 |
 |
 |
 |
|
|
Date: 07/30/98
- Next message: hunter <email protected>: "[PHP-DEV] Bug #601: phpinfo() returns an empty page"
- Previous message: Rasmus Lerdorf: "Re: [PHP-DEV] Re: Bug #600 Updated: return true/false for setcookie() ?"
- Next in thread: jah: "[PHP-DEV] CVS update: php3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thursday July 30, 1998 @ 16:39
Author: steffann
Update of /repository/php3
In directory asf:/tmp/cvs-serv12674
Modified Files:
Makefile.in fopen-wrappers.c fopen-wrappers.h main.c
mod_php3.c mod_php3.h
Added Files:
php3_realpath.c php3_realpath.h
Log Message:
New option: fopen_basedir <path>
functions based on the fopen-wrappers will only open files in <path>,
or in subdirectories of it. Support for functions not based on the
fopen-wrappers will come soon.
Index: php3/Makefile.in
diff -c php3/Makefile.in:1.244 php3/Makefile.in:1.245
*** php3/Makefile.in:1.244 Mon Jul 27 11:55:39 1998
--- php3/Makefile.in Thu Jul 30 16:39:12 1998
***************
*** 24,30 ****
# +----------------------------------------------------------------------+
#
! # $Id: Makefile.in,v 1.244 1998/07/27 15:55:39 musone Exp $
#
prefix = <email protected>@
--- 24,30 ----
# +----------------------------------------------------------------------+
#
! # $Id: Makefile.in,v 1.245 1998/07/30 20:39:12 steffann Exp $
#
prefix = <email protected>@
***************
*** 57,68 ****
variables.c token_cache.c stack.c internal_functions.c \
snprintf.c php3_sprintf.c alloc.c list.c highlight.c debugger.c \
configuration-parser.tab.c configuration-scanner.c \
! request_info.c safe_mode.c fopen-wrappers.c constants.c
OBJS = language-parser.tab.o language-scanner.o main.o php3_hash.o operators.o \
variables.o token_cache.o stack.o internal_functions.o \
snprintf.o php3_sprintf.o alloc.o list.o highlight.o debugger.o \
configuration-parser.tab.o configuration-scanner.o \
! request_info.o safe_mode.o fopen-wrappers.o constants.o <email protected>@
FUNCTIONS_SOURCE = functions/adabasd.c functions/apache.c functions/fhttpd.c \
functions/basic_functions.c \
--- 57,70 ----
variables.c token_cache.c stack.c internal_functions.c \
snprintf.c php3_sprintf.c alloc.c list.c highlight.c debugger.c \
configuration-parser.tab.c configuration-scanner.c \
! request_info.c safe_mode.c fopen-wrappers.c constants.c \
! php3_realpath.c
OBJS = language-parser.tab.o language-scanner.o main.o php3_hash.o operators.o \
variables.o token_cache.o stack.o internal_functions.o \
snprintf.o php3_sprintf.o alloc.o list.o highlight.o debugger.o \
configuration-parser.tab.o configuration-scanner.o \
! request_info.o safe_mode.o fopen-wrappers.o constants.o \
! php3_realpath.o <email protected>@
FUNCTIONS_SOURCE = functions/adabasd.c functions/apache.c functions/fhttpd.c \
functions/basic_functions.c \
Index: php3/fopen-wrappers.c
diff -c php3/fopen-wrappers.c:1.39 php3/fopen-wrappers.c:1.40
*** php3/fopen-wrappers.c:1.39 Fri Jun 26 10:58:18 1998
--- php3/fopen-wrappers.c Thu Jul 30 16:39:13 1998
***************
*** 27,33 ****
| Jim Winstead <jimw <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: fopen-wrappers.c,v 1.39 1998/06/26 14:58:18 rasmus Exp $ */
#ifdef THREAD_SAFE
#include "tls.h"
--- 27,33 ----
| Jim Winstead <jimw <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: fopen-wrappers.c,v 1.40 1998/07/30 20:39:13 steffann Exp $ */
#ifdef THREAD_SAFE
#include "tls.h"
***************
*** 54,59 ****
--- 54,60 ----
#include "safe_mode.h"
#include "php3_list.h"
+ #include "php3_realpath.h"
#include "functions/head.h"
#include "functions/url.h"
#include "functions/base64.h"
***************
*** 97,102 ****
--- 98,140 ----
int _php3_getftpresult(int socketd);
+ /*
+ When fopen_basedir is not NULL, check if the given filename is located in
+ fopen_basedir. Returns -1 if error or not in the fopen_basedir, else 0
+
+ When fopen_basedir is NULL, always return 0
+ */
+ int _php3_check_fopen_basedir(char *path)
+ {
+ char resolved_name[MAXPATHLEN];
+
+ /* Only check when fopen_basedir is available */
+ if (php3_ini.fopen_basedir && *php3_ini.fopen_basedir) {
+ /* Resolve the real path into resolved_name */
+ if (_php3_realpath(path, resolved_name) != NULL) {
+ /* Check the path */
+ #if WIN32|WINNT
+ if (strncmp(php3_ini.fopen_basedir, resolved_name, strlen(php3_ini.fopen_basedir)) == 0) {
+ #else
+ if (strncasecmp(php3_ini.fopen_basedir, resolved_name, strlen(php3_ini.fopen_basedir)) == 0) {
