chregu Mon, 10 Oct 2011 07:59:19 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=317953
Log:
Added the xsl.security_prefs option to 5_4 and trunk and
mark it as deprecated for BC-reasons
Added tests for ini option and combination of both
Changed paths:
U php/php-src/branches/PHP_5_3/UPGRADING
U php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
U php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h
D php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt
A + php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446_with_ini.phpt
(from php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt:r317952)
U php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c
U php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.c
U php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.h
A php/php-src/branches/PHP_5_4/ext/xsl/tests/bug54446_with_ini.phpt
U php/php-src/branches/PHP_5_4/ext/xsl/xsltprocessor.c
U php/php-src/trunk/ext/xsl/php_xsl.c
U php/php-src/trunk/ext/xsl/php_xsl.h
A php/php-src/trunk/ext/xsl/tests/bug54446_with_ini.phpt
U php/php-src/trunk/ext/xsl/xsltprocessor.c
Modified: php/php-src/branches/PHP_5_3/UPGRADING
===================================================================
--- php/php-src/branches/PHP_5_3/UPGRADING 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_3/UPGRADING 2011-10-10 07:59:19 UTC (rev 317953)
@@ -153,7 +153,16 @@
- SplObjectStorage now has ArrayAccess support. It is also now possible to
store associative information with objects in SplObjectStorage.
+
+=====================
+4.1 New in PHP 5.3.9
+=====================
+- Write operations within XSLT (for example with the extension sax:output) are
+ disabled by default. You can define what is forbidden with the INI option
+ xsl.security_prefs. This option will be marked as deprecated in 5.4 again.
+ Use the method XsltProcess::setSecurityPrefs($options) there.
+
=============
5. Deprecated
=============
Modified: php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.c 2011-10-10 07:59:19 UTC (rev 317953)
@@ -180,6 +180,7 @@
REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK", XSL_SECPREF_READ_NETWORK, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK", XSL_SECPREF_WRITE_NETWORK, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("XSL_SECPREF_DEFAULT", XSL_SECPREF_DEFAULT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("LIBXSLT_VERSION", LIBXSLT_VERSION, CONST_CS | CONST_PERSISTENT);
REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION", LIBXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT);
Modified: php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h
===================================================================
--- php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_3/ext/xsl/php_xsl.h 2011-10-10 07:59:19 UTC (rev 317953)
@@ -50,6 +50,8 @@
#define XSL_SECPREF_CREATE_DIRECTORY 8
#define XSL_SECPREF_READ_NETWORK 16
#define XSL_SECPREF_WRITE_NETWORK 32
+/* Default == disable all write access == XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_FILE */
+#define XSL_SECPREF_DEFAULT 44
typedef struct _xsl_object {
zend_object std;
Deleted: php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt 2011-10-10 07:59:19 UTC (rev 317953)
@@ -1,95 +0,0 @@
---TEST--
-Bug #54446 (Arbitrary file creation via libxslt 'output' extension)
---SKIPIF--
-<?php
-if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
-?>
---FILE--
-<?php
-include("prepare.inc");
-
-$outputfile = dirname(__FILE__)."/bug54446test.txt";
-if (file_exists($outputfile)) {
- unlink($outputfile);
-}
-
-$sXsl = <<<EOT
-<xsl:stylesheet version="1.0"
- xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
- xmlns:sax="http://icl.com/saxon";
- extension-element-prefixes="sax">
-
- <xsl:template match="/">
- <sax:output href="$outputfile" method="text">
- <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
- </sax:output>
- </xsl:template>
-
-</xsl:stylesheet>
-EOT;
-
-$xsl->loadXML( $sXsl );
-
-# START XSLT
-$proc->importStylesheet( $xsl );
-
-# TRASNFORM & PRINT
-print $proc->transformToXML( $dom );
-
-
-if (file_exists($outputfile)) {
- print "$outputfile exists, but shouldn't!\n";
-} else {
- print "OK, no file created\n";
-}
-
-#SET NO SECURITY PREFS
-ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
-
-# TRASNFORM & PRINT
-print $proc->transformToXML( $dom );
-
-
-if (file_exists($outputfile)) {
- print "OK, file exists\n";
-} else {
- print "$outputfile doesn't exist, but should!\n";
-}
-
-unlink($outputfile);
-
-#SET SECURITY PREFS AGAIN
-ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
-
