standard ftp_fopen_wrapper.c

Stefan Esser Mon, 27 Jun 2005 01:27:36 -0700

sesser          Mon Jun 27 04:27:24 2005 EDT

  Modified files:              (Branch: PHP_4_4)
    /php-src/ext/standard       ftp_fopen_wrapper.c 
  Log:
  MFH: Also check FTP password
  
  
  
http://cvs.php.net/diff.php/php-src/ext/standard/ftp_fopen_wrapper.c?r1=1.38.2.8&r2=1.38.2.8.2.1&ty=u
Index: php-src/ext/standard/ftp_fopen_wrapper.c
diff -u php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.8 
php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.8.2.1
--- php-src/ext/standard/ftp_fopen_wrapper.c:1.38.2.8   Sat May  7 05:25:31 2005
+++ php-src/ext/standard/ftp_fopen_wrapper.c    Mon Jun 27 04:27:23 2005
@@ -17,7 +17,7 @@
    |          Hartmut Holzgraefe <[EMAIL PROTECTED]>                       |
    +----------------------------------------------------------------------+
  */
-/* $Id: ftp_fopen_wrapper.c,v 1.38.2.8 2005/05/07 09:25:31 rasmus Exp $ */
+/* $Id: ftp_fopen_wrapper.c,v 1.38.2.8.2.1 2005/06/27 08:27:23 sesser Exp $ */
 
 #include "php.h"
 #include "php_globals.h"
@@ -142,7 +142,7 @@
        unsigned short portno;
        char *scratch;
        int result;
-       int i, use_ssl;
+       int i, use_ssl, tmp_len;
 #ifdef HAVE_OPENSSL_EXT        
        int use_ssl_on_data=0;
        php_stream *reuseid=NULL;
@@ -243,22 +243,24 @@
 
 #endif
 
+#define PHP_FTP_CNTRL_CHK(val, val_len, err_msg) {     \
+       unsigned char *s = val, *e = s + val_len;       \
+       while (s < e) { \
+               if (iscntrl(*s)) {      \
+                       php_stream_wrapper_log_error(wrapper, options 
TSRMLS_CC, err_msg, val); \
+                       goto errexit;   \
+               }       \
+               s++;    \
+       }       \
+}
+
        /* send the user name */
        php_stream_write_string(stream, "USER ");
        if (resource->user != NULL) {
                unsigned char *s, *e;
-               int user_len = php_raw_url_decode(resource->user, 
strlen(resource->user));
+               tmp_len = php_raw_url_decode(resource->user, 
strlen(resource->user));
                
-               s = resource->user;
-               e = s + user_len;
-               /* check for control characters that should not be present in 
the user name */
-               while (s < e) {
-                       if (iscntrl(*s)) {
-                               php_stream_wrapper_log_error(wrapper, options 
TSRMLS_CC, "Invalid login %s", resource->user);
-                               goto errexit;
-                       }
-                       s++;
-               }
+               PHP_FTP_CNTRL_CHK(resource->user, tmp_len, "Invalid login %s")
                
                php_stream_write_string(stream, resource->user);
        } else {
@@ -275,7 +277,10 @@
 
                php_stream_write_string(stream, "PASS ");
                if (resource->pass != NULL) {
-                       php_raw_url_decode(resource->pass, 
strlen(resource->pass));
+                       tmp_len = php_raw_url_decode(resource->pass, 
strlen(resource->pass));
+                       
+                       PHP_FTP_CNTRL_CHK(resource->pass, tmp_len, "Invalid 
password %s")
+                       
                        php_stream_write_string(stream, resource->pass);
                } else {
                        /* if the user has configured who they are,


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_4_4) /ext/standard ftp_fopen_wrapper.c

Reply via email to