1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
16 | Jim Winstead <jimw@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* {{{ includes
21 */
22 #include "php.h"
23 #include "php_globals.h"
24 #include "SAPI.h"
25
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <errno.h>
29 #include <sys/types.h>
30 #include <sys/stat.h>
31 #include <fcntl.h>
32
33 #ifdef PHP_WIN32
34 #define O_RDONLY _O_RDONLY
35 #include "win32/param.h"
36 #else
37 #include <sys/param.h>
38 #endif
39
40 #include "ext/standard/head.h"
41 #include "ext/standard/php_standard.h"
42 #include "zend_compile.h"
43 #include "php_network.h"
44
45 #if HAVE_PWD_H
46 #include <pwd.h>
47 #endif
48
49 #include <sys/types.h>
50 #if HAVE_SYS_SOCKET_H
51 #include <sys/socket.h>
52 #endif
53
54 #ifdef PHP_WIN32
55 #include <winsock2.h>
56 #else
57 #include <netinet/in.h>
58 #include <netdb.h>
59 #if HAVE_ARPA_INET_H
60 #include <arpa/inet.h>
61 #endif
62 #endif
63
64 #if defined(PHP_WIN32) || defined(__riscos__)
65 #undef AF_UNIX
66 #endif
67
68 #if defined(AF_UNIX)
69 #include <sys/un.h>
70 #endif
71 /* }}} */
72
73 /* {{{ OnUpdateBaseDir
74 Allows any change to open_basedir setting in during Startup and Shutdown events,
75 or a tightening during activation/runtime/deactivation */
ZEND_INI_MH(OnUpdateBaseDir)76 PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
77 {
78 char **p, *pathbuf, *ptr, *end;
79 #ifndef ZTS
80 char *base = (char *) mh_arg2;
81 #else
82 char *base = (char *) ts_resource(*((int *) mh_arg2));
83 #endif
84
85 p = (char **) (base + (size_t) mh_arg1);
86
87 if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) {
88 /* We're in a PHP_INI_SYSTEM context, no restrictions */
89 *p = new_value ? ZSTR_VAL(new_value) : NULL;
90 return SUCCESS;
91 }
92
93 /* Otherwise we're in runtime */
94 if (!*p || !**p) {
95 /* open_basedir not set yet, go ahead and give it a value */
96 *p = ZSTR_VAL(new_value);
97 return SUCCESS;
98 }
99
100 /* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
101 if (!new_value || !*ZSTR_VAL(new_value)) {
102 return FAILURE;
103 }
104
105 /* Is the proposed open_basedir at least as restrictive as the current setting? */
106 ptr = pathbuf = estrdup(ZSTR_VAL(new_value));
107 while (ptr && *ptr) {
108 end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
109 if (end != NULL) {
110 *end = '\0';
111 end++;
112 }
113 if (ptr[0] == '.' && ptr[1] == '.' && (ptr[2] == '\0' || IS_SLASH(ptr[2]))) {
114 /* Don't allow paths with a leading .. path component to be set at runtime */
115 efree(pathbuf);
116 return FAILURE;
117 }
118 if (php_check_open_basedir_ex(ptr, 0) != 0) {
119 /* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */
120 efree(pathbuf);
121 return FAILURE;
122 }
123 ptr = end;
124 }
125 efree(pathbuf);
126
127 /* Everything checks out, set it */
128 *p = ZSTR_VAL(new_value);
129
130 return SUCCESS;
131 }
132 /* }}} */
133
134 /* {{{ php_check_specific_open_basedir
135 When open_basedir is not NULL, check if the given filename is located in
136 open_basedir. Returns -1 if error or not in the open_basedir, else 0.
