1999-04-07 21:05:13 +00:00
|
|
|
/*
|
|
|
|
|
+----------------------------------------------------------------------+
|
2014-09-19 16:33:14 +00:00
|
|
|
| PHP Version 7 |
|
1999-04-07 21:05:13 +00:00
|
|
|
+----------------------------------------------------------------------+
|
2015-01-15 15:27:30 +00:00
|
|
|
| Copyright (c) 1997-2015 The PHP Group |
|
1999-04-07 21:05:13 +00:00
|
|
|
+----------------------------------------------------------------------+
|
2006-01-01 12:51:34 +00:00
|
|
|
| This source file is subject to version 3.01 of the PHP license, |
|
1999-07-16 13:13:16 +00:00
|
|
|
| that is bundled with this package in the file LICENSE, and is |
|
2003-06-10 20:04:29 +00:00
|
|
|
| available through the world-wide-web at the following url: |
|
2006-01-01 12:51:34 +00:00
|
|
|
| http://www.php.net/license/3_01.txt |
|
1999-07-16 13:13:16 +00:00
|
|
|
| If you did not receive a copy of the PHP license and are unable to |
|
|
|
|
|
| obtain it through the world-wide-web, please send a note to |
|
|
|
|
|
| license@php.net so we can mail you a copy immediately. |
|
1999-04-07 21:05:13 +00:00
|
|
|
+----------------------------------------------------------------------+
|
|
|
|
|
| Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
|
|
|
|
|
| Jim Winstead <jimw@php.net> |
|
|
|
|
|
+----------------------------------------------------------------------+
|
|
|
|
|
*/
|
2003-02-19 08:40:19 +00:00
|
|
|
|
1999-04-07 21:05:13 +00:00
|
|
|
/* $Id$ */
|
|
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ includes
|
|
|
|
|
*/
|
1999-04-07 21:05:13 +00:00
|
|
|
#include "php.h"
|
1999-04-10 12:17:20 +00:00
|
|
|
#include "php_globals.h"
|
1999-05-02 19:54:02 +00:00
|
|
|
#include "SAPI.h"
|
1999-04-07 21:05:13 +00:00
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
|
2000-02-11 15:59:30 +00:00
|
|
|
#ifdef PHP_WIN32
|
1999-04-07 21:05:13 +00:00
|
|
|
#define O_RDONLY _O_RDONLY
|
|
|
|
|
#include "win32/param.h"
|
|
|
|
|
#else
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-06-15 21:51:00 +00:00
|
|
|
#include "ext/standard/head.h"
|
1999-12-04 19:19:57 +00:00
|
|
|
#include "ext/standard/php_standard.h"
|
1999-04-07 21:05:13 +00:00
|
|
|
#include "zend_compile.h"
|
2000-09-05 15:59:08 +00:00
|
|
|
#include "php_network.h"
|
1999-04-07 21:05:13 +00:00
|
|
|
|
|
|
|
|
#if HAVE_PWD_H
|
|
|
|
|
#include <pwd.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#if HAVE_SYS_SOCKET_H
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifndef S_ISREG
|
2000-12-14 23:05:31 +00:00
|
|
|
#define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG)
|
1999-04-07 21:05:13 +00:00
|
|
|
#endif
|
|
|
|
|
|
2000-02-11 15:59:30 +00:00
|
|
|
#ifdef PHP_WIN32
|
2003-02-16 03:48:49 +00:00
|
|
|
#include <winsock2.h>
|
2002-09-09 10:56:28 +00:00
|
|
|
#elif defined(NETWARE) && defined(USE_WINSOCK)
|
|
|
|
|
#include <novsock2.h>
|
1999-04-07 21:05:13 +00:00
|
|
|
#else
|
|
|
|
|
#include <netinet/in.h>
|
|
|
|
|
#include <netdb.h>
|
2001-01-21 17:29:15 +00:00
|
|
|
#if HAVE_ARPA_INET_H
|
1999-04-07 21:05:13 +00:00
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
#endif
|
2001-01-21 17:29:15 +00:00
|
|
|
#endif
|
1999-04-07 21:05:13 +00:00
|
|
|
|
2002-09-09 10:56:28 +00:00
|
|
|
#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
|
1999-04-07 21:05:13 +00:00
|
|
|
#undef AF_UNIX
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if defined(AF_UNIX)
|
|
|
|
|
#include <sys/un.h>
|
|
|
|
|
#endif
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
1999-04-07 21:05:13 +00:00
|
|
|
|
2008-12-09 10:20:11 +00:00
|
|
|
/* {{{ OnUpdateBaseDir
|
|
|
|
|
Allows any change to open_basedir setting in during Startup and Shutdown events,
|
|
|
|
|
or a tightening during activation/runtime/deactivation */
|
|
|
|
|
PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
|
|
|
|
|
{
|
|
|
|
|
char **p, *pathbuf, *ptr, *end;
|
|
|
|
|
#ifndef ZTS
|
|
|
|
|
char *base = (char *) mh_arg2;
|
|
|
|
|
#else
|
|
|
|
|
char *base = (char *) ts_resource(*((int *) mh_arg2));
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
p = (char **) (base + (size_t) mh_arg1);
|
|
|
|
|
|
2009-07-31 21:09:45 +00:00
|
|
|
if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) {
|
2008-12-09 10:20:11 +00:00
|
|
|
/* We're in a PHP_INI_SYSTEM context, no restrictions */
|
2014-09-01 16:57:33 +00:00
|
|
|
*p = new_value ? new_value->val : NULL;
|
2008-12-09 10:20:11 +00:00
|
|
|
return SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Otherwise we're in runtime */
|
|
|
|
|
if (!*p || !**p) {
|
|
|
|
|
/* open_basedir not set yet, go ahead and give it a value */
|
2014-09-01 16:57:33 +00:00
|
|
|
*p = new_value->val;
|
2008-12-09 10:20:11 +00:00
|
|
|
return SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
|
2014-09-01 16:57:33 +00:00
|
|
|
if (!new_value || !*new_value->val) {
|
2008-12-09 10:20:11 +00:00
|
|
|
return FAILURE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Is the proposed open_basedir at least as restrictive as the current setting? */
|
2014-09-01 16:57:33 +00:00
|
|
|
ptr = pathbuf = estrdup(new_value->val);
|
2008-12-09 10:20:11 +00:00
|
|
|
while (ptr && *ptr) {
|
|
|
|
|
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
|
|
|
|
|
if (end != NULL) {
|
|
|
|
|
*end = '\0';
|
|
|
|
|
end++;
|
|
|
|
|
}
|
2014-12-13 22:06:14 +00:00
|
|
|
if (php_check_open_basedir_ex(ptr, 0) != 0) {
|
2008-12-09 10:20:11 +00:00
|
|
|
/* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */
|
|
|
|
|
efree(pathbuf);
|
|
|
|
|
return FAILURE;
|
|
|
|
|
}
|
|
|
|
|
ptr = end;
|
|
|
|
|
}
|
|
|
|
|
efree(pathbuf);
|
|
|
|
|
|
|
|
|
|
/* Everything checks out, set it */
|
2014-09-01 16:57:33 +00:00
|
|
|
*p = new_value->val;
|
2008-12-09 10:20:11 +00:00
|
|
|
|
|
|
|
|
return SUCCESS;
|
|
|
|
|
}
|
|
|
|
|
/* }}} */
|
|
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ php_check_specific_open_basedir
|
1999-04-07 21:05:13 +00:00
|
|
|
When open_basedir is not NULL, check if the given filename is located in
|
2007-10-09 08:40:36 +00:00
|
|
|
open_basedir. Returns -1 if error or not in the open_basedir, else 0.
