1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
14 | Jim Winstead <jimw@php.net> |
15 +----------------------------------------------------------------------+
16 */
17
18 /* {{{ includes */
19 #include "php.h"
20 #include "php_globals.h"
21 #include "SAPI.h"
22
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <errno.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <fcntl.h>
29
30 #ifdef PHP_WIN32
31 #define O_RDONLY _O_RDONLY
32 #include "win32/param.h"
33 #else
34 #include <sys/param.h>
35 #endif
36
37 #include "ext/standard/head.h"
38 #include "ext/standard/php_standard.h"
39 #include "zend_compile.h"
40 #include "php_network.h"
41
42 #if HAVE_PWD_H
43 #include <pwd.h>
44 #endif
45
46 #include <sys/types.h>
47 #if HAVE_SYS_SOCKET_H
48 #include <sys/socket.h>
49 #endif
50
51 #ifdef PHP_WIN32
52 #include <winsock2.h>
53 #else
54 #include <netinet/in.h>
55 #include <netdb.h>
56 #if HAVE_ARPA_INET_H
57 #include <arpa/inet.h>
58 #endif
59 #endif
60
61 #if defined(PHP_WIN32) || defined(__riscos__)
62 #undef AF_UNIX
63 #endif
64
65 #if defined(AF_UNIX)
66 #include <sys/un.h>
67 #endif
68 /* }}} */
69
70 /* {{{ OnUpdateBaseDir
71 Allows any change to open_basedir setting in during Startup and Shutdown events,
72 or a tightening during activation/runtime/deactivation */
ZEND_INI_MH(OnUpdateBaseDir)73 PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
74 {
75 char **p = (char **) ZEND_INI_GET_ADDR();
76 char *pathbuf, *ptr, *end;
77
78 if (stage == PHP_INI_STAGE_STARTUP || stage == PHP_INI_STAGE_SHUTDOWN || stage == PHP_INI_STAGE_ACTIVATE || stage == PHP_INI_STAGE_DEACTIVATE) {
79 /* We're in a PHP_INI_SYSTEM context, no restrictions */
80 *p = new_value ? ZSTR_VAL(new_value) : NULL;
81 return SUCCESS;
82 }
83
84 /* Otherwise we're in runtime */
85 if (!*p || !**p) {
86 /* open_basedir not set yet, go ahead and give it a value */
87 *p = ZSTR_VAL(new_value);
88 return SUCCESS;
89 }
90
91 /* Shortcut: When we have a open_basedir and someone tries to unset, we know it'll fail */
92 if (!new_value || !*ZSTR_VAL(new_value)) {
93 return FAILURE;
94 }
95
96 /* Is the proposed open_basedir at least as restrictive as the current setting? */
97 ptr = pathbuf = estrdup(ZSTR_VAL(new_value));
98 while (ptr && *ptr) {
99 end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
100 if (end != NULL) {
101 *end = '\0';
102 end++;
103 }
104 if (ptr[0] == '.' && ptr[1] == '.' && (ptr[2] == '\0' || IS_SLASH(ptr[2]))) {
105 /* Don't allow paths with a leading .. path component to be set at runtime */
106 efree(pathbuf);
107 return FAILURE;
108 }
109 if (php_check_open_basedir_ex(ptr, 0) != 0) {
110 /* At least one portion of this open_basedir is less restrictive than the prior one, FAIL */
111 efree(pathbuf);
112 return FAILURE;
113 }
114 ptr = end;
115 }
116 efree(pathbuf);
117
118 /* Everything checks out, set it */
119 *p = ZSTR_VAL(new_value);
120
121 return SUCCESS;
122 }
123 /* }}} */
124
125 /* {{{ php_check_specific_open_basedir
126 When open_basedir is not NULL, check if the given filename is located in
127 open_basedir. Returns -1 if error or not in the open_basedir, else 0.