137 When open_basedir is NULL, always return 0.
138 */
php_check_specific_open_basedir(const char * basedir,const char * path)139 PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
140 {
141 char resolved_name[MAXPATHLEN];
142 char resolved_basedir[MAXPATHLEN];
143 char local_open_basedir[MAXPATHLEN];
144 char path_tmp[MAXPATHLEN];
145 char *path_file;
146 size_t resolved_basedir_len;
147 size_t resolved_name_len;
148 size_t path_len;
149 int nesting_level = 0;
150
151 /* Special case basedir==".": Use script-directory */
152 if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {
153 /* Else use the unmodified path */
154 strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir));
155 }
156
157 path_len = strlen(path);
158 if (path_len > (MAXPATHLEN - 1)) {
159 /* empty and too long paths are invalid */
160 return -1;
161 }
162
163 /* normalize and expand path */
164 if (expand_filepath(path, resolved_name) == NULL) {
165 return -1;
166 }
167
168 path_len = strlen(resolved_name);
169 memcpy(path_tmp, resolved_name, path_len + 1); /* safe */
170
171 while (VCWD_REALPATH(path_tmp, resolved_name) == NULL) {
172 #if defined(PHP_WIN32) || defined(HAVE_SYMLINK)
173 if (nesting_level == 0) {
174 ssize_t ret;
175 char buf[MAXPATHLEN];
176
177 ret = php_sys_readlink(path_tmp, buf, MAXPATHLEN - 1);
178 if (ret == -1) {
179 /* not a broken symlink, move along.. */
180 } else {
181 /* put the real path into the path buffer */
182 memcpy(path_tmp, buf, ret);
183 path_tmp[ret] = '\0';
184 }
185 }
186 #endif
187
188 #ifdef PHP_WIN32
189 path_file = strrchr(path_tmp, DEFAULT_SLASH);
190 if (!path_file) {
191 path_file = strrchr(path_tmp, '/');
192 }
193 #else
194 path_file = strrchr(path_tmp, DEFAULT_SLASH);
195 #endif
196 if (!path_file) {
197 /* none of the path components exist. definitely not in open_basedir.. */
198 return -1;
199 } else {
200 path_len = path_file - path_tmp + 1;
201 #ifdef PHP_WIN32
202 if (path_len > 1 && path_tmp[path_len - 2] == ':') {
203 if (path_len != 3) {
204 return -1;
205 }
206 /* this is c:\ */
207 path_tmp[path_len] = '\0';
208 } else {
209 path_tmp[path_len - 1] = '\0';
210 }
211 #else
212 path_tmp[path_len - 1] = '\0';
213 #endif
214 }
215 if (*path_tmp == '\0') {
216 /* Do not pass an empty string to realpath(), as this will resolve to CWD. */
217 break;
218 }
219 nesting_level++;
220 }
221
222 /* Resolve open_basedir to resolved_basedir */
223 if (expand_filepath(local_open_basedir, resolved_basedir) != NULL) {
224 size_t basedir_len = strlen(basedir);
225 /* Handler for basedirs that end with a / */
226 resolved_basedir_len = strlen(resolved_basedir);
227 #ifdef PHP_WIN32
228 if (basedir[basedir_len - 1] == PHP_DIR_SEPARATOR || basedir[basedir_len - 1] == '/') {
229 #else
230 if (basedir[basedir_len - 1] == PHP_DIR_SEPARATOR) {
231 #endif
232 if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
233 resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
234 resolved_basedir[++resolved_basedir_len] = '\0';
235 }
236 } else {
237 resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR;
238 resolved_basedir[resolved_basedir_len] = '\0';
239 }
240
241 resolved_name_len = strlen(resolved_name);
242 if (path_tmp[path_len - 1] == PHP_DIR_SEPARATOR) {
243 if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) {
244 resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR;
245 resolved_name[++resolved_name_len] = '\0';
246 }
247 }
248
249 /* Check the path */
250 #ifdef PHP_WIN32
251 if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
252 #else
253 if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
254 #endif
255 if (resolved_name_len > resolved_basedir_len &&
256 resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
257 return -1;
258 } else {
259 /* File is in the right directory */
