Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:17834 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 45845 invoked by uid 1010); 11 Aug 2005 14:53:12 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 45829 invoked from network); 11 Aug 2005 14:53:12 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Aug 2005 14:53:12 -0000 X-Host-Fingerprint: 69.12.155.130 69-12-155-130.dsl.static.sonic.net Linux 2.4/2.6 Received: from ([69.12.155.130:3319] helo=pigeon.alphaweb.net) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id F7/19-24081-8566BF24 for ; Thu, 11 Aug 2005 10:53:12 -0400 Received: from localhost ([127.0.0.1] helo=lighthammer) by pigeon.alphaweb.net with smtp (Exim 4.10) id 1E3Dp3-0002Ya-00; Thu, 11 Aug 2005 07:14:18 -0700 Message-ID: <002601c59e84$628da990$65d41a44@lighthammer> To: "\"Kamesh Jayachandran\"" Cc: References: <1123760274.4692.240461014@webmail.messagingengine.com> Date: Thu, 11 Aug 2005 07:52:56 -0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: realpath is not available in all LibCs From: pollita@php.net ("Sara Golemon") > Version PHP 5.1 > file main/php_init.c > function int php_init_config() uses realpath. > In NetWare our earlier releases of LibC SDK has no realpath > implementation. > > I could see the following lines in TSRM/tsrm_virtual_cwd.c > > #ifndef HAVE_REALPATH > #define realpath(x,y) strcpy(y,x) > #endif > > Why not this be in TSRM/tsrm_virtual_cwd.h so that it will work in all > the cases. > > Can I go ahead and checkin this? > I have two concerns with this "solution" (both here and in TSRM). (1) Security: Both internally with checks such as open_basedir and in userspace when evaluating URL parameters (an all too common practice). (2) Functionality: require_once()/include_once() could be fooled into including the same file twice. Granted #2 requires specific circumstances and #1 can be worked around for tightly managed systems running no external packages. How about a more expensive, but more closely aproximating substitute to satisfy all of these? /* psuedo-code */ #ifndef HAVE_REALPATH realpath(...) { itterate path from root: if symlink, resolve if dir, append next portion of remaining path otherwise, ergh...whatever realpath() would do in this situation... loop } #endif