-
-
Save smalyshev/80b5c2909832872f2ba2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 1e9b175204e3286d64dfd6c9f09151c31b5e099a | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Sun Mar 20 20:54:09 2016 -0700 | |
Fix bug #71860: Require valid paths for phar filenames | |
diff --git a/ext/phar/phar.c b/ext/phar/phar.c | |
index 18feace..08f480d 100644 | |
--- a/ext/phar/phar.c | |
+++ b/ext/phar/phar.c | |
@@ -2196,6 +2196,10 @@ int phar_split_fname(const char *filename, int filename_len, char **arch, int *a | |
#endif | |
int ext_len; | |
+ if (CHECK_NULL_PATH(filename, filename_len)) { | |
+ return FAILURE; | |
+ } | |
+ | |
if (!strncasecmp(filename, "phar://", 7)) { | |
filename += 7; | |
filename_len -= 7; | |
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c | |
index 22404dd..7c9c335 100644 | |
--- a/ext/phar/phar_object.c | |
+++ b/ext/phar/phar_object.c | |
@@ -459,7 +459,7 @@ PHP_METHOD(Phar, mount) | |
size_t path_len, actual_len; | |
phar_archive_data *pphar; | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &path, &path_len, &actual, &actual_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "pp", &path, &path_len, &actual, &actual_len) == FAILURE) { | |
return; | |
} | |
@@ -938,7 +938,7 @@ PHP_METHOD(Phar, createDefaultStub) | |
zend_string *stub; | |
size_t index_len = 0, webindex_len = 0; | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "|ss", &index, &index_len, &webindex, &webindex_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "|pp", &index, &index_len, &webindex, &webindex_len) == FAILURE) { | |
return; | |
} | |
@@ -982,7 +982,7 @@ PHP_METHOD(Phar, loadPhar) | |
char *fname, *alias = NULL, *error; | |
size_t fname_len, alias_len = 0; | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|s!", &fname, &fname_len, &alias, &alias_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|s!", &fname, &fname_len, &alias, &alias_len) == FAILURE) { | |
return; | |
} | |
@@ -1062,7 +1062,7 @@ PHP_METHOD(Phar, isValidPharFilename) | |
int ext_len, is_executable; | |
zend_bool executable = 1; | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|b", &fname, &fname_len, &executable) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|b", &fname, &fname_len, &executable) == FAILURE) { | |
return; | |
} | |
@@ -1134,11 +1134,11 @@ PHP_METHOD(Phar, __construct) | |
is_data = instanceof_function(Z_OBJCE_P(zobj), phar_ce_data); | |
if (is_data) { | |
- if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "s|ls!l", &fname, &fname_len, &flags, &alias, &alias_len, &format) == FAILURE) { | |
+ if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "p|ls!l", &fname, &fname_len, &flags, &alias, &alias_len, &format) == FAILURE) { | |
return; | |
} | |
} else { | |
- if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "s|ls!", &fname, &fname_len, &flags, &alias, &alias_len) == FAILURE) { | |
+ if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "p|ls!", &fname, &fname_len, &flags, &alias, &alias_len) == FAILURE) { | |
return; | |
} | |
} | |
@@ -1307,7 +1307,7 @@ PHP_METHOD(Phar, unlinkArchive) | |
int zname_len, arch_len, entry_len; | |
phar_archive_data *phar; | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &fname, &fname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) { | |
RETURN_FALSE; | |
} | |
@@ -1739,7 +1739,7 @@ PHP_METHOD(Phar, buildFromDirectory) | |
return; | |
} | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|s", &dir, &dir_len, ®ex, ®ex_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|s", &dir, &dir_len, ®ex, ®ex_len) == FAILURE) { | |
RETURN_FALSE; | |
} | |
@@ -2586,7 +2586,7 @@ PHP_METHOD(Phar, delete) | |
return; | |
} | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &fname, &fname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) { | |
RETURN_FALSE; | |
} | |
@@ -3400,7 +3400,7 @@ PHP_METHOD(Phar, copy) | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &oldfile, &oldfile_len, &newfile, &newfile_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "pp", &oldfile, &oldfile_len, &newfile, &newfile_len) == FAILURE) { | |
return; | |
} | |
@@ -3500,7 +3500,7 @@ PHP_METHOD(Phar, offsetExists) | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &fname, &fname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) { | |
return; | |
} | |
@@ -3538,7 +3538,7 @@ PHP_METHOD(Phar, offsetGet) | |
zend_string *sfname; | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &fname, &fname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) { | |
return; | |
} | |
@@ -3685,8 +3685,8 @@ PHP_METHOD(Phar, offsetSet) | |
return; | |
} | |
- if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS(), "sr", &fname, &fname_len, &zresource) == FAILURE | |
- && zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &fname, &fname_len, &cont_str, &cont_len) == FAILURE) { | |
+ if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS(), "pr", &fname, &fname_len, &zresource) == FAILURE | |
