Removed shebang line check from CGI sapi (it is checked by scanner)

2024-09-22 02:17:32 +00:00 · 2008-08-04 07:20:15 +00:00 · 2008-08-04 07:20:15 +00:00 · 7355c3c54c
commit 7355c3c54c
parent 874b456078
3 changed files with 38 additions and 80 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 200?, PHP 5.3.0 Alpha 2
+- Removed shebang line check from CGI sapi (it is checked by scanner) (Dmitry)
+
 - Fixed bug #45696 (Not all DateTime methods allow method chaining). (Derick)
 - Fixed bug #45545 (DateInterval has a limitation of 4 chars for ISO
  durations). (Derick)
--- a/main/fopen_wrappers.c
+++ b/main/fopen_wrappers.c
@ -326,12 +326,9 @@ static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, c
 */
 PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
 {
-	FILE *fp;
-#ifndef PHP_WIN32
-	struct stat st;
-#endif
 	char *path_info, *filename;
 	int length;
+	zend_bool orig_display_errors;

 	filename = SG(request_info).path_translated;
 	path_info = SG(request_info).request_uri;
@ -398,6 +395,8 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
 		}
 	} /* if doc_root && path_info */

+	filename = zend_resolve_path(filename, strlen(filename) TSRMLS_CC);
+
 	if (!filename) {
 		/* we have to free SG(request_info).path_translated here because
 		 * php_destroy_request_info assumes that it will get
@ -406,31 +405,20 @@ PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle TSRMLS_DC)
 		STR_FREE(SG(request_info).path_translated);
 		SG(request_info).path_translated = NULL;
 		return FAILURE;
+	} else {
+		STR_FREE(SG(request_info).path_translated);
+		SG(request_info).path_translated = filename;
 	}
-	fp = VCWD_FOPEN(filename, "rb");

-#ifndef PHP_WIN32
-	/* refuse to open anything that is not a regular file */
-	if (fp && (0 > fstat(fileno(fp), &st) || !S_ISREG(st.st_mode))) {
-		fclose(fp);
-		fp = NULL;
-	}
-#endif
-
-	if (!fp) {
+	orig_display_errors = PG(display_errors);
+	PG(display_errors) = 0;
+	if (zend_stream_open(filename, file_handle TSRMLS_CC) == FAILURE) {
+		PG(display_errors) = orig_display_errors;
 		STR_FREE(SG(request_info).path_translated);	/* for same reason as above */
 		SG(request_info).path_translated = NULL;
 		return FAILURE;
 	}
-
-	file_handle->opened_path = expand_filepath(filename, NULL TSRMLS_CC);
-
-	SG(request_info).path_translated = filename;
-
-	file_handle->filename = SG(request_info).path_translated;
-	file_handle->free_filename = 0;
-	file_handle->handle.fp = fp;
-	file_handle->type = ZEND_HANDLE_FP;
+	PG(display_errors) = orig_display_errors;

 	return SUCCESS;
 }
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@ -150,7 +150,6 @@ static const opt_struct OPTIONS[] = {
 typedef struct _php_cgi_globals_struct {
 	zend_bool rfc2616_headers;
 	zend_bool nph;
-	zend_bool check_shebang_line;
 	zend_bool fix_pathinfo;
 	zend_bool force_redirect;
 	zend_bool discard_path;
@ -1284,7 +1283,6 @@ void fastcgi_cleanup(int signal)
 PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("cgi.rfc2616_headers",     "0",  PHP_INI_ALL,    OnUpdateBool,   rfc2616_headers, php_cgi_globals_struct, php_cgi_globals)
 	STD_PHP_INI_ENTRY("cgi.nph",                 "0",  PHP_INI_ALL,    OnUpdateBool,   nph, php_cgi_globals_struct, php_cgi_globals)
-	STD_PHP_INI_ENTRY("cgi.check_shebang_line",  "1",  PHP_INI_SYSTEM, OnUpdateBool,   check_shebang_line, php_cgi_globals_struct, php_cgi_globals)
 	STD_PHP_INI_ENTRY("cgi.force_redirect",      "1",  PHP_INI_SYSTEM, OnUpdateBool,   force_redirect, php_cgi_globals_struct, php_cgi_globals)
 	STD_PHP_INI_ENTRY("cgi.redirect_status_env", NULL, PHP_INI_SYSTEM, OnUpdateString, redirect_status_env, php_cgi_globals_struct, php_cgi_globals)
 	STD_PHP_INI_ENTRY("cgi.fix_pathinfo",        "1",  PHP_INI_SYSTEM, OnUpdateBool,   fix_pathinfo, php_cgi_globals_struct, php_cgi_globals)
@ -1301,7 +1299,6 @@ static void php_cgi_globals_ctor(php_cgi_globals_struct *php_cgi_globals TSRMLS_
 {
 	php_cgi_globals->rfc2616_headers = 0;
 	php_cgi_globals->nph = 0;
-	php_cgi_globals->check_shebang_line = 1;
 	php_cgi_globals->force_redirect = 1;
 	php_cgi_globals->redirect_status_env = NULL;
 	php_cgi_globals->fix_pathinfo = 1;
@ -1368,7 +1365,6 @@ int main(int argc, char *argv[])
 	int exit_status = SUCCESS;
 	int cgi = 0, c, i, len;
 	zend_file_handle file_handle;
-	int retval = FAILURE;
 	char *s;