128 When open_basedir is NULL, always return 0.
129 */
php_check_specific_open_basedir(const char * basedir,const char * path)130 PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
131 {
132 char resolved_name[MAXPATHLEN + 1];
133 char resolved_basedir[MAXPATHLEN + 1];
134 char local_open_basedir[MAXPATHLEN];
135 char path_tmp[MAXPATHLEN + 1];
136 char *path_file;
137 size_t resolved_basedir_len;
138 size_t resolved_name_len;
139 size_t path_len;
140 int nesting_level = 0;
141
142 /* Special case basedir==".": Use script-directory */
143 if (strcmp(basedir, ".") || !VCWD_GETCWD(local_open_basedir, MAXPATHLEN)) {
144 /* Else use the unmodified path */
145 strlcpy(local_open_basedir, basedir, sizeof(local_open_basedir));
146 }
147
148 path_len = strlen(path);
149 if (path_len > (MAXPATHLEN - 1)) {
150 /* empty and too long paths are invalid */
151 return -1;
152 }
153
154 /* normalize and expand path */
155 if (expand_filepath(path, resolved_name) == NULL) {
156 return -1;
157 }
158
159 path_len = strlen(resolved_name);
160 memcpy(path_tmp, resolved_name, path_len + 1); /* safe */
161
162 while (VCWD_REALPATH(path_tmp, resolved_name) == NULL) {
163 #if defined(PHP_WIN32) || defined(HAVE_SYMLINK)
164 if (nesting_level == 0) {
165 ssize_t ret;
166 char buf[MAXPATHLEN];
167
168 ret = php_sys_readlink(path_tmp, buf, MAXPATHLEN - 1);
169 if (ret == -1) {
170 /* not a broken symlink, move along.. */
171 } else {
172 /* put the real path into the path buffer */
173 memcpy(path_tmp, buf, ret);
174 path_tmp[ret] = '\0';
175 }
176 }
177 #endif
178
179 #ifdef PHP_WIN32
180 path_file = strrchr(path_tmp, DEFAULT_SLASH);
181 if (!path_file) {
182 path_file = strrchr(path_tmp, '/');
183 }
184 #else
185 path_file = strrchr(path_tmp, DEFAULT_SLASH);
186 #endif
187 if (!path_file) {
188 /* none of the path components exist. definitely not in open_basedir.. */
189 return -1;
190 } else {
191 path_len = path_file - path_tmp + 1;
192 #ifdef PHP_WIN32
193 if (path_len > 1 && path_tmp[path_len - 2] == ':') {
194 if (path_len != 3) {
195 return -1;
196 }
197 /* this is c:\ */
198 path_tmp[path_len] = '\0';
199 } else {
200 path_tmp[path_len - 1] = '\0';
201 }
202 #else
203 path_tmp[path_len - 1] = '\0';
204 #endif
205 }
206 if (*path_tmp == '\0') {
207 /* Do not pass an empty string to realpath(), as this will resolve to CWD. */
208 break;
209 }
210 nesting_level++;
211 }
212
213 /* Resolve open_basedir to resolved_basedir */
214 if (expand_filepath(local_open_basedir, resolved_basedir) != NULL) {
215 size_t basedir_len = strlen(basedir);
216 /* Handler for basedirs that end with a / */
217 resolved_basedir_len = strlen(resolved_basedir);
218 #ifdef PHP_WIN32
219 if (basedir[basedir_len - 1] == PHP_DIR_SEPARATOR || basedir[basedir_len - 1] == '/') {
220 #else
221 if (basedir[basedir_len - 1] == PHP_DIR_SEPARATOR) {
222 #endif
223 if (resolved_basedir[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
224 resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR;
225 resolved_basedir[++resolved_basedir_len] = '\0';
226 }
227 } else {
228 resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR;
229 resolved_basedir[resolved_basedir_len] = '\0';
230 }
231
232 resolved_name_len = strlen(resolved_name);
233 if (path_tmp[path_len - 1] == PHP_DIR_SEPARATOR) {
234 if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) {
235 resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR;