-# TRASNFORM & PRINT
-print $proc->transformToXML( $dom );
-
-if (file_exists($outputfile)) {
- print "$outputfile exists, but shouldn't!\n";
-} else {
- print "OK, no file created\n";
-}
-
-
---EXPECTF--
-Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
-
-Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
-
-Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
-
-Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
-OK, no file created
-OK, file exists
-
-Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
-
-Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
-
-Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
-
-Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
-OK, no file created
---CREDITS--
-Christian Stocker, [email protected]
-
Copied: php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446_with_ini.phpt (from rev 317952, php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446.phpt)
===================================================================
--- php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446_with_ini.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/xsl/tests/bug54446_with_ini.phpt 2011-10-10 07:59:19 UTC (rev 317953)
@@ -0,0 +1,95 @@
+--TEST--
+Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
+--SKIPIF--
+<?php
+if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
+?>
+--FILE--
+<?php
+include("prepare.inc");
+
+$outputfile = dirname(__FILE__)."/bug54446test.txt";
+if (file_exists($outputfile)) {
+ unlink($outputfile);
+}
+
+$sXsl = <<<EOT
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
+ xmlns:sax="http://icl.com/saxon";
+ extension-element-prefixes="sax">
+
+ <xsl:template match="/">
+ <sax:output href="$outputfile" method="text">
+ <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
+ </sax:output>
+ </xsl:template>
+
+</xsl:stylesheet>
+EOT;
+
+$xsl->loadXML( $sXsl );
+
+# START XSLT
+$proc->importStylesheet( $xsl );
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#SET NO SECURITY PREFS
+ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+
+if (file_exists($outputfile)) {
+ print "OK, file exists\n";
+} else {
+ print "$outputfile doesn't exist, but should!\n";
+}
+
+unlink($outputfile);
+
+#SET SECURITY PREFS AGAIN
+ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+
+--EXPECTF--
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+OK, file exists
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+--CREDITS--
+Christian Stocker, [email protected]
+
Modified: php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_3/ext/xsl/xsltprocessor.c 2011-10-10 07:59:19 UTC (rev 317953)
@@ -476,7 +476,7 @@
zend_object_handlers *std_hnd;
FILE *f;
int secPrefsError = 0;
- int secPrefsIni;
+ int secPrefsValue;
xsltSecurityPrefsPtr secPrefs = NULL;
node = php_libxml_import_node(docp TSRMLS_CC);
@@ -535,32 +535,32 @@
efree(member);
- secPrefsIni = INI_INT("xsl.security_prefs");
+ secPrefsValue = INI_INT("xsl.security_prefs");
- //if securityPrefs is set to NONE, we don't have to do any checks, but otherwise...
- if (secPrefsIni != XSL_SECPREF_NONE) {
+ /* if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... */
+ if (secPrefsValue != XSL_SECPREF_NONE) {
secPrefs = xsltNewSecurityPrefs();
- if (secPrefsIni & XSL_SECPREF_READ_FILE ) {
+ if (secPrefsValue & XSL_SECPREF_READ_FILE ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (secPrefsIni & XSL_SECPREF_WRITE_FILE ) {
+ if (secPrefsValue & XSL_SECPREF_WRITE_FILE ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (secPrefsIni & XSL_SECPREF_CREATE_DIRECTORY ) {
+ if (secPrefsValue & XSL_SECPREF_CREATE_DIRECTORY ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (secPrefsIni & XSL_SECPREF_READ_NETWORK) {
+ if (secPrefsValue & XSL_SECPREF_READ_NETWORK) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (secPrefsIni & XSL_SECPREF_WRITE_NETWORK) {
+ if (secPrefsValue & XSL_SECPREF_WRITE_NETWORK) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) {
secPrefsError = 1;
}
Modified: php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.c 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.c 2011-10-10 07:59:19 UTC (rev 317953)
@@ -126,7 +126,8 @@
intern->node_list = NULL;
intern->doc = NULL;
intern->profiling = NULL;
- intern->securityPrefs = XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY;
+ intern->securityPrefs = XSL_SECPREF_DEFAULT;
+ intern->securityPrefsSet = 0;
zend_object_std_init(&intern->std, class_type TSRMLS_CC);
object_properties_init(&intern->std, class_type);
@@ -141,6 +142,13 @@
}
/* }}} */
+PHP_INI_BEGIN()
+/* Default is not allowing any write operations.
+ XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_WRITE_FILE == 44
+*/
+PHP_INI_ENTRY("xsl.security_prefs", "44", PHP_INI_ALL, NULL)
+PHP_INI_END()
+
/* {{{ PHP_MINIT_FUNCTION
*/
PHP_MINIT_FUNCTION(xsl)
@@ -173,7 +181,8 @@
REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK", XSL_SECPREF_READ_NETWORK, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK", XSL_SECPREF_WRITE_NETWORK, CONST_CS | CONST_PERSISTENT);
-
+ REGISTER_LONG_CONSTANT("XSL_SECPREF_DEFAULT", XSL_SECPREF_DEFAULT, CONST_CS | CONST_PERSISTENT);
+
REGISTER_LONG_CONSTANT("LIBXSLT_VERSION", LIBXSLT_VERSION, CONST_CS | CONST_PERSISTENT);
REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION", LIBXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT);
@@ -182,6 +191,8 @@
REGISTER_STRING_CONSTANT("LIBEXSLT_DOTTED_VERSION", LIBEXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT);
#endif
+ REGISTER_INI_ENTRIES();
+
return SUCCESS;
}
/* }}} */
@@ -265,6 +276,8 @@
xsltCleanupGlobals();
+ UNREGISTER_INI_ENTRIES();
+
return SUCCESS;
}
/* }}} */
Modified: php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.h
===================================================================
--- php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.h 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_4/ext/xsl/php_xsl.h 2011-10-10 07:59:19 UTC (rev 317953)
@@ -50,6 +50,8 @@
#define XSL_SECPREF_CREATE_DIRECTORY 8
#define XSL_SECPREF_READ_NETWORK 16
#define XSL_SECPREF_WRITE_NETWORK 32
+/* Default == disable all write access == XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_FILE */
+#define XSL_SECPREF_DEFAULT 44
typedef struct _xsl_object {
zend_object std;
@@ -64,6 +66,7 @@
php_libxml_node_object *doc;
char *profiling;
long securityPrefs;
+ int securityPrefsSet;
} xsl_object;
void php_xsl_set_object(zval *wrapper, void *obj TSRMLS_DC);
Added: php/php-src/branches/PHP_5_4/ext/xsl/tests/bug54446_with_ini.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/xsl/tests/bug54446_with_ini.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/xsl/tests/bug54446_with_ini.phpt 2011-10-10 07:59:19 UTC (rev 317953)
@@ -0,0 +1,135 @@
+--TEST--
+Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
+--SKIPIF--
+<?php
+if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
+?>
+--FILE--
+<?php
+include("prepare.inc");
+
+$outputfile = dirname(__FILE__)."/bug54446test.txt";
+if (file_exists($outputfile)) {
+ unlink($outputfile);
+}
+
+$sXsl = <<<EOT
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
+ xmlns:sax="http://icl.com/saxon";
+ extension-element-prefixes="sax">
+
+ <xsl:template match="/">
+ <sax:output href="$outputfile" method="text">
+ <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
+ </sax:output>
+ </xsl:template>
+
+</xsl:stylesheet>
+EOT;
+
+$xsl->loadXML( $sXsl );
+
+# START XSLT
+$proc->importStylesheet( $xsl );
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#SET NO SECURITY PREFS
+ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+
+if (file_exists($outputfile)) {
+ print "OK, file exists\n";
+} else {
+ print "$outputfile doesn't exist, but should!\n";
+}
+
+unlink($outputfile);
+
+#SET SECURITY PREFS AGAIN
+ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#SET NO SECURITY PREFS with ini, but set them with ->setSecurityPrefs
+ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
+$proc->setSecurityPrefs( XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
+
+print $proc->transformToXML( $dom );
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#don't throw a warning if both ini and through-the-method have the same value
+$proc->setSecurityPrefs(XSL_SECPREF_NONE);
+
+print $proc->transformToXML( $dom );
+
+if (file_exists($outputfile)) {
+ print "OK, file exists\n";
+} else {
+ print "$outputfile doesn't exist, but should!\n";
+}
+unlink($outputfile);
+
+
+
+--EXPECTF--
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+
+Deprecated: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead in %s on line %d
+OK, file exists
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+
+Deprecated: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead in %s on line %d
+
+Notice: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini was not used, since the XsltProcessor->setSecurityPrefs() method was used in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+OK, file exists
+--CREDITS--
+Christian Stocker, [email protected]
+
Modified: php/php-src/branches/PHP_5_4/ext/xsl/xsltprocessor.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/xsl/xsltprocessor.c 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/branches/PHP_5_4/ext/xsl/xsltprocessor.c 2011-10-10 07:59:19 UTC (rev 317953)
@@ -487,6 +487,7 @@
zend_object_handlers *std_hnd;
FILE *f;
int secPrefsError = 0;
+ int secPrefsValue, secPrefsIni;
xsltSecurityPrefsPtr secPrefs = NULL;
node = php_libxml_import_node(docp TSRMLS_CC);
@@ -544,31 +545,49 @@
}
efree(member);
+ secPrefsValue = intern->securityPrefs;
- //if securityPrefs is set to NONE, we don't have to do any checks, but otherwise...
