diff --git a/NEWS b/NEWS index e26c9eca2fd..b19b09c2144 100644 --- a/NEWS +++ b/NEWS @@ -78,6 +78,9 @@ PHP NEWS . Mark Phar::buildFromIterator() base directory argument as a path. (ndossche) +- Posix: + . Added validity check to the flags argument for posix_access(). (arshidkv12) + - Reflection: . Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks). (alexandre-daubois) diff --git a/ext/posix/posix.c b/ext/posix/posix.c index b7acf8c7512..76e14f6ecb0 100644 --- a/ext/posix/posix.c +++ b/ext/posix/posix.c @@ -744,6 +744,15 @@ PHP_FUNCTION(posix_access) RETURN_FALSE; } + if (mode < 0 || (mode & ~(F_OK | R_OK | W_OK | X_OK))) { + zend_argument_value_error( + 2, + "must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK" + ); + efree(path); + RETURN_THROWS(); + } + ret = access(path, mode); efree(path); diff --git a/ext/posix/tests/posix_access_flags.phpt b/ext/posix/tests/posix_access_flags.phpt new file mode 100644 index 00000000000..0989e2a2bc6 --- /dev/null +++ b/ext/posix/tests/posix_access_flags.phpt @@ -0,0 +1,54 @@ +--TEST-- +posix_access() flag (mode) validation +--SKIPIF-- + +--FILE-- +getMessage(), "\n"; +} + +try { + posix_access($testfile, 01000); // S_ISVTX bit (sticky) +} catch (ValueError $e) { + echo $e->getMessage(), "\n"; +} + +try { + posix_access($testfile, 02000); // S_ISGID bit +} catch (ValueError $e) { + echo $e->getMessage(), "\n"; +} + +if (posix_access($testfile, POSIX_R_OK | POSIX_W_OK)) { + echo "Read/write access OK\n"; +} + +if (posix_access($testfile, POSIX_F_OK)) { + echo "File exists OK\n"; +} + +?> +--CLEAN-- + +--EXPECTF-- +posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +posix_access(): Argument #2 ($flags) must be a bitmask of POSIX_F_OK, POSIX_R_OK, POSIX_W_OK, and POSIX_X_OK +Read/write access OK +File exists OK