260 return 0;
261 }
262 } else {
263 /* /openbasedir/ and /openbasedir are the same directory */
264 if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
265 #ifdef PHP_WIN32
266 if (strncasecmp(resolved_basedir, resolved_name, resolved_name_len) == 0) {
267 #else
268 if (strncmp(resolved_basedir, resolved_name, resolved_name_len) == 0) {
269 #endif
270 return 0;
271 }
272 }
273 return -1;
274 }
275 } else {
276 /* Unable to resolve the real path, return -1 */
277 return -1;
278 }
279 }
280 /* }}} */
281
282 PHPAPI int php_check_open_basedir(const char *path)
283 {
284 return php_check_open_basedir_ex(path, 1);
285 }
286
287 /* {{{ php_check_open_basedir
288 */
289 PHPAPI int php_check_open_basedir_ex(const char *path, int warn)
290 {
291 /* Only check when open_basedir is available */
292 if (PG(open_basedir) && *PG(open_basedir)) {
293 char *pathbuf;
294 char *ptr;
295 char *end;
296
297 /* Check if the path is too long so we can give a more useful error
298 * message. */
299 if (strlen(path) > (MAXPATHLEN - 1)) {
300 php_error_docref(NULL, E_WARNING, "File name is longer than the maximum allowed path length on this platform (%d): %s", MAXPATHLEN, path);
301 errno = EINVAL;
302 return -1;
303 }
304
305 pathbuf = estrdup(PG(open_basedir));
306
307 ptr = pathbuf;
308
309 while (ptr && *ptr) {
310 end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
311 if (end != NULL) {
312 *end = '\0';
313 end++;
314 }
315
316 if (php_check_specific_open_basedir(ptr, path) == 0) {
317 efree(pathbuf);
318 return 0;
319 }
320
321 ptr = end;
322 }
323 if (warn) {
324 php_error_docref(NULL, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
325 }
326 efree(pathbuf);
327 errno = EPERM; /* we deny permission to open it */
328 return -1;
329 }
330
331 /* Nothing to check... */
332 return 0;
333 }
334 /* }}} */
335
336 /* {{{ php_fopen_and_set_opened_path
337 */
338 static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, zend_string **opened_path)
339 {
340 FILE *fp;
341
342 if (php_check_open_basedir((char *)path)) {
343 return NULL;
344 }
345 fp = VCWD_FOPEN(path, mode);
346 if (fp && opened_path) {
347 //TODO :avoid reallocation
348 char *tmp = expand_filepath_with_mode(path, NULL, NULL, 0, CWD_EXPAND);
349 if (tmp) {
350 *opened_path = zend_string_init(tmp, strlen(tmp), 0);
351 efree(tmp);
352 }
353 }
354 return fp;
355 }
356 /* }}} */
357
358 /* {{{ php_fopen_primary_script
359 */
360 PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle)
361 {
362 char *path_info;
363 char *filename = NULL;
364 zend_string *resolved_path = NULL;
365 size_t length;
366 zend_bool orig_display_errors;
367
368 path_info = SG(request_info).request_uri;
369 #if HAVE_PWD_H
370 if (PG(user_dir) && *PG(user_dir) && path_info && '/' == path_info[0] && '~' == path_info[1]) {
371 char *s = strchr(path_info + 2, '/');
372
373 if (s) { /* if there is no path name after the file, do not bother */
374 char user[32]; /* to try open the directory */
375 struct passwd *pw;
376 #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
377 struct passwd pwstruc;
378 long pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
379 char *pwbuf;
380
381 if (pwbuflen < 1) {
382 return FAILURE;
383 }
384
385 pwbuf = emalloc(pwbuflen);
386 #endif
387 length = s - (path_info + 2);
388 if (length > sizeof(user) - 1) {
389 length = sizeof(user) - 1;
390 }
391 memcpy(user, path_info + 2, length);
392 user[length] = '\0';
393 #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
394 if (getpwnam_r(user, &pwstruc, pwbuf, pwbuflen, &pw)) {
395 efree(pwbuf);
396 return FAILURE;
397 }
398 #else
399 pw = getpwnam(user);
400 #endif
401 if (pw && pw->pw_dir) {
402 spprintf(&filename, 0, "%s%c%s%c%s", pw->pw_dir, PHP_DIR_SEPARATOR, PG(user_dir), PHP_DIR_SEPARATOR, s + 1); /* Safe */
