handle invalid paths passed to us from iis

author: Shane Caraveo <shane@php.net> 2003-03-27 17:52:33 +0000
committer: Shane Caraveo <shane@php.net> 2003-03-27 17:52:33 +0000
commit: e949850881e5f2f4897c3fd4dfe0f161fc9e0adb (patch)
tree: f10ba58f4dd7c3f0ea24b963f857e465f9fabd8d /sapi/isapi/php4isapi.c
parent: 86569cb1542ca6ab7e6dc50613688a47fae5de4f (diff)
download: php-git-e949850881e5f2f4897c3fd4dfe0f161fc9e0adb.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/sapi/isapi/php4isapi.c b/sapi/isapi/php4isapi.c
index 4851a8165b..0a254d4b5e 100644
--- a/sapi/isapi/php4isapi.c
+++ b/sapi/isapi/php4isapi.c
@@ -818,13 +818,21 @@ DWORD WINAPI HttpExtensionProc(LPEXTENSION_CONTROL_BLOCK lpECB)
 #endif
 			file_handle.type = ZEND_HANDLE_FILENAME;
 			file_handle.opened_path = NULL;
+			/* some server configurations allow '..' to slip through in the
+			   translated path.   We'll just refuse to handle such a path. */
+			if (strstr(SG(request_info).path_translated,"..")) {
+				SG(sapi_headers).http_response_code = 404;
+				efree(SG(request_info).path_translated);
+				SG(request_info).path_translated = NULL;
+			}
 
 
 			php_execute_script(&file_handle TSRMLS_CC);
 			if (SG(request_info).cookie_data) {
 				efree(SG(request_info).cookie_data);
 			}
-			efree(SG(request_info).path_translated);
+			if (SG(request_info).path_translated)
+				efree(SG(request_info).path_translated);
 #ifdef PHP_ENABLE_SEH
 		} __except(exceptionhandler(&e, GetExceptionInformation())) {
 			char buf[1024];
author	Shane Caraveo <shane@php.net>	2003-03-27 17:52:33 +0000
committer	Shane Caraveo <shane@php.net>	2003-03-27 17:52:33 +0000
commit	e949850881e5f2f4897c3fd4dfe0f161fc9e0adb (patch)
tree	f10ba58f4dd7c3f0ea24b963f857e465f9fabd8d /sapi/isapi/php4isapi.c
parent	86569cb1542ca6ab7e6dc50613688a47fae5de4f (diff)
download	php-git-e949850881e5f2f4897c3fd4dfe0f161fc9e0adb.tar.gz