[packages/cgiwrap.git] / cgiwrap-bs.patch

--- util.c.old	2009-06-04 11:05:41.000000000 +0200
+++ util.c	2009-06-05 13:23:17.000000000 +0200
@@ -22,6 +22,7 @@
  **  Purpose: Various utility routines used by cgiwrap
  **/ 
 
+#include <magic.h>
 #include "cgiwrap.h"	/* Headers for all CGIwrap source files */
 RCSID("$Id$");
 
@@ -246,7 +247,7 @@
 	int len = strlen(string);
 	int elen = strlen(ending);
 
-	if ( len >= elen && !strncmp(string + len - elen, ending, elen) )
+	if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) )
 	{
 		return 1;
 	}
@@ -257,6 +258,28 @@
 }
 
 /*
+ * Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009
+ */
+
+int FileMagicSaysItsPHP(char *file)
+{
+	magic_t magic_filed;
+	magic_filed = magic_open(MAGIC_ERROR);
+	magic_load(magic_filed , NULL);
+	if(magic_filed == NULL)
+		return 1;
+	const char *ftype = magic_file(magic_filed , file);
+	const char *stype = "PHP script text";
+	int len = strlen(stype);
+	int cmp = strncmp(ftype,stype,len);
+	DEBUG_Str("     FileMagicSysItsPHP ftype=", ftype );
+	DEBUG_Str("     FileMagicSysItsPHP stype=", stype );
+	DEBUG_Int("     FileMagicSysItsPHP strncmp=",  cmp);
+	magic_close(magic_filed);
+	return cmp==0?0:1;
+}
+
+/*
  * Check if a path is safe to use
  *   Return true if 'path' contains any whitespace or non-printables
  *   Return true if 'path' contains '../'
--- cgiwrap.c.old	2009-05-18 15:58:53.000000000 +0200
+++ cgiwrap.c	2009-06-05 13:18:20.000000000 +0200
@@ -199,7 +199,13 @@
 			StringEndsWith(scriptPath, ".php") ||
 			StringEndsWith(scriptPath, ".php3") ||
 			StringEndsWith(scriptPath, ".php4") ||
-			StringEndsWith(scriptPath, ".phtml") )
+			StringEndsWith(scriptPath, ".php5") ||
+			StringEndsWith(scriptPath, ".php6") ||
+			StringEndsWith(scriptPath, ".php7") ||
+			StringEndsWith(scriptPath, ".htm") ||
+			StringEndsWith(scriptPath, ".html") ||
+			StringEndsWith(scriptPath, ".phtml") ||
+			!FileMagicSaysItsPHP(scriptPath))
 		{
 			Context.interpreted_script = 1;
 			interPath = PATH_PROG_PHP;
Commit	Line	Data
09bd7811	1	--- util.c.old 2009-06-04 11:05:41.000000000 +0200
	2	+++ util.c 2009-06-05 13:23:17.000000000 +0200
	3	@@ -22,6 +22,7 @@
	4	** Purpose: Various utility routines used by cgiwrap
	5	**/
	6
	7	+#include <magic.h>
	8	#include "cgiwrap.h" /* Headers for all CGIwrap source files */
	9	RCSID("$Id$");
	10
	11	@@ -246,7 +247,7 @@
	12	int len = strlen(string);
	13	int elen = strlen(ending);
	14
	15	- if ( len >= elen && !strncmp(string + len - elen, ending, elen) )
	16	+ if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) )
	17	{
	18	return 1;
	19	}
	20	@@ -257,6 +258,28 @@
	21	}
	22
	23	/*
	24	+ * Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009
	25	+ */
	26	+
	27	+int FileMagicSaysItsPHP(char *file)
	28	+{
	29	+ magic_t magic_filed;
	30	+ magic_filed = magic_open(MAGIC_ERROR);
	31	+ magic_load(magic_filed , NULL);
	32	+ if(magic_filed == NULL)
	33	+ return 1;
	34	+ const char *ftype = magic_file(magic_filed , file);
	35	+ const char *stype = "PHP script text";
	36	+ int len = strlen(stype);
	37	+ int cmp = strncmp(ftype,stype,len);
	38	+ DEBUG_Str(" FileMagicSysItsPHP ftype=", ftype );
	39	+ DEBUG_Str(" FileMagicSysItsPHP stype=", stype );
	40	+ DEBUG_Int(" FileMagicSysItsPHP strncmp=", cmp);
	41	+ magic_close(magic_filed);
	42	+ return cmp==0?0:1;
	43	+}
	44	+
	45	+/*
	46	* Check if a path is safe to use
	47	* Return true if 'path' contains any whitespace or non-printables
	48	* Return true if 'path' contains '../'
	49	--- cgiwrap.c.old 2009-05-18 15:58:53.000000000 +0200
	50	+++ cgiwrap.c 2009-06-05 13:18:20.000000000 +0200
	51	@@ -199,7 +199,13 @@
	52	StringEndsWith(scriptPath, ".php") \|\|
	53	StringEndsWith(scriptPath, ".php3") \|\|
	54	StringEndsWith(scriptPath, ".php4") \|\|
	55	- StringEndsWith(scriptPath, ".phtml") )
	56	+ StringEndsWith(scriptPath, ".php5") \|\|
	57	+ StringEndsWith(scriptPath, ".php6") \|\|
	58	+ StringEndsWith(scriptPath, ".php7") \|\|
	59	+ StringEndsWith(scriptPath, ".htm") \|\|
	60	+ StringEndsWith(scriptPath, ".html") \|\|
	61	+ StringEndsWith(scriptPath, ".phtml") \|\|
	62	+ !FileMagicSaysItsPHP(scriptPath))
	63	{
	64	Context.interpreted_script = 1;
65	interPath = PATH_PROG_PHP;