|
|
|
|
|
When open_basedir is NULL, always return 0.
|
1999-04-07 21:05:13 +00:00
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
|
1999-04-07 21:05:13 +00:00
|
|
|
{
|
|
|
|
|
char resolved_name[MAXPATHLEN];
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
char resolved_basedir[MAXPATHLEN];
|
1999-04-07 21:05:13 +00:00
|
|
|
char local_open_basedir[MAXPATHLEN];
|
2007-04-10 22:30:07 +00:00
|
|
|
char path_tmp[MAXPATHLEN];
|
|
|
|
|
char *path_file;
|
2002-09-22 18:30:38 +00:00
|
|
|
int resolved_basedir_len;
|
2002-10-04 22:16:16 +00:00
|
|
|
int resolved_name_len;
|
2007-04-10 22:30:07 +00:00
|
|
|
int path_len;
|
|
|
|
|
int nesting_level = 0;
|
2007-10-09 08:40:36 +00:00
|
|
|
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
/* Special case basedir==".": Use script-directory */
|
2005-02-02 23:43:17 +00:00
|
|
|
if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
/* Else use the unmodified path */
|
2000-03-10 18:19:08 +00:00
|
|
|
strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir));
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
}
|
|
|
|
|
|
2014-10-27 11:07:44 +00:00
|
|
|
path_len = (int)strlen(path);
|
2007-04-10 22:30:07 +00:00
|
|
|
if (path_len > (MAXPATHLEN - 1)) {
|
|
|
|
|
/* empty and too long paths are invalid */
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* normalize and expand path */
|
2014-12-13 22:06:14 +00:00
|
|
|
if (expand_filepath(path, resolved_name) == NULL) {
|
2007-04-10 22:30:07 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
2007-10-09 08:40:36 +00:00
|
|
|
|
2014-10-27 11:07:44 +00:00
|
|
|
path_len = (int)strlen(resolved_name);
|
2007-04-10 22:30:07 +00:00
|
|
|
memcpy(path_tmp, resolved_name, path_len + 1); /* safe */
|
|
|
|
|
|
|
|
|
|
while (VCWD_REALPATH(path_tmp, resolved_name) == NULL) {
|
2010-09-10 17:45:13 +00:00
|
|
|
#if defined(PHP_WIN32) || defined(HAVE_SYMLINK)
|
|
|
|
|
#if defined(PHP_WIN32)
|
|
|
|
|
if (EG(windows_version_info).dwMajorVersion > 5) {
|
|
|
|
|
#endif
|
|
|
|
|
if (nesting_level == 0) {
|
|
|
|
|
int ret;
|
|
|
|
|
char buf[MAXPATHLEN];
|
|
|
|
|
|
|
|
|
|
ret = php_sys_readlink(path_tmp, buf, MAXPATHLEN - 1);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
/* not a broken symlink, move along.. */
|
|
|
|
|
} else {
|
|
|
|
|
/* put the real path into the path buffer */
|
|
|
|
|
memcpy(path_tmp, buf, ret);
|
|
|
|
|
path_tmp[ret] = '\0';
|
|
|
|
|
}
|
2007-04-10 22:30:07 +00:00
|
|
|
}
|
2010-09-10 17:45:13 +00:00
|
|
|
#if defined(PHP_WIN32)
|
2007-04-10 22:30:07 +00:00
|
|
|
}
|
|
|
|
|
#endif
|
2010-09-10 17:45:13 +00:00
|
|
|
#endif
|
2007-04-10 22:30:07 +00:00
|
|
|
|
|
|
|
|
#if defined(PHP_WIN32) || defined(NETWARE)
|
|
|
|
|
path_file = strrchr(path_tmp, DEFAULT_SLASH);
|
|
|
|
|
if (!path_file) {
|
|
|
|
|
path_file = strrchr(path_tmp, '/');
|
|
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
path_file = strrchr(path_tmp, DEFAULT_SLASH);
|
|
|
|
|
#endif
|
|
|
|
|
if (!path_file) {
|
|
|
|
|
/* none of the path components exist. definitely not in open_basedir.. */
|
|
|
|
|
return -1;
|
|
|
|
|
} else {
|
|
|
|
|
path_len = path_file - path_tmp + 1;
|
|
|
|
|
#if defined(PHP_WIN32) || defined(NETWARE)
|
|
|
|
|
if (path_len > 1 && path_tmp[path_len - 2] == ':') {
|
2008-01-29 14:24:55 +00:00
|
|
|
if (path_len != 3) {
|
|
|
|
|
return -1;
|
2015-01-03 09:22:58 +00:00
|
|
|
}
|
2007-10-09 08:40:36 +00:00
|
|
|
/* this is c:\ */
|
2007-04-10 22:30:07 +00:00
|
|
|
path_tmp[path_len] = '\0';
|
2007-04-18 11:58:40 +00:00
|
|
|
} else {
|
|
|
|
|
path_tmp[path_len - 1] = '\0';
|
2007-04-10 22:30:07 +00:00
|
|
|
}
|
|
|
|
|
#else
|
|
|
|
|
path_tmp[path_len - 1] = '\0';
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
nesting_level++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Resolve open_basedir to resolved_basedir */
|
2014-12-13 22:06:14 +00:00
|
|
|
if (expand_filepath(local_open_basedir, resolved_basedir) != NULL) {
|
2014-09-13 16:09:30 +00:00
|
|
|
int basedir_len = (int)strlen(basedir);
|
2003-07-30 17:55:06 +00:00
|
|
|
/* Handler for basedirs that end with a / */
|
2014-09-13 16:09:30 +00:00
|
|
|
resolved_basedir_len = (int)strlen(resolved_basedir);
|
2011-01-18 22:20:09 +00:00
|
|
|
#if defined(PHP_WIN32) || defined(NETWARE)
|
2014-09-13 16:09:30 +00:00
|
|
|
if (basedir[basedir_len - 1] == PHP_DIR_SEPARATOR || basedir[basedir_len - 1] == '/') {
|
2011-01-18 22:20:09 +00:00
|
|
|
#else
|
2014-09-13 16:09:30 +00:00
|
|
|
if (basedir[basedir_len - 1] == PHP_DIR_SEPARATOR) {
|
2011-01-18 22:20:09 +00:00
|
|
|
#endif
|
2005-09-27 15:07:49 +00:00
|
|
|
if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
|
|
|
|
|
resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
|
2004-03-16 00:31:22 +00:00
