[packages/cgiwrap.git] / cgiwrap-mime_magic.patch

diff -ru cgiwrap-4.1/cgiwrap.c cgiwrap-4.1-bs/cgiwrap.c
--- cgiwrap-4.1/cgiwrap.c	2008-06-16 16:34:37.000000000 +0200
+++ cgiwrap-4.1-bs/cgiwrap.c	2010-04-21 15:56:07.517357390 +0200
@@ -199,7 +199,11 @@
 			StringEndsWith(scriptPath, ".php") ||
 			StringEndsWith(scriptPath, ".php3") ||
 			StringEndsWith(scriptPath, ".php4") ||
-			StringEndsWith(scriptPath, ".phtml") )
+			StringEndsWith(scriptPath, ".php5") ||
+			StringEndsWith(scriptPath, ".php6") ||
+			StringEndsWith(scriptPath, ".php7") ||
+			StringEndsWith(scriptPath, ".phtml") ||
+			!FileMagicSaysItsPHP(scriptPath))
 		{
 			Context.interpreted_script = 1;
 			interPath = PATH_PROG_PHP;
diff -ru cgiwrap-4.1/util.c cgiwrap-4.1-bs/util.c
--- cgiwrap-4.1/util.c	2008-06-16 16:34:37.000000000 +0200
+++ cgiwrap-4.1-bs/util.c	2010-04-21 16:00:40.223979033 +0200
@@ -22,6 +22,7 @@
  **  Purpose: Various utility routines used by cgiwrap
  **/ 
 
+#include <magic.h>
 #include "cgiwrap.h"	/* Headers for all CGIwrap source files */
 RCSID("$Id$");
 
@@ -246,7 +247,7 @@
 	int len = strlen(string);
 	int elen = strlen(ending);
 
-	if ( len >= elen && !strncmp(string + len - elen, ending, elen) )
+	if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) )
 	{
 		return 1;
 	}
@@ -257,6 +258,28 @@
 }
 
 /*
+* Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009
+*/
+
+int FileMagicSaysItsPHP(char *file)
