Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:28261
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 20614 invoked by uid 1010); 6 Mar 2007 05:45:04 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 20596 invoked from network); 6 Mar 2007 05:45:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Mar 2007 05:45:04 -0000
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lerdorf.com from 204.11.219.139 cause and error)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 204.11.219.139 mail.lerdorf.com Linux 2.5 (sometimes 2.4) (4)
Received: from [204.11.219.139] ([204.11.219.139:59427] helo=lerdorf.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id FD/04-08626-CDFFCE54 for <internals@lists.php.net>; Tue, 06 Mar 2007 00:45:02 -0500
Received: from [192.168.200.104] (c-67-169-43-97.hsd1.ca.comcast.net [67.169.43.97])
	(authenticated bits=0)
	by lerdorf.com (8.13.8/8.13.8/Debian-3) with ESMTP id l265ivZn006917
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Mon, 5 Mar 2007 21:44:57 -0800
Message-ID: <45ECFFD9.2060601@lerdorf.com>
Date: Mon, 05 Mar 2007 21:44:57 -0800
User-Agent: Thunderbird 1.5.0.10 (Macintosh/20070221)
MIME-Version: 1.0
To: Ilia Alshanetsky <ilia@prohost.org>
CC: internals <internals@lists.php.net>
X-Enigmail-Version: 0.94.2.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.90.1/2742/Mon Mar  5 19:54:14 2007 on colo
X-Virus-Status: Clean
Subject: Confusing code in ext/curl
From: rasmus@lerdorf.com (Rasmus Lerdorf)

Ilia, I think you wrote this.  Could you help me understand what you
were trying to do in the open basedir check macro:

#define PHP_CURL_CHECK_OPEN_BASEDIR(str, len, __ret)

    if (((PG(open_basedir) && *PG(open_basedir)) || PG(safe_mode)) &&

        strncasecmp(str, "file:", sizeof("file:") - 1) == 0)


So this check is only applied to file: urls passed to curl when either
safe_mode or open_basedir is set.  Ok

    {

        php_url *tmp_url;

        if (!(tmp_url = php_url_parse_ex(str, len))) {

            php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid URL
'%s'", str);               \
            php_curl_ret(__ret);
        }

And this invalid URL check makes sense too.  url_parse couldn't grok it.

        if (php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str +
len)) {                \
            php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s'
contains unencoded control characters.", str);
            php_url_free(tmp_url);

            php_curl_ret(__ret);
        }

This memnstr call makes no sense to me.  str is going to be
file:///some/path/some_file.txt so tmp_url->path is going to be
"/some/path"  memnstr returns the char * to the beginning of
"/some/path" in "file:///some/path/some_file.txt" which would be str+7
which is obviously non-false which means the warning message about
unencoded control chars is printed.  Did you perhaps mean !php_memnstr
there?  But php_memnstr() is binary-safe, so you are relying on the
url_parse function to have replaced the control chars in the middle of
the path to make it not match?  Or what exactly are you trying to catch
with this check?


-Rasmus