php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37779 [PATCH] _php_stream_fopen_with_path searches for files in /
Submitted: 2006-06-11 10:35 UTC Modified: 2006-09-12 15:49 UTC
From: jr at terragate dot net Assigned:
Status: Closed Package: Streams related
PHP Version: 5.1.5CVS OS: Mac OS X (10.4)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jr at terragate dot net
New email:
PHP Version: OS:

 

 [2006-06-11 10:35 UTC] jr at terragate dot net
Description:
------------
_php_stream_fopen_with_path will try to open files relative 
to / if the given file does not exist in the current working 
directory.

Fix:

http://jr.terragate.net/Public/php/
_php_stream_fopen_with_path.diff

Index: main/streams/plain_wrapper.c
============================================================
=======
RCS file: /repository/php-src/main/streams/plain_wrapper.c,v
retrieving revision 1.52.2.6
diff -u -u -r1.52.2.6 plain_wrapper.c
--- main/streams/plain_wrapper.c        17 Jan 2006 02:32:09 
-0000      1.52.2.6
+++ main/streams/plain_wrapper.c        11 Jun 2006 10:01:11 
-0000
@@ -1316,6 +1316,10 @@
                        *end = '\0';
                        end++;
                }
+               if (*ptr == '\0') {
+                       ptr = end;
+                       continue;
+               }
                snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, 
filename);
 
                if (((options & STREAM_DISABLE_OPEN_BASEDIR) 
== 0) && php_check_
open_basedir_ex(trypath, 0 TSRMLS_CC)) {



Reproduce code:
---------------
<?php 

include 'etc/hosts';

?>

Expected result:
----------------
Warning: include(etc/hosts): failed to open stream: No such 
file or directory in ...


Expected existence checks (include_path=.:):

cwd/etc/hosts
script_execution_path/etc/hosts





Actual result:
--------------
Output of /etc/hosts


Actual existence checks (include_path=.:):

cwd/etc/hosts
/etc/hosts
script_execution_path/etc/hosts



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-09-08 20:55 UTC] tony2001@php.net
Sara, could you plz check this out?
 [2006-09-12 15:49 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 09 01:01:27 2024 UTC