236 resolved_name[++resolved_name_len] = '\0';
237 }
238 }
239
240 /* Check the path */
241 #ifdef PHP_WIN32
242 if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
243 #else
244 if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
245 #endif
246 if (resolved_name_len > resolved_basedir_len &&
247 resolved_name[resolved_basedir_len - 1] != PHP_DIR_SEPARATOR) {
248 return -1;
249 } else {
250 /* File is in the right directory */
251 return 0;
252 }
253 } else {
254 /* /openbasedir/ and /openbasedir are the same directory */
255 if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
256 #ifdef PHP_WIN32
257 if (strncasecmp(resolved_basedir, resolved_name, resolved_name_len) == 0) {
258 #else
259 if (strncmp(resolved_basedir, resolved_name, resolved_name_len) == 0) {
260 #endif
261 return 0;
262 }
263 }
264 return -1;
265 }
266 } else {
267 /* Unable to resolve the real path, return -1 */
268 return -1;
269 }
270 }
271 /* }}} */
272
273 PHPAPI int php_check_open_basedir(const char *path)
274 {
275 return php_check_open_basedir_ex(path, 1);
276 }
277
278 /* {{{ php_check_open_basedir */
279 PHPAPI int php_check_open_basedir_ex(const char *path, int warn)
280 {
281 /* Only check when open_basedir is available */
282 if (PG(open_basedir) && *PG(open_basedir)) {
283 char *pathbuf;
284 char *ptr;
285 char *end;
286
287 /* Check if the path is too long so we can give a more useful error
288 * message. */
289 if (strlen(path) > (MAXPATHLEN - 1)) {
290 php_error_docref(NULL, E_WARNING, "File name is longer than the maximum allowed path length on this platform (%d): %s", MAXPATHLEN, path);
291 errno = EINVAL;
292 return -1;
293 }
294
295 pathbuf = estrdup(PG(open_basedir));
296
297 ptr = pathbuf;
298
299 while (ptr && *ptr) {
300 end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
301 if (end != NULL) {
302 *end = '\0';
303 end++;
304 }
305
306 if (php_check_specific_open_basedir(ptr, path) == 0) {
307 efree(pathbuf);
308 return 0;
309 }
310
311 ptr = end;
312 }
313 if (warn) {
314 php_error_docref(NULL, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir));
315 }
316 efree(pathbuf);
317 errno = EPERM; /* we deny permission to open it */
318 return -1;
319 }
320
321 /* Nothing to check... */
322 return 0;
323 }
324 /* }}} */
325
326 /* {{{ php_fopen_and_set_opened_path */
327 static FILE *php_fopen_and_set_opened_path(const char *path, const char *mode, zend_string **opened_path)
328 {
329 FILE *fp;
330
331 if (php_check_open_basedir((char *)path)) {
332 return NULL;
333 }
334 fp = VCWD_FOPEN(path, mode);
335 if (fp && opened_path) {
336 //TODO :avoid reallocation
337 char *tmp = expand_filepath_with_mode(path, NULL, NULL, 0, CWD_EXPAND);
338 if (tmp) {
339 *opened_path = zend_string_init(tmp, strlen(tmp), 0);
340 efree(tmp);
341 }
342 }
343 return fp;
344 }
345 /* }}} */
346
347 /* {{{ php_fopen_primary_script */
348 PHPAPI int php_fopen_primary_script(zend_file_handle *file_handle)
349 {
350 char *path_info;
351 zend_string *filename = NULL;
352 zend_string *resolved_path = NULL;
353 size_t length;
354 bool orig_display_errors;
355
356 memset(file_handle, 0, sizeof(zend_file_handle));
357
358 path_info = SG(request_info).request_uri;
359 #if HAVE_PWD_H
360 if (PG(user_dir) && *PG(user_dir) && path_info && '/' == path_info[0] && '~' == path_info[1]) {
361 char *s = strchr(path_info + 2, '/');
362
363 if (s) { /* if there is no path name after the file, do not bother */
