mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
check for invalid aliases, add tests for this and direct setting of stub/alias
This commit is contained in:
parent
27826add0f
commit
b4b890cb8f
@ -67,7 +67,7 @@ Version 2.0.0
|
||||
access, or a string representing a file within the archive to access. If
|
||||
unknown, the callback should return the original request uri [Greg]
|
||||
* rework filename detection so that alias is always checked first
|
||||
* make aliases containing '/' or '\' invalid
|
||||
X make aliases containing '/' or '\' invalid [Greg]
|
||||
X implement manual mounting of external phar archives to locations inside a
|
||||
phar path, $phar->mount('/path/to/external.phar', 'internal/path');
|
||||
this would traverse external.phar's manifest, and add each entry as a
|
||||
|
@ -361,6 +361,16 @@ static inline void phar_unixify_path_separators(char *path, int path_len)
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/**
|
||||
* validate an alias, returns 1 for success, 0 for failure
|
||||
*/
|
||||
static inline int phar_validate_alias(const char *alias, int alias_len) /* {{{ */
|
||||
{
|
||||
return !(memchr(alias, '/', alias_len) || memchr(alias, '\\', alias_len) || memchr(alias, ':', alias_len) ||
|
||||
memchr(alias, ';', alias_len));
|
||||
}
|
||||
/* }}} */
|
||||
|
||||
|
||||
void phar_request_initialize(TSRMLS_D);
|
||||
|
||||
|
@ -2177,13 +2177,13 @@ PHP_METHOD(Phar, setAlias)
|
||||
if (PHAR_G(readonly)) {
|
||||
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC,
|
||||
"Cannot write out phar archive, phar is read-only");
|
||||
return;
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
if (phar_obj->arc.archive->is_data) {
|
||||
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC,
|
||||
"A Phar alias cannot be set in a plain %s archive", phar_obj->arc.archive->is_tar ? "tar" : "zip");
|
||||
return;
|
||||
RETURN_FALSE;
|
||||
}
|
||||
|
||||
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &alias, &alias_len) == SUCCESS) {
|
||||
@ -2196,6 +2196,11 @@ PHP_METHOD(Phar, setAlias)
|
||||
efree(error);
|
||||
RETURN_FALSE;
|
||||
}
|
||||
if (!phar_validate_alias(alias, alias_len)) {
|
||||
zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0 TSRMLS_CC,
|
||||
"Invalid alias \"%s\" specified for phar \"%s\"", alias, phar_obj->arc.archive->fname);
|
||||
RETURN_FALSE;
|
||||
}
|
||||
if (phar_obj->arc.archive->alias_len && SUCCESS == zend_hash_find(&(PHAR_GLOBALS->phar_alias_map), phar_obj->arc.archive->alias, phar_obj->arc.archive->alias_len, (void**)&fd_ptr)) {
|
||||
zend_hash_del(&(PHAR_GLOBALS->phar_alias_map), phar_obj->arc.archive->alias, phar_obj->arc.archive->alias_len);
|
||||
readd = 1;
|
||||
@ -2222,7 +2227,7 @@ PHP_METHOD(Phar, setAlias)
|
||||
zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), oldalias, oldalias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL);
|
||||
}
|
||||
efree(error);
|
||||
return;
|
||||
RETURN_FALSE;
|
||||
}
|
||||
zend_hash_add(&(PHAR_GLOBALS->phar_alias_map), alias, alias_len, (void*)&(phar_obj->arc.archive), sizeof(phar_archive_data*), NULL);
|
||||
if (oldalias) {
|
||||
|
45
ext/phar/tests/invalid_alias.phpt
Normal file
45
ext/phar/tests/invalid_alias.phpt
Normal file
@ -0,0 +1,45 @@
|
||||
--TEST--
|
||||
Phar: set alias with invalid alias containing / \ : or ;
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded("phar")) die("skip"); ?>
|
||||
--INI--
|
||||
phar.readonly=0
|
||||
--FILE--
|
||||
<?php
|
||||
$fname = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.phar';
|
||||
|
||||
$p = new Phar($fname);
|
||||
try {
|
||||
$p->setAlias('hi/');
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
try {
|
||||
$p->setAlias('hi\\l');
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
|
||||
try {
|
||||
$p->setAlias('hil;');
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
|
||||
try {
|
||||
$p->setAlias(':hil');
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
?>
|
||||
===DONE===
|
||||
--CLEAN--
|
||||
<?php
|
||||
unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.phar');
|
||||
?>
|
||||
--EXPECTF--
|
||||
Invalid alias "hi/" specified for phar "%sinvalid_alias.phar"
|
||||
Invalid alias "hi\l" specified for phar "%sinvalid_alias.phar"
|
||||
Invalid alias "hil;" specified for phar "%sinvalid_alias.phar"
|
||||
Invalid alias ":hil" specified for phar "%sinvalid_alias.phar"
|
||||
===DONE===
|
47
ext/phar/tests/invalid_setstubalias.phpt
Normal file
47
ext/phar/tests/invalid_setstubalias.phpt
Normal file
@ -0,0 +1,47 @@
|
||||
--TEST--
|
||||
Phar: invalid set alias or stub via array access
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded("phar")) die("skip"); ?>
|
||||
--INI--
|
||||
phar.readonly=0
|
||||
--FILE--
|
||||
<?php
|
||||
$fname = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.phar.tar';
|
||||
$fname2 = dirname(__FILE__) . '/' . basename(__FILE__, '.php') . '.phar.zip';
|
||||
|
||||
$p = new Phar($fname);
|
||||
try {
|
||||
$p['.phar/stub.php'] = 'hi';
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
try {
|
||||
$p['.phar/alias.txt'] = 'hi';
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
$p = new Phar($fname2);
|
||||
try {
|
||||
$p['.phar/stub.php'] = 'hi';
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
try {
|
||||
$p['.phar/alias.txt'] = 'hi';
|
||||
} catch (Exception $e) {
|
||||
echo $e->getMessage() . "\n";
|
||||
}
|
||||
|
||||
?>
|
||||
===DONE===
|
||||
--CLEAN--
|
||||
<?php
|
||||
unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.phar.tar');
|
||||
unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.phar.zip');
|
||||
?>
|
||||
--EXPECTF--
|
||||
Cannot set stub ".phar/stub.php" directly in phar "%sinvalid_setstubalias.phar.tar", use setStub
|
||||
Cannot set alias ".phar/alias.txt" directly in phar "%sinvalid_setstubalias.phar.tar", use setAlias
|
||||
Cannot set stub ".phar/stub.php" directly in phar "%sinvalid_setstubalias.phar.zip", use setStub
|
||||
Cannot set alias ".phar/alias.txt" directly in phar "%sinvalid_setstubalias.phar.zip", use setAlias
|
||||
===DONE===
|
Loading…
Reference in New Issue
Block a user