From: Michael Wallner Date: Thu, 15 Dec 2005 21:49:15 +0000 (+0000) Subject: - complete open_basedir checks X-Git-Tag: RELEASE_0_21_0~68 X-Git-Url: https://git.m6w6.name/?a=commitdiff_plain;h=e577961fed4b5ae6a868adbeb420e0fec7aa8c6e;p=m6w6%2Fext-http - complete open_basedir checks --- diff --git a/KnownIssues.txt b/KnownIssues.txt index adfcfe3..4a84609 100644 --- a/KnownIssues.txt +++ b/KnownIssues.txt @@ -4,8 +4,6 @@ $Id$ HttpResponse class is only available for PHP >= 5.1 -Not all places where files are handled check for open_basedir and/or safe_mode. - If you keep getting "SSL connect error" when trying to issue requests on Windows, try another (newer) libeay32.dll/ssleay32.dll pair. diff --git a/http_request_api.c b/http_request_api.c index 34126d8..fd1a176 100644 --- a/http_request_api.c +++ b/http_request_api.c @@ -167,15 +167,25 @@ PHP_MSHUTDOWN_FUNCTION(http_request) } #define HTTP_CURL_OPT(OPTION, p) curl_easy_setopt(request->ch, CURLOPT_##OPTION, (p)) -#define HTTP_CURL_OPT_STRING(keyname) HTTP_CURL_OPT_STRING_EX(keyname, keyname) -#define HTTP_CURL_OPT_SSL_STRING(keyname) HTTP_CURL_OPT_STRING_EX(keyname, SSL##keyname) -#define HTTP_CURL_OPT_SSL_STRING_(keyname) HTTP_CURL_OPT_STRING_EX(keyname, SSL_##keyname) -#define HTTP_CURL_OPT_STRING_EX(keyname, optname) \ +#define HTTP_CURL_OPT_STRING(keyname, obdc) HTTP_CURL_OPT_STRING_EX(keyname, keyname, obdc) +#define HTTP_CURL_OPT_SSL_STRING(keyname, obdc) HTTP_CURL_OPT_STRING_EX(keyname, SSL##keyname, obdc) +#define HTTP_CURL_OPT_SSL_STRING_(keyname,obdc ) HTTP_CURL_OPT_STRING_EX(keyname, SSL_##keyname, obdc) +#define HTTP_CURL_OPT_STRING_EX(keyname, optname, obdc) \ if (!strcasecmp(key, #keyname)) { \ - convert_to_string(*param); \ - HTTP_CURL_OPT(optname, Z_STRVAL_PP(param)); \ + int ok = 1; \ + zval *orig = *param; \ + convert_to_string_ex(param); \ + if (obdc) { \ + HTTP_CHECK_OPEN_BASEDIR(Z_STRVAL_PP(param), ok = 0); \ + } \ key = NULL; \ - continue; \ + if (ok) { \ + HTTP_CURL_OPT(optname, Z_STRVAL_PP(param)); \ + if (orig != *param) zval_ptr_dtor(param); \ + continue; \ + } \ + if (orig != *param) zval_ptr_dtor(param); \ + return FAILURE; \ } #define HTTP_CURL_OPT_LONG(keyname) HTTP_OPT_SSL_LONG_EX(keyname, keyname) #define HTTP_CURL_OPT_SSL_LONG(keyname) HTTP_CURL_OPT_LONG_EX(keyname, SSL##keyname) @@ -526,6 +536,7 @@ PHP_HTTP_API STATUS _http_request_prepare(http_request *request, HashTable *opti /* cookiestore, read initial cookies from that file and store cookies back into that file */ if ((zoption = http_request_option(request, options, "cookiestore", IS_STRING)) && Z_STRLEN_P(zoption)) { + HTTP_CHECK_OPEN_BASEDIR(Z_STRVAL_P(zoption), return FAILURE); HTTP_CURL_OPT(COOKIEFILE, Z_STRVAL_P(zoption)); HTTP_CURL_OPT(COOKIEJAR, Z_STRVAL_P(zoption)); } @@ -574,25 +585,25 @@ PHP_HTTP_API STATUS _http_request_prepare(http_request *request, HashTable *opti FOREACH_KEYVAL(pos, zoption, key, idx, param) { if (key) { - HTTP_CURL_OPT_SSL_STRING(CERT); - HTTP_CURL_OPT_SSL_STRING(CERTTYPE); - HTTP_CURL_OPT_SSL_STRING(CERTPASSWD); + HTTP_CURL_OPT_SSL_STRING(CERT, 1); + HTTP_CURL_OPT_SSL_STRING(CERTTYPE, 0); + HTTP_CURL_OPT_SSL_STRING(CERTPASSWD, 0); - HTTP_CURL_OPT_SSL_STRING(KEY); - HTTP_CURL_OPT_SSL_STRING(KEYTYPE); - HTTP_CURL_OPT_SSL_STRING(KEYPASSWD); + HTTP_CURL_OPT_SSL_STRING(KEY, 0); + HTTP_CURL_OPT_SSL_STRING(KEYTYPE, 0); + HTTP_CURL_OPT_SSL_STRING(KEYPASSWD, 0); - HTTP_CURL_OPT_SSL_STRING(ENGINE); + HTTP_CURL_OPT_SSL_STRING(ENGINE, 0); HTTP_CURL_OPT_SSL_LONG(VERSION); HTTP_CURL_OPT_SSL_LONG_(VERIFYPEER); HTTP_CURL_OPT_SSL_LONG_(VERIFYHOST); - HTTP_CURL_OPT_SSL_STRING_(CIPHER_LIST); + HTTP_CURL_OPT_SSL_STRING_(CIPHER_LIST, 0); - HTTP_CURL_OPT_STRING(CAINFO); - HTTP_CURL_OPT_STRING(CAPATH); - HTTP_CURL_OPT_STRING(RANDOM_FILE); - HTTP_CURL_OPT_STRING(EGDSOCKET); + HTTP_CURL_OPT_STRING(CAINFO, 1); + HTTP_CURL_OPT_STRING(CAPATH, 1); + HTTP_CURL_OPT_STRING(RANDOM_FILE, 1); + HTTP_CURL_OPT_STRING(EGDSOCKET, 1); /* reset key */ key = NULL; @@ -700,7 +711,6 @@ PHP_HTTP_API void _http_request_info(http_request *request, HashTable *info) HTTP_CURL_INFO(CONTENT_LENGTH_DOWNLOAD); HTTP_CURL_INFO(CONTENT_LENGTH_UPLOAD); HTTP_CURL_INFO(CONTENT_TYPE); - /*HTTP_CURL_INFO(PRIVATE);*/ HTTP_CURL_INFO(HTTPAUTH_AVAIL); HTTP_CURL_INFO(PROXYAUTH_AVAIL); /*HTTP_CURL_INFO(OS_ERRNO);*/