364 char user[32]; /* to try open the directory */
365 struct passwd *pw;
366 #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
367 struct passwd pwstruc;
368 long pwbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
369 char *pwbuf;
370
371 if (pwbuflen < 1) {
372 return FAILURE;
373 }
374
375 pwbuf = emalloc(pwbuflen);
376 #endif
377 length = s - (path_info + 2);
378 if (length > sizeof(user) - 1) {
379 length = sizeof(user) - 1;
380 }
381 memcpy(user, path_info + 2, length);
382 user[length] = '\0';
383 #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
384 if (getpwnam_r(user, &pwstruc, pwbuf, pwbuflen, &pw)) {
385 efree(pwbuf);
386 return FAILURE;
387 }
388 #else
389 pw = getpwnam(user);
390 #endif
391 if (pw && pw->pw_dir) {
392 filename = zend_strpprintf(0, "%s%c%s%c%s", pw->pw_dir, PHP_DIR_SEPARATOR, PG(user_dir), PHP_DIR_SEPARATOR, s + 1); /* Safe */
393 } else if (SG(request_info).path_translated) {
394 filename = zend_string_init(SG(request_info).path_translated,
395 strlen(SG(request_info).path_translated), 0);
396 }
397 #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX)
398 efree(pwbuf);
399 #endif
400 }
401 } else
402 #endif
403 if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
404 IS_ABSOLUTE_PATH(PG(doc_root), length)) {
405 size_t path_len = strlen(path_info);
406 filename = zend_string_alloc(length + path_len + 2, 0);
407 memcpy(ZSTR_VAL(filename), PG(doc_root), length);
408 if (!IS_SLASH(ZSTR_VAL(filename)[length - 1])) { /* length is never 0 */
409 ZSTR_VAL(filename)[length++] = PHP_DIR_SEPARATOR;
410 }
411 if (IS_SLASH(path_info[0])) {
412 length--;
413 }
414 strncpy(ZSTR_VAL(filename) + length, path_info, path_len + 1);
415 ZSTR_LEN(filename) = length + path_len;
416 } else if (SG(request_info).path_translated) {
417 filename = zend_string_init(SG(request_info).path_translated,
418 strlen(SG(request_info).path_translated), 0);
419 }
420
421
422 if (filename) {
423 resolved_path = zend_resolve_path(filename);
424 }
425
426 if (!resolved_path) {
427 if (filename) {
428 zend_string_release(filename);
429 }
430 /* we have to free SG(request_info).path_translated here because
431 * php_destroy_request_info assumes that it will get
432 * freed when the include_names hash is emptied, but
433 * we're not adding it in this case */
434 if (SG(request_info).path_translated) {
435 efree(SG(request_info).path_translated);
436 SG(request_info).path_translated = NULL;
437 }
438 return FAILURE;
439 }
440 zend_string_release_ex(resolved_path, 0);
441
442 orig_display_errors = PG(display_errors);
443 PG(display_errors) = 0;
444 zend_stream_init_filename_ex(file_handle, filename);
445 file_handle->primary_script = 1;
446 if (filename) {
447 zend_string_delref(filename);
448 }
449 if (zend_stream_open(file_handle) == FAILURE) {
450 PG(display_errors) = orig_display_errors;
451 if (SG(request_info).path_translated) {
452 efree(SG(request_info).path_translated);
453 SG(request_info).path_translated = NULL;
454 }
455 return FAILURE;
456 }
457 PG(display_errors) = orig_display_errors;
458
459 return SUCCESS;
460 }
461 /* }}} */
462
463 static zend_string *tsrm_realpath_str(const char *path) {
464 char *realpath = tsrm_realpath(path, NULL);
465 if (!realpath) {
466 return NULL;
467 }
468 zend_string *realpath_str = zend_string_init(realpath, strlen(realpath), 0);
469 efree(realpath);
470 return realpath_str;
471 }
472