403 } else {
404 filename = SG(request_info).path_translated;
405 }
406 #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
407 efree(pwbuf);
408 #endif
409 }
410 } else
411 #endif
412 if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
413 IS_ABSOLUTE_PATH(PG(doc_root), length)) {
414 size_t path_len = strlen(path_info);
415 filename = emalloc(length + path_len + 2);
416 memcpy(filename, PG(doc_root), length);
417 if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */
418 filename[length++] = PHP_DIR_SEPARATOR;
419 }
420 if (IS_SLASH(path_info[0])) {
421 length--;
422 }
423 strncpy(filename + length, path_info, path_len + 1);
424 } else {
425 filename = SG(request_info).path_translated;
426 }
427
428
429 if (filename) {
430 resolved_path = zend_resolve_path(filename, strlen(filename));
431 }
432
433 if (!resolved_path) {
434 if (SG(request_info).path_translated != filename) {
435 if (filename) {
436 efree(filename);
437 }
438 }
439 /* we have to free SG(request_info).path_translated here because
440 * php_destroy_request_info assumes that it will get
441 * freed when the include_names hash is emptied, but
442 * we're not adding it in this case */
443 if (SG(request_info).path_translated) {
444 efree(SG(request_info).path_translated);
445 SG(request_info).path_translated = NULL;
446 }
447 return FAILURE;
448 }
449 zend_string_release_ex(resolved_path, 0);
450
451 orig_display_errors = PG(display_errors);
452 PG(display_errors) = 0;
453 if (zend_stream_open(filename, file_handle) == FAILURE) {
454 PG(display_errors) = orig_display_errors;
455 if (SG(request_info).path_translated != filename) {
456 if (filename) {
457 efree(filename);
458 }
459 }
460 if (SG(request_info).path_translated) {
461 efree(SG(request_info).path_translated);
462 SG(request_info).path_translated = NULL;
463 }
464 return FAILURE;
465 }
466 PG(display_errors) = orig_display_errors;
467
468 if (SG(request_info).path_translated != filename) {
469 if (SG(request_info).path_translated) {
470 efree(SG(request_info).path_translated);
471 }
472 SG(request_info).path_translated = filename;
473 }
474
475 return SUCCESS;
476 }
477 /* }}} */
478
479 /* {{{ php_resolve_path
480 * Returns the realpath for given filename according to include path
481 */
482 PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_length, const char *path)
483 {
484 char resolved_path[MAXPATHLEN];
485 char trypath[MAXPATHLEN];
486 const char *ptr, *end, *p;
487 const char *actual_path;
488 php_stream_wrapper *wrapper;
489 zend_string *exec_filename;
490
491 if (!filename || CHECK_NULL_PATH(filename, filename_length)) {
492 return NULL;
493 }
494
495 /* Don't resolve paths which contain protocol (except of file://) */
496 for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
497 if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
498 wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
499 if (wrapper == &php_plain_files_wrapper) {
500 if (tsrm_realpath(actual_path, resolved_path)) {
501 return zend_string_init(resolved_path, strlen(resolved_path), 0);
502 }
503 }
504 return NULL;
505 }
506
507 if ((*filename == '.' &&
508 (IS_SLASH(filename[1]) ||
509 ((filename[1] == '.') && IS_SLASH(filename[2])))) ||
510 IS_ABSOLUTE_PATH(filename, filename_length) ||
511 #ifdef PHP_WIN32
512 /* This should count as an absolute local path as well, however
513 IS_ABSOLUTE_PATH doesn't care about this path form till now. It
514 might be a big thing to extend, thus just a local handling for
515 now. */
516 filename_length >=2 && IS_SLASH(filename[0]) && !IS_SLASH(filename[1]) ||
517 #endif
518 !path ||
519 !*path) {
520 if (tsrm_realpath(filename, resolved_path)) {
521 return zend_string_init(resolved_path, strlen(resolved_path), 0);
522 } else {
523 return NULL;
524 }
525 }
526
527 ptr = path;
528 while (ptr && *ptr) {
529 /* Check for stream wrapper */
530 int is_stream_wrapper = 0;
531
532 for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
533 if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
534 /* .:// or ..:// is not a stream wrapper */
535 if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
536 p += 3;
537 is_stream_wrapper = 1;
538 }
539 }
540 end = strchr(p, DEFAULT_DIR_SEPARATOR);
541 if (end) {
542 if (filename_length > (MAXPATHLEN - 2) || (end-ptr) > MAXPATHLEN || (end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) {
543 ptr = end + 1;
544 continue;
545 }
546 memcpy(trypath, ptr, end-ptr);
547 trypath[end-ptr] = '/';
548 memcpy(trypath+(end-ptr)+1, filename, filename_length+1);
549 ptr = end+1;
550 } else {
551 size_t len = strlen(ptr);
552
553 if (filename_length > (MAXPATHLEN - 2) || len > MAXPATHLEN || len + 1 + filename_length + 1 >= MAXPATHLEN) {
554 break;
555 }
556 memcpy(trypath, ptr, len);
557 trypath[len] = '/';
558 memcpy(trypath+len+1, filename, filename_length+1);
559 ptr = NULL;
560 }
561 actual_path = trypath;
562 if (is_stream_wrapper) {
563 wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
564 if (!wrapper) {
565 continue;
566 } else if (wrapper != &php_plain_files_wrapper) {
567 if (wrapper->wops->url_stat) {
568 php_stream_statbuf ssb;
569
570 if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL)) {
571 return zend_string_init(trypath, strlen(trypath), 0);
572 }
573 if (EG(exception)) {
574 return NULL;
575 }
576 }
577 continue;
578 }
579 }
580 if (tsrm_realpath(actual_path, resolved_path)) {
581 return zend_string_init(resolved_path, strlen(resolved_path), 0);
582 }
583 } /* end provided path */
584
585 /* check in calling scripts' current working directory as a fall back case
586 */
587 if (zend_is_executing() &&
588 (exec_filename = zend_get_executed_filename_ex()) != NULL) {
589 const char *exec_fname = ZSTR_VAL(exec_filename);
590 size_t exec_fname_length = ZSTR_LEN(exec_filename);
591
592 while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
593 if (exec_fname_length > 0 &&
594 filename_length < (MAXPATHLEN - 2) &&
595 exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) {
596 memcpy(trypath, exec_fname, exec_fname_length + 1);
597 memcpy(trypath+exec_fname_length + 1, filename, filename_length+1);
598 actual_path = trypath;
599
600 /* Check for stream wrapper */
601 for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
602 if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
603 wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
604 if (!wrapper) {
605 return NULL;
606 } else if (wrapper != &php_plain_files_wrapper) {
607 if (wrapper->wops->url_stat) {
608 php_stream_statbuf ssb;
609
610 if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL)) {
611 return zend_string_init(trypath, strlen(trypath), 0);
612 }
613 if (EG(exception)) {
614 return NULL;
615 }
616 }
617 return NULL;
618 }
619 }
620
621 if (tsrm_realpath(actual_path, resolved_path)) {
622 return zend_string_init(resolved_path, strlen(resolved_path), 0);
623 }
624 }
625 }
626
627 return NULL;
628 }
629 /* }}} */
630
631 /* {{{ php_fopen_with_path
632 * Tries to open a file with a PATH-style list of directories.
633 * If the filename starts with "." or "/", the path is ignored.
634 */
635 PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, zend_string **opened_path)
636 {
637 char *pathbuf, *ptr, *end;
638 char trypath[MAXPATHLEN];
639 FILE *fp;
640 size_t filename_length;
641 zend_string *exec_filename;
642
643 if (opened_path) {
644 *opened_path = NULL;
645 }
646
647 if (!filename) {
648 return NULL;
649 }
650
651 filename_length = strlen(filename);
652 #ifndef PHP_WIN32
653 (void) filename_length;
654 #endif
655
656 /* Relative path open */
657 if ((*filename == '.')
658 /* Absolute path open */
659 || IS_ABSOLUTE_PATH(filename, filename_length)
660 || (!path || !*path)
661 ) {
662 return php_fopen_and_set_opened_path(filename, mode, opened_path);
663 }
664
665 /* check in provided path */
666 /* append the calling scripts' current working directory
667 * as a fall back case
668 */
669 if (zend_is_executing() &&
670 (exec_filename = zend_get_executed_filename_ex()) != NULL) {
671 const char *exec_fname = ZSTR_VAL(exec_filename);
672 size_t exec_fname_length = ZSTR_LEN(exec_filename);
673
674 while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
675 if ((exec_fname && exec_fname[0] == '[') || exec_fname_length <= 0) {
676 /* [no active file] or no path */
677 pathbuf = estrdup(path);
678 } else {
679 size_t path_length = strlen(path);
680
681 pathbuf = (char *) emalloc(exec_fname_length + path_length + 1 + 1);
682 memcpy(pathbuf, path, path_length);
683 pathbuf[path_length] = DEFAULT_DIR_SEPARATOR;
684 memcpy(pathbuf + path_length + 1, exec_fname, exec_fname_length);
685 pathbuf[path_length + exec_fname_length + 1] = '\0';
686 }
687 } else {
688 pathbuf = estrdup(path);
689 }
690
691 ptr = pathbuf;
692
693 while (ptr && *ptr) {
694 end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
695 if (end != NULL) {
696 *end = '\0';
697 end++;
698 }
699 if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
700 php_error_docref(NULL, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
701 }
702 fp = php_fopen_and_set_opened_path(trypath, mode, opened_path);
703 if (fp) {
704 efree(pathbuf);
705 return fp;
706 }
707 ptr = end;
708 } /* end provided path */
709
710 efree(pathbuf);
711 return NULL;
712 }
713 /* }}} */
714
715 /* {{{ php_strip_url_passwd
716 */
717 PHPAPI char *php_strip_url_passwd(char *url)
718 {
719 register char *p, *url_start;
720
721 if (url == NULL) {
722 return "";
723 }
724
725 p = url;
726
727 while (*p) {
728 if (*p == ':' && *(p + 1) == '/' && *(p + 2) == '/') {
729 /* found protocol */
730 url_start = p = p + 3;
731
732 while (*p) {
733 if (*p == '@') {
734 int i;
735
736 for (i = 0; i < 3 && url_start < p; i++, url_start++) {
737 *url_start = '.';
738 }
739 for (; *p; p++) {
740 *url_start++ = *p;
741 }
742 *url_start=0;
743 break;
744 }
745 p++;
746 }
747 return url;
748 }
749 p++;
750 }
751 return url;
752 }
753 /* }}} */
754
755 /* {{{ expand_filepath
756 */
757 PHPAPI char *expand_filepath(const char *filepath, char *real_path)
758 {
759 return expand_filepath_ex(filepath, real_path, NULL, 0);
760 }
761 /* }}} */
762
763 /* {{{ expand_filepath_ex
764 */
765 PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len)
766 {
767 return expand_filepath_with_mode(filepath, real_path, relative_to, relative_to_len, CWD_FILEPATH);
768 }
769 /* }}} */
770
771 /* {{{ expand_filepath_use_realpath
772 */
773 PHPAPI char *expand_filepath_with_mode(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len, int realpath_mode)
774 {
775 cwd_state new_state;
776 char cwd[MAXPATHLEN];
777 size_t copy_len;
778 size_t path_len;
779
780 if (!filepath[0]) {
781 return NULL;
782 }
783
784 path_len = strlen(filepath);
785
786 if (IS_ABSOLUTE_PATH(filepath, path_len)) {
787 cwd[0] = '\0';
788 } else {
789 const char *iam = SG(request_info).path_translated;
790 const char *result;
791 if (relative_to) {
792 if (relative_to_len > MAXPATHLEN-1U) {
793 return NULL;
794 }
795 result = relative_to;
796 memcpy(cwd, relative_to, relative_to_len+1U);
797 } else {
798 result = VCWD_GETCWD(cwd, MAXPATHLEN);
799 }
800
801 if (!result && (iam != filepath)) {
802 int fdtest = -1;
803
804 fdtest = VCWD_OPEN(filepath, O_RDONLY);
805 if (fdtest != -1) {
806 /* return a relative file path if for any reason
807 * we cannot cannot getcwd() and the requested,
808 * relatively referenced file is accessible */
809 copy_len = path_len > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : path_len;
810 if (real_path) {
811 memcpy(real_path, filepath, copy_len);
812 real_path[copy_len] = '\0';
813 } else {
814 real_path = estrndup(filepath, copy_len);
815 }
816 close(fdtest);
817 return real_path;
818 } else {
819 cwd[0] = '\0';
820 }
821 } else if (!result) {
822 cwd[0] = '\0';
823 }
824 }
825
826 new_state.cwd = estrdup(cwd);
827 new_state.cwd_length = strlen(cwd);
828
829 if (virtual_file_ex(&new_state, filepath, NULL, realpath_mode)) {
830 efree(new_state.cwd);
831 return NULL;
832 }
833
834 if (real_path) {
835 copy_len = new_state.cwd_length > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : new_state.cwd_length;
836 memcpy(real_path, new_state.cwd, copy_len);
837 real_path[copy_len] = '\0';
838 } else {
839 real_path = estrndup(new_state.cwd, new_state.cwd_length);
840 }
841 efree(new_state.cwd);
842
843 return real_path;
844 }
845 /* }}} */
846