php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch libxslt_54446_2 for XSLT related Bug #54446Patch version 2011-04-18 10:01 UTC Return to Bug #54446 | Download this patchThis patch renders other patches obsolete Obsolete patches: Patch Revisions:Developer: chregu@php.netIndex: php_xsl.h =================================================================== --- php_xsl.h (revision 310300) +++ php_xsl.h (working copy) @@ -32,6 +32,7 @@ #include <libxslt/xsltInternals.h> #include <libxslt/xsltutils.h> #include <libxslt/transform.h> +#include <libxslt/security.h> #if HAVE_XSL_EXSLT #include <libexslt/exslt.h> #include <libexslt/exsltconfig.h> @@ -43,6 +44,13 @@ #include <libxslt/extensions.h> #include <libxml/xpathInternals.h> +#define XSL_SECPREF_NONE 0 +#define XSL_SECPREF_READ_FILE 2 +#define XSL_SECPREF_WRITE_FILE 4 +#define XSL_SECPREF_CREATE_DIRECTORY 8 +#define XSL_SECPREF_READ_NETWORK 16 +#define XSL_SECPREF_WRITE_NETWORK 32 + typedef struct _xsl_object { zend_object std; void *ptr; @@ -55,6 +63,7 @@ HashTable *node_list; php_libxml_node_object *doc; char *profiling; + long securityPrefs; } xsl_object; void php_xsl_set_object(zval *wrapper, void *obj TSRMLS_DC); Index: xsl_fe.h =================================================================== --- xsl_fe.h (revision 310300) +++ xsl_fe.h (working copy) @@ -34,6 +34,9 @@ PHP_FUNCTION(xsl_xsltprocessor_has_exslt_support); PHP_FUNCTION(xsl_xsltprocessor_register_php_functions); PHP_FUNCTION(xsl_xsltprocessor_set_profiling); +PHP_FUNCTION(xsl_xsltprocessor_set_security_prefs); +PHP_FUNCTION(xsl_xsltprocessor_get_security_prefs); + #endif /* Index: xsltprocessor.c =================================================================== --- xsltprocessor.c (revision 310300) +++ xsltprocessor.c (working copy) @@ -71,6 +71,13 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_xsl_xsltprocessor_set_profiling, 0, 0, 1) ZEND_ARG_INFO(0, filename) ZEND_END_ARG_INFO(); + +ZEND_BEGIN_ARG_INFO_EX(arginfo_xsl_xsltprocessor_set_security_prefs, 0, 0, 1) + ZEND_ARG_INFO(0, securityPrefs) +ZEND_END_ARG_INFO(); + +ZEND_BEGIN_ARG_INFO_EX(arginfo_xsl_xsltprocessor_get_security_prefs, 0, 0, 0) +ZEND_END_ARG_INFO(); /* }}} */ /* @@ -91,6 +98,8 @@ PHP_FALIAS(hasExsltSupport, xsl_xsltprocessor_has_exslt_support, arginfo_xsl_xsltprocessor_has_exslt_support) PHP_FALIAS(registerPHPFunctions, xsl_xsltprocessor_register_php_functions, arginfo_xsl_xsltprocessor_register_php_functions) PHP_FALIAS(setProfiling, xsl_xsltprocessor_set_profiling, arginfo_xsl_xsltprocessor_set_profiling) + PHP_FALIAS(setSecurityPrefs, xsl_xsltprocessor_set_security_prefs, arginfo_xsl_xsltprocessor_set_security_prefs) + PHP_FALIAS(getSecurityPrefs, xsl_xsltprocessor_get_security_prefs, arginfo_xsl_xsltprocessor_get_security_prefs) {NULL, NULL, NULL} }; @@ -531,11 +540,46 @@ } efree(member); + /* Add security checks */ + /* XSLT_SECPREF_READ_FILE and XSLT_SECPREF_READ_NETWORK aren't needed */ + + xsltSecurityPrefsPtr secPrefs = xsltNewSecurityPrefs(); + + if (intern->securityPrefs & XSL_SECPREF_READ_FILE ) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security properties"); + } + } + if (intern->securityPrefs & XSL_SECPREF_WRITE_FILE ) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security properties"); + } + } + if (intern->securityPrefs & XSL_SECPREF_CREATE_DIRECTORY ) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security properties"); + } + } + if (intern->securityPrefs & XSL_SECPREF_READ_NETWORK) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security properties"); + } + } + if (intern->securityPrefs & XSL_SECPREF_WRITE_NETWORK) { + if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security properties"); + } + } + + if (0 != xsltSetCtxtSecurityPrefs(secPrefs, ctxt)) + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't set libxslt security handler"); + newdocp = xsltApplyStylesheetUser(style, doc, (const char**) params, NULL, f, ctxt); if (f) { fclose(f); } xsltFreeTransformContext(ctxt); + xsltFreeSecurityPrefs(secPrefs); if (intern->node_list != NULL) { zend_hash_destroy(intern->node_list); @@ -861,6 +905,44 @@ } /* }}} end xsl_xsltprocessor_set_profiling */ +/* {{{ proto long xsl_xsltprocessor_set_security_prefs(long securityPrefs) */ +PHP_FUNCTION(xsl_xsltprocessor_set_security_prefs) +{ + zval *id; + xsl_object *intern; + DOM_GET_THIS(id); + long securityPrefs, oldSecurityPrefs; + + if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "l", &securityPrefs) == SUCCESS) { + intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC); + oldSecurityPrefs = intern->securityPrefs; + intern->securityPrefs = securityPrefs; + RETURN_LONG(oldSecurityPrefs); + } else { + WRONG_PARAM_COUNT; + } +} +/* }}} end xsl_xsltprocessor_set_security_prefs */ + +/* {{{ proto long xsl_xsltprocessor_get_security_prefs() */ +PHP_FUNCTION(xsl_xsltprocessor_get_security_prefs) +{ + zval *id; + xsl_object *intern; + DOM_GET_THIS(id); + long securityPrefs; + + if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "") == SUCCESS) { + intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC); + RETURN_LONG(intern->securityPrefs); + } else { + WRONG_PARAM_COUNT; + } +} +/* }}} end xsl_xsltprocessor_get_security_prefs */ + + + /* {{{ proto bool xsl_xsltprocessor_has_exslt_support(); */ PHP_FUNCTION(xsl_xsltprocessor_has_exslt_support) Index: php_xsl.c =================================================================== --- php_xsl.c (revision 310300) +++ php_xsl.c (working copy) @@ -127,6 +127,7 @@ intern->node_list = NULL; intern->doc = NULL; intern->profiling = NULL; + intern->securityPrefs = XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY; zend_object_std_init(&intern->std, class_type TSRMLS_CC); zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); @@ -167,6 +168,13 @@ REGISTER_LONG_CONSTANT("XSL_CLONE_NEVER", -1, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("XSL_CLONE_ALWAYS", 1, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_NONE", XSL_SECPREF_NONE, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_FILE", XSL_SECPREF_READ_FILE, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_FILE", XSL_SECPREF_WRITE_FILE, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK", XSL_SECPREF_READ_NETWORK, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK", XSL_SECPREF_WRITE_NETWORK, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("LIBXSLT_VERSION", LIBXSLT_VERSION, CONST_CS | CONST_PERSISTENT); REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION", LIBXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT); |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Thu Nov 21 12:01:29 2024 UTC |