ID: 40326
User updated by: sborrill at precedence dot co dot uk
Reported By: sborrill at precedence dot co dot uk
-Status: No Feedback
+Status: Open
Bug Type: Streams related
Operating System: NetBSD 3.1_STABLE
PHP Version: 5.2.0
New Comment:
What sort of account? FTP/ssh/something else? Alternatively, big thanks
to tlaramie at superb dot net for offering a suitable account.
The error was introduced in revision 1.74.2.9.2.4 and is around line
584 for TSRM/tsrm_virtual_cwd.c in the loop that begins:
ptr = tsrm_strtok_r(path_copy, TOKENIZER_STRING, &tok);
This loop is not run in 1.74.2.9.2.3 if the cwdlen is 0. With
1.74.2.9.2.4 and later it is always run and so prepends a / on the file
name, i.e. the actual file that is opened with fopen("file","r") is
"/file". This strikes me as a potential security problem too.
Previous Comments:
------------------------------------------------------------------------
[2007-02-23 09:47:34] tlaramie at superb dot net
I can replicate the issue verbatim on PHP 5.2.1 on Solaris 9 (SPARC).
Login information for testing by one of the developers is available per
their request.
------------------------------------------------------------------------
[2007-02-20 01:00:00] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2007-02-12 17:49:28] [EMAIL PROTECTED]
Please provide an account on this machine.
------------------------------------------------------------------------
[2007-02-10 21:39:07] sborrill at precedence dot co dot uk
I've tracked this down to changes to virtual_file_ex() which is called
from expand_filepath(). expand_filepath() returns "/file" from "file"
with 5.2.0 (and later), but returns "file" with 5.1.6 and earlier. This
is down to changes between revisions 1.74.2.9 (v5.1.6) and 1.74.2.9.2.9
(v5.2.0) of TSRM/tsrm_virtual_cwd.c. I've not yet tracked it down
further.
------------------------------------------------------------------------
[2007-02-10 19:25:28] sborrill at precedence dot co dot uk
Yes, as per my original bug report, it is not fixed in the daily
snapshots. I've confirmed it today's too.
I can recreate it with the cli php binary too (i.e. I don't have to
test it from Apache).
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/40326
--
Edit this bug report at http://bugs.php.net/?id=40326&edit=1
