ID: 19650
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Bogus
+Status: Open
Bug Type: Scripting Engine problem
Operating System: Windows
PHP Version: 4.2.3
New Comment:
Wow... I'm a fool, I have tested wrong PHP version! Error is still
actual.
But now I think I have found the bug place.
File main/fopen_wrappers.c, in function php_fopen_with_path, we can see
a piece of code:
if (IS_ABSOLUTE_PATH(filename, filename_length)) {
if ((php_check_safe_mode_include_dir(filename TSRMLS_CC)) == 0)
/* filename is in safe_mode_include_dir (or subdir) */
return php_fopen_and_set_opened_path(filename, mode, opened_path
TSRMLS_CC);
if (PG(safe_mode) && (!php_checkuid(filename, mode,
CHECKUID_CHECK_MODE_PARAM)))
return NULL;
return php_fopen_and_set_opened_path(filename, mode, opened_path
TSRMLS_CC);
}
/* else start to glue path from include_path */
...
Under Windows IS_ABSOLUTE_PATH is:
#define IS_ABSOLUTE_PATH(path, len) \
(len >= 2 && isalpha(path[0]) && path[1] == ':')
Of course, when Apache's mod_php4 makes "include" request for
"/home/localhost/www/phpinfo.php", program DOES NOT get into "if"
statement! And we get pathes something like
".//home/localhost/www/phpinfo.php" and
"c:/php/pear//home/localhost/www/phpinfo.php" when
include_path=".;c:/php/pear" (I have dumped "path" argument of
virtual_fopen function [tsrm_virtual-cwd.c] to watch such pathes).
We cannot modify IS_ABSOLUTE_PATH macro, because there is #define
COPY_WHEN_ABSOLUTE 2 before it, and core always think that "absolute"
part contains 2 characters - we'd like to thank developers of windows
port for that :-(. Path "/some/path" contains NONE "absolute"
characters ("z:/some/path" contains two - "z:").
But, if we patch:
- if (IS_ABSOLUTE_PATH(filename, filename_length)) {
+ if (IS_ABSOLUTE_PATH(filename, filename_length)
+ || IS_SLASH(*filename)) {
PHP begins to work!
I don't know would it cause a security problem with safe_mode. Code is
too tangled and duplicated (somebody likes "copy+paste" technique of
programming, I suppose).
Please correct this bug in next PHPs. Now I will patch it "by hands",
but I don't want our users to cry when they would install newer version
and it begin to trash.
Previous Comments:
------------------------------------------------------------------------
[2002-10-05 18:49:02] [EMAIL PROTECTED]
Of course, not OK (-;
File c:\t.php:
<?php include "/test.php" ?>
File c:\test.php:
<?php echo "!" ?>
c:\php> php.exe -q < c:\t.php
<br />
<b>Warning</b>: Failed opening '/test.php' for inclusion
(include_path='.;c:\php4\pear') in <b>-</b> on line <b>2</b><br />
c:\php> php.exe -q c:\t.php
!
Strange, isn't it?..
Good "/test.php", or not good, when I write
DocumentRoot /home/localhost/www
in httpd.conf, and then
GET /phpinfo.php HTTP/1.1
Apache calls /home/localhost/www/phpinfo.php, but not
./home/localhost/www (-; Well, 4.2.3 processes it correctly (and we may
close this bug report), but...
I meant that PHP 4.2.3 still have something wrong in its code, because
absolute-slashed pathes do not work sometimes (like in "< script",
maybe somewhere else?). Here, in Russia, we saying in such cases: "Heh,
something's wrong in Danish kingdom". (-; Today I tried to debug it,
but have not found a bug place. Maybe next time.
Good luck.
------------------------------------------------------------------------
[2002-10-05 16:07:37] [EMAIL PROTECTED]
<?include "/test.php"?> is not good
this is better:
<?php
include ("./test.php");
?>
ok?
------------------------------------------------------------------------
[2002-10-05 15:35:28] [EMAIL PROTECTED]
New information about this bug.
1. Since version PHP 4.2.3 bug is "changed":
File /t.php AND ./t.php (identical):
<?include "/test.php"?>
Tests:
a) > php.exe c:\t.php - works
b) > php.exe \t.php - works
c) > php.exe /t.php - works
d) > php.exe
<?include "/test.php"?>
^Z
- DOES NOT work.
In version 4.1.2...4.2.2 a, b & c are not working.
2. Versions <= 4.1.1 work correctly.
So, I think there is only an error if PHP.exe v4.2.3+ gets program from
STDIN. Previous versions (<4.2.3) do not work with command-line
filename too.
------------------------------------------------------------------------
[2002-10-01 10:49:52] [EMAIL PROTECTED]
A) same problem b) same submitter -> bogus
------------------------------------------------------------------------
[2002-10-01 10:42:38] [EMAIL PROTECTED]
Dup not bogus
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19650
--
Edit this bug report at http://bugs.php.net/?id=19650&edit=1
