PHP :: Bug #21097 :: tsrm_virtual_cwd.c/virtual_file_ex handles ".." incorrectly for UNC paths

Bug #21097	tsrm_virtual_cwd.c/virtual_file_ex handles ".." incorrectly for UNC paths
Submitted:	2002-12-19 09:17 UTC	Modified:	2003-01-02 18:53 UTC
From:	dwayne at lfchosting dot com	Assigned:
Status:	No Feedback	Package:	*Directory/Filesystem functions
PHP Version:	4.2.3	OS:	Win32
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!

Your email address: MUST BE VALID
Solve the problem: 30 + 50 = ?
Subscribe to this entry?

[2002-12-19 09:17 UTC] dwayne at lfchosting dot com

On Win32, the virtual_file_ex() function in TSRM/tsrm_virtual_cwd.c doesn't handle ".." correctly when state->cwd is a UNC path.  

Basically, when state->cwd = "//hostname/foo/bar" and path_copy = "../file.txt", the function sets the new state->cwd to "//hostname/foo/bar/file.txt" rather than "//hostname/foo/file.txt".

This breaks any PHP functions that call virtual_file_ex(), including:

require "../config.inc.php";
require_once "../config.inc.php";
include "../config.inc.php";
include_once "../config.inc.php";
$f = fopen("../config.inc.php", "r");

The reason for this is that the IS_ABSOLUTE_PATH() macro returns false when given a UNC path.  The following patch does not change this behaviour, but it adds additional IS_UNC_PATH() checks where appropriate:



diff -bruN php-4.2.3/TSRM/tsrm_virtual_cwd.c php-4.2.3-fixed/TSRM/tsrm_virtual_cwd.c
--- php-4.2.3/TSRM/tsrm_virtual_cwd.c	Thu Apr 25 08:52:46 2002
+++ php-4.2.3-fixed/TSRM/tsrm_virtual_cwd.c	Thu Dec 19 08:33:28 2002
@@ -346,14 +346,25 @@
 
 #define PREVIOUS state->cwd[state->cwd_length - 1]
 
+#ifdef TSRM_WIN32
+			while ((IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) ||
+					IS_UNC_PATH(state->cwd, state->cwd_length)) &&
+					!IS_SLASH(PREVIOUS)) {
+#else
 			while (IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) &&
 					!IS_SLASH(PREVIOUS)) {
+#endif
 				save = PREVIOUS;
 				PREVIOUS = '\0';
 				state->cwd_length--;
 			}
 
+#ifdef TSRM_WIN32
+			if (!IS_ABSOLUTE_PATH(state->cwd, state->cwd_length) &&
+					!IS_UNC_PATH(state->cwd, state->cwd_length)) {
+#else
 			if (!IS_ABSOLUTE_PATH(state->cwd, state->cwd_length)) {
+#endif
 				state->cwd[state->cwd_length++] = save;
 				state->cwd[state->cwd_length] = '\0';
 			} else {

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-12-19 18:42 UTC] iliaa@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

[2003-01-02 18:53 UTC] sniper@php.net

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 25 06:01:35 2024 UTC