 	/* temporary locals */
@ -1944,65 +1940,37 @@ consult the installation file that came with this distribution, or visit \n\
 				1. we are running from shell and got filename was there
 				2. we are running as cgi or fastcgi
 			*/
-			retval = FAILURE;
 			if (cgi || SG(request_info).path_translated) {
-				if (!php_check_open_basedir(SG(request_info).path_translated TSRMLS_CC)) {
-					retval = php_fopen_primary_script(&file_handle TSRMLS_CC);
-				}
-			}
-			/*
-				if we are unable to open path_translated and we are not
-				running from shell (so fp == NULL), then fail.
-			*/
-			if (retval == FAILURE && file_handle.handle.fp == NULL) {
-				if (errno == EACCES) {
-					SG(sapi_headers).http_response_code = 403;
-					PUTS("Access denied.\n");
-				} else {
-					SG(sapi_headers).http_response_code = 404;
-					PUTS("No input file specified.\n");
-				}
-				/* we want to serve more requests if this is fastcgi
-				   so cleanup and continue, request shutdown is
-				   handled later */
-				if (fastcgi) {
-					goto fastcgi_request_done;
-				}
+				if (php_fopen_primary_script(&file_handle TSRMLS_CC) == FAILURE) {
+					if (errno == EACCES) {
+						SG(sapi_headers).http_response_code = 403;
+						PUTS("Access denied.\n");
+					} else {
+						SG(sapi_headers).http_response_code = 404;
+						PUTS("No input file specified.\n");
+					}
+					/* we want to serve more requests if this is fastcgi
+					   so cleanup and continue, request shutdown is
+					   handled later */
+					if (fastcgi) {
+						goto fastcgi_request_done;
+					}

-				STR_FREE(SG(request_info).path_translated);
+					STR_FREE(SG(request_info).path_translated);

-				if (free_query_string && SG(request_info).query_string) {
-					free(SG(request_info).query_string);
-					SG(request_info).query_string = NULL;
-				}
+					if (free_query_string && SG(request_info).query_string) {
+						free(SG(request_info).query_string);
+						SG(request_info).query_string = NULL;
+					}

-				php_request_shutdown((void *) 0);
-				SG(server_context) = NULL;
-				php_module_shutdown(TSRMLS_C);
-				sapi_shutdown();
+					php_request_shutdown((void *) 0);
+					SG(server_context) = NULL;
+					php_module_shutdown(TSRMLS_C);
+					sapi_shutdown();
 #ifdef ZTS
-				tsrm_shutdown();
+					tsrm_shutdown();
 #endif
-				return FAILURE;
-			}
-
-			if (CGIG(check_shebang_line) && file_handle.handle.fp && (file_handle.handle.fp != stdin)) {
-				/* #!php support */
-				c = fgetc(file_handle.handle.fp);
-				if (c == '#') {
-					while (c != '\n' && c != '\r') {
-						c = fgetc(file_handle.handle.fp);	/* skip to end of line */
-					}
-					/* handle situations where line is terminated by \r\n */
-					if (c == '\r') {
-						if (fgetc(file_handle.handle.fp) != '\n') {
-							long pos = ftell(file_handle.handle.fp);
-							fseek(file_handle.handle.fp, pos - 1, SEEK_SET);
-						}
-					}
-					CG(start_lineno) = 2;
-				} else {
-					rewind(file_handle.handle.fp);
+					return FAILURE;
 				}
 			}