php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #66395 basename function doesn't remove drive letter
Submitted: 2014-01-03 07:12 UTC Modified: 2014-01-05 18:30 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: php at tokumaru dot org Assigned: ab (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.5.7 OS: Windows
Private report: No CVE-ID: None
 [2014-01-03 07:12 UTC] php at tokumaru dot org
Description:
------------
basename function doesn't remove drive letter(example C:) on WIndows.
if path includes directory separator characters('\' or '/'), basename function returns trailing name component of path.
But, if path doesn't include directory separator characters, basename function returns file name with drive letter.


Test script:
---------------
echo basename('c:autoexec.bat');

Expected result:
----------------
autoexec.bat

Actual result:
--------------
c:autoexec.bat

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-03 21:46 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=46f60fae22b420320f3616e00928d70706cf4f4c
Log: Fixed bug #66395 basename function doesn't remove drive letter
 [2014-01-03 21:46 UTC] ab@php.net
-Status: Open +Status: Closed
 [2014-01-03 22:09 UTC] ab@php.net
-Assigned To: +Assigned To: ab
 [2014-01-03 22:09 UTC] ab@php.net
Fixed according to the docs http://msdn.microsoft.com/en-us/library/aa365247(VS.85).aspx
Please test also 5.4 if possible, the fix will be soon available for tests http://windows.php.net/downloads/snaps/

Thanks
 [2014-01-04 01:28 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=46f60fae22b420320f3616e00928d70706cf4f4c
Log: Fixed bug #66395 basename function doesn't remove drive letter
 [2014-01-05 12:46 UTC] php at tokumaru dot org
Thank you for the the bug fix.
However, this bug fix still has a problem.
The new basename function returns "c:autoexec.bat" for "c:c:autoexec.bat".
Basename function is used for directory traversal attack protection, so this behavior is not good.
The colon character(:) in NTFS file name is used to express NTFS stream, but PHP cannot treat NTFS streams.
Therefore, I think that the colon character(:) should be treated in the same way as a slash(/) and a backslash(\).
 [2014-01-05 18:30 UTC] ab@php.net
Thanks very much for staying on this, further fix is applied to 5.4+ http://git.php.net/?p=php-src.git;a=commitdiff;h=3f7f72adb25786f51e7907e0d37f2e25bd5cf3dd . Your traversal idea is brilliant :)

Btw. PHP can read NTFS streams, I didn't check the code yet, but a small snippet like basename("c:/somewhere/hello:world") worked in 5.4 . That's why it were wrong to handle ':' as directory separator. The implementation always checks for X:, char+colon therefore.

Thanks.
 [2014-10-07 23:16 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=46f60fae22b420320f3616e00928d70706cf4f4c
Log: Fixed bug #66395 basename function doesn't remove drive letter
 [2014-10-07 23:27 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=46f60fae22b420320f3616e00928d70706cf4f4c
Log: Fixed bug #66395 basename function doesn't remove drive letter
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 10 19:01:27 2024 UTC