Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:39804 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8574 invoked from network); 10 Aug 2008 00:28:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Aug 2008 00:28:24 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 204.11.219.139 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 204.11.219.139 mail.lerdorf.com Received: from [204.11.219.139] ([204.11.219.139:50030] helo=mail.lerdorf.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F5/60-05869-7263E984 for ; Sat, 09 Aug 2008 20:28:24 -0400 Received: from [216.145.54.15] (socks3.corp.yahoo.com [216.145.54.15]) (authenticated bits=0) by mail.lerdorf.com (8.14.3/8.14.3/Debian-5) with ESMTP id m7A0SJjG003380 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 9 Aug 2008 17:28:20 -0700 Message-ID: <489E3623.50008@lerdorf.com> Date: Sat, 09 Aug 2008 17:28:19 -0700 User-Agent: Thunderbird/3.0a2pre (Macintosh; 2008071516) MIME-Version: 1.0 To: Stefan Esser CC: Dmitry Stogov , internals@lists.php.net References: <4899C4B4.3060902@liip.ch> <1218138548.5346.3.camel@felipe> <489B5285.1070000@lerdorf.com> <200808072237.01841.arnaud.lb@gmail.com> <7f3ed2c30808080011l3c62d416k7fd9b4dd455df99e@mail.gmail.com> <489C6BBA.8030101@zend.com> <489D811D.6090401@sektioneins.de> In-Reply-To: <489D811D.6090401@sektioneins.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (mail.lerdorf.com [204.11.219.139]); Sat, 09 Aug 2008 17:28:20 -0700 (PDT) Subject: Re: [PHP-DEV] include bug in 5.3 From: rasmus@lerdorf.com (Rasmus Lerdorf) Stefan Esser wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Dmitry, > > while you are at fixing realpath() it might be a good idea to fix the > ../ nonsense. > > What I mean is: > > fopen("this_is_not_a_dir_but_a_file/../../../../../../../../etc/passwd", > "r"); > > works because of realpath() and PHP's wrapper. > > Same for > > fopen("this_is_not_existing/../../../../../../../../etc/passwd", "r"); Dmitry, I think this is a good suggestion. If any component of the path, other than the final one is not a directory, or if a component of the path doesn't exist, the realpath call should fail. We're doing the stat on each one anyway, so checking the entry type shouldn't be an issue. -Rasmus