 |
 |
 |
 |
|
|
Date: 04/22/98
- Next message: Nick Bastin: "[PHP-DEV] Documentation"
- Previous message: jpronk <email protected>: "[PHP-DEV] Bug #299: Supplying quoted arguments via system() or exec()"
- Next in thread: Zeev Suraski: "Re: [PHP-DEV] Bug #300: popen, when in safe mode, fails if you use a command with parameters"
- Reply: Zeev Suraski: "Re: [PHP-DEV] Bug #300: popen, when in safe mode, fails if you use a command with parameters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: monti <email protected>
Operating system: Linux
PHP version: 3.0 Release Candidate 4
PHP Bug Type: Other
Bug description:
If safe mode, the popen command search the '/' character to
detect the presence of a path in the command to exec. This is
OK, but has a problem; if you execute a command with parameters,
for example:
$fp=popen("ls dir/dir2","r")
it will fail because it will replace "ls dir" by the path to the
secure dir, trying to execute "dir2" from this.
I wrote a path to correct this problem; this patch must be
applied to file functions/file.c (where php3_popen function
lives)
The patch:
--------------------- CUT HERE -------------------------
309c309,316
< b = strrchr(arg1->value.str.val,'/');
---
> b = strchr(arg1->value.str.val,' ');
> if(!b) {
> b = strrchr(arg1->value.str.val,'/');
> } else {
> c = arg1->value.str.val;
> while((*b!='/')&&(b!=c)) b--;
> if(b==c) b=NULL;
> }
--------------------- CUT HERE -------------------------
- Next message: Nick Bastin: "[PHP-DEV] Documentation"
- Previous message: jpronk <email protected>: "[PHP-DEV] Bug #299: Supplying quoted arguments via system() or exec()"
- Next in thread: Zeev Suraski: "Re: [PHP-DEV] Bug #300: popen, when in safe mode, fails if you use a command with parameters"
- Reply: Zeev Suraski: "Re: [PHP-DEV] Bug #300: popen, when in safe mode, fails if you use a command with parameters"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]