Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:36638
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 48641 invoked from network); 28 Mar 2008 10:03:51 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Mar 2008 10:03:51 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 64.233.166.182 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 64.233.166.182 py-out-1112.google.com  
Received: from [64.233.166.182] ([64.233.166.182:33571] helo=py-out-1112.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 89/24-25926-582CCE74 for <internals@lists.php.net>; Fri, 28 Mar 2008 05:03:50 -0500
Received: by py-out-1112.google.com with SMTP id u77so177230pyb.16
        for <internals@lists.php.net>; Fri, 28 Mar 2008 03:03:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=+VZ3q+Yn3F8m/70y5VHVVMs8tpN8Kw86fE2bYt5i960=;
        b=OQeyh33bwkEs0HzWE7HSBXmRW09XrjaD1ItU2OZrVKIA1ihFny2v0nsaDvezMfZaoHeEkWS8Ns5m4pBLmrAuZx5jnHLBiAIvq+NVp6edhfKni7NBzq/H31+tt2K1KamHOHc8ANtXby28Jb7R7dsoBSuyBmctQyYuIj5c2OVRah0=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=RDIPi5P79pvaJ0SNIC1zSAe9ecuW8sBcWSRX1Zgq/LB/3WV5JBTLAfQjrf+KxyE5Msq0Hig1TG5rEsCcoNopCuK1mP5eT2aXH6f55wO/kBzQIsWHDr/oZ681ixzojTciimqMQVcQRrZHy4w+OwN43nSqtBhP3g/wdLIg9F6zfks=
Received: by 10.141.206.13 with SMTP id i13mr1176898rvq.211.1206698626584;
        Fri, 28 Mar 2008 03:03:46 -0700 (PDT)
Received: by 10.141.123.13 with HTTP; Fri, 28 Mar 2008 03:03:46 -0700 (PDT)
Message-ID: <fe05d1540803280303k742e0a27m46fe9976d48e517d@mail.gmail.com>
Date: Fri, 28 Mar 2008 11:03:46 +0100
To: "Gregory Beaver" <greg@chiaraquartet.net>
Cc: "Stanislav Malyshev" <stas@zend.com>, "Dmitry Stogov" <dmitry@zend.com>, 
	"Stefan Walk" <et@php.net>, internals@lists.php.net, 
	"Marcus Boerger" <helly@php.net>
In-Reply-To: <47E94C24.2030400@chiaraquartet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <47E2F8FA.20107@chiaraquartet.net>
	 <47E7FEFD.8080504@chiaraquartet.net> <47E800F1.5090101@zend.com>
	 <200803251613.20245.et@php.net> <47E91898.5050503@zend.com>
	 <47E92D3B.7010500@chiaraquartet.net> <47E930C0.6000201@zend.com>
	 <47E94C24.2030400@chiaraquartet.net>
Subject: Re: [PHP-DEV] REMINDER - stream wrappers in include_path
From: pierre.php@gmail.com ("Pierre Joye")

Hi,

On Tue, Mar 25, 2008 at 8:01 PM, Gregory Beaver <greg@chiaraquartet.net> wrote:
> Stanislav Malyshev wrote:
>  >> stream wrapper.  Here is an example:
>  >>
>  >> oops.broken://UNC/path
>  >
>  > I wonder if .://UNC/path is treated as "."+//UNC/path (and the same
>  > for ..). It should anyway :) However I'm not too worried without
>  > pathes like foo.bar - not likely to have path without any slashes
>  > unless it's . or .., and if you do, you always can say ./foo.bar
>  >
>  That's a great question.  In attempting to answer, I think I may have
>  unfortunately found a severe flaw in the patch, allowing reading past
>  the end of the filename and the include_path.
>
>  If we pass a file named "hello:" to php_resolve_path, this code:
>
>  if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {

A little notice about this test. It is present in many places in our
code base, it is very difficult to actually fix or improve it without
introducing side effects on a platform or in a specific case. I
discussed this test with Dmitry two weeks ago, it would rock to have
it in a is_url function and manage all specificities there (or in more
functions in required).

One case that has to be managed (can be done later) is the Netware
paths, volumes name can be larger than one later on this platform
(myvolume: for example). #43353 is a case where the problem occurs.

I did not test the patch but it would be nice to do this change at the
same time, it will certainly make our work easier in the future.

Cheers,
-- 
Pierre
http://blog.thepimp.net | http://www.libgd.org