iliaa Fri May 6 14:43:31 2005 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/standard ftp_fopen_wrapper.c
Log:
MFH: Check ftp user name for control characters.
http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.38.2.6&r2=1.38.2.7&ty=u
Index: php-src/ext/standard/ftp_fopen_wrapper.c
diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.6
php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.7
--- php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.6 Mon Aug 25 18:26:37 2003
+++ php-src/ext/standard/ftp_fopen_wrapper.c Fri May 6 14:43:31 2005
@@ -17,7 +17,7 @@
| Hartmut Holzgraefe <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: ftp_fopen_wrapper.c,v 1.38.2.6 2003/08/25 22:26:37 pollita Exp $ */
+/* $Id: ftp_fopen_wrapper.c,v 1.38.2.7 2005/05/06 18:43:31 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -246,7 +246,20 @@
/* send the user name */
php_stream_write_string(stream, "USER ");
if (resource->user != NULL) {
- php_raw_url_decode(resource->user, strlen(resource->user));
+ unsigned char *s, *e;
+ int user_len = php_raw_url_decode(resource->user,
strlen(resource->user));
+
+ s = resource->user;
+ e = s + user_len;
+ /* check for control characters that should not be present in
the user name */
+ while (s < e) {
+ if (iscntrl(*s)) {
+ php_stream_wrapper_log_error(wrapper, options
TSRMLS_CC, "Invalid login %s", resource->user);
+ goto connect_errexit;
+ }
+ s++;
+ }
+
php_stream_write_string(stream, resource->user);
} else {
php_stream_write_string(stream, "anonymous");
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
