php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21097 tsrm_virtual_cwd.c/virtual_file_ex handles ".." incorrectly for UNC paths
Submitted: 2002-12-19 09:17 UTC Modified: 2003-01-02 18:53 UTC
From: dwayne at lfchosting dot com Assigned:
Status: No Feedback Package: *Directory/Filesystem functions
PHP Version: 4.2.3 OS: Win32
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
14 + 5 = ?
Subscribe to this entry?

 
 [2002-12-19 09:17 UTC] dwayne at lfchosting dot com
On Win32, the virtual_file_ex() function in TSRM/tsrm_virtual_cwd.c doesn't handle ".." correctly when state->cwd is a UNC path.  

Basically, when state->cwd = "//hostname/foo/bar" and path_copy = "../file.txt", the function sets the new state->cwd to "//hostname/foo/bar/file.txt" rather than "//hostname/foo/file.txt".

This breaks any PHP functions that call virtual_file_ex(), including:

require "../config.inc.php";
require_once "../config.inc.php";
include "../config.inc.php";
include_once "../config.inc.php";
$f = fopen("../config.inc.php", "r");

The reason for this is that the IS_ABSOLUTE_PATH() macro returns false when given a UNC path.  The following patch does not change this behaviour, but it adds additional IS_UNC_PATH() checks where appropriate:



diff -bruN php-4.2.3/TSRM/tsrm_virtual_cwd.c php-4.2.3-fixed/TSRM/tsrm_virtual_cwd.c
--- php-4.2.3/TSRM/tsrm_virtual_cwd.c	Thu Apr 25 08:52:46 2002
+++ php-4.2.3-fixed/TSRM/tsrm_virtual_cwd.c	Thu Dec 19 08:33:28 2002
@@ -346,14 +346,25 @@
 
 #define PREVIOUS state->cwd[state->cwd_length - 1]
 
+#ifdef TSRM_WIN32
+			while ((IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) ||
+					IS_UNC_PATH(state->cwd, state->cwd_length)) &&
+					!IS_SLASH(PREVIOUS)) {
+#else
 			while (IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) &&
 					!IS_SLASH(PREVIOUS)) {
+#endif
 				save = PREVIOUS;
 				PREVIOUS = '\0';
 				state->cwd_length--;
 			}
 
+#ifdef TSRM_WIN32
+			if (!IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) &&
+					!IS_UNC_PATH(state->cwd, state->cwd_length)) {
+#else
 			if (!IS_ABSOLUTE_PATH(state->cwd, state->cwd_length)) {
+#endif
 				state->cwd[state->cwd_length++] = save;
 				state->cwd[state->cwd_length] = '\0';
 			} else {




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-12-19 18:42 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip


 [2003-01-02 18:53 UTC] sniper@php.net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Oct 20 04:03:40 2021 UTC