|
|
|
resolved_basedir[++resolved_basedir_len] = '\0';
|
|
|
|
|
}
|
2010-11-23 22:14:54 +00:00
|
|
|
} else {
|
|
|
|
|
resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR;
|
|
|
|
|
resolved_basedir[resolved_basedir_len] = '\0';
|
2002-09-22 18:30:38 +00:00
|
|
|
}
|
2004-03-16 00:31:22 +00:00
|
|
|
|
2014-10-27 11:07:44 +00:00
|
|
|
resolved_name_len = (int)strlen(resolved_name);
|
2007-04-10 22:30:07 +00:00
|
|
|
if (path_tmp[path_len - 1] == PHP_DIR_SEPARATOR) {
|
2003-07-30 17:55:06 +00:00
|
|
|
if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) {
|
2004-02-10 16:08:54 +00:00
|
|
|
resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR;
|
2003-07-30 17:55:06 +00:00
|
|
|
resolved_name[++resolved_name_len] = '\0';
|
|
|
|
|
}
|
2002-10-04 22:16:16 +00:00
|
|
|
}
|
|
|
|
|
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
/* Check the path */
|
2005-07-16 12:21:34 +00:00
|
|
|
#if defined(PHP_WIN32) || defined(NETWARE)
|
2002-09-22 18:30:38 +00:00
|
|
|
if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
#else
|
2002-09-22 18:30:38 +00:00
|
|
|
if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
|
1999-06-15 21:51:00 +00:00
|
|
|
#endif
|
2010-09-28 13:29:33 +00:00
|
|
|
if (resolved_name_len > resolved_basedir_len &&
|
2010-11-23 22:14:54 +00:00
|
|
|
resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
|
2010-09-28 13:29:33 +00:00
|
|
|
return -1;
|
|
|
|
|
} else {
|
|
|
|
|
/* File is in the right directory */
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
1999-04-07 21:05:13 +00:00
|
|
|
} else {
|
2007-06-01 13:35:23 +00:00
|
|
|
/* /openbasedir/ and /openbasedir are the same directory */
|
|
|
|
|
if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
|
|
|
|
|
#if defined(PHP_WIN32) || defined(NETWARE)
|
|
|
|
|
if (strncasecmp(resolved_basedir, resolved_name, resolved_name_len) == 0) {
|
|
|
|
|
#else
|
|
|
|
|
if (strncmp(resolved_basedir, resolved_name, resolved_name_len) == 0) {
|
|
|
|
|
#endif
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
return -1;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
} else {
|
|
|
|
|
/* Unable to resolve the real path, return -1 */
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI int php_check_open_basedir(const char *path)
|
2003-06-24 13:56:25 +00:00
|
|
|
{
|
2014-12-13 22:06:14 +00:00
|
|
|
return php_check_open_basedir_ex(path, 1);
|
2003-06-24 13:56:25 +00:00
|
|
|
}
|
|
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ php_check_open_basedir
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI int php_check_open_basedir_ex(const char *path, int warn)
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
{
|
|
|
|
|
/* Only check when open_basedir is available */
|
|
|
|
|
if (PG(open_basedir) && *PG(open_basedir)) {
|
|
|
|
|
char *pathbuf;
|
|
|
|
|
char *ptr;
|
|
|
|
|
char *end;
|
|
|
|
|
|
2010-11-05 05:28:07 +00:00
|
|
|
/* Check if the path is too long so we can give a more useful error
|
|
|
|
|
* message. */
|
|
|
|
|
if (strlen(path) > (MAXPATHLEN - 1)) {
|
2014-12-13 22:06:14 +00:00
|
|
|
php_error_docref(NULL, E_WARNING, "File name is longer than the maximum allowed path length on this platform (%d): %s", MAXPATHLEN, path);
|
2010-11-05 05:28:07 +00:00
|
|
|
errno = EINVAL;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
pathbuf = estrdup(PG(open_basedir));
|
|
|
|
|
|
|
|
|
|
ptr = pathbuf;
|
|
|
|
|
|
|
|
|
|
while (ptr && *ptr) {
|
2001-07-16 13:31:55 +00:00
|
|
|
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
if (end != NULL) {
|
|
|
|
|
*end = '\0';
|
|
|
|
|
end++;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
if (php_check_specific_open_basedir(ptr, path) == 0) {
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
efree(pathbuf);
|
1999-04-07 21:05:13 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
|
|
|
|
|
ptr = end;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2003-06-24 13:56:25 +00:00
|
|
|
if (warn) {
|
2014-12-13 22:06:14 +00:00
|
|
|
php_error_docref(NULL, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
|
2003-06-24 13:56:25 +00:00
|
|
|
}
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
efree(pathbuf);
|
2000-08-08 16:36:25 +00:00
|
|
|
errno = EPERM; /* we deny permission to open it */
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
return -1;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
* fixed some #if/#ifdef issues
* hand-patched in php3 changes from 3.0.6 to HEAD in these files:
fopen-wrappers.[ch] ext/standard/file.[ch] ext/standard/fsock.[ch]
ext/standard/php3_string.h ext/standard/string.c
* added some new file/socket macros for more readable code:
FP_FGETS(buf,len,sock,fp,issock)
FP_FREAD(buf,len,sock,fp,issock)
FP_FEOF(sock,fp,issock)