- if (intern->securityPrefs != XSL_SECPREF_NONE) {
+ /* This whole if block can be removed, when we remove the xsl.security_prefs php.ini option in PHP 6+ */
+ secPrefsIni= INI_INT("xsl.security_prefs");
+ /* if secPrefsIni has the same value as secPrefsValue, all is fine */
+ if (secPrefsIni != secPrefsValue) {
+ if (secPrefsIni != XSL_SECPREF_DEFAULT) {
+ /* if the ini value is not set to the default, throw an E_DEPRECATED warning */
+ php_error_docref(NULL TSRMLS_CC, E_DEPRECATED, "The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead");
+ if (intern->securityPrefsSet == 0) {
+ /* if securityPrefs were not set through the setSecurityPrefs method, take the ini setting */
+ secPrefsValue = secPrefsIni;
+ } else {
+ /* else throw a notice, that the ini setting was not used */
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "The xsl.security_prefs php.ini was not used, since the XsltProcessor->setSecurityPrefs() method was used");
+ }
+ }
+ }
+
+ /* if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... */
+ if (secPrefsValue != XSL_SECPREF_NONE) {
secPrefs = xsltNewSecurityPrefs();
- if (intern->securityPrefs & XSL_SECPREF_READ_FILE ) {
+ if (secPrefsValue & XSL_SECPREF_READ_FILE ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_WRITE_FILE ) {
+ if (secPrefsValue & XSL_SECPREF_WRITE_FILE ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_CREATE_DIRECTORY ) {
+ if (secPrefsValue & XSL_SECPREF_CREATE_DIRECTORY ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_READ_NETWORK) {
+ if (secPrefsValue & XSL_SECPREF_READ_NETWORK) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_WRITE_NETWORK) {
+ if (secPrefsValue & XSL_SECPREF_WRITE_NETWORK) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) {
secPrefsError = 1;
}
@@ -927,6 +946,8 @@
intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC);
oldSecurityPrefs = intern->securityPrefs;
intern->securityPrefs = securityPrefs;
+ /* set this to 1 so that we know, it was set through this method. Can be removed, when we remove the ini setting */
+ intern->securityPrefsSet = 1;
RETURN_LONG(oldSecurityPrefs);
}
/* }}} end xsl_xsltprocessor_set_security_prefs */
Modified: php/php-src/trunk/ext/xsl/php_xsl.c
===================================================================
--- php/php-src/trunk/ext/xsl/php_xsl.c 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/trunk/ext/xsl/php_xsl.c 2011-10-10 07:59:19 UTC (rev 317953)
@@ -126,7 +126,8 @@
intern->node_list = NULL;
intern->doc = NULL;
intern->profiling = NULL;
- intern->securityPrefs = XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY;
+ intern->securityPrefs = XSL_SECPREF_DEFAULT;
+ intern->securityPrefsSet = 0;
zend_object_std_init(&intern->std, class_type TSRMLS_CC);
object_properties_init(&intern->std, class_type);
@@ -141,6 +142,13 @@
}
/* }}} */
+PHP_INI_BEGIN()
+/* Default is not allowing any write operations.
+ XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_WRITE_FILE == 44
+*/
+PHP_INI_ENTRY("xsl.security_prefs", "44", PHP_INI_ALL, NULL)
+PHP_INI_END()
+
/* {{{ PHP_MINIT_FUNCTION
*/
PHP_MINIT_FUNCTION(xsl)
@@ -173,6 +181,7 @@
REGISTER_LONG_CONSTANT("XSL_SECPREF_CREATE_DIRECTORY", XSL_SECPREF_CREATE_DIRECTORY, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("XSL_SECPREF_READ_NETWORK", XSL_SECPREF_READ_NETWORK, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("XSL_SECPREF_WRITE_NETWORK", XSL_SECPREF_WRITE_NETWORK, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("XSL_SECPREF_DEFAULT", XSL_SECPREF_DEFAULT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("LIBXSLT_VERSION", LIBXSLT_VERSION, CONST_CS | CONST_PERSISTENT);
REGISTER_STRING_CONSTANT("LIBXSLT_DOTTED_VERSION", LIBXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT);
@@ -182,6 +191,8 @@
REGISTER_STRING_CONSTANT("LIBEXSLT_DOTTED_VERSION", LIBEXSLT_DOTTED_VERSION, CONST_CS | CONST_PERSISTENT);
#endif
+ REGISTER_INI_ENTRIES();
+
return SUCCESS;
}
/* }}} */
@@ -265,6 +276,8 @@
xsltCleanupGlobals();
+ UNREGISTER_INI_ENTRIES();
+
return SUCCESS;
}
/* }}} */
Modified: php/php-src/trunk/ext/xsl/php_xsl.h
===================================================================
--- php/php-src/trunk/ext/xsl/php_xsl.h 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/trunk/ext/xsl/php_xsl.h 2011-10-10 07:59:19 UTC (rev 317953)
@@ -50,6 +50,8 @@
#define XSL_SECPREF_CREATE_DIRECTORY 8
#define XSL_SECPREF_READ_NETWORK 16
#define XSL_SECPREF_WRITE_NETWORK 32
+/* Default == disable all write access == XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_FILE */
+#define XSL_SECPREF_DEFAULT 44
typedef struct _xsl_object {
zend_object std;
@@ -64,6 +66,7 @@
php_libxml_node_object *doc;
char *profiling;
long securityPrefs;
+ int securityPrefsSet;
} xsl_object;
void php_xsl_set_object(zval *wrapper, void *obj TSRMLS_DC);
Added: php/php-src/trunk/ext/xsl/tests/bug54446_with_ini.phpt
===================================================================
--- php/php-src/trunk/ext/xsl/tests/bug54446_with_ini.phpt (rev 0)
+++ php/php-src/trunk/ext/xsl/tests/bug54446_with_ini.phpt 2011-10-10 07:59:19 UTC (rev 317953)
@@ -0,0 +1,135 @@
+--TEST--
+Bug #54446 (Arbitrary file creation via libxslt 'output' extension with php.ini setting)
+--SKIPIF--
+<?php
+if (!extension_loaded('xsl')) die("skip Extension XSL is required\n");
+?>
+--FILE--
+<?php
+include("prepare.inc");
+
+$outputfile = dirname(__FILE__)."/bug54446test.txt";
+if (file_exists($outputfile)) {
+ unlink($outputfile);
+}
+
+$sXsl = <<<EOT
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
+ xmlns:sax="http://icl.com/saxon";
+ extension-element-prefixes="sax">
+
+ <xsl:template match="/">
+ <sax:output href="$outputfile" method="text">
+ <xsl:value-of select="'0wn3d via PHP and libxslt ...'"/>
+ </sax:output>
+ </xsl:template>
+
+</xsl:stylesheet>
+EOT;
+
+$xsl->loadXML( $sXsl );
+
+# START XSLT
+$proc->importStylesheet( $xsl );
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#SET NO SECURITY PREFS
+ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+
+if (file_exists($outputfile)) {
+ print "OK, file exists\n";
+} else {
+ print "$outputfile doesn't exist, but should!\n";
+}
+
+unlink($outputfile);
+
+#SET SECURITY PREFS AGAIN
+ini_set("xsl.security_prefs", XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
+
+# TRASNFORM & PRINT
+print $proc->transformToXML( $dom );
+
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#SET NO SECURITY PREFS with ini, but set them with ->setSecurityPrefs
+ini_set("xsl.security_prefs", XSL_SECPREF_NONE);
+$proc->setSecurityPrefs( XSL_SECPREF_WRITE_FILE | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_CREATE_DIRECTORY);
+
+print $proc->transformToXML( $dom );
+if (file_exists($outputfile)) {
+ print "$outputfile exists, but shouldn't!\n";
+} else {
+ print "OK, no file created\n";
+}
+
+#don't throw a warning if both ini and through-the-method have the same value
+$proc->setSecurityPrefs(XSL_SECPREF_NONE);
+
+print $proc->transformToXML( $dom );
+
+if (file_exists($outputfile)) {
