hi again,
On Fri, Jan 23, 2009 at 08:23:59AM +0100, sean finney wrote:
it's unfortunate that there isn't a more surgical fix (301 insertions!),
but i'll take your word for it that it would be too complicated/dangerous
to try and modify virtual_file_ex() directly.
actually, i think i've found a slightly more graceful workaround :)

since virtual_file_ex is to fragile to be changed, here's a patch that
does the following as a workaround:

- take a temporary copy of the filename
- replace all instances of "^../", "/../", and "/..$" with "///".
- pass this mangled filename to virtual_file_ex for normalization

it seems virtual_file_ex can handle such a filename without problem, and
with proper formatting the current patch only inserts 22 lines to php_zip.c.
someone should probably double check this code for early-morning coding
errors though :)

what do you think?


Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 6 of 6 | next ›
Discussion Overview
groupphp-internals @
postedJan 21, '09 at 9:57p
activeJan 23, '09 at 8:06a

2 users in discussion

Sean finney: 4 posts Pierre Joye: 2 posts



site design / logo © 2022 Grokbase