Version PHP 5.1
file main/php_init.c
function int php_init_config() uses realpath.
In NetWare our earlier releases of LibC SDK has no realpath
implementation.
I could see the following lines in TSRM/tsrm_virtual_cwd.c
#ifndef HAVE_REALPATH
#define realpath(x,y) strcpy(y,x)
#endif
Why not this be in TSRM/tsrm_virtual_cwd.h so that it will work in all
the cases.
Can I go ahead and checkin this?
I have two concerns with this "solution" (both here and in TSRM).
(1) Security: Both internally with checks such as open_basedir and in
userspace when evaluating URL parameters (an all too common practice).
(2) Functionality: require_once()/include_once() could be fooled into
including the same file twice.
Granted #2 requires specific circumstances and #1 can be worked around for
tightly managed systems running no external packages.
How about a more expensive, but more closely aproximating substitute to
satisfy all of these?
/* psuedo-code */
#ifndef HAVE_REALPATH
realpath(...) {
itterate path from root:
if symlink, resolve
if dir, append next portion of remaining path
otherwise, ergh...whatever realpath() would do in this situation...
loop
}
#endif
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
