From 7f3bc64287588f6a838d1a9524624deba1e5e153 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 5 Mar 2020 12:20:04 +0100
Subject: Fix #70362: Can't copy() large 'data://' with open_basedir

open_basedir is only relevant for plain files, so there is no need to
check it for other URL wrappers.
---
 NEWS                                     |  3 +++
 ext/standard/file.c                      |  2 +-
 ext/standard/tests/streams/bug70362.phpt | 15 +++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 ext/standard/tests/streams/bug70362.phpt

diff --git a/NEWS b/NEWS
index 2c8da20466..57b3899215 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ PHP                                                                        NEWS
 - FTP:
   . Fixed bug #55857 (ftp_size on large files). (cmb)
 
+- Standard:
+  . Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
+
 ?? ??? ????, PHP 7.3.20
 
 - Core:
diff --git a/ext/standard/file.c b/ext/standard/file.c
index b2c9ca06f2..dca9cf4fe3 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1669,7 +1669,7 @@ PHP_FUNCTION(copy)
 		Z_PARAM_RESOURCE_EX(zcontext, 1, 0)
 	ZEND_PARSE_PARAMETERS_END();
 
-	if (php_check_open_basedir(source)) {
+	if (php_stream_locate_url_wrapper(source, NULL, 0) == &php_plain_files_wrapper && php_check_open_basedir(source)) {
 		RETURN_FALSE;
 	}
 
diff --git a/ext/standard/tests/streams/bug70362.phpt b/ext/standard/tests/streams/bug70362.phpt
new file mode 100644
index 0000000000..3fbc3fea16
--- /dev/null
+++ b/ext/standard/tests/streams/bug70362.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #70362 (Can't copy() large 'data://' with open_basedir)
+--INI--
+open_basedir=.
+--FILE--
+<?php
+$temp = tempnam(__DIR__, 'test');
+$data = str_repeat('0', 4096);
+$data = 'data://plain/text;base64,' . base64_encode($data);
+var_dump(copy($data, $temp));
+echo file_get_contents($temp);
+?>
+--EXPECT--
+bool(true)
+0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
-- 
cgit v1.2.1