473 /* {{{ php_resolve_path
474 * Returns the realpath for given filename according to include path
475 */
476 PHPAPI zend_string *php_resolve_path(const char *filename, size_t filename_length, const char *path)
477 {
478 zend_string *resolved_path;
479 char trypath[MAXPATHLEN];
480 const char *ptr, *end, *p;
481 const char *actual_path;
482 php_stream_wrapper *wrapper;
483 zend_string *exec_filename;
484
485 if (!filename || CHECK_NULL_PATH(filename, filename_length)) {
486 return NULL;
487 }
488
489 /* Don't resolve paths which contain protocol (except of file://) */
490 for (p = filename; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
491 if ((*p == ':') && (p - filename > 1) && (p[1] == '/') && (p[2] == '/')) {
492 wrapper = php_stream_locate_url_wrapper(filename, &actual_path, STREAM_OPEN_FOR_INCLUDE);
493 if (wrapper == &php_plain_files_wrapper) {
494 if ((resolved_path = tsrm_realpath_str(actual_path))) {
495 return resolved_path;
496 }
497 }
498 return NULL;
499 }
500
501 if ((*filename == '.' &&
502 (IS_SLASH(filename[1]) ||
503 ((filename[1] == '.') && IS_SLASH(filename[2])))) ||
504 IS_ABSOLUTE_PATH(filename, filename_length) ||
505 #ifdef PHP_WIN32
506 /* This should count as an absolute local path as well, however
507 IS_ABSOLUTE_PATH doesn't care about this path form till now. It
508 might be a big thing to extend, thus just a local handling for
509 now. */
510 filename_length >=2 && IS_SLASH(filename[0]) && !IS_SLASH(filename[1]) ||
511 #endif
512 !path ||
513 !*path) {
514 return tsrm_realpath_str(filename);
515 }
516
517 ptr = path;
518 while (ptr && *ptr) {
519 /* Check for stream wrapper */
520 int is_stream_wrapper = 0;
521
522 for (p = ptr; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
523 if ((*p == ':') && (p - ptr > 1) && (p[1] == '/') && (p[2] == '/')) {
524 /* .:// or ..:// is not a stream wrapper */
525 if (p[-1] != '.' || p[-2] != '.' || p - 2 != ptr) {
526 p += 3;
527 is_stream_wrapper = 1;
528 }
529 }
530 end = strchr(p, DEFAULT_DIR_SEPARATOR);
531 if (end) {
532 if (filename_length > (MAXPATHLEN - 2) || (end-ptr) > MAXPATHLEN || (end-ptr) + 1 + filename_length + 1 >= MAXPATHLEN) {
533 ptr = end + 1;
534 continue;
535 }
536 memcpy(trypath, ptr, end-ptr);
537 trypath[end-ptr] = '/';
538 memcpy(trypath+(end-ptr)+1, filename, filename_length+1);
539 ptr = end+1;
540 } else {
541 size_t len = strlen(ptr);
542
543 if (filename_length > (MAXPATHLEN - 2) || len > MAXPATHLEN || len + 1 + filename_length + 1 >= MAXPATHLEN) {
544 break;
545 }
546 memcpy(trypath, ptr, len);
547 trypath[len] = '/';
548 memcpy(trypath+len+1, filename, filename_length+1);
549 ptr = NULL;
550 }
551 actual_path = trypath;
552 if (is_stream_wrapper) {
553 wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
554 if (!wrapper) {
555 continue;
556 } else if (wrapper != &php_plain_files_wrapper) {
557 if (wrapper->wops->url_stat) {
558 php_stream_statbuf ssb;
559
560 if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL)) {
561 return zend_string_init(trypath, strlen(trypath), 0);
562 }
563 if (EG(exception)) {
564 return NULL;
565 }
566 }
567 continue;
568 }
569 }
570 if ((resolved_path = tsrm_realpath_str(actual_path))) {
571 return resolved_path;
572 }
573 } /* end provided path */
574
575 /* check in calling scripts' current working directory as a fall back case
576 */
577 if (zend_is_executing() &&
578 (exec_filename = zend_get_executed_filename_ex()) != NULL) {
