mirror of
https://github.com/php/php-src.git
synced 2026-04-20 22:41:20 +02:00
@@ -3579,7 +3579,7 @@ static void phar_add_file(phar_archive_data **pphar, char *filename, int filenam
|
||||
phar_entry_data *data;
|
||||
php_stream *contents_file;
|
||||
|
||||
if (filename_len >= sizeof(".phar")-1 && !memcmp(filename, ".phar", sizeof(".phar")-1)) {
|
||||
if (filename_len >= sizeof(".phar")-1 && !memcmp(filename, ".phar", sizeof(".phar")-1) && (filename[5] == '/' || filename[5] == '\\' || filename[5] == '\0')) {
|
||||
zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Cannot create any files in magic \".phar\" directory", (*pphar)->fname);
|
||||
return;
|
||||
}
|
||||
|
||||
58
ext/phar/tests/bug64931/bug64931.phpt
Normal file
58
ext/phar/tests/bug64931/bug64931.phpt
Normal file
@@ -0,0 +1,58 @@
|
||||
--TEST--
|
||||
Bug #64931 (phar_add_file is too restrictive on filename)
|
||||
--SKIPIF--
|
||||
<?php extension_loaded("phar") or die("skip need ext/phar support"); ?>
|
||||
--INI--
|
||||
phar.readonly=0
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
echo "Test\n";
|
||||
|
||||
@unlink(__DIR__."/bug64931.phar");
|
||||
$phar = new Phar(__DIR__."/bug64931.phar");
|
||||
$phar->addFile(__DIR__."/src/.pharignore", ".pharignore");
|
||||
try {
|
||||
$phar->addFile(__DIR__."/src/.pharignore", ".phar/gotcha");
|
||||
} catch (Exception $e) {
|
||||
echo "CAUGHT: ". $e->getMessage() ."\n";
|
||||
}
|
||||
|
||||
try {
|
||||
$phar->addFromString(".phar", "gotcha");
|
||||
} catch (Exception $e) {
|
||||
echo "CAUGHT: ". $e->getMessage() ."\n";
|
||||
}
|
||||
|
||||
try {
|
||||
$phar->addFromString(".phar//", "gotcha");
|
||||
} catch (Exception $e) {
|
||||
echo "CAUGHT: ". $e->getMessage() ."\n";
|
||||
}
|
||||
|
||||
try {
|
||||
$phar->addFromString(".phar\\", "gotcha");
|
||||
} catch (Exception $e) {
|
||||
echo "CAUGHT: ". $e->getMessage() ."\n";
|
||||
}
|
||||
|
||||
try {
|
||||
$phar->addFromString(".phar\0", "gotcha");
|
||||
} catch (Exception $e) {
|
||||
echo "CAUGHT: ". $e->getMessage() ."\n";
|
||||
}
|
||||
|
||||
?>
|
||||
===DONE===
|
||||
--CLEAN--
|
||||
<?php
|
||||
@unlink(__DIR__."/bug64931.phar");
|
||||
?>
|
||||
--EXPECT--
|
||||
Test
|
||||
CAUGHT: Cannot create any files in magic ".phar" directory
|
||||
CAUGHT: Cannot create any files in magic ".phar" directory
|
||||
CAUGHT: Cannot create any files in magic ".phar" directory
|
||||
CAUGHT: Cannot create any files in magic ".phar" directory
|
||||
CAUGHT: Cannot create any files in magic ".phar" directory
|
||||
===DONE===
|
||||
3
ext/phar/tests/bug64931/src/.pharignore
Normal file
3
ext/phar/tests/bug64931/src/.pharignore
Normal file
@@ -0,0 +1,3 @@
|
||||
# ignore file
|
||||
*.tmp
|
||||
*~
|
||||
Reference in New Issue
Block a user