Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:39817
Return-Path: <dmitry@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5708 invoked from network); 11 Aug 2008 06:16:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Aug 2008 06:16:31 -0000
Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.163 as permitted sender)
X-PHP-List-Original-Sender: dmitry@zend.com
X-Host-Fingerprint: 212.25.124.163 il-gw1.zend.com Windows 2000 SP4, XP SP1
Received: from [212.25.124.163] ([212.25.124.163:31627] helo=il-gw1.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BF/B0-01171-E39DF984 for <internals@lists.php.net>; Mon, 11 Aug 2008 02:16:31 -0400
Received: from [10.1.10.36] ([10.1.10.36]) by il-gw1.zend.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Mon, 11 Aug 2008 09:17:17 +0300
Message-ID: <489FD934.8090905@zend.com>
Date: Mon, 11 Aug 2008 10:16:20 +0400
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Rasmus Lerdorf <rasmus@lerdorf.com>
CC: Stefan Esser <stefan.esser@sektioneins.de>, internals@lists.php.net
References: <4899C4B4.3060902@liip.ch> <1218138548.5346.3.camel@felipe>	 <489B5285.1070000@lerdorf.com>	 <200808072237.01841.arnaud.lb@gmail.com> <7f3ed2c30808080011l3c62d416k7fd9b4dd455df99e@mail.gmail.com> <489C6BBA.8030101@zend.com> <489D811D.6090401@sektioneins.de> <489E3623.50008@lerdorf.com>
In-Reply-To: <489E3623.50008@lerdorf.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 11 Aug 2008 06:17:18.0177 (UTC) FILETIME=[E7FCAD10:01C8FB79]
Subject: Re: [PHP-DEV] include bug in 5.3
From: dmitry@zend.com (Dmitry Stogov)

This behavior is already implemented in "improved" patch that I sent on 
Saturday.

Thanks. Dmitry.

Rasmus Lerdorf wrote:
> Stefan Esser wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello Dmitry,
>>
>> while you are at fixing realpath() it might be a good idea to fix the
>> ../ nonsense.
>>
>> What I mean is:
>>
>> fopen("this_is_not_a_dir_but_a_file/../../../../../../../../etc/passwd",
>> "r");
>>
>> works because of realpath() and PHP's wrapper.
>>
>> Same for
>>
>> fopen("this_is_not_existing/../../../../../../../../etc/passwd", "r");
> 
> Dmitry, I think this is a good suggestion.  If any component of the 
> path, other than the final one is not a directory, or if a component of 
> the path doesn't exist, the realpath call should fail.  We're doing the 
> stat on each one anyway, so checking the entry type shouldn't be an issue.
> 
> -Rasmus