 |
 |
 |
 |
|
|
Date: 12/31/99
- Next message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Previous message: djm <email protected>: "[PHP-DEV] PHP 4.0 Bug #3075: inconsistency in checking include_path"
- Next in thread: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Maybe reply: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Maybe reply: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ID: 3075
User Update by: djm <email protected>
Status: Open
Bug Type: Misbehaving function
Description: inconsistency in checking include_path
I now believe that both of those if statements are wrong. php3_fopen_with_path should always be run, because it is the only place that checks doc_root. Experimenting shows that the PHP function fopen does not use doc_root, at least when configured the way I have it.
If include_path is not set, php3_fopen_wrapper does the same thing as the alternative code blocks in these two statements, so those blocks are redundant.
(BTW, I do have safe_mode on, and open_basedir set to the same value as doc_root.)
Also, the check in php3_fopen_with_path for a relative file name is wrong, because it fails for files with names like ".cshrc" or "....", and it doesn't handle ".." either.
Here are patches to make it work the way it seems to me it should.
--- fopen-wrappers.c 1999/12/30 22:31:12 1.1.1.2
+++ fopen-wrappers.c 1999/12/31 21:26:54
@@ -194,16 +194,7 @@
}
#endif
- if (options & USE_PATH && PG(include_path) != NULL) {
- return php3_fopen_with_path(path, mode, PG(include_path), NULL);
- } else {
- if(!strcmp(mode,"r") || !strcmp(mode,"r+")) cm=0;
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!_php3_checkuid(path, cm))) {
- return NULL;
- }
- if (_php3_check_open_basedir(path)) return NULL;
- return fopen(path, mode);
- }
+ return php3_fopen_with_path(path, mode, PG(include_path), NULL);
}
#if CGI_BINARY || FHTTPD || USE_SAPI
@@ -324,8 +315,9 @@
if (opened_path) {
*opened_path = NULL;
}
- /* Relative path open */
- if (*filename == '.') {
+ /* Relative path open; never use path */
+ if ((filename[0] == '.' && filename[1] == '/')
+ || (filename[0] == '.' && filename[1] == '.' && filename[2] == '/')) {
if (PG(safe_mode) && (!_php3_checkuid(filename, cm))) {
return NULL;
}
@@ -886,23 +878,8 @@
} else {
PLS_FETCH();
-
- if (options & USE_PATH) {
- fp = php3_fopen_with_path((char *) path, mode, PG(include_path), NULL);
- } else {
- int cm=2;
- if(!strcmp(mode,"r") || !strcmp(mode,"r+")) cm=0;
- if (options & ENFORCE_SAFE_MODE && PG(safe_mode) && (!_php3_checkuid(path, cm))) {
- fp = NULL;
- } else {
- if (_php3_check_open_basedir((char *) path)) {
- fp = NULL;
- } else {
- fp = fopen(path, mode);
- }
- }
- }
+ fp = php3_fopen_with_path((char *) path, mode, PG(include_path), NULL);
*issock = 0;
return (fp);
Full Bug description available at: http://bugs.php.net/version4/?id=3075
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Previous message: djm <email protected>: "[PHP-DEV] PHP 4.0 Bug #3075: inconsistency in checking include_path"
- Next in thread: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Maybe reply: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Maybe reply: Bug Database: "[PHP-DEV] PHP 4.0 Bug #3075 Updated: inconsistency in checking include_path"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]