mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-13 11:54:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

- MFP:

Browse Source 
- add overwrite mode to ZipArchive::open, always starts a new archive
 - Fix safe mode checks on extract
 - Fix possible leaks when a safe mode error has been raised
This commit is contained in:
Pierre Joye 2006-08-13 21:09:59 +00:00
parent 0587fb32ba
commit 8d07735332
4 changed files with 27 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ext/zip/lib/zip.h
View File

@ -53,6 +53,7 @@ extern "C" {
#define ZIP_CREATE 1 #define ZIP_CREATE 1
#define ZIP_EXCL 2 #define ZIP_EXCL 2
#define ZIP_CHECKCONS 4 #define ZIP_CHECKCONS 4
#define ZIP_OVERWRITE 8
/* flags for zip_name_locate, zip_fopen, zip_stat, ... */ /* flags for zip_name_locate, zip_fopen, zip_stat, ... */

19
ext/zip/lib/zip_open.c
View File

@ -74,9 +74,9 @@ zip_open(const char *fn, int flags, int *zep)
set_error(zep, NULL, ZIP_ER_INVAL); set_error(zep, NULL, ZIP_ER_INVAL);
return NULL; return NULL;
} }
if (stat(fn, &st) != 0) { if (flags & ZIP_OVERWRITE || stat(fn, &st) != 0) {
if (flags & ZIP_CREATE) { if ((flags & ZIP_CREATE) || (flags & ZIP_OVERWRITE)) {
if ((za=_zip_new(&error)) == NULL) { if ((za=_zip_new(&error)) == NULL) {
set_error(zep, &error, 0); set_error(zep, &error, 0);
return NULL; return NULL;
@ -99,14 +99,15 @@ zip_open(const char *fn, int flags, int *zep)
set_error(zep, NULL, ZIP_ER_EXISTS); set_error(zep, NULL, ZIP_ER_EXISTS);
return NULL; return NULL;
} }
/* ZIP_CREATE gets ignored if file exists and not ZIP_EXCL, /* ZIP_CREATE gets ignored if file exists and not ZIP_EXCL,
just like open() */ just like open() */
if ((fp=fopen(fn, "rb")) == NULL) {
if ((fp=fopen(fn, "rb")) == NULL) { set_error(zep, NULL, ZIP_ER_OPEN);
set_error(zep, NULL, ZIP_ER_OPEN); return NULL;
return NULL; }
}
clearerr(fp); clearerr(fp);
fseek(fp, 0, SEEK_END); fseek(fp, 0, SEEK_END);
len = ftell(fp); len = ftell(fp);

5
ext/zip/lib/zip_replace.c
View File

@ -66,11 +66,14 @@ _zip_replace(struct zip *za, int idx, const char *name,
return -1; return -1;
idx = za->nentry - 1; idx = za->nentry - 1;
} }
_zip_unchange_data(za->entry+idx); _zip_unchange_data(za->entry+idx);
if (name && _zip_set_name(za, idx, name) != 0) if (name && _zip_set_name(za, idx, name) != 0)
return -1; return -1;
za->entry[idx].state = ((za->cdir == NULL || idx >= za->cdir->nentry) za->entry[idx].state = ((za->cdir == NULL || idx >= za->cdir->nentry)
? ZIP_ST_ADDED : ZIP_ST_REPLACED); ? ZIP_ST_ADDED : ZIP_ST_REPLACED);
za->entry[idx].source = source; za->entry[idx].source = source;

14
ext/zip/php_zip.c
View File

@ -113,7 +113,11 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file TSRMLS_D
php_basename(file, file_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC); php_basename(file, file_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
SAFEMODE_CHECKFILE(file_dirname_fullpath); if (SAFEMODE_CHECKFILE(file_dirname_fullpath)) {
efree(file_dirname_fullpath);
efree(file_basename);
return 0;
}
/* let see if the path already exists */ /* let see if the path already exists */
if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) { if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
@ -143,7 +147,11 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file TSRMLS_D
* is required, does a file can have a different * is required, does a file can have a different
* safemode status as its parent folder? * safemode status as its parent folder?
*/ */
SAFEMODE_CHECKFILE(fullpath); if (SAFEMODE_CHECKFILE(fullpath)) {
efree(file_dirname_fullpath);
efree(file_basename);
return 0;
}
zf = zip_fopen(za, file, 0); zf = zip_fopen(za, file, 0);
if (zf == NULL) { if (zf == NULL) {
@ -1880,6 +1888,8 @@ PHP_MINIT_FUNCTION(zip)
REGISTER_ZIP_CLASS_CONST_LONG("CREATE", ZIP_CREATE); REGISTER_ZIP_CLASS_CONST_LONG("CREATE", ZIP_CREATE);
REGISTER_ZIP_CLASS_CONST_LONG("EXCL", ZIP_EXCL); REGISTER_ZIP_CLASS_CONST_LONG("EXCL", ZIP_EXCL);
REGISTER_ZIP_CLASS_CONST_LONG("CHECKCONS", ZIP_CHECKCONS); REGISTER_ZIP_CLASS_CONST_LONG("CHECKCONS", ZIP_CHECKCONS);
REGISTER_ZIP_CLASS_CONST_LONG("OVERWRITE", ZIP_OVERWRITE);
REGISTER_ZIP_CLASS_CONST_LONG("FL_NOCASE", ZIP_FL_NOCASE); REGISTER_ZIP_CLASS_CONST_LONG("FL_NOCASE", ZIP_FL_NOCASE);
REGISTER_ZIP_CLASS_CONST_LONG("FL_NODIR", ZIP_FL_NODIR); REGISTER_ZIP_CLASS_CONST_LONG("FL_NODIR", ZIP_FL_NODIR);
REGISTER_ZIP_CLASS_CONST_LONG("FL_COMPRESSED", ZIP_FL_COMPRESSED); REGISTER_ZIP_CLASS_CONST_LONG("FL_COMPRESSED", ZIP_FL_COMPRESSED);