summaryrefslogtreecommitdiff
path: root/main/fopen_wrappers.c
diff options
context:
space:
mode:
Diffstat (limited to 'main/fopen_wrappers.c')
-rw-r--r--main/fopen_wrappers.c147
1 files changed, 24 insertions, 123 deletions
diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
index 1ea07e1f13..9d4a8a85c2 100644
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@@ -39,7 +39,6 @@
#include <sys/param.h>
#endif
-#include "safe_mode.h"
#include "ext/standard/head.h"
#include "ext/standard/php_standard.h"
#include "zend_compile.h"
@@ -338,55 +337,6 @@ PHPAPI int php_check_open_basedir_ex(const char *path, int warn TSRMLS_DC)
}
/* }}} */
-/* {{{ php_check_safe_mode_include_dir
- */
-PHPAPI int php_check_safe_mode_include_dir(const char *path TSRMLS_DC)
-{
- if (PG(safe_mode)) {
- if (PG(safe_mode_include_dir) && *PG(safe_mode_include_dir)) {
- char *pathbuf;
- char *ptr;
- char *end;
- char resolved_name[MAXPATHLEN];
-
- /* Resolve the real path into resolved_name */
- if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
- return -1;
- }
- pathbuf = estrdup(PG(safe_mode_include_dir));
- ptr = pathbuf;
-
- while (ptr && *ptr) {
- end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
- if (end != NULL) {
- *end = '\0';
- end++;
- }
-
- /* Check the path */
-#ifdef PHP_WIN32
- if (strncasecmp(ptr, resolved_name, strlen(ptr)) == 0)
-#else
- if (strncmp(ptr, resolved_name, strlen(ptr)) == 0)
-#endif
- {
- /* File is in the right directory */
- efree(pathbuf);
- return 0;
- }
-
- ptr = end;
- }
- efree(pathbuf);
- }
- return -1;
- }
-
- /* Nothing to check... */
- return 0;
-}
-/* }}} */
-
/* {{{ php_fopen_and_set_opened_path
*/
static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path TSRMLS_DC)
@@ -398,7 +348,7 @@ static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, c
}
fp = VCWD_FOPEN(path, mode);
if (fp && opened_path) {
- *opened_path = expand_filepath(path, NULL TSRMLS_CC);
+ *opened_path = expand_filepath_with_mode(path, NULL, NULL, 0, CWD_EXPAND TSRMLS_CC);
}
return fp;
}
@@ -408,14 +358,11 @@ static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, c
*/
PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
{
- FILE *fp;
-#ifndef PHP_WIN32
- struct stat st;
-#endif
char *path_info;
char *filename = NULL;
char *resolved_path = NULL;
int length;
+ zend_bool orig_display_errors;
path_info = SG(request_info).request_uri;
#if HAVE_PWD_H
@@ -496,17 +443,12 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
SG(request_info).path_translated = NULL;
return FAILURE;
}
- fp = VCWD_FOPEN(resolved_path, "rb");
+ efree(resolved_path);
-#ifndef PHP_WIN32
- /* refuse to open anything that is not a regular file */
- if (fp && (0 > fstat(fileno(fp), &st) || !S_ISREG(st.st_mode))) {
- fclose(fp);
- fp = NULL;
- }
-#endif
-
- if (!fp) {
+ orig_display_errors = PG(display_errors);
+ PG(display_errors) = 0;
+ if (zend_stream_open(filename, file_handle TSRMLS_CC) == FAILURE) {
+ PG(display_errors) = orig_display_errors;
if (SG(request_info).path_translated != filename) {
STR_FREE(filename);
}
@@ -514,19 +456,13 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
SG(request_info).path_translated = NULL;
return FAILURE;
}
-
- file_handle->opened_path = resolved_path;
+ PG(display_errors) = orig_display_errors;
if (SG(request_info).path_translated != filename) {
STR_FREE(SG(request_info).path_translated); /* for same reason as above */
SG(request_info).path_translated = filename;
}
- file_handle->filename = SG(request_info).path_translated;
- file_handle->free_filename = 0;
- file_handle->handle.fp = fp;
- file_handle->type = ZEND_HANDLE_FP;
-
return SUCCESS;
}
/* }}} */