+ print "OK, file exists\n";
+} else {
+ print "$outputfile doesn't exist, but should!\n";
+}
+unlink($outputfile);
+
+
+
+--EXPECTF--
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+
+Deprecated: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead in %s on line %d
+OK, file exists
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+
+Deprecated: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead in %s on line %d
+
+Notice: XSLTProcessor::transformToXml(): The xsl.security_prefs php.ini was not used, since the XsltProcessor->setSecurityPrefs() method was used in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %s element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): File write for %s/bug54446test.txt refused in %s on line %s
+
+Warning: XSLTProcessor::transformToXml(): runtime error: file %s line %d element output in %s on line %d
+
+Warning: XSLTProcessor::transformToXml(): xsltDocumentElem: write rights for %s/bug54446test.txt denied in %s on line %d
+OK, no file created
+OK, file exists
+--CREDITS--
+Christian Stocker, [email protected]
+
Modified: php/php-src/trunk/ext/xsl/xsltprocessor.c
===================================================================
--- php/php-src/trunk/ext/xsl/xsltprocessor.c 2011-10-10 05:33:29 UTC (rev 317952)
+++ php/php-src/trunk/ext/xsl/xsltprocessor.c 2011-10-10 07:59:19 UTC (rev 317953)
@@ -487,6 +487,7 @@
zend_object_handlers *std_hnd;
FILE *f;
int secPrefsError = 0;
+ int secPrefsValue, secPrefsIni;
xsltSecurityPrefsPtr secPrefs = NULL;
node = php_libxml_import_node(docp TSRMLS_CC);
@@ -544,31 +545,49 @@
}
efree(member);
+ secPrefsValue = intern->securityPrefs;
- //if securityPrefs is set to NONE, we don't have to do any checks, but otherwise...
- if (intern->securityPrefs != XSL_SECPREF_NONE) {
+ /* This whole if block can be removed, when we remove the xsl.security_prefs php.ini option in PHP 6+ */
+ secPrefsIni= INI_INT("xsl.security_prefs");
+ /* if secPrefsIni has the same value as secPrefsValue, all is fine */
+ if (secPrefsIni != secPrefsValue) {
+ if (secPrefsIni != XSL_SECPREF_DEFAULT) {
+ /* if the ini value is not set to the default, throw an E_DEPRECATED warning */
+ php_error_docref(NULL TSRMLS_CC, E_DEPRECATED, "The xsl.security_prefs php.ini option is deprecated; use XsltProcessor->setSecurityPrefs() instead");
+ if (intern->securityPrefsSet == 0) {
+ /* if securityPrefs were not set through the setSecurityPrefs method, take the ini setting */
+ secPrefsValue = secPrefsIni;
+ } else {
+ /* else throw a notice, that the ini setting was not used */
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "The xsl.security_prefs php.ini was not used, since the XsltProcessor->setSecurityPrefs() method was used");
+ }
+ }
+ }
+
+ /* if securityPrefs is set to NONE, we don't have to do any checks, but otherwise... */
+ if (secPrefsValue != XSL_SECPREF_NONE) {
secPrefs = xsltNewSecurityPrefs();
- if (intern->securityPrefs & XSL_SECPREF_READ_FILE ) {
+ if (secPrefsValue & XSL_SECPREF_READ_FILE ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_WRITE_FILE ) {
+ if (secPrefsValue & XSL_SECPREF_WRITE_FILE ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_CREATE_DIRECTORY ) {
+ if (secPrefsValue & XSL_SECPREF_CREATE_DIRECTORY ) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_READ_NETWORK) {
+ if (secPrefsValue & XSL_SECPREF_READ_NETWORK) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid)) {
secPrefsError = 1;
}
}
- if (intern->securityPrefs & XSL_SECPREF_WRITE_NETWORK) {
+ if (secPrefsValue & XSL_SECPREF_WRITE_NETWORK) {
if (0 != xsltSetSecurityPrefs(secPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid)) {
secPrefsError = 1;
}
@@ -927,6 +946,8 @@
intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC);
oldSecurityPrefs = intern->securityPrefs;
intern->securityPrefs = securityPrefs;
+ /* set this to 1 so that we know, it was set through this method. Can be removed, when we remove the ini setting */
+ intern->securityPrefsSet = 1;
RETURN_LONG(oldSecurityPrefs);
}
/* }}} end xsl_xsltprocessor_set_security_prefs */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
