|
1 From |
|
2 http://git.php.net/?p=php-src.git;a=commitdiff;h=cc4c318b0c71e1a9c9cf803b5ee5d437344d64db |
|
3 Check if soap.wsdl_cache_dir confirms to open_basedir |
|
4 |
|
5 --- php-5.2.17/ext/soap/soap.c_orig 2010-06-09 08:48:22.000000000 -0700 |
|
6 +++ php-5.2.17/ext/soap/soap.c 2013-06-05 14:11:41.182400088 -0700 |
|
7 @@ -416,10 +416,44 @@ |
|
8 return SUCCESS; |
|
9 } |
|
10 |
|
11 +static PHP_INI_MH(OnUpdateCacheDir) |
|
12 +{ |
|
13 + /* Only do the safemode/open_basedir check at runtime */ |
|
14 + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { |
|
15 + char *p; |
|
16 + |
|
17 + if (memchr(new_value, '\0', new_value_length) != NULL) { |
|
18 + return FAILURE; |
|
19 + } |
|
20 + |
|
21 + /* we do not use zend_memrchr() since path can contain ; itself */ |
|
22 + if ((p = strchr(new_value, ';'))) { |
|
23 + char *p2; |
|
24 + p++; |
|
25 + if ((p2 = strchr(p, ';'))) { |
|
26 + p = p2 + 1; |
|
27 + } |
|
28 + } else { |
|
29 + p = new_value; |
|
30 + } |
|
31 + |
|
32 + if (PG(safe_mode) && *p && (!php_checkuid(p, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { |
|
33 + return FAILURE; |
|
34 + } |
|
35 + |
|
36 + if (PG(open_basedir) && *p && php_check_open_basedir(p TSRMLS_CC)) { |
|
37 + return FAILURE; |
|
38 + } |
|
39 + } |
|
40 + |
|
41 + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); |
|
42 + return SUCCESS; |
|
43 +} |
|
44 + |
|
45 PHP_INI_BEGIN() |
|
46 STD_PHP_INI_ENTRY("soap.wsdl_cache_enabled", "1", PHP_INI_ALL, OnUpdateCacheEnabled, |
|
47 cache_enabled, zend_soap_globals, soap_globals) |
|
48 -STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateString, |
|
49 +STD_PHP_INI_ENTRY("soap.wsdl_cache_dir", "/tmp", PHP_INI_ALL, OnUpdateCacheDir, |
|
50 cache_dir, zend_soap_globals, soap_globals) |
|
51 STD_PHP_INI_ENTRY("soap.wsdl_cache_ttl", "86400", PHP_INI_ALL, OnUpdateLong, |
|
52 cache_ttl, zend_soap_globals, soap_globals) |
|
53 |
|
54 |
|
55 From |
|
56 http://git.php.net/?p=php-src.git;a=commitdiff;h=8e76d0404b7f664ee6719fd98f0483f0ac4669d6 |
|
57 Fixed external entity loading |
|
58 http://git.php.net/?p=php-src.git;a=commitdiff;h=fcd4b5335a6df4e0676ee32e2267ca71d70fe623 |
|
59 Fix TSRM (after afc1debb) |
|
60 |
|
61 --- php-5.2.17/ext/libxml/libxml.c_orig 2010-01-03 01:23:27.000000000 -0800 |
|
62 +++ php-5.2.17/ext/libxml/libxml.c 2013-06-05 14:18:21.153940829 -0700 |
|
63 @@ -267,6 +267,7 @@ |
|
64 libxml_globals->stream_context = NULL; |
|
65 libxml_globals->error_buffer.c = NULL; |
|
66 libxml_globals->error_list = NULL; |
|
67 + libxml_globals->entity_loader_disabled = 0; |
|
68 } |
|
69 |
|
70 /* Channel libxml file io layer through the PHP streams subsystem. |
|
71 @@ -356,16 +357,15 @@ |
|
72 } |
|
73 |
|
74 static xmlParserInputBufferPtr |
|
75 -php_libxml_input_buffer_noload(const char *URI, xmlCharEncoding enc) |
|
76 -{ |
|
77 - return NULL; |
|
78 -} |
|
79 - |
|
80 -static xmlParserInputBufferPtr |
|
81 php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) |
|
82 { |
|
83 xmlParserInputBufferPtr ret; |
|
84 void *context = NULL; |
|
85 + TSRMLS_FETCH(); |
|
86 + |
|
87 + if (LIBXML(entity_loader_disabled)) { |
|
88 + return NULL; |
|
89 + } |
|
90 |
|
91 if (URI == NULL) |
|
92 return(NULL); |
|
93 @@ -839,28 +839,25 @@ |
|
94 } |
|
95 /* }}} */ |
|
96 |
|
97 +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC) |
|
98 +{ |
|
99 + zend_bool old = LIBXML(entity_loader_disabled); |
|
100 + |
|
101 + LIBXML(entity_loader_disabled) = disable; |
|
102 + return old; |
|
103 +} |
|
104 + |
|
105 /* {{{ proto bool libxml_disable_entity_loader([boolean disable]) |
|