FP_FGETC(sock,fp,issock)
1999-06-16 17:06:53 +00:00
|
|
|
|
|
|
|
|
/* Nothing to check... */
|
|
|
|
|
return 0;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
1999-04-07 21:05:13 +00:00
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ php_fopen_and_set_opened_path
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, char **opened_path)
|
2000-08-16 19:26:21 +00:00
|
|
|
{
|
2001-07-10 18:49:47 +00:00
|
|
|
FILE *fp;
|
2000-08-16 19:26:21 +00:00
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
if (php_check_open_basedir((char *)path)) {
|
2001-07-10 18:49:47 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
fp = VCWD_FOPEN(path, mode);
|
|
|
|
|
if (fp && opened_path) {
|
2014-12-13 22:06:14 +00:00
|
|
|
*opened_path = expand_filepath_with_mode(path, NULL, NULL, 0, CWD_EXPAND);
|
2001-07-10 18:49:47 +00:00
|
|
|
}
|
|
|
|
|
return fp;
|
2000-08-16 19:26:21 +00:00
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
2000-08-16 19:26:21 +00:00
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ php_fopen_primary_script
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle)
|
1999-04-07 21:05:13 +00:00
|
|
|
{
|
2009-11-30 14:21:23 +00:00
|
|
|
char *path_info;
|
|
|
|
|
char *filename = NULL;
|
|
|
|
|
char *resolved_path = NULL;
|
2000-06-16 00:56:38 +00:00
|
|
|
int length;
|
2010-07-07 16:54:55 +00:00
|
|
|
zend_bool orig_display_errors;
|
1999-04-07 21:05:13 +00:00
|
|
|
|
1999-06-15 21:51:00 +00:00
|
|
|
path_info = SG(request_info).request_uri;
|
1999-04-07 21:05:13 +00:00
|
|
|
#if HAVE_PWD_H
|
2007-01-12 01:46:11 +00:00
|
|
|
if (PG(user_dir) && *PG(user_dir) && path_info && '/' == path_info[0] && '~' == path_info[1]) {
|
1999-04-07 21:05:13 +00:00
|
|
|
char *s = strchr(path_info + 2, '/');
|
|
|
|
|
|
2000-06-16 00:56:38 +00:00
|
|
|
if (s) { /* if there is no path name after the file, do not bother */
|
2007-01-12 01:46:11 +00:00
|
|
|
char user[32]; /* to try open the directory */
|
|
|
|
|
struct passwd *pw;
|
|
|
|
|
#if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
|
2007-01-12 14:31:28 +00:00
|
|
|
struct passwd pwstruc;
|
2007-01-12 01:46:11 +00:00
|
|
|
long pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
|
|
|
|
|
char *pwbuf;
|
|
|
|
|
|
|
|
|
|
if (pwbuflen < 1) {
|
|
|
|
|
return FAILURE;
|
|
|
|
|
}
|
2007-10-09 08:40:36 +00:00
|
|
|
|
2007-01-12 01:46:11 +00:00
|
|
|
pwbuf = emalloc(pwbuflen);
|
|
|
|
|
#endif
|
2000-06-16 00:56:38 +00:00
|
|
|
length = s - (path_info + 2);
|
2007-01-12 01:46:11 +00:00
|
|
|
if (length > (int)sizeof(user) - 1) {
|
2000-06-16 00:56:38 +00:00
|
|
|
length = sizeof(user) - 1;
|
2007-01-12 01:46:11 +00:00
|
|
|
}
|
2000-06-16 00:56:38 +00:00
|
|
|
memcpy(user, path_info + 2, length);
|
|
|
|
|
user[length] = '\0';
|
2007-01-12 01:46:11 +00:00
|
|
|
#if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
|
|
|
|
|
if (getpwnam_r(user, &pwstruc, pwbuf, pwbuflen, &pw)) {
|
|
|
|
|
efree(pwbuf);
|
|
|
|
|
return FAILURE;
|
|
|
|
|
}
|
|
|
|
|
#else
|
1999-04-07 21:05:13 +00:00
|
|
|
pw = getpwnam(user);
|
2007-01-12 01:46:11 +00:00
|
|
|
#endif
|
1999-04-07 21:05:13 +00:00
|
|
|
if (pw && pw->pw_dir) {
|
2007-10-09 08:40:36 +00:00
|
|
|
spprintf(&filename, 0, "%s%c%s%c%s", pw->pw_dir, PHP_DIR_SEPARATOR, PG(user_dir), PHP_DIR_SEPARATOR, s + 1); /* Safe */
|
2009-11-30 14:21:23 +00:00
|
|
|
} else {
|
|
|
|
|
filename = SG(request_info).path_translated;
|
2015-01-03 09:22:58 +00:00
|
|
|
}
|
2007-01-12 09:10:16 +00:00
|
|
|
#if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
|
|
|
|
|
efree(pwbuf);
|
|
|
|
|
#endif
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
2014-10-27 11:07:44 +00:00
|
|
|
if (PG(doc_root) && path_info && (length = (int)strlen(PG(doc_root))) &&
|
2010-04-21 22:22:31 +00:00
|
|
|
IS_ABSOLUTE_PATH(PG(doc_root), length)) {
|
2014-10-27 11:07:44 +00:00
|
|
|
int path_len = (int)strlen(path_info);
|
2011-08-09 12:16:58 +00:00
|
|
|
filename = emalloc(length + path_len + 2);
|
2009-11-30 14:21:23 +00:00
|
|
|
if (filename) {
|
|
|
|
|
memcpy(filename, PG(doc_root), length);
|
|
|
|
|
if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */
|
|
|
|
|
filename[length++] = PHP_DIR_SEPARATOR;
|
|
|
|
|
}
|
|
|
|
|
if (IS_SLASH(path_info[0])) {
|
|
|
|
|
length--;
|
2000-06-16 01:23:03 +00:00
|
|
|
}
|
2011-08-09 12:16:58 +00:00
|
|
|
strncpy(filename + length, path_info, path_len + 1);
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2009-11-30 14:21:23 +00:00
|
|
|
} else {
|
|
|
|
|
filename = SG(request_info).path_translated;
|
|
|
|
|
}
|
|
|
|
|
|
2000-06-16 01:23:03 +00:00
|
|
|
|
2009-09-05 17:07:14 +00:00
|
|
|
if (filename) {
|
2014-12-13 22:06:14 +00:00
|
|
|
resolved_path = zend_resolve_path(filename, (int)strlen(filename));
