAMS_CC TSRMLS_CC) @@ -1065,24 +1064,13 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, char *url_from, c } #ifdef PHP_WIN32 - /* Prevent bad things to happen when invalid path are used with MoveFileEx */ - { - int url_from_len = strlen(url_from); - int url_to_len = strlen(url_to); - char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC); - int trimed_len = strlen(trimed); - - if (trimed_len == 0 || trimed_len != url_from_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } - - trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC); - trimed_len = strlen(trimed); - if (trimed_len == 0 || trimed_len != url_to_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } + if (!php_win32_check_trailing_space(url_from, strlen(url_from))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } + if (!php_win32_check_trailing_space(url_to, strlen(url_to))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; } #endif @@ -1251,6 +1239,9 @@ static int php_plain_files_mkdir(php_stream_wrapper *wrapper, char *dir, int mod static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int options, php_stream_context *context TSRMLS_DC) { +#if PHP_WIN32 + int url_len = strlen(url); +#endif if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return 0; } @@ -1259,6 +1250,13 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int opt return 0; } +#if PHP_WIN32 + if (!php_win32_check_trailing_space(url, url_len)) { + php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(ENOENT)); + return 0; + } +#endif + if (VCWD_RMDIR(url) < 0) { php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(errno)); return 0; |