Fix #70264: CLI server directory traversal

On Windows the built-in webserver doesn't prevent directory traversal when backslashes are used as path component separators. Even though that is not a security issue (the CLI webserver is meant for testing only), we fix that by replacing backslashes in the path with slashes on Windows, because backslashes may be valid characters for file names on other systems, but not on Windows.
author: Christoph M. Becker <cmb@php.net> 2015-08-14 16:56:40 +0200
committer: Christoph M. Becker <cmb@php.net> 2015-08-14 17:05:31 +0200
commit: 9c805a6cb31596c41609512bdd8a9a76c9ce9b15 (patch)
tree: b84358832294f73b7cffa1a1bc0b1216dc8c8cb4 /sapi/cli/php_cli_server.c
parent: 0e51f9798c6cea1b155cb18342a43c54be55a1fd (diff)
download: php-git-9c805a6cb31596c41609512bdd8a9a76c9ce9b15.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
index 00226782de..e4ea00ac33 100644
--- a/sapi/cli/php_cli_server.c
+++ b/sapi/cli/php_cli_server.c
@@ -1579,6 +1579,18 @@ static void normalize_vpath(char **retval, size_t *retval_len, const char *vpath
 
 	decoded_vpath_end = decoded_vpath + php_url_decode(decoded_vpath, vpath_len);
 
+#ifdef PHP_WIN32
+	{
+		char *p = decoded_vpath;
+		
+		do {
+			if (*p == '\\') {
+				*p = '/';
+			}
+		} while (*p++);
+	}
+#endif
+
 	p = decoded_vpath;
 
 	if (p < decoded_vpath_end && *p == '/') {
author	Christoph M. Becker <cmb@php.net>	2015-08-14 16:56:40 +0200
committer	Christoph M. Becker <cmb@php.net>	2015-08-14 17:05:31 +0200
commit	9c805a6cb31596c41609512bdd8a9a76c9ce9b15 (patch)
tree	b84358832294f73b7cffa1a1bc0b1216dc8c8cb4 /sapi/cli/php_cli_server.c
parent	0e51f9798c6cea1b155cb18342a43c54be55a1fd (diff)
download	php-git-9c805a6cb31596c41609512bdd8a9a76c9ce9b15.tar.gz