Index: main/fopen_wrappers.c =================================================================== RCS file: /repository/php-src/main/fopen_wrappers.c,v retrieving revision 1.153.2.9 diff -u -r1.153.2.9 fopen_wrappers.c --- main/fopen_wrappers.c 16 Mar 2004 00:32:09 -0000 1.153.2.9 +++ main/fopen_wrappers.c 16 Mar 2004 18:42:22 -0000 @@ -106,7 +106,9 @@ char resolved_name[MAXPATHLEN]; char resolved_basedir[MAXPATHLEN]; char local_open_basedir[MAXPATHLEN]; + char local_path[MAXPATHLEN]; int local_open_basedir_pos; + int local_path_pos; int resolved_basedir_len; int resolved_name_len; @@ -128,9 +130,30 @@ strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir)); } +#ifdef SKIP_PATH_CHECKS + if ( path[0] == '.' && path[1] == '/' && SG(request_info).path_translated && *SG(request_info).path_translated ) { + strlcpy(local_path, SG(request_info).path_translated, sizeof(local_path) ); + local_path_pos = strlen(local_path) - 1; + + /* Strip filename */ + while (!IS_SLASH(local_path[local_path_pos]) && (local_path_pos >= 0)) { + local_path[local_path_pos--] = 0; + } + + strncat( local_path, path + 2, MAXPATHLEN - (local_path_pos + strlen( path )) ); + } + else { +#endif + /* Else use the unmodified path */ + strlcpy(local_path, path, sizeof(local_path)); +#ifdef SKIP_PATH_CHECKS + } + if(strstr(local_path,"..")) return -1; +#endif + /* Resolve the real path into resolved_name */ - if ((expand_filepath(path, resolved_name TSRMLS_CC) != NULL) && (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) { - /* Handler for basedirs that end with a / */ + if ((expand_filepath(local_path, resolved_name TSRMLS_CC) != NULL) && (expand_filepath(local_open_basedir, resolved_basedir TSRMLS_CC) != NULL)) { + /* Handler for basedirs that end with a / */ resolved_basedir_len = strlen(resolved_basedir); if (basedir[strlen(basedir) - 1] == PHP_DIR_SEPARATOR) { if (resolved_basedir[resolved_basedir_len - 1] == '/') { @@ -139,7 +162,7 @@ } } - if (path[strlen(path)-1] == PHP_DIR_SEPARATOR) { + if (local_path[strlen(local_path)-1] == PHP_DIR_SEPARATOR) { resolved_name_len = strlen(resolved_name); if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) { resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR; @@ -533,6 +556,16 @@ */ PHPAPI char *expand_filepath(const char *filepath, char *real_path TSRMLS_DC) { +#ifdef SKIP_PATH_CHECKS + int len = strlen(filepath); + + if(filepath[len-1] == PHP_DIR_SEPARATOR) len--; + if(!real_path) real_path = estrdup(filepath); + else strcpy(real_path, filepath); + real_path[len]='\0'; + + return real_path; +#else cwd_state new_state; char cwd[MAXPATHLEN]; char *result; @@ -558,8 +591,8 @@ real_path = estrndup(new_state.cwd, new_state.cwd_length); } free(new_state.cwd); - return real_path; +#endif } /* }}} */ Index: main/main.c =================================================================== RCS file: /repository/php-src/main/main.c,v retrieving revision 1.512.2.43 diff -u -p -r1.512.2.43 main.c --- main/main.c 22 Jul 2003 15:46:48 -0000 1.512.2.43 +++ main/main.c 31 Jul 2003 21:28:14 -0000 @@ -1646,9 +1646,13 @@ PHPAPI int php_execute_script(zend_file_ } if (primary_file->filename) { + int dummy = 1; +#ifdef SKIP_PATH_CHECKS + zend_hash_add(&EG(included_files), primary_file->filename, strlen(primary_file->filename)+1, (void *)&dummy, sizeof(int), NULL); +#else char realfile[MAXPATHLEN]; int realfile_len; - int dummy = 1; + if (VCWD_REALPATH(primary_file->filename, realfile)) { realfile_len = strlen(realfile); zend_hash_add(&EG(included_files), realfile, realfile_len+1, (void *)&dummy, sizeof(int), NULL); @@ -1657,6 +1661,7 @@ PHPAPI int php_execute_script(zend_file_ primary_file->filename = realfile; } } +#endif } if (PG(auto_prepend_file) && PG(auto_prepend_file)[0]) { Index: main/streams.c =================================================================== RCS file: /repository/php-src/main/Attic/streams.c,v retrieving revision 1.125.2.73 diff -u -p -r1.125.2.73 streams.c --- main/streams.c 29 Jul 2003 18:26:59 -0000 1.125.2.73 +++ main/streams.c 31 Jul 2003 21:28:14 -0000 @@ -1387,6 +1392,7 @@ self->temp_file_name = NULL; self->fd = fileno(file); +#ifndef SKIP_PATH_CHECKS #ifdef S_ISFIFO /* detect if this is a pipe */ if (self->fd >= 0) { @@ -1394,6 +1400,7 @@ self->is_pipe = (fstat(self->fd, &sb) == 0 && S_ISFIFO(sb.st_mode)) ? 1 : 0; } #endif +#endif stream = php_stream_alloc_rel(&php_stream_stdio_ops, self, 0, mode); @@ -1406,9 +1413,12 @@ if (stream) { if (self->is_pipe) { stream->flags |= PHP_STREAM_FLAG_NO_SEEK | PHP_STREAM_FLAG_AVOID_BLOCKING; - } else { + } +#if 0 + else { stream->position = ftell(file); } +#endif } return stream; @@ -1975,6 +1985,7 @@ fd = open(realpath, open_flags, 0666); if (fd != -1) { +#ifndef SKIP_PATH_CHECKS /* sanity checks for include/require */ if (options & STREAM_OPEN_FOR_INCLUDE && (fstat(fd, &st) == -1 || !S_ISREG(st.st_mode))) { #ifdef PHP_WIN32 @@ -1984,6 +1995,7 @@ #endif goto err; } +#endif ret = php_stream_fopen_from_fd_rel(fd, mode, persistent_id); @@ -2038,10 +2050,12 @@ self->fd = fd; #ifdef S_ISFIFO +#ifndef SKIP_PATH_CHECKS /* detect if this is a pipe */ if (stat_ok) { self->is_pipe = S_ISFIFO(sb.st_mode) ? 1 : 0; } +#endif #elif defined(PHP_WIN32) { long handle = _get_osfhandle(self->fd); @@ -2055,6 +2069,7 @@ stream = php_stream_alloc_rel(&php_stream_stdio_ops, self, persistent_id, mode); +#ifndef SKIP_PATH_CHECKS if (stream) { if (self->is_pipe) { stream->flags |= PHP_STREAM_FLAG_NO_SEEK | PHP_STREAM_FLAG_AVOID_BLOCKING; @@ -2062,6 +2077,7 @@ stream->position = lseek(self->fd, 0, SEEK_CUR); } } +#endif return stream; } @@ -2165,12 +2181,14 @@ /* synchronize our buffer (if possible) */ if (ret && castas != PHP_STREAM_AS_FD_FOR_SELECT) { php_stream_flush(stream); +#ifndef SKIP_PATH_CHECKS if (stream->ops->seek && (stream->flags & PHP_STREAM_FLAG_NO_SEEK) == 0) { off_t dummy; stream->ops->seek(stream, stream->position, SEEK_SET, &dummy TSRMLS_CC); stream->readpos = stream->writepos = 0; } +#endif } /* filtered streams can only be cast as stdio, and only when fopencookie is present */