579 const char *exec_fname = ZSTR_VAL(exec_filename);
580 size_t exec_fname_length = ZSTR_LEN(exec_filename);
581
582 while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
583 if (exec_fname_length > 0 &&
584 filename_length < (MAXPATHLEN - 2) &&
585 exec_fname_length + 1 + filename_length + 1 < MAXPATHLEN) {
586 memcpy(trypath, exec_fname, exec_fname_length + 1);
587 memcpy(trypath+exec_fname_length + 1, filename, filename_length+1);
588 actual_path = trypath;
589
590 /* Check for stream wrapper */
591 for (p = trypath; isalnum((int)*p) || *p == '+' || *p == '-' || *p == '.'; p++);
592 if ((*p == ':') && (p - trypath > 1) && (p[1] == '/') && (p[2] == '/')) {
593 wrapper = php_stream_locate_url_wrapper(trypath, &actual_path, STREAM_OPEN_FOR_INCLUDE);
594 if (!wrapper) {
595 return NULL;
596 } else if (wrapper != &php_plain_files_wrapper) {
597 if (wrapper->wops->url_stat) {
598 php_stream_statbuf ssb;
599
600 if (SUCCESS == wrapper->wops->url_stat(wrapper, trypath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL)) {
601 return zend_string_init(trypath, strlen(trypath), 0);
602 }
603 if (EG(exception)) {
604 return NULL;
605 }
606 }
607 return NULL;
608 }
609 }
610
611 return tsrm_realpath_str(actual_path);
612 }
613 }
614
615 return NULL;
616 }
617 /* }}} */
618
619 /* {{{ php_fopen_with_path
620 * Tries to open a file with a PATH-style list of directories.
621 * If the filename starts with "." or "/", the path is ignored.
622 */
623 PHPAPI FILE *php_fopen_with_path(const char *filename, const char *mode, const char *path, zend_string **opened_path)
624 {
625 char *pathbuf, *ptr, *end;
626 char trypath[MAXPATHLEN];
627 FILE *fp;
628 size_t filename_length;
629 zend_string *exec_filename;
630
631 if (opened_path) {
632 *opened_path = NULL;
633 }
634
635 if (!filename) {
636 return NULL;
637 }
638
639 filename_length = strlen(filename);
640 #ifndef PHP_WIN32
641 (void) filename_length;
642 #endif
643
644 /* Relative path open */
645 if ((*filename == '.')
646 /* Absolute path open */
647 || IS_ABSOLUTE_PATH(filename, filename_length)
648 || (!path || !*path)
649 ) {
650 return php_fopen_and_set_opened_path(filename, mode, opened_path);
651 }
652
653 /* check in provided path */
654 /* append the calling scripts' current working directory
655 * as a fall back case
656 */
657 if (zend_is_executing() &&
658 (exec_filename = zend_get_executed_filename_ex()) != NULL) {
659 const char *exec_fname = ZSTR_VAL(exec_filename);
660 size_t exec_fname_length = ZSTR_LEN(exec_filename);
661
662 while ((--exec_fname_length < SIZE_MAX) && !IS_SLASH(exec_fname[exec_fname_length]));
663 if ((exec_fname && exec_fname[0] == '[') || exec_fname_length <= 0) {
664 /* [no active file] or no path */
665 pathbuf = estrdup(path);
666 } else {
667 size_t path_length = strlen(path);
668
669 pathbuf = (char *) emalloc(exec_fname_length + path_length + 1 + 1);
670 memcpy(pathbuf, path, path_length);
671 pathbuf[path_length] = DEFAULT_DIR_SEPARATOR;
672 memcpy(pathbuf + path_length + 1, exec_fname, exec_fname_length);
673 pathbuf[path_length + exec_fname_length + 1] = '\0';
674 }
675 } else {
676 pathbuf = estrdup(path);
677 }
678
679 ptr = pathbuf;
680
681 while (ptr && *ptr) {
682 end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
683 if (end != NULL) {
684 *end = '\0';
685 end++;
686 }
687 if (snprintf(trypath, MAXPATHLEN, "%s/%s", ptr, filename) >= MAXPATHLEN) {