@@ -542,11 +478,7 @@ PHPAPI char *php_resolve_path(const char *filename, int filename_length, const c
char *actual_path;
php_stream_wrapper *wrapper;
- if (!filename) {
- return NULL;
- }
-
- if (strlen(filename) != filename_length) {
+ if (!filename || CHECK_NULL_PATH(filename, filename_length)) {
return NULL;
}
@@ -633,7 +565,7 @@ PHPAPI char *php_resolve_path(const char *filename, int filename_length, const c
/* check in calling scripts' current working directory as a fall back case
*/
if (zend_is_executing(TSRMLS_C)) {
- char *exec_fname = zend_get_executed_filename(TSRMLS_C);
+ const char *exec_fname = zend_get_executed_filename(TSRMLS_C);
int exec_fname_length = strlen(exec_fname);
while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length]));
@@ -679,9 +611,8 @@ PHPAPI char *php_resolve_path(const char *filename, int filename_length, const c
PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, char **opened_path TSRMLS_DC)
{
char *pathbuf, *ptr, *end;
- char *exec_fname;
+ const char *exec_fname;
char trypath[MAXPATHLEN];
- struct stat sb;
FILE *fp;
int path_length;
int filename_length;
@@ -698,34 +629,11 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
filename_length = strlen(filename);
/* Relative path open */
- if (*filename == '.') {
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
- return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
- }
-
- /*
- * files in safe_mode_include_dir (or subdir) are excluded from
- * safe mode GID/UID checks
- */
-
+ if ((*filename == '.')
/* Absolute path open */
- if (IS_ABSOLUTE_PATH(filename, filename_length)) {
- if (php_check_safe_mode_include_dir(filename TSRMLS_CC) == 0) {
- /* filename is in safe_mode_include_dir (or subdir) */
- return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
- }
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
- return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
- }
-
- if (!path || (path && !*path)) {
- if (PG(safe_mode) && (!php_checkuid(filename, mode, CHECKUID_CHECK_MODE_PARAM))) {
- return NULL;
- }
+ || IS_ABSOLUTE_PATH(filename, filename_length)
+ || (!path || (path && !*path))
+ ) {
return php_fopen_and_set_opened_path(filename, mode, opened_path TSRMLS_CC);
}
@@ -764,21 +672,6 @@ PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const c
if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
}
- if (PG(safe_mode)) {
- if (VCWD_STAT(trypath, &sb) == 0) {
- /* file exists ... check permission */
- if (php_check_safe_mode_include_dir(trypath TSRMLS_CC) == 0 ||
- php_checkuid(trypath, mode, CHECKUID_CHECK_MODE_PARAM)
- ) {
- /* UID ok, or trypath is in safe_mode_include_dir */
- fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
- } else {
- fp = NULL;
- }
- efree(pathbuf);
- return fp;
- }
- }
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path TSRMLS_CC);
if (fp) {
efree(pathbuf);
@@ -844,6 +737,14 @@ PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC)
*/
PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len TSRMLS_DC)
{
+ return expand_filepath_with_mode(filepath, real_path, relative_to, relative_to_len, CWD_FILEPATH TSRMLS_CC);
+}
+/* }}} */
+
+/* {{{ expand_filepath_use_realpath
+ */
+PHPAPI char *expand_filepath_with_mode(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len, int realpath_mode TSRMLS_DC)
+{
cwd_state new_state;
char cwd[MAXPATHLEN];
int copy_len;
@@ -888,7 +789,7 @@ PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const cha
new_state.cwd = strdup(cwd);
new_state.cwd_length = strlen(cwd);
- if (virtual_file_ex(&new_state, filepath, NULL, CWD_FILEPATH)) {
+ if (virtual_file_ex(&new_state, filepath, NULL, realpath_mode TSRMLS_CC)) {
free(new_state.cwd);
return NULL;
}
View Lorry Controller Status