|
2009-06-18 06:38:30 +00:00
|
|
|
}
|
2008-08-04 07:20:15 +00:00
|
|
|
|
2009-11-30 14:21:23 +00:00
|
|
|
if (!resolved_path) {
|
|
|
|
|
if (SG(request_info).path_translated != filename) {
|
2014-08-13 12:55:21 +00:00
|
|
|
if (filename) {
|
|
|
|
|
efree(filename);
|
|
|
|
|
}
|
2009-11-30 14:21:23 +00:00
|
|
|
}
|
1999-06-26 19:14:26 +00:00
|
|
|
/* we have to free SG(request_info).path_translated here because
|
2007-10-09 08:40:36 +00:00
|
|
|
* php_destroy_request_info assumes that it will get
|
|
|
|
|
* freed when the include_names hash is emptied, but
|
|
|
|
|
* we're not adding it in this case */
|
2014-08-13 12:55:21 +00:00
|
|
|
if (SG(request_info).path_translated) {
|
|
|
|
|
efree(SG(request_info).path_translated);
|
|
|
|
|
SG(request_info).path_translated = NULL;
|
|
|
|
|
}
|
2001-07-21 15:11:30 +00:00
|
|
|
return FAILURE;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2010-07-07 16:54:55 +00:00
|
|
|
efree(resolved_path);
|
2009-09-05 17:07:14 +00:00
|
|
|
|
2010-07-07 16:54:55 +00:00
|
|
|
orig_display_errors = PG(display_errors);
|
|
|
|
|
PG(display_errors) = 0;
|
2014-12-13 22:06:14 +00:00
|
|
|
if (zend_stream_open(filename, file_handle) == FAILURE) {
|
2010-07-07 16:54:55 +00:00
|
|
|
PG(display_errors) = orig_display_errors;
|
2009-11-30 14:21:23 +00:00
|
|
|
if (SG(request_info).path_translated != filename) {
|
2014-08-13 12:55:21 +00:00
|
|
|
if (filename) {
|
|
|
|
|
efree(filename);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (SG(request_info).path_translated) {
|
|
|
|
|
efree(SG(request_info).path_translated);
|
|
|
|
|
SG(request_info).path_translated = NULL;
|
2009-11-30 14:21:23 +00:00
|
|
|
}
|
2001-07-21 15:11:30 +00:00
|
|
|
return FAILURE;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2010-07-07 16:54:55 +00:00
|
|
|
PG(display_errors) = orig_display_errors;
|
2009-09-05 17:07:14 +00:00
|
|
|
|
2009-11-30 14:21:23 +00:00
|
|
|
if (SG(request_info).path_translated != filename) {
|
2014-08-13 12:55:21 +00:00
|
|
|
if (SG(request_info).path_translated) {
|
|
|
|
|
efree(SG(request_info).path_translated);
|
|
|
|
|
}
|
2009-11-30 14:21:23 +00:00
|
|
|
SG(request_info).path_translated = filename;
|
|
|
|
|
}
|
2009-09-05 17:07:14 +00:00
|
|
|
|
2001-07-21 15:11:30 +00:00
|
|
|
return SUCCESS;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
1999-04-07 21:05:13 +00:00
|
|
|
|
2008-03-05 13:34:12 +00:00
|
|
|
/* {{{ php_resolve_path
|
|
|
|
|
* Returns the realpath for given filename according to include path
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI char *php_resolve_path(const char *filename, int filename_length, const char *path)
|
2008-03-05 13:34:12 +00:00
|
|
|
{
|
|
|
|
|
char resolved_path[MAXPATHLEN];
|
|
|
|
|
char trypath[MAXPATHLEN];
|
2008-03-13 14:09:54 +00:00
|
|
|
const char *ptr, *end, *p;
|
2013-07-30 10:49:36 +00:00
|
|
|
const char *actual_path;
|
2008-03-27 10:33:40 +00:00
|
|
|
php_stream_wrapper *wrapper;
|
2008-03-05 13:34:12 +00:00
|
|
|
|
2011-06-06 21:28:16 +00:00
|
|
|
if (!filename || CHECK_NULL_PATH(filename, filename_length)) {
|
2008-03-05 13:34:12 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2008-03-27 10:33:40 +00:00
|
|
|
/* Don't resolve paths which contain protocol (except of file://) */
|
2008-03-13 14:09:54 +00:00
|
|
|
for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
|
2008-03-24 09:30:41 +00:00
|
|
|
if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
|
2014-12-13 22:06:14 +00:00
|
|
|
wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
|
2008-03-27 10:33:40 +00:00
|
|
|
if (wrapper == &php_plain_files_wrapper) {
|
2014-12-13 22:06:14 +00:00
|
|
|
if (tsrm_realpath(actual_path, resolved_path)) {
|
2008-03-27 10:33:40 +00:00
|
|
|
return estrdup(resolved_path);
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-03-24 09:30:41 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2008-03-13 14:09:54 +00:00
|
|
|
|
2015-01-03 09:22:58 +00:00
|
|
|
if ((*filename == '.' &&
|
|
|
|
|
(IS_SLASH(filename[1]) ||
|
2008-03-13 14:09:54 +00:00
|
|
|
((filename[1] == '.') && IS_SLASH(filename[2])))) ||
|
2008-03-05 13:34:12 +00:00
|
|
|
IS_ABSOLUTE_PATH(filename, filename_length) ||
|
|
|
|
|
!path ||
|
|
|
|
|
!*path) {
|
2014-12-13 22:06:14 +00:00
|
|
|
if (tsrm_realpath(filename, resolved_path)) {
|
2008-03-05 13:34:12 +00:00
|
|
|
return estrdup(resolved_path);
|
|
|
|
|
} else {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ptr = path;
|
|
|
|
|
while (ptr && *ptr) {
|
2008-03-27 10:33:40 +00:00
|
|
|
/* Check for stream wrapper */
|
|
|
|
|
int is_stream_wrapper = 0;
|
|
|
|
|
|
|
|
|
|
for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
|
|
|
|
|
if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