688 php_error_docref(NULL, E_NOTICE, "%s/%s path was truncated to %d", ptr, filename, MAXPATHLEN);
689 }
690 fp = php_fopen_and_set_opened_path(trypath, mode, opened_path);
691 if (fp) {
692 efree(pathbuf);
693 return fp;
694 }
695 ptr = end;
696 } /* end provided path */
697
698 efree(pathbuf);
699 return NULL;
700 }
701 /* }}} */
702
703 /* {{{ php_strip_url_passwd */
704 PHPAPI char *php_strip_url_passwd(char *url)
705 {
706 char *p, *url_start;
707
708 if (url == NULL) {
709 return "";
710 }
711
712 p = url;
713
714 while (*p) {
715 if (*p == ':' && *(p + 1) == '/' && *(p + 2) == '/') {
716 /* found protocol */
717 url_start = p = p + 3;
718
719 while (*p) {
720 if (*p == '@') {
721 int i;
722
723 for (i = 0; i < 3 && url_start < p; i++, url_start++) {
724 *url_start = '.';
725 }
726 for (; *p; p++) {
727 *url_start++ = *p;
728 }
729 *url_start=0;
730 break;
731 }
732 p++;
733 }
734 return url;
735 }
736 p++;
737 }
738 return url;
739 }
740 /* }}} */
741
742 /* {{{ expand_filepath */
743 PHPAPI char *expand_filepath(const char *filepath, char *real_path)
744 {
745 return expand_filepath_ex(filepath, real_path, NULL, 0);
746 }
747 /* }}} */
748
749 /* {{{ expand_filepath_ex */
750 PHPAPI char *expand_filepath_ex(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len)
751 {
752 return expand_filepath_with_mode(filepath, real_path, relative_to, relative_to_len, CWD_FILEPATH);
753 }
754 /* }}} */
755
756 /* {{{ expand_filepath_use_realpath */
757 PHPAPI char *expand_filepath_with_mode(const char *filepath, char *real_path, const char *relative_to, size_t relative_to_len, int realpath_mode)
758 {
759 cwd_state new_state;
760 char cwd[MAXPATHLEN];
761 size_t copy_len;
762 size_t path_len;
763
764 if (!filepath[0]) {
765 return NULL;
766 }
767
768 path_len = strlen(filepath);
769
770 if (IS_ABSOLUTE_PATH(filepath, path_len)) {
771 cwd[0] = '\0';
772 } else {
773 const char *iam = SG(request_info).path_translated;
774 const char *result;
775 if (relative_to) {
776 if (relative_to_len > MAXPATHLEN-1U) {
777 return NULL;
778 }
779 result = relative_to;
780 memcpy(cwd, relative_to, relative_to_len+1U);
781 } else {
782 result = VCWD_GETCWD(cwd, MAXPATHLEN);
783 }
784
785 if (!result && (iam != filepath)) {
786 int fdtest = -1;
787
788 fdtest = VCWD_OPEN(filepath, O_RDONLY);
789 if (fdtest != -1) {
790 /* return a relative file path if for any reason
791 * we cannot cannot getcwd() and the requested,
792 * relatively referenced file is accessible */
793 copy_len = path_len > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : path_len;
794 if (real_path) {
795 memcpy(real_path, filepath, copy_len);
796 real_path[copy_len] = '\0';
797 } else {
798 real_path = estrndup(filepath, copy_len);
799 }
800 close(fdtest);
801 return real_path;
802 } else {
803 cwd[0] = '\0';
804 }
805 } else if (!result) {
806 cwd[0] = '\0';
807 }
808 }
809
810 new_state.cwd = estrdup(cwd);
811 new_state.cwd_length = strlen(cwd);
812
813 if (virtual_file_ex(&new_state, filepath, NULL, realpath_mode)) {
814 efree(new_state.cwd);
815 return NULL;
816 }
817
818 if (real_path) {
819 copy_len = new_state.cwd_length > MAXPATHLEN - 1 ? MAXPATHLEN - 1 : new_state.cwd_length;
820 memcpy(real_path, new_state.cwd, copy_len);
821 real_path[copy_len] = '\0';
822 } else {
823 real_path = estrndup(new_state.cwd, new_state.cwd_length);
824 }
825 efree(new_state.cwd);
826
827 return real_path;
828 }
829 /* }}} */
830
