]>
Commit | Line | Data |
---|---|---|
f92be7ff | 1 | diff -ru cgiwrap-4.1/cgiwrap.c cgiwrap-4.1-bs/cgiwrap.c |
2 | --- cgiwrap-4.1/cgiwrap.c 2008-06-16 16:34:37.000000000 +0200 | |
3 | +++ cgiwrap-4.1-bs/cgiwrap.c 2010-04-21 15:56:07.517357390 +0200 | |
4 | @@ -199,7 +199,11 @@ | |
5 | StringEndsWith(scriptPath, ".php") || | |
6 | StringEndsWith(scriptPath, ".php3") || | |
7 | StringEndsWith(scriptPath, ".php4") || | |
8 | - StringEndsWith(scriptPath, ".phtml") ) | |
9 | + StringEndsWith(scriptPath, ".php5") || | |
10 | + StringEndsWith(scriptPath, ".php6") || | |
11 | + StringEndsWith(scriptPath, ".php7") || | |
12 | + StringEndsWith(scriptPath, ".phtml") || | |
13 | + !FileMagicSaysItsPHP(scriptPath)) | |
14 | { | |
15 | Context.interpreted_script = 1; | |
16 | interPath = PATH_PROG_PHP; | |
17 | diff -ru cgiwrap-4.1/util.c cgiwrap-4.1-bs/util.c | |
18 | --- cgiwrap-4.1/util.c 2008-06-16 16:34:37.000000000 +0200 | |
19 | +++ cgiwrap-4.1-bs/util.c 2010-04-21 16:00:40.223979033 +0200 | |
20 | @@ -22,6 +22,7 @@ | |
21 | ** Purpose: Various utility routines used by cgiwrap | |
22 | **/ | |
23 | ||
24 | +#include <magic.h> | |
25 | #include "cgiwrap.h" /* Headers for all CGIwrap source files */ | |
26 | RCSID("$Id$"); | |
27 | ||
28 | @@ -246,7 +247,7 @@ | |
29 | int len = strlen(string); | |
30 | int elen = strlen(ending); | |
31 | ||
32 | - if ( len >= elen && !strncmp(string + len - elen, ending, elen) ) | |
33 | + if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) ) | |
34 | { | |
35 | return 1; | |
36 | } | |
37 | @@ -257,6 +258,28 @@ | |
38 | } | |
39 | ||
40 | /* | |
41 | +* Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009 | |
42 | +*/ | |
43 | + | |
44 | +int FileMagicSaysItsPHP(char *file) | |
45 | +{ | |
46 | + magic_t magic_filed; | |
47 | + magic_filed = magic_open(MAGIC_ERROR); | |
48 | + magic_load(magic_filed , NULL); | |
49 | + if(magic_filed == NULL) | |
50 | + return 1; | |
51 | + const char *ftype = magic_file(magic_filed , file); | |
52 | + const char *stype = "PHP script text"; | |
53 | + int len = strlen(stype); | |
54 | + int cmp = strncmp(ftype,stype,len); | |
55 | + DEBUG_Str(" FileMagicSaysItsPHP ftype=", ftype ); | |
56 | + DEBUG_Str(" FileMagicSaysItsPHP stype=", stype ); | |
57 | + DEBUG_Int(" FileMagicSaysItsPHP strncmp=", cmp); | |
58 | + magic_close(magic_filed); | |
59 | + return cmp==0?0:1; | |
60 | +} | |
61 | + | |
62 | +/* | |
63 | * Check if a path is safe to use | |
64 | * Return true if 'path' contains any whitespace or non-printables | |
65 | * Return true if 'path' contains '../' |