|
|
|
|
|
/* .:// or ..:// is not a stream wrapper */
|
|
|
|
|
if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
|
|
|
|
|
p += 3;
|
|
|
|
|
is_stream_wrapper = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
end = strchr(p, DEFAULT_DIR_SEPARATOR);
|
2008-03-05 13:34:12 +00:00
|
|
|
if (end) {
|
|
|
|
|
if ((end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) {
|
|
|
|
|
ptr = end + 1;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
memcpy(trypath, ptr, end-ptr);
|
|
|
|
|
trypath[end-ptr] = '/';
|
|
|
|
|
memcpy(trypath+(end-ptr)+1, filename, filename_length+1);
|
|
|
|
|
ptr = end+1;
|
|
|
|
|
} else {
|
2014-10-27 11:07:44 +00:00
|
|
|
int len = (int)strlen(ptr);
|
2008-03-05 13:34:12 +00:00
|
|
|
|
|
|
|
|
if (len + 1 + filename_length + 1 >= MAXPATHLEN) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
memcpy(trypath, ptr, len);
|
|
|
|
|
trypath[len] = '/';
|
|
|
|
|
memcpy(trypath+len+1, filename, filename_length+1);
|
|
|
|
|
ptr = NULL;
|
|
|
|
|
}
|
2008-03-27 10:33:40 +00:00
|
|
|
actual_path = trypath;
|
|
|
|
|
if (is_stream_wrapper) {
|
2014-12-13 22:06:14 +00:00
|
|
|
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
|
2008-03-27 10:33:40 +00:00
|
|
|
if (!wrapper) {
|
|
|
|
|
continue;
|
|
|
|
|
} else if (wrapper != &php_plain_files_wrapper) {
|
|
|
|
|
if (wrapper->wops->url_stat) {
|
|
|
|
|
php_stream_statbuf ssb;
|
|
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) {
|
2008-03-27 10:33:40 +00:00
|
|
|
return estrdup(trypath);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-12-13 22:06:14 +00:00
|
|
|
if (tsrm_realpath(actual_path, resolved_path)) {
|
2008-03-05 13:34:12 +00:00
|
|
|
return estrdup(resolved_path);
|
|
|
|
|
}
|
|
|
|
|
} /* end provided path */
|
|
|
|
|
|
|
|
|
|
/* check in calling scripts' current working directory as a fall back case
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
if (zend_is_executing()) {
|
|
|
|
|
const char *exec_fname = zend_get_executed_filename();
|
2014-10-27 11:07:44 +00:00
|
|
|
int exec_fname_length = (int)strlen(exec_fname);
|
2008-03-05 13:34:12 +00:00
|
|
|
|
|
|
|
|
while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length]));
|
|
|
|
|
if (exec_fname && exec_fname[0] != '[' &&
|
|
|
|
|
exec_fname_length > 0 &&
|
|
|
|
|
exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) {
|
|
|
|
|
memcpy(trypath, exec_fname, exec_fname_length + 1);
|
|
|
|
|
memcpy(trypath+exec_fname_length + 1, filename, filename_length+1);
|
2008-03-27 10:33:40 +00:00
|
|
|
actual_path = trypath;
|
|
|
|
|
|
|
|
|
|
/* Check for stream wrapper */
|
|
|
|
|
for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
|
|
|
|
|
if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
|
2014-12-13 22:06:14 +00:00
|
|
|
wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
|
2008-03-27 10:33:40 +00:00
|
|
|
if (!wrapper) {
|
|
|
|
|
return NULL;
|
|
|
|
|
} else if (wrapper != &php_plain_files_wrapper) {
|
|
|
|
|
if (wrapper->wops->url_stat) {
|
|
|
|
|
php_stream_statbuf ssb;
|
|
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, 0, &ssb, NULL)) {
|
2008-03-27 10:33:40 +00:00
|
|
|
return estrdup(trypath);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
if (tsrm_realpath(actual_path, resolved_path)) {
|
2008-03-05 13:34:12 +00:00
|
|
|
return estrdup(resolved_path);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
/* }}} */
|
|
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ php_fopen_with_path
|
1999-04-07 21:05:13 +00:00
|
|
|
* Tries to open a file with a PATH-style list of directories.
|
|
|
|
|
* If the filename starts with "." or "/", the path is ignored.
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, char **opened_path)
|
1999-04-07 21:05:13 +00:00
|
|
|
{
|
|
|
|
|
char *pathbuf, *ptr, *end;
|
2011-09-13 13:29:35 +00:00
|
|
|
const char *exec_fname;
|
2000-12-16 20:52:43 +00:00
|
|
|
char trypath[MAXPATHLEN];
|
2000-08-18 23:03:49 +00:00
|
|
|
FILE *fp;
|
2001-07-13 18:21:21 +00:00
|
|
|
int path_length;
|
2000-09-14 20:47:35 +00:00
|
|
|
int filename_length;
|
2001-07-13 18:21:21 +00:00
|
|
|
int exec_fname_length;
|
1999-04-07 21:05:13 +00:00
|
|
|
|
|
|
|
|
if (opened_path) {
|
|
|
|
|
*opened_path = NULL;
|
|
|
|
|
}
|
2007-10-09 08:40:36 +00:00
|
|
|
|
|
|
|
|
if (!filename) {
|
2001-07-13 18:21:21 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
1999-12-06 15:30:44 +00:00
|
|
|
|
2014-10-27 11:07:44 +00:00
|
|
|
filename_length = (int)strlen(filename);
|
2015-01-30 21:32:00 +00:00
|
|
|
#ifndef PHP_WIN32
|
|
|
|
|
(void) filename_length;
|
|
|
|
|
#endif
|
2007-10-09 08:40:36 +00:00
|
|
|
|
2001-07-13 18:21:21 +00:00
|
|
|
/* Relative path open */
|
2011-07-26 09:27:53 +00:00
|
|
|
if ((*filename == '.')
