]>
Commit | Line | Data |
---|---|---|
09bd7811 | 1 | --- util.c.old 2009-06-04 11:05:41.000000000 +0200 |
2 | +++ util.c 2009-06-05 13:23:17.000000000 +0200 | |
3 | @@ -22,6 +22,7 @@ | |
4 | ** Purpose: Various utility routines used by cgiwrap | |
5 | **/ | |
6 | ||
7 | +#include <magic.h> | |
8 | #include "cgiwrap.h" /* Headers for all CGIwrap source files */ | |
9 | RCSID("$Id$"); | |
10 | ||
11 | @@ -246,7 +247,7 @@ | |
12 | int len = strlen(string); | |
13 | int elen = strlen(ending); | |
14 | ||
15 | - if ( len >= elen && !strncmp(string + len - elen, ending, elen) ) | |
16 | + if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) ) | |
17 | { | |
18 | return 1; | |
19 | } | |
20 | @@ -257,6 +258,28 @@ | |
21 | } | |
22 | ||
23 | /* | |
24 | + * Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009 | |
25 | + */ | |
26 | + | |
27 | +int FileMagicSaysItsPHP(char *file) | |
28 | +{ | |
29 | + magic_t magic_filed; | |
30 | + magic_filed = magic_open(MAGIC_ERROR); | |
31 | + magic_load(magic_filed , NULL); | |
32 | + if(magic_filed == NULL) | |
33 | + return 1; | |
34 | + const char *ftype = magic_file(magic_filed , file); | |
35 | + const char *stype = "PHP script text"; | |
36 | + int len = strlen(stype); | |
37 | + int cmp = strncmp(ftype,stype,len); | |
38 | + DEBUG_Str(" FileMagicSysItsPHP ftype=", ftype ); | |
39 | + DEBUG_Str(" FileMagicSysItsPHP stype=", stype ); | |
40 | + DEBUG_Int(" FileMagicSysItsPHP strncmp=", cmp); | |
41 | + magic_close(magic_filed); | |
42 | + return cmp==0?0:1; | |
43 | +} | |
44 | + | |
45 | +/* | |
46 | * Check if a path is safe to use | |
47 | * Return true if 'path' contains any whitespace or non-printables | |
48 | * Return true if 'path' contains '../' | |
49 | --- cgiwrap.c.old 2009-05-18 15:58:53.000000000 +0200 | |
50 | +++ cgiwrap.c 2009-06-05 13:18:20.000000000 +0200 | |
51 | @@ -199,7 +199,13 @@ | |
52 | StringEndsWith(scriptPath, ".php") || | |
53 | StringEndsWith(scriptPath, ".php3") || | |
54 | StringEndsWith(scriptPath, ".php4") || | |
55 | - StringEndsWith(scriptPath, ".phtml") ) | |
56 | + StringEndsWith(scriptPath, ".php5") || | |
57 | + StringEndsWith(scriptPath, ".php6") || | |
58 | + StringEndsWith(scriptPath, ".php7") || | |
59 | + StringEndsWith(scriptPath, ".htm") || | |
60 | + StringEndsWith(scriptPath, ".html") || | |
61 | + StringEndsWith(scriptPath, ".phtml") || | |
62 | + !FileMagicSaysItsPHP(scriptPath)) | |
63 | { | |
64 | Context.interpreted_script = 1; | |
65 | interPath = PATH_PROG_PHP; |