+ && zend_parse_parameters(ZEND_NUM_ARGS(), "ps", &fname, &fname_len, &cont_str, &cont_len) == FAILURE) { | |
return; | |
} | |
@@ -3724,7 +3724,7 @@ PHP_METHOD(Phar, offsetUnset) | |
return; | |
} | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &fname, &fname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) { | |
return; | |
} | |
@@ -3771,7 +3771,7 @@ PHP_METHOD(Phar, addEmptyDir) | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &dirname, &dirname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p", &dirname, &dirname_len) == FAILURE) { | |
return; | |
} | |
@@ -3796,7 +3796,7 @@ PHP_METHOD(Phar, addFile) | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|s", &fname, &fname_len, &localname, &localname_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|s", &fname, &fname_len, &localname, &localname_len) == FAILURE) { | |
return; | |
} | |
@@ -3838,7 +3838,7 @@ PHP_METHOD(Phar, addFromString) | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss", &localname, &localname_len, &cont_str, &cont_len) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "ps", &localname, &localname_len, &cont_str, &cont_len) == FAILURE) { | |
return; | |
} | |
@@ -4264,7 +4264,7 @@ PHP_METHOD(Phar, extractTo) | |
PHAR_ARCHIVE_OBJECT(); | |
- if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|z!b", &pathto, &pathto_len, &zval_files, &overwrite) == FAILURE) { | |
+ if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|z!b", &pathto, &pathto_len, &zval_files, &overwrite) == FAILURE) { | |
return; | |
} | |
@@ -4396,7 +4396,7 @@ PHP_METHOD(PharFileInfo, __construct) | |
phar_archive_data *phar_data; | |
zval *zobj = getThis(), arg1; | |
- if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "s", &fname, &fname_len) == FAILURE) { | |
+ if (zend_parse_parameters_throw(ZEND_NUM_ARGS(), "p", &fname, &fname_len) == FAILURE) { | |
return; | |
} | |
diff --git a/ext/phar/tests/badparameters.phpt b/ext/phar/tests/badparameters.phpt | |
index a1a9fb7..4d0887f 100644 | |
--- a/ext/phar/tests/badparameters.phpt | |
+++ b/ext/phar/tests/badparameters.phpt | |
@@ -147,19 +147,19 @@ echo $e->getMessage() . "\n"; | |
--EXPECTF-- | |
Warning: Phar::mungServer() expects parameter 1 to be array, %string given in %sbadparameters.php on line %d | |
-Warning: Phar::createDefaultStub() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: Phar::createDefaultStub() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
-Warning: Phar::loadPhar() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: Phar::loadPhar() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
Warning: Phar::canCompress() expects parameter 1 to be integer, %string given in %sbadparameters.php on line %d | |
-Exception: Phar::__construct() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Exception: Phar::__construct() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
Warning: Phar::convertToExecutable() expects parameter 1 to be integer, array given in %sbadparameters.php on line %d | |
Warning: Phar::convertToData() expects parameter 1 to be integer, array given in %sbadparameters.php on line %d | |
-Warning: PharData::delete() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: PharData::delete() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
Cannot write out phar archive, phar is read-only | |
Entry oops does not exist and cannot be deleted | |
%sfiles/frontcontroller10.phar | |
@@ -186,18 +186,18 @@ Phar is readonly, cannot change compression | |
Warning: Phar::copy() expects exactly 2 parameters, 1 given in %sbadparameters.php on line %d | |
Cannot copy "a" to "b", phar is read-only | |
-Warning: Phar::offsetExists() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: Phar::offsetExists() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
-Warning: Phar::offsetGet() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: Phar::offsetGet() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
Warning: Phar::offsetSet() expects exactly 2 parameters, 1 given in %sbadparameters.php on line %d | |
-Warning: PharData::offsetUnset() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: PharData::offsetUnset() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
Write operations disabled by the php.ini setting phar.readonly | |
-Warning: Phar::addEmptyDir() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: Phar::addEmptyDir() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
-Warning: Phar::addFile() expects parameter 1 to be %string, array given in %sbadparameters.php on line %d | |
+Warning: Phar::addFile() expects parameter 1 to be a valid path, array given in %sbadparameters.php on line %d | |
Warning: Phar::addFromString() expects exactly 2 parameters, 1 given in %sbadparameters.php on line %d | |
Write operations disabled by the php.ini setting phar.readonly | |
diff --git a/ext/phar/tests/bug64931/bug64931.phpt b/ext/phar/tests/bug64931/bug64931.phpt | |
