diff options
| -rw-r--r-- | ext/standard/tests/file/tempnam_variation3-win32.phpt | 5 | ||||
| -rw-r--r-- | main/php_open_temporary_file.c | 10 | ||||
| -rw-r--r-- | main/streams/plain_wrapper.c | 40 | ||||
| -rw-r--r-- | win32/winutil.c | 15 | ||||
| -rw-r--r-- | win32/winutil.h | 1 |
5 files changed, 48 insertions, 23 deletions
diff --git a/ext/standard/tests/file/tempnam_variation3-win32.phpt b/ext/standard/tests/file/tempnam_variation3-win32.phpt index 2530736ce6..fb457cb6ab 100644 --- a/ext/standard/tests/file/tempnam_variation3-win32.phpt +++ b/ext/standard/tests/file/tempnam_variation3-win32.phpt @@ -70,7 +70,7 @@ for( $i=0; $i<count($names_arr); $i++ ) { if (realpath($file_dir) == $file_path || realpath($file_dir . "\\") == $file_path) { echo "OK\n"; } else { - echo "Failed, not created in the correct directory" . realpath($file_dir) . ' vs ' . $file_path ."\n"; + echo "Failed, not created in the correct directory " . realpath($file_dir) . ' vs ' . $file_path ."\n"; } if (!is_writable($file_name)) { @@ -99,7 +99,8 @@ OK -- Iteration 4 -- OK -- Iteration 5 -- -OK +Failed, not created in the correct directory %s vs %s +0 -- Iteration 6 -- OK -- Iteration 7 -- diff --git a/main/php_open_temporary_file.c b/main/php_open_temporary_file.c index 942eeacea4..cf17f27d66 100644 --- a/main/php_open_temporary_file.c +++ b/main/php_open_temporary_file.c @@ -113,6 +113,13 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char ** return -1; } +#ifdef PHP_WIN32 + if (!php_win32_check_trailing_space(pfx, (const int)strlen(pfx))) { + SetLastError(ERROR_INVALID_NAME); + return -1; + } +#endif + if (!VCWD_GETCWD(cwd, MAXPATHLEN)) { cwd[0] = '\0'; } @@ -138,12 +145,14 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char ** } #ifdef PHP_WIN32 + if (GetTempFileName(new_state.cwd, pfx, 0, opened_path)) { /* Some versions of windows set the temp file to be read-only, * which means that opening it will fail... */ VCWD_CHMOD(opened_path, 0600); fd = VCWD_OPEN_MODE(opened_path, open_flags, 0600); } + #elif defined(HAVE_MKSTEMP) fd = mkstemp(opened_path); #else @@ -151,6 +160,7 @@ static int php_do_open_temporary_file(const char *path, const char *pfx, char ** fd = VCWD_OPEN(opened_path, open_flags); } #endif + if (fd == -1 || !opened_path_p) { efree(opened_path); } else { diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c index 6a74f91c76..f3722d9fc5 100644 --- a/main/streams/plain_wrapper.c +++ b/main/streams/plain_wrapper.c @@ -38,12 +38,11 @@ #endif #include "SAPI.h" +#include "php_streams_int.h" #ifdef PHP_WIN32 -# include "ext/standard/php_string.h" +# include "win32/winutil.h" #endif -#include "php_streams_int.h" - #define php_stream_fopen_from_fd_int(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_CC TSRMLS_CC) #define php_stream_fopen_from_fd_int_rel(fd, mode, persistent_id) _php_stream_fopen_from_fd_int((fd), (mode), (persistent_id) STREAMS_REL_CC TSRMLS_CC) #define php_stream_fopen_from_file_int(file, mode) _php_stream_fopen_from_file_int((file), (mode) STREAMS_CC TSRMLS_CC) @@ -1065,24 +1064,13 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, char *url_from, c } #ifdef PHP_WIN32 - /* Prevent bad things to happen when invalid path are used with MoveFileEx */ - { - int url_from_len = strlen(url_from); - int url_to_len = strlen(url_to); - char *trimed = php_trim(url_from, url_from_len, NULL, 0, NULL, 1 TSRMLS_CC); - int trimed_len = strlen(trimed); - - if (trimed_len == 0 || trimed_len != url_from_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } - - trimed = php_trim(url_to, url_to_len, NULL, 0, NULL, 1 TSRMLS_CC); - trimed_len = strlen(trimed); - if (trimed_len == 0 || trimed_len != url_to_len) { - php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); - return 0; - } + if (!php_win32_check_trailing_space(url_from, strlen(url_from))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; + } + if (!php_win32_check_trailing_space(url_to, strlen(url_to))) { + php_win32_docref2_from_error(ERROR_INVALID_NAME, url_from, url_to TSRMLS_CC); + return 0; } #endif @@ -1251,6 +1239,9 @@ static int php_plain_files_mkdir(php_stream_wrapper *wrapper, char *dir, int mod static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int options, php_stream_context *context TSRMLS_DC) { +#if PHP_WIN32 + int url_len = strlen(url); +#endif if (PG(safe_mode) &&(!php_checkuid(url, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return 0; } @@ -1259,6 +1250,13 @@ static int php_plain_files_rmdir(php_stream_wrapper *wrapper, char *url, int opt return 0; } +#if PHP_WIN32 + if (!php_win32_check_trailing_space(url, url_len)) { + php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(ENOENT)); + return 0; + } +#endif + if (VCWD_RMDIR(url) < 0) { php_error_docref1(NULL TSRMLS_CC, url, E_WARNING, "%s", strerror(errno)); return 0; diff --git a/win32/winutil.c b/win32/winutil.c index 7e1cf3fc91..24b00edfae 100644 --- a/win32/winutil.c +++ b/win32/winutil.c @@ -31,3 +31,18 @@ PHPAPI char *php_win_err(int error) return (buf ? (char *) buf : ""); } + +int php_win32_check_trailing_space(const char * path, const int path_len) { + if (path_len < 1) { + return 1; + } + if (path) { + if (path[0] == ' ' || path[path_len - 1] == ' ') { + return 0; + } else { + return 1; + } + } else { + return 0; + } +} diff --git a/win32/winutil.h b/win32/winutil.h index 36b10200cb..8ee75752da 100644 --- a/win32/winutil.h +++ b/win32/winutil.h @@ -19,3 +19,4 @@ PHPAPI char *php_win_err(int error); #define php_win_err() php_win_err(GetLastError()) +int php_win32_check_trailing_space(const char * path, const int path_len); |