php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75302 php file downlaod
Submitted: 2017-10-01 16:59 UTC Modified: 2017-10-22 20:00 UTC
Votes:2
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: franciszek dot witt at protonmail dot com Assigned:
Status: Open Package: Built-in web server
PHP Version: 7.1.10 OS: Windows
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: franciszek dot witt at protonmail dot com
New email:
PHP Version: OS:

 

 [2017-10-01 16:59 UTC] franciszek dot witt at protonmail dot com
Description:
------------
In some machines with FAT file system if you type file.PHP (PHP uppercase) instead of file.php it will start downloading source code. Tested on android PHP webserver but developer said that it's general php bug.


Part of email wich he sent to me
"

Hi, Yes it is a bug of PHP itself, the reason is that in file: sapi/cli/php_cli_server.c It is used 'memcmp(client->request.ext, "php", 3)' instead of 'strncasecmp(client->request.ext, "php", 3)' (it should ignore "php" case, but it does not as of now) This happens only if filesystem is case insesintive (for example FAT) 

"


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-01 18:19 UTC] esminis at esminis dot lt
More info - this bug is in PHP built-in server (only possible workaround without changing source code of PHP for now is to enable router script).

I am the developer who helped identify this bug (contact on email if needed).
 [2017-10-03 13:18 UTC] cmb@php.net
-Package: *General Issues +Package: Built-in web server
 [2017-10-22 20:00 UTC] ab@php.net
Thanks for the report. I don't think it's a Windows bug, as 7.1 and even since 5.5 or earlier doesn't support non NTFS based Windows versions. There are still OSes supporting FSes with no case sensitivity, though. The code in the description sounds reasonable, but I've no such system at hand to test the actual behaviors. If one would provide a patch that at least doesn't breach the current functionality, it could be evaluated.

Thanks.
 [2017-10-24 19:32 UTC] esminis at esminis dot lt
Yea it is not Windows (in this specific case it is Android app "Server for PHP" - PHP compiled for Android; btw it will happen in any system that uses case insensitive filesystem).

And I don`t think there is any need of patch cause it is simple replace of one function name in sapi/cli/php_cli_server.c:

memcmp(client->request.ext, "php", 3) should be replaced with strncasecmp(client->request.ext, "php", 3)

This should be double checked by someone who knows well PHP source code
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC