PHP :: Bug #74184

Return to Bug #74184
Patch sqlite_driver.c.path	revision 2017-02-28 18:05 UTC by sergey dot payu at gmail dot com

Patch sqlite_driver.c.path for PDO SQLite Bug #74184

Patch version 2017-02-28 18:05 UTC

Return to Bug #74184 | Download this patch
Patch Revisions:

2017-02-28 18:05 UTC [diff to current]

Developer: sergey.payu@gmail.com

--- sqlite_driver.c	2017-02-28 19:58:37.436651329 +0200
+++ sqlite_driver_fix.c	2017-02-28 20:03:06.479819632 +0200
@@ -736,24 +736,62 @@
 	NULL
 };
 
+static char *expand_filename(const char *filename)
+{
+	char *fullpath = expand_filepath(filename, NULL);
+
+	if (!fullpath) {
+		return NULL;
+	}
+
+	if (php_check_open_basedir(fullpath)) {
+		efree(fullpath);
+		return NULL;
+	}
+	return fullpath;
+}
+
 static char *make_filename_safe(const char *filename)
 {
-	if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) {
-		char *fullpath = expand_filepath(filename, NULL);
+	if (*filename && memcmp(filename, ":memory:", sizeof(":memory:")) == 0) {
+		return estrdup(filename);
+
+	} else if (*filename && strncmp(filename, "file:", strlen("file:")) == 0) {
+		/* cut and extend filename in the string "file:filename?params" */
+		int dsn_size = strlen("file:");
+		char *params = strstr(filename, "?");
+		int fn_size = !params ? strlen(filename) - dsn_size : (params - filename) - dsn_size;
+		char *fn = emalloc(fn_size + 1);
+		memcpy(fn, &filename[dsn_size], fn_size);
+		fn[fn_size] = 0;
+		char *fullpath = expand_filename(fn);
+		efree(fn);
 
 		if (!fullpath) {
 			return NULL;
 		}
 
-		if (php_check_open_basedir(fullpath)) {
-			efree(fullpath);
-			return NULL;
+		/* concatenate safe filename back to "file:safe_filename?params" */
+		int new_len = dsn_size + strlen(fullpath);
+		if (params) {
+			new_len += strlen(params);
+		}
+		char *safe_filename = emalloc(new_len + 1);
+		memcpy(safe_filename, "file:", dsn_size);
+		strncat(safe_filename, fullpath, strlen(fullpath));
+		if (params) {
+			safe_filename = strncat(safe_filename, params, strlen(params));
 		}
-		return fullpath;
+		safe_filename[new_len] = 0;
+
+		return safe_filename;
+
+	} else {
+		return expand_filename(filename);
 	}
-	return estrdup(filename);
 }
 
+
 static int authorizer(void *autharg, int access_type, const char *arg3, const char *arg4,
 		const char *arg5, const char *arg6)
 {

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 05:01:30 2024 UTC