hholzgra Wed Sep 25 20:27:52 2002 EDT Modified files: /php4/ext/standard dir.c Log: glob should now be ZTS/open_basedir/safe_mode aware (finally) Index: php4/ext/standard/dir.c diff -u php4/ext/standard/dir.c:1.97 php4/ext/standard/dir.c:1.98 --- php4/ext/standard/dir.c:1.97 Wed Sep 11 10:17:26 2002 +++ php4/ext/standard/dir.c Wed Sep 25 20:27:52 2002 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: dir.c,v 1.97 2002/09/11 14:17:26 sniper Exp $ */ +/* $Id: dir.c,v 1.98 2002/09/26 00:27:52 hholzgra Exp $ */ /* {{{ includes/startup/misc */ @@ -130,6 +130,14 @@ tmpstr[1] = '\0'; REGISTER_STRING_CONSTANT("DIRECTORY_SEPARATOR", tmpstr, CONST_CS|CONST_PERSISTENT); +#if HAVE_GLOB + REGISTER_LONG_CONSTANT("GLOB_MARK", GLOB_MARK, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("GLOB_NOSORT", GLOB_NOSORT, CONST_CS | +CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("GLOB_NOMATCH", GLOB_NOMATCH, CONST_CS | +CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("GLOB_NOESCAPE", GLOB_NOESCAPE, CONST_CS | +CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("GLOB_NOSORT", GLOB_NOSORT, CONST_CS | +CONST_PERSISTENT); +#endif + return SUCCESS; } @@ -330,27 +338,40 @@ Find pathnames matching a pattern */ PHP_FUNCTION(glob) { + cwd_state new_state; + char cwd[MAXPATHLEN]; + int cwd_skip = 0; + char work_pattern[MAXPATHLEN]; + char *result; char *pattern = NULL; int pattern_len; long flags = 0; glob_t globbuf; int n, ret; - - if (PG(safe_mode)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Safe Mode restriction in effect, function is disabled"); - RETURN_FALSE; - } + TSRMLS_FETCH(); if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &pattern, &pattern_len, &flags) == FAILURE) return; +#ifdef ZTS + if(!IS_ABSOLUTE_PATH(pattern, pattern_len)) { + result = VCWD_GETCWD(cwd, MAXPATHLEN); + if (!result) { + cwd[0] = '\0'; + } + cwd_skip = strlen(cwd)+1; + snprintf(work_pattern, MAXPATHLEN, "%s/%s", cwd, pattern); + pattern = work_pattern; + } +#endif + globbuf.gl_offs = 0; if (0 != (ret = glob(pattern, flags, NULL, &globbuf))) { #ifdef GLOB_NOMATCH if (GLOB_NOMATCH == ret) { /* Linux handles no matches as an error condition, but FreeBSD * doesn't. This ensure that if no match is found, an empty array - * is always returned so it can be used with worrying in e.g. + * is always returned so it can be used without worrying in +e.g. * foreach() */ array_init(return_value); return; @@ -359,10 +380,22 @@ RETURN_FALSE; } + /* we assume that any glob pattern will match files from one directory only + so checking the dirname of the first match should be sufficient */ + strncpy(cwd, globbuf.gl_pathv[0], MAXPATHLEN); + if (PG(safe_mode) && (!php_checkuid(cwd, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + RETURN_FALSE; + } + if(php_check_open_basedir(cwd TSRMLS_CC)) { + RETURN_FALSE; + } + + array_init(return_value); for (n = 0; n < globbuf.gl_pathc; n++) { - add_next_index_string(return_value, globbuf.gl_pathv[n], 1); + add_next_index_string(return_value, globbuf.gl_pathv[n]+cwd_skip, 1); } + globfree(&globbuf); } /* }}} */
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php