Sorry about the forwarding... had a little hiccup with my mail server...
----- Original Message -----
From: "Wez Furlong" <[EMAIL PROTECTED]>
To: "Rob Richards" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, September 30, 2003 7:10 PM
Subject: Re: [PHP-DEV] filepaths, uris, safemode, etc..
> Hi Rob,
>
> The streams code, and also sqlite does this when checking for safemode for
> local files:
>
> if (PG(safe_mode) && (!php_checkuid(path, NULL,
> CHECKUID_CHECK_FILE_AND_DIR))) {
> return SQLITE_DENY;
> }
> if (php_check_open_basedir(path TSRMLS_CC)) {
> return SQLITE_DENY;
> }
>
> You'll probably want to check if the path is a URI or local path first;
the
> streams code checks for :// to make this decision.
>
> If you're planning to tie streams into libxml, feel free to reuse the code
I
> added to pecl/soap:
> http://cvs.php.net/diff.php/pecl/soap/php_xml.c?r1=1.5&r2=1.6&ty=u
> http://cvs.php.net/diff.php/pecl/soap/soap.c?r1=1.15&r2=1.16&ty=u
>
> --Wez.
>
>
> ----- Original Message -----
> From: "Rob Richards" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, September 30, 2003 12:52 PM
> Subject: [PHP-DEV] filepaths, uris, safemode, etc..
>
>
> Within the dom extension, I am trying to resolve an issue with uris and
> local filepaths which are passed to libxml.
> When I get the filepath, I need to resolve any local filepaths to an
> absoulte path. On top of this the safemode checks need to be done before
> passing any of these to libxml.
>
> So far I started with taking the user supplied source string and running
> that through the safemode checks.
> If this passes, then the source is tested as follows:
>
> If uri, then it is passed to libxml, otherwise it gets passed through
> expand_filepath and the resolved path is passed to libxml.
>
> It has been noted that file uris should not be passed in directly, but go
> through the same path resolutions as local files and that the following
> block of code be used instead of just using expand_filepath on all non uri
> and file uri source strings:
> #ifdef VIRTUAL_DIR
> virtual_filepath_ex(source, &resolved_path, NULL TSRMLS_CC);
> #else
> resolved_path = source;
> #endif
>
> My problem is that if VIRTUAL_DIR is not defined, then the resolved path
> ends up being the origional source supplied, which means that relative
paths
> are not resolved. Also, should the path resolutions be done before the
> safemode checks?
>
> On top of this I am looking at allowing additional registered streams to
be
> used, so not sure if that would change any of this.
>
> What is the correct way to implement this?
>
> Thanks,
>
> Rob
>
>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
