php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75302 php file downlaod
Submitted: 2017-10-01 16:59 UTC Modified: 2021-07-22 07:58 UTC
Votes:3
Avg. Score:2.3 ± 1.9
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: franciszek dot witt at protonmail dot com Assigned: cmb (profile)
Status: Duplicate Package: Built-in web server
PHP Version: 7.1.10 OS: Windows
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: franciszek dot witt at protonmail dot com
New email:
PHP Version: OS:

 

 [2017-10-01 16:59 UTC] franciszek dot witt at protonmail dot com
Description:
------------
In some machines with FAT file system if you type file.PHP (PHP uppercase) instead of file.php it will start downloading source code. Tested on android PHP webserver but developer said that it's general php bug.


Part of email wich he sent to me
"

Hi, Yes it is a bug of PHP itself, the reason is that in file: sapi/cli/php_cli_server.c It is used 'memcmp(client->request.ext, "php", 3)' instead of 'strncasecmp(client->request.ext, "php", 3)' (it should ignore "php" case, but it does not as of now) This happens only if filesystem is case insesintive (for example FAT) 

"


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-01 18:19 UTC] esminis at esminis dot lt
More info - this bug is in PHP built-in server (only possible workaround without changing source code of PHP for now is to enable router script).

I am the developer who helped identify this bug (contact on email if needed).
 [2017-10-03 13:18 UTC] cmb@php.net
-Package: *General Issues +Package: Built-in web server
 [2017-10-22 20:00 UTC] ab@php.net
Thanks for the report. I don't think it's a Windows bug, as 7.1 and even since 5.5 or earlier doesn't support non NTFS based Windows versions. There are still OSes supporting FSes with no case sensitivity, though. The code in the description sounds reasonable, but I've no such system at hand to test the actual behaviors. If one would provide a patch that at least doesn't breach the current functionality, it could be evaluated.

Thanks.
 [2017-10-24 19:32 UTC] esminis at esminis dot lt
Yea it is not Windows (in this specific case it is Android app "Server for PHP" - PHP compiled for Android; btw it will happen in any system that uses case insensitive filesystem).

And I don`t think there is any need of patch cause it is simple replace of one function name in sapi/cli/php_cli_server.c:

memcmp(client->request.ext, "php", 3) should be replaced with strncasecmp(client->request.ext, "php", 3)

This should be double checked by someone who knows well PHP source code
 [2021-07-22 07:58 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2021-07-22 07:58 UTC] cmb@php.net
Closing as duplicate of bug #77932 (which is fixed as of PHP
7.3.22 and 7.4.10, respectively).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 19:01:30 2024 UTC