106 Disable/Enable ability to load external entities */ |
|
107 static PHP_FUNCTION(libxml_disable_entity_loader) |
|
108 { |
|
109 zend_bool disable = 1; |
|
110 - xmlParserInputBufferCreateFilenameFunc old; |
|
111 |
|
112 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &disable) == FAILURE) { |
|
113 return; |
|
114 } |
|
115 |
|
116 - if (disable == 0) { |
|
117 - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); |
|
118 - } else { |
|
119 - old = xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_noload); |
|
120 - } |
|
121 - |
|
122 - if (old == php_libxml_input_buffer_noload) { |
|
123 - RETURN_TRUE; |
|
124 - } |
|
125 - |
|
126 - RETURN_FALSE; |
|
127 + RETURN_BOOL(php_libxml_disable_entity_loader(disable TSRMLS_CC)); |
|
128 } |
|
129 /* }}} */ |
|
130 |
|
131 --- php-5.2.17/ext/libxml/php_libxml.h_orig 2010-01-03 01:23:27.000000000 -0800 |
|
132 +++ php-5.2.17/ext/libxml/php_libxml.h 2013-06-05 14:20:23.311490825 -0700 |
|
133 @@ -41,6 +41,7 @@ |
|
134 zval *stream_context; |
|
135 smart_str error_buffer; |
|
136 zend_llist *error_list; |
|
137 + zend_bool entity_loader_disabled; |
|
138 ZEND_END_MODULE_GLOBALS(libxml) |
|
139 |
|
140 typedef struct _libxml_doc_props { |
|
141 @@ -91,6 +92,7 @@ |
|
142 PHP_LIBXML_API int php_libxml_xmlCheckUTF8(const unsigned char *s); |
|
143 PHP_LIBXML_API zval *php_libxml_switch_context(zval *context TSRMLS_DC); |
|
144 PHP_LIBXML_API void php_libxml_issue_error(int level, const char *msg TSRMLS_DC); |
|
145 +PHP_LIBXML_API zend_bool php_libxml_disable_entity_loader(zend_bool disable TSRMLS_DC); |
|
146 |
|
147 /* Init/shutdown functions*/ |
|
148 PHP_LIBXML_API void php_libxml_initialize(void); |
|
149 --- php-5.2.17/ext/soap/php_xml.c_orig 2010-01-03 01:23:27.000000000 -0800 |
|
150 +++ php-5.2.17/ext/soap/php_xml.c 2013-06-05 14:28:21.292038266 -0700 |
|
151 @@ -20,6 +20,7 @@ |
|
152 /* $Id: php_xml.c 293036 2010-01-03 09:23:27Z sebastian $ */ |
|
153 |
|
154 #include "php_soap.h" |
|
155 +#include "ext/libxml/php_libxml.h" |
|
156 #include "libxml/parser.h" |
|
157 #include "libxml/parserInternals.h" |
|
158 |
|
159 @@ -91,13 +92,17 @@ |
|
160 ctxt = xmlCreateFileParserCtxt(filename); |
|
161 PG(allow_url_fopen) = old_allow_url_fopen; |
|
162 if (ctxt) { |
|
163 + zend_bool old; |
|
164 + |
|
165 ctxt->keepBlanks = 0; |
|
166 ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; |
|
167 ctxt->sax->comment = soap_Comment; |
|
168 ctxt->sax->warning = NULL; |
|
169 ctxt->sax->error = NULL; |
|
170 /*ctxt->sax->fatalError = NULL;*/ |
|
171 + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); |
|
172 xmlParseDocument(ctxt); |
|
173 + php_libxml_disable_entity_loader(old TSRMLS_CC); |
|
174 if (ctxt->wellFormed) { |
|
175 ret = ctxt->myDoc; |
|
176 if (ret->URL == NULL && ctxt->directory != NULL) { |
|
177 @@ -128,11 +133,14 @@ |
|
178 xmlParserCtxtPtr ctxt = NULL; |
|
179 xmlDocPtr ret; |
|
180 |
|
181 + TSRMLS_FETCH(); |
|
182 /* |
|
183 xmlInitParser(); |
|
184 */ |
|
185 ctxt = xmlCreateMemoryParserCtxt(buf, buf_size); |
|
186 if (ctxt) { |
|
187 + zend_bool old; |
|
188 + |
|
189 ctxt->sax->ignorableWhitespace = soap_ignorableWhitespace; |
|
190 ctxt->sax->comment = soap_Comment; |
|
191 ctxt->sax->warning = NULL; |
|
192 @@ -141,7 +149,9 @@ |
|
193 #if LIBXML_VERSION >= 20703 |
|
194 ctxt->options |= XML_PARSE_HUGE; |
|
195 #endif |
|
196 + old = php_libxml_disable_entity_loader(1 TSRMLS_CC); |
|
197 xmlParseDocument(ctxt); |
|
198 + php_libxml_disable_entity_loader(old TSRMLS_CC); |
|
199 if (ctxt->wellFormed) { |
|
200 ret = ctxt->myDoc; |
|
201 if (ret->URL == NULL && ctxt->directory != NULL) { |