 |
 |
 |
 |
|
|
Date: 01/08/01
- Next message: sniper <email protected>: "[PHP-DEV] PHP 4.0 Bug #6897 Updated: Oracle/PHP defunct Apache processes"
- Previous message: Cynic: "Re: [PHP-DEV] RE: PHP 4.0 Bug #8472 Updated: calling a function in a regular ex pression"
- In reply to: Zeev Suraski: "[PHP-DEV] Re: Pretty mammoth security issue with safe_mode_exec"
- Next in thread: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ZS>> Oh, well, actually I was too quick to respond - ".\" is indeed
ZS>> an invalid escape, but PHP treats it as ".\\", and not just ".".
ZS>>
ZS>> I just checked, shells indeed accept \.\. as if it was "..", so
ZS>> the bug is legit. If anybody attempts to fix it - note that \..
ZS>> and .\. are also possible.
>From what I see in the code, PHP just strips everything before last / in
the command path, so does it catch ..'s or does not is not so
relevant. What could be problematic, though - it does not count on path
separator being not / on Windows. This probably indeed needs to be fixed.
-- Stanislav Malyshev, Zend Products Engineer stas <email protected> http://www.zend.com/ +972-3-6139665 ext.115-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: sniper <email protected>: "[PHP-DEV] PHP 4.0 Bug #6897 Updated: Oracle/PHP defunct Apache processes"
- Previous message: Cynic: "Re: [PHP-DEV] RE: PHP 4.0 Bug #8472 Updated: calling a function in a regular ex pression"
- In reply to: Zeev Suraski: "[PHP-DEV] Re: Pretty mammoth security issue with safe_mode_exec"
- Next in thread: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]