index 9c1f9dc..29e0c7b 100644 | |
--- a/ext/phar/tests/bug64931/bug64931.phpt | |
+++ b/ext/phar/tests/bug64931/bug64931.phpt | |
@@ -48,11 +48,12 @@ try { | |
<?php | |
@unlink(__DIR__."/bug64931.phar"); | |
?> | |
---EXPECT-- | |
+--EXPECTF-- | |
Test | |
CAUGHT: Cannot create any files in magic ".phar" directory | |
CAUGHT: Cannot create any files in magic ".phar" directory | |
CAUGHT: Cannot create any files in magic ".phar" directory | |
CAUGHT: Cannot create any files in magic ".phar" directory | |
-CAUGHT: Cannot create any files in magic ".phar" directory | |
+ | |
+Warning: Phar::addFromString() expects parameter 1 to be a valid path, string given in %s/bug64931.php on line %d | |
===DONE=== | |
\ No newline at end of file | |
diff --git a/ext/phar/tests/create_path_error.phpt b/ext/phar/tests/create_path_error.phpt | |
index fe2cd3e..3449b07 100644 | |
--- a/ext/phar/tests/create_path_error.phpt | |
+++ b/ext/phar/tests/create_path_error.phpt | |
@@ -80,6 +80,5 @@ string(5) "query" | |
11:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character | |
12:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character | |
13:Error: file_put_contents(phar://%s): failed to open stream: phar error: invalid path "%s" contains illegal character | |
-Exception: Entry a does not exist and cannot be created: phar error: invalid path "a" contains illegal character | |
-===DONE=== | |
+Error: Phar::offsetSet() expects parameter 1 to be a valid path, string given===DONE=== | |
diff --git a/ext/phar/tests/phar_extract.phpt b/ext/phar/tests/phar_extract.phpt | |
index bc54523..f7d1403 100644 | |
--- a/ext/phar/tests/phar_extract.phpt | |
+++ b/ext/phar/tests/phar_extract.phpt | |
@@ -138,7 +138,7 @@ string(3) "hi2" | |
bool(false) | |
Invalid argument, expected a filename (string) or array of filenames | |
-Warning: Phar::extractTo() expects parameter 1 to be %string, array given in %sphar_extract.php on line %d | |
+Warning: Phar::extractTo() expects parameter 1 to be a valid path, array given in %sphar_extract.php on line %d | |
Invalid argument, extraction path must be non-zero length | |
Unable to use path "%soops" for extraction, it is a file, must be a directory | |
Invalid argument, array of filenames to extract contains non-string value | |
diff --git a/ext/phar/tests/phar_isvalidpharfilename.phpt b/ext/phar/tests/phar_isvalidpharfilename.phpt | |
index dee9b7d..da07bec 100644 | |
--- a/ext/phar/tests/phar_isvalidpharfilename.phpt | |
+++ b/ext/phar/tests/phar_isvalidpharfilename.phpt | |
@@ -76,7 +76,7 @@ var_dump(Phar::isValidPharFilename('dir.phar.php', false)); | |
<?php | |
rmdir(dirname(__FILE__) . '/.phar'); | |
--EXPECTF-- | |
-Warning: Phar::isValidPharFilename() expects parameter 1 to be %string, array given in %sphar_isvalidpharfilename.php on line %d | |
+Warning: Phar::isValidPharFilename() expects parameter 1 to be a valid path, array given in %sphar_isvalidpharfilename.php on line %d | |
* | |
bool(false) | |
bool(false) | |
diff --git a/ext/phar/tests/phar_unlinkarchive.phpt b/ext/phar/tests/phar_unlinkarchive.phpt | |
index 4800c52..2f441ba 100644 | |
--- a/ext/phar/tests/phar_unlinkarchive.phpt | |
+++ b/ext/phar/tests/phar_unlinkarchive.phpt | |
@@ -90,7 +90,7 @@ Unknown phar archive "" | |
Unknown phar archive "%sphar_unlinkarchive.phar" | |
Unknown phar archive "%sphar_unlinkarchive.phar.tar": internal corruption of phar "%sphar_unlinkarchive.phar.tar" (truncated entry) | |
-Warning: Phar::unlinkArchive() expects parameter 1 to be %string, array given in %sphar_unlinkarchive.php on line %d | |
+Warning: Phar::unlinkArchive() expects parameter 1 to be a valid path, array given in %sphar_unlinkarchive.php on line %d | |
bool(false) | |
string(48) "<?php echo "first stub\n"; __HALT_COMPILER(); ?>" | |
phar archive "%sphar_unlinkarchive.phar" has open file handles or objects. fclose() all file handles, and unset() all objects prior to calling unlinkArchive() | |
diff --git a/ext/phar/tests/pharfileinfo_construct.phpt b/ext/phar/tests/pharfileinfo_construct.phpt | |
index 1f4f617..53ee514 100644 | |
--- a/ext/phar/tests/pharfileinfo_construct.phpt | |
+++ b/ext/phar/tests/pharfileinfo_construct.phpt | |
@@ -50,7 +50,7 @@ echo $e->getMessage() . "\n"; | |
<?php unlink(dirname(__FILE__) . '/' . basename(__FILE__, '.clean.php') . '.phar'); ?> | |
--EXPECTF-- | |
Cannot open phar file 'phar://%spharfileinfo_construct.phar/oops': internal corruption of phar "%spharfileinfo_construct.phar" (truncated entry) | |
-PharFileInfo::__construct() expects parameter 1 to be string, array given | |
+PharFileInfo::__construct() expects parameter 1 to be a valid path, array given | |
Cannot access phar file entry '%s' in archive '%s' | |
Cannot call constructor twice | |
'%s' is not a valid phar archive URL (must have at least phar://filename.phar) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ok, fixed