+ #endif
+ /* File is in the right directory */
+ return 0;
+ } else {
+ php3_error(E_WARNING, "fopen_basedir restriction in effect. File is in wrong directory.");
+ return -1;
+ }
+ } else {
+ /* Unable to resolve the real path, return -1 */
+ php3_error(E_WARNING, "fopen_basedir restriction in effect. Unable to verify location of file.");
+ return -1;
+ }
+ } else {
+ /* fopen_basedir is not available, return 0 */
+ return 0;
+ }
+ }
+
PHPAPI FILE *php3_fopen_wrapper(char *path, char *mode, int options, int *issock, int *socketd)
{
#if PHP3_URL_FOPEN
***************
*** 112,117 ****
--- 150,156 ----
php3_error(E_WARNING, "SAFE MODE Restriction in effect. Invalid owner of file to be read.");
return NULL;
}
+ if (_php3_check_fopen_basedir(path)) return NULL;
return fopen(path, mode);
}
}
***************
*** 232,237 ****
--- 271,277 ----
php3_error(E_WARNING, "SAFE MODE Restriction in effect. Invalid owner.");
return NULL;
}
+ if (_php3_check_fopen_basedir(path)) return NULL;
fp = fopen(filename, mode);
if (fp && opened_path) {
*opened_path = expand_filepath(filename);
***************
*** 250,261 ****
--- 290,303 ----
php3_error(E_WARNING, "SAFE MODE Restriction in effect. Invalid owner.");
return NULL;
}
+ if (_php3_check_fopen_basedir(path)) return NULL;
fp = fopen(trypath, mode);
if (fp && opened_path) {
*opened_path = expand_filepath(trypath);
}
return fp;
} else {
+ if (_php3_check_fopen_basedir(path)) return NULL;
return fopen(filename, mode);
}
}
***************
*** 264,269 ****
--- 306,312 ----
php3_error(E_WARNING, "SAFE MODE Restriction in effect. Invalid owner.");
return NULL;
}
+ if (_php3_check_fopen_basedir(path)) return NULL;
fp = fopen(filename, mode);
if (fp && opened_path) {
*opened_path = strdup(filename);
***************
*** 293,298 ****
--- 336,345 ----
}
}
if ((fp = fopen(trypath, mode)) != NULL) {
+ if (_php3_check_fopen_basedir(path)) {
+ efree(pathbuf);
+ return NULL;
+ }
if (opened_path) {
*opened_path = expand_filepath(trypath);
}
***************
*** 758,764 ****
php3_error(E_WARNING, "SAFE MODE Restriction in effect. Invalid owner of file to be read.");
fp = NULL;
} else {
! fp = fopen(path, mode);
}
}
--- 805,815 ----
php3_error(E_WARNING, "SAFE MODE Restriction in effect. Invalid owner of file to be read.");
fp = NULL;
} else {
! if (_php3_check_fopen_basedir(path)) {
! fp = NULL;
! } else {
! fp = fopen(path, mode);
! }
}
}
Index: php3/fopen-wrappers.h
diff -c php3/fopen-wrappers.h:1.17 php3/fopen-wrappers.h:1.18
*** php3/fopen-wrappers.h:1.17 Sat May 23 13:18:43 1998
--- php3/fopen-wrappers.h Thu Jul 30 16:39:13 1998
***************
*** 26,32 ****
| Authors: Jim Winstead <jimw <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: fopen-wrappers.h,v 1.17 1998/05/23 17:18:43 shane Exp $ */
#ifndef _FOPEN_WRAPPERS_H
#define _FOPEN_WRAPPERS_H
--- 26,32 ----
| Authors: Jim Winstead <jimw <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: fopen-wrappers.h,v 1.18 1998/07/30 20:39:13 steffann Exp $ */
#ifndef _FOPEN_WRAPPERS_H
#define _FOPEN_WRAPPERS_H
***************
*** 70,75 ****
--- 70,77 ----
extern PHPAPI FILE *php3_fopen_wrapper(char *filename, char *mode, int options, int *issock, int *socketd);
extern FILE *php3_fopen_for_parser(void);
+
+ extern int _php3_check_fopen_basedir(char *path);
extern PHPAPI FILE *php3_fopen_with_path(char *filename, char *mode, char *path, char **opened_path);
Index: php3/main.c
diff -c php3/main.c:1.457 php3/main.c:1.458
*** php3/main.c:1.457 Tue Jul 28 18:00:02 1998
--- php3/main.c Thu Jul 30 16:39:14 1998
***************
*** 29,35 ****
+----------------------------------------------------------------------+
*/
! /* $Id: main.c,v 1.457 1998/07/28 22:00:02 rasmus Exp $ */
/* #define CRASH_DETECTION */
--- 29,35 ----
+----------------------------------------------------------------------+
*/
! /* $Id: main.c,v 1.458 1998/07/30 20:39:14 steffann Exp $ */
/* #define CRASH_DETECTION */
***************
*** 1051,1056 ****
--- 1051,1059 ----
}
if (cfg_get_string("error_append_string", &php3_ini.error_append_string) == FAILURE) {
php3_ini.error_append_string = NULL;
+ }
+ if (cfg_get_string("fopen_basedir", &php3_ini.fopen_basedir) == FAILURE) {
+ php3_ini.fopen_basedir = NULL;
}
/* THREADX Will have to look into this on windows
* Make a master copy to use as a basis for every per-dir config.
Index: php3/mod_php3.c
diff -c php3/mod_php3.c:1.77 php3/mod_php3.c:1.78
*** php3/mod_php3.c:1.77 Wed Jul 15 00:29:47 1998
--- php3/mod_php3.c Thu Jul 30 16:39:15 1998
***************
*** 27,33 ****
| (with helpful hints from Dean Gaudet <dgaudet <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: mod_php3.c,v 1.77 1998/07/15 04:29:47 rasmus Exp $ */
#ifdef THREAD_SAFE
#include "tls.h"
--- 27,33 ----
| (with helpful hints from Dean Gaudet <dgaudet <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: mod_php3.c,v 1.78 1998/07/30 20:39:15 steffann Exp $ */
#ifdef THREAD_SAFE
#include "tls.h"
***************
*** 319,324 ****
--- 319,325 ----
if (add->gpc_order != orig.gpc_order) new->gpc_order = add->gpc_order;
if (add->error_prepend_string != orig.error_prepend_string) new->error_prepend_string = add->error_prepend_string;
if (add->error_append_string != orig.error_append_string) new->error_append_string = add->error_append_string;
+ if (add->fopen_basedir != orig.fopen_basedir) new->fopen_basedir = add->fopen_basedir;
return new;
}
***************
*** 448,453 ****
--- 449,457 ----
case 17:
conf->error_append_string = pstrdup(cmd->pool, arg);
break;
+ case 18:
+ conf->fopen_basedir = pstrdup(cmd->pool, arg);
+ break;
}
return NULL;
}
***************
*** 506,511 ****
--- 510,516 ----
{"php3_gpc_order", php3take1handler, (void *)15, OR_OPTIONS, TAKE1, "Set GET-COOKIE-POST order [default is GPC]"},
{"php3_error_prepend_string", php3take1handler, (void *)16, OR_OPTIONS, TAKE1, "String to add before an error message from PHP"},
{"php3_error_append_string", php3take1handler, (void *)17, OR_OPTIONS, TAKE1, "String to add after an error message from PHP"},
+ {"php3_fopen_basedir", php3take1handler, (void *)18, OR_OPTIONS|RSRC_CONF, TAKE1, "Limit fopen to files in this directory"},
{"php3_track_errors", php3flaghandler, (void *)0, OR_OPTIONS, FLAG, "on|off"},
{"php3_magic_quotes_gpc", php3flaghandler, (void *)1, OR_OPTIONS, FLAG, "on|off"},
Index: php3/mod_php3.h
diff -c php3/mod_php3.h:1.40 php3/mod_php3.h:1.41
*** php3/mod_php3.h:1.40 Fri Jul 10 20:57:28 1998
--- php3/mod_php3.h Thu Jul 30 16:39:15 1998
***************
*** 26,32 ****
| Authors: Rasmus Lerdorf <rasmus <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: mod_php3.h,v 1.40 1998/07/11 00:57:28 rasmus Exp $ */
#ifndef _MOD_PHP3_H
#define _MOD_PHP3_H
--- 26,32 ----
| Authors: Rasmus Lerdorf <rasmus <email protected>> |
+----------------------------------------------------------------------+
*/
! /* $Id: mod_php3.h,v 1.41 1998/07/30 20:39:15 steffann Exp $ */
#ifndef _MOD_PHP3_H
#define _MOD_PHP3_H
***************
*** 86,91 ****
--- 86,92 ----
long define_syslog_variables;
char *error_prepend_string;
char *error_append_string;
+ char *fopen_basedir;
} php3_ini_structure;
#if MSVC5
- Next message: hunter <email protected>: "[PHP-DEV] Bug #601: phpinfo() returns an empty page"
- Previous message: Rasmus Lerdorf: "Re: [PHP-DEV] Re: Bug #600 Updated: return true/false for setcookie() ?"
- Next in thread: jah: "[PHP-DEV] CVS update: php3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]