php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21097 tsrm_virtual_cwd.c/virtual_file_ex handles ".." incorrectly for UNC paths
Submitted: 2002-12-19 09:17 UTC Modified: 2003-01-02 18:53 UTC
From: dwayne at lfchosting dot com Assigned:
Status: No Feedback Package: *Directory/Filesystem functions
PHP Version: 4.2.3 OS: Win32
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dwayne at lfchosting dot com
New email:
PHP Version: OS:

 

 [2002-12-19 09:17 UTC] dwayne at lfchosting dot com
On Win32, the virtual_file_ex() function in TSRM/tsrm_virtual_cwd.c doesn't handle ".." correctly when state->cwd is a UNC path.  

Basically, when state->cwd = "//hostname/foo/bar" and path_copy = "../file.txt", the function sets the new state->cwd to "//hostname/foo/bar/file.txt" rather than "//hostname/foo/file.txt".

This breaks any PHP functions that call virtual_file_ex(), including:

require "../config.inc.php";
require_once "../config.inc.php";
include "../config.inc.php";
include_once "../config.inc.php";
$f = fopen("../config.inc.php", "r");

The reason for this is that the IS_ABSOLUTE_PATH() macro returns false when given a UNC path.  The following patch does not change this behaviour, but it adds additional IS_UNC_PATH() checks where appropriate:



diff -bruN php-4.2.3/TSRM/tsrm_virtual_cwd.c php-4.2.3-fixed/TSRM/tsrm_virtual_cwd.c
--- php-4.2.3/TSRM/tsrm_virtual_cwd.c	Thu Apr 25 08:52:46 2002
+++ php-4.2.3-fixed/TSRM/tsrm_virtual_cwd.c	Thu Dec 19 08:33:28 2002
@@ -346,14 +346,25 @@
 
 #define PREVIOUS state->cwd[state->cwd_length - 1]
 
+#ifdef TSRM_WIN32
+			while ((IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) ||
+					IS_UNC_PATH(state->cwd, state->cwd_length)) &&
+					!IS_SLASH(PREVIOUS)) {
+#else
 			while (IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) &&
 					!IS_SLASH(PREVIOUS)) {
+#endif
 				save = PREVIOUS;
 				PREVIOUS = '\0';
 				state->cwd_length--;
 			}
 
+#ifdef TSRM_WIN32
+			if (!IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) &&
+					!IS_UNC_PATH(state->cwd, state->cwd_length)) {
+#else
 			if (!IS_ABSOLUTE_PATH(state->cwd, state->cwd_length)) {
+#endif
 				state->cwd[state->cwd_length++] = save;
 				state->cwd[state->cwd_length] = '\0';
 			} else {




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-12-19 18:42 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2003-01-02 18:53 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 08:01:28 2024 UTC