sesser Mon Jun 27 04:16:44 2005 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/standard ftp_fopen_wrapper.c Log: MFH: also check password http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.74.2.6&r2=1.74.2.7&ty=u Index: php-src/ext/standard/ftp_fopen_wrapper.c diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.6 php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.7 --- php-src/ext/standard/ftp_fopen_wrapper.c:1.74.2.6 Sat May 7 12:07:36 2005 +++ php-src/ext/standard/ftp_fopen_wrapper.c Mon Jun 27 04:16:42 2005 @@ -18,7 +18,7 @@ | Sara Golemon <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: ftp_fopen_wrapper.c,v 1.74.2.6 2005/05/07 16:07:36 iliaa Exp $ */ +/* $Id: ftp_fopen_wrapper.c,v 1.74.2.7 2005/06/27 08:16:42 sesser Exp $ */ #include "php.h" #include "php_globals.h" @@ -113,7 +113,7 @@ { php_stream *stream = NULL, *reuseid = NULL; php_url *resource = NULL; - int result, use_ssl, use_ssl_on_data = 0; + int result, use_ssl, use_ssl_on_data = 0, tmp_len; char *scratch; char tmp_line[512]; @@ -206,23 +206,24 @@ #endif } +#define PHP_FTP_CNTRL_CHK(val, val_len, err_msg) { \ + unsigned char *s = val, *e = s + val_len; \ + while (s < e) { \ + if (iscntrl(*s)) { \ + php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, err_msg, val); \ + goto connect_errexit; \ + } \ + s++; \ + } \ +} + /* send the user name */ php_stream_write_string(stream, "USER "); if (resource->user != NULL) { - unsigned char *s, *e; - int user_len = php_raw_url_decode(resource->user, strlen(resource->user)); - - s = resource->user; - e = s + user_len; - /* check for control characters that should not be present in the user name */ - while (s < e) { - if (iscntrl(*s)) { - php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid login %s", resource->user); - goto connect_errexit; - } - s++; - } - + tmp_len = php_raw_url_decode(resource->user, strlen(resource->user)); + + PHP_FTP_CNTRL_CHK(resource->user, tmp_len, "Invalid login %s") + php_stream_write_string(stream, resource->user); } else { php_stream_write_string(stream, "anonymous"); @@ -238,7 +239,10 @@ php_stream_write_string(stream, "PASS "); if (resource->pass != NULL) { - php_raw_url_decode(resource->pass, strlen(resource->pass)); + tmp_len = php_raw_url_decode(resource->pass, strlen(resource->pass)); + + PHP_FTP_CNTRL_CHK(resource->pass, tmp_len, "Invalid password %s") + php_stream_write_string(stream, resource->pass); } else { /* if the user has configured who they are,
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php