|
2001-07-13 18:21:21 +00:00
|
|
|
/* Absolute path open */
|
2011-07-26 09:27:53 +00:00
|
|
|
|| IS_ABSOLUTE_PATH(filename, filename_length)
|
|
|
|
|
|| (!path || (path && !*path))
|
|
|
|
|
) {
|
2014-12-13 22:06:14 +00:00
|
|
|
return php_fopen_and_set_opened_path(filename, mode, opened_path);
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2001-07-13 18:21:21 +00:00
|
|
|
|
|
|
|
|
/* check in provided path */
|
|
|
|
|
/* append the calling scripts' current working directory
|
|
|
|
|
* as a fall back case
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
if (zend_is_executing()) {
|
|
|
|
|
exec_fname = zend_get_executed_filename();
|
2014-10-27 11:07:44 +00:00
|
|
|
exec_fname_length = (int)strlen(exec_fname);
|
|
|
|
|
path_length = (int)strlen(path);
|
2001-07-13 18:21:21 +00:00
|
|
|
|
2001-07-16 13:48:07 +00:00
|
|
|
while ((--exec_fname_length >= 0) && !IS_SLASH(exec_fname[exec_fname_length]));
|
2007-10-09 08:40:36 +00:00
|
|
|
if ((exec_fname && exec_fname[0] == '[') || exec_fname_length <= 0) {
|
2001-07-16 13:48:07 +00:00
|
|
|
/* [no active file] or no path */
|
|
|
|
|
pathbuf = estrdup(path);
|
2007-10-09 08:40:36 +00:00
|
|
|
} else {
|
|
|
|
|
pathbuf = (char *) emalloc(exec_fname_length + path_length + 1 + 1);
|
2001-07-16 13:48:07 +00:00
|
|
|
memcpy(pathbuf, path, path_length);
|
|
|
|
|
pathbuf[path_length] = DEFAULT_DIR_SEPARATOR;
|
2007-10-09 08:40:36 +00:00
|
|
|
memcpy(pathbuf + path_length + 1, exec_fname, exec_fname_length);
|
|
|
|
|
pathbuf[path_length + exec_fname_length + 1] = '\0';
|
2001-07-15 12:24:06 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
pathbuf = estrdup(path);
|
|
|
|
|
}
|
1999-04-07 21:05:13 +00:00
|
|
|
|
|
|
|
|
ptr = pathbuf;
|
|
|
|
|
|
|
|
|
|
while (ptr && *ptr) {
|
2001-07-16 13:31:55 +00:00
|
|
|
end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
|
1999-04-07 21:05:13 +00:00
|
|
|
if (end != NULL) {
|
|
|
|
|
*end = '\0';
|
|
|
|
|
end++;
|
|
|
|
|
}
|
2009-02-10 16:14:18 +00:00
|
|
|
if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
|
2014-12-13 22:06:14 +00:00
|
|
|
php_error_docref(NULL, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
|
2009-02-10 14:18:46 +00:00
|
|
|
}
|
2014-12-13 22:06:14 +00:00
|
|
|
fp = php_fopen_and_set_opened_path(trypath, mode, opened_path);
|
2000-08-18 23:03:49 +00:00
|
|
|
if (fp) {
|
1999-04-07 21:05:13 +00:00
|
|
|
efree(pathbuf);
|
2000-08-18 23:03:49 +00:00
|
|
|
return fp;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
|
|
|
|
ptr = end;
|
2001-07-13 18:21:21 +00:00
|
|
|
} /* end provided path */
|
2001-07-10 20:38:39 +00:00
|
|
|
|
1999-04-07 21:05:13 +00:00
|
|
|
efree(pathbuf);
|
2001-07-13 18:21:21 +00:00
|
|
|
return NULL;
|
1999-04-07 21:05:13 +00:00
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
2007-10-09 08:40:36 +00:00
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ php_strip_url_passwd
|
|
|
|
|
*/
|
1999-12-17 19:16:50 +00:00
|
|
|
PHPAPI char *php_strip_url_passwd(char *url)
|
1999-04-07 21:05:13 +00:00
|
|
|
{
|
2003-03-26 23:01:39 +00:00
|
|
|
register char *p, *url_start;
|
2007-10-09 08:40:36 +00:00
|
|
|
|
2003-03-26 23:01:39 +00:00
|
|
|
if (url == NULL) {
|
2003-03-26 23:03:48 +00:00
|
|
|
return "";
|
2003-03-26 23:01:39 +00:00
|
|
|
}
|
2007-10-09 08:40:36 +00:00
|
|
|
|
2003-03-26 23:01:39 +00:00
|
|
|
p = url;
|
2007-10-09 08:40:36 +00:00
|
|
|
|
1999-04-07 21:05:13 +00:00
|
|
|
while (*p) {
|
2007-10-09 08:40:36 +00:00
|
|
|
if (*p == ':' && *(p + 1) == '/' && *(p + 2) == '/') {
|
1999-04-07 21:05:13 +00:00
|
|
|
/* found protocol */
|
2007-10-09 08:40:36 +00:00
|
|
|
url_start = p = p + 3;
|
|
|
|
|
|
1999-04-07 21:05:13 +00:00
|
|
|
while (*p) {
|
2007-10-09 08:40:36 +00:00
|
|
|
if (*p == '@') {
|
1999-04-07 21:05:13 +00:00
|
|
|
int i;
|
2007-10-09 08:40:36 +00:00
|
|
|
|
|
|
|
|
for (i = 0; i < 3 && url_start < p; i++, url_start++) {
|
1999-04-07 21:05:13 +00:00
|
|
|
*url_start = '.';
|
|
|
|
|
}
|
|
|
|
|
for (; *p; p++) {
|
|
|
|
|
*url_start++ = *p;
|
|
|
|
|
}
|
|
|
|
|
*url_start=0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
p++;
|
|
|
|
|
}
|
|
|
|
|
return url;
|
|
|
|
|
}
|
|
|
|
|
p++;
|
|
|
|
|
}
|
|
|
|
|
return url;
|
|
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
1999-04-07 21:05:13 +00:00
|
|
|
|
2001-06-06 13:06:12 +00:00
|
|
|
/* {{{ expand_filepath
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI char *expand_filepath(const char *filepath, char *real_path)
|
2008-08-11 15:33:02 +00:00
|
|
|
{
|
2014-12-13 22:06:14 +00:00
|
|
|
return expand_filepath_ex(filepath, real_path, NULL, 0);
|
2008-08-11 15:33:02 +00:00
|
|
|
}
|
|
|
|
|
/* }}} */
|
|
|
|
|
|
|
|
|
|
/* {{{ expand_filepath_ex
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len)
|
2011-07-25 16:50:07 +00:00
|
|
|
{
|
2014-12-13 22:06:14 +00:00
|
|
|
return expand_filepath_with_mode(filepath, real_path, relative_to, relative_to_len, CWD_FILEPATH);
|
2011-07-25 16:50:07 +00:00
|
|
|
}
|
|
|
|
|
/* }}} */
|
|
|
|
|
|
|
|
|
|
/* {{{ expand_filepath_use_realpath
|
|
|
|
|
*/
|
2014-12-13 22:06:14 +00:00
|
|
|
PHPAPI char *expand_filepath_with_mode(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len, int realpath_mode)
|
2000-04-09 19:54:50 +00:00
|
|
|
{
|
|
|
|
|
cwd_state new_state;
|
2000-12-16 20:52:43 +00:00
|
|
|
char cwd[MAXPATHLEN];
|
2007-10-09 08:40:36 +00:00
|
|
|
int copy_len;
|
2014-09-19 14:26:32 +00:00
|
|
|
int path_len;
|
2000-04-09 19:54:50 +00:00
|
|
|
|
2007-10-09 08:40:36 +00:00
|
|
|
if (!filepath[0]) {
|
|
|
|
|
return NULL;
|
2014-09-19 14:26:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
path_len = (int)strlen(filepath);
|
|
|
|
|
|
|
|
|
|
if (IS_ABSOLUTE_PATH(filepath, path_len)) {
|
2007-10-09 08:40:36 +00:00
|
|
|
cwd[0] = '\0';
|
|
|
|
|
} else {
|
|
|
|
|
const char *iam = SG(request_info).path_translated;
|
2008-08-11 15:33:02 +00:00
|
|
|
const char *result;
|
|
|
|
|
if (relative_to) {
|
|
|
|
|
if (relative_to_len > MAXPATHLEN-1U) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
result = relative_to;
|
|
|
|
|
memcpy(cwd, relative_to, relative_to_len+1U);
|
|
|
|
|
} else {
|
|
|
|
|
result = VCWD_GETCWD(cwd, MAXPATHLEN);
|
|
|
|
|
}
|
2007-10-09 08:40:36 +00:00
|
|
|
|
|
|
|
|
if (!result && (iam != filepath)) {
|
|
|
|
|
int fdtest = -1;
|
|
|
|
|
|
|
|
|
|
fdtest = VCWD_OPEN(filepath, O_RDONLY);
|
|
|
|
|
if (fdtest != -1) {
|
|
|
|
|
/* return a relative file path if for any reason
|
|
|
|
|
* we cannot cannot getcwd() and the requested,
|
|
|
|
|
* relatively referenced file is accessible */
|
2014-09-13 15:58:47 +00:00
|
|
|
copy_len = path_len > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : path_len;
|
2013-09-18 09:10:55 +00:00
|
|
|
if (real_path) {
|
|
|
|
|
memcpy(real_path, filepath, copy_len);
|
|
|
|
|
real_path[copy_len] = '\0';
|
|
|
|
|
} else {
|
|
|
|
|
real_path = estrndup(filepath, copy_len);
|
|
|
|
|
}
|
2007-12-27 02:09:26 +00:00
|
|
|
close(fdtest);
|
2007-10-09 08:40:36 +00:00
|
|
|
return real_path;
|
2007-10-09 10:05:08 +00:00
|
|
|
} else {
|
|
|
|
|
cwd[0] = '\0';
|
2007-10-09 08:40:36 +00:00
|
|
|
}
|
2007-10-09 10:05:08 +00:00
|
|
|
} else if (!result) {
|
2007-10-09 08:40:36 +00:00
|
|
|
cwd[0] = '\0';
|
|
|
|
|
}
|
|
|
|
|
}
|
2000-04-09 19:54:50 +00:00
|
|
|
|
2013-10-17 08:40:43 +00:00
|
|
|
new_state.cwd = estrdup(cwd);
|
2014-10-27 11:07:44 +00:00
|
|
|
new_state.cwd_length = (int)strlen(cwd);
|
2000-04-09 19:54:50 +00:00
|
|
|
|
2014-12-13 22:06:14 +00:00
|
|
|
if (virtual_file_ex(&new_state, filepath, NULL, realpath_mode)) {
|
2013-10-17 08:40:43 +00:00
|
|
|
efree(new_state.cwd);
|
2000-08-08 16:36:25 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2007-10-09 08:40:36 +00:00
|
|
|
if (real_path) {
|
|
|
|
|
copy_len = new_state.cwd_length > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : new_state.cwd_length;
|
2001-07-21 15:11:30 +00:00
|
|
|
memcpy(real_path, new_state.cwd, copy_len);
|
2007-10-09 08:40:36 +00:00
|
|
|
real_path[copy_len] = '\0';
|
2000-08-08 16:36:25 +00:00
|
|
|
} else {
|
2000-08-31 22:24:20 +00:00
|
|
|
real_path = estrndup(new_state.cwd, new_state.cwd_length);
|
2000-08-08 16:36:25 +00:00
|
|
|
}
|
2013-10-17 08:40:43 +00:00
|
|
|
efree(new_state.cwd);
|
2000-08-08 16:36:25 +00:00
|
|
|
|
|
|
|
|
return real_path;
|
2000-04-09 19:54:50 +00:00
|
|
|
}
|
2001-06-06 13:06:12 +00:00
|
|
|
/* }}} */
|
2000-04-09 19:54:50 +00:00
|
|
|
|
1999-04-07 21:05:13 +00:00
|
|
|
/*
|
|
|
|
|
* Local variables:
|
|
|
|
|
* tab-width: 4
|
|
|
|
|
* c-basic-offset: 4
|
|
|
|
|
* End:
|
2001-09-09 13:29:31 +00:00
|
|
|
* vim600: sw=4 ts=4 fdm=marker
|
|
|
|
|
* vim<600: sw=4 ts=4
|
1999-04-07 21:05:13 +00:00
|
|
|
*/
|
