Skip to content

Commit 355a566

Browse files
GirgiasGirgias
committed
ext/standard: Use zend_string in move_uploaded_file()
Also check that the initial path does not contain null bytes
1 parent 989c8ef commit 355a566

File tree

1 file changed

+11
-12
lines changed

1 file changed

+11
-12
lines changed

ext/standard/basic_functions.c

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2350,52 +2350,51 @@ PHP_FUNCTION(is_uploaded_file)
23502350
/* {{{ Move a file if and only if it was created by an upload */
23512351
PHP_FUNCTION(move_uploaded_file)
23522352
{
2353-
char *path, *new_path;
2354-
size_t path_len, new_path_len;
2353+
zend_string *path, *new_path;
23552354
bool successful = 0;
23562355

23572356
#ifndef PHP_WIN32
23582357
int oldmask; int ret;
23592358
#endif
23602359

23612360
ZEND_PARSE_PARAMETERS_START(2, 2)
2362-
Z_PARAM_STRING(path, path_len)
2363-
Z_PARAM_PATH(new_path, new_path_len)
2361+
Z_PARAM_PATH_STR(path)
2362+
Z_PARAM_PATH_STR(new_path)
23642363
ZEND_PARSE_PARAMETERS_END();
23652364

23662365
if (!SG(rfc1867_uploaded_files)) {
23672366
RETURN_FALSE;
23682367
}
23692368

2370-
if (!zend_hash_str_exists(SG(rfc1867_uploaded_files), path, path_len)) {
2369+
if (!zend_hash_exists(SG(rfc1867_uploaded_files), path)) {
23712370
RETURN_FALSE;
23722371
}
23732372

2374-
if (php_check_open_basedir(new_path)) {
2373+
if (php_check_open_basedir(ZSTR_VAL(new_path))) {
23752374
RETURN_FALSE;
23762375
}
23772376

2378-
if (VCWD_RENAME(path, new_path) == 0) {
2377+
if (VCWD_RENAME(ZSTR_VAL(path), ZSTR_VAL(new_path)) == 0) {
23792378
successful = 1;
23802379
#ifndef PHP_WIN32
23812380
oldmask = umask(077);
23822381
umask(oldmask);
23832382

2384-
ret = VCWD_CHMOD(new_path, 0666 & ~oldmask);
2383+
ret = VCWD_CHMOD(ZSTR_VAL(new_path), 0666 & ~oldmask);
23852384

23862385
if (ret == -1) {
23872386
php_error_docref(NULL, E_WARNING, "%s", strerror(errno));
23882387
}
23892388
#endif
2390-
} else if (php_copy_file_ex(path, new_path, STREAM_DISABLE_OPEN_BASEDIR) == SUCCESS) {
2391-
VCWD_UNLINK(path);
2389+
} else if (php_copy_file_ex(ZSTR_VAL(path), ZSTR_VAL(new_path), STREAM_DISABLE_OPEN_BASEDIR) == SUCCESS) {
2390+
VCWD_UNLINK(ZSTR_VAL(path));
23922391
successful = 1;
23932392
}
23942393

23952394
if (successful) {
2396-
zend_hash_str_del(SG(rfc1867_uploaded_files), path, path_len);
2395+
zend_hash_del(SG(rfc1867_uploaded_files), path);
23972396
} else {
2398-
php_error_docref(NULL, E_WARNING, "Unable to move \"%s\" to \"%s\"", path, new_path);
2397+
php_error_docref(NULL, E_WARNING, "Unable to move \"%s\" to \"%s\"", ZSTR_VAL(path), ZSTR_VAL(new_path));
23992398
}
24002399

24012400
RETURN_BOOL(successful);

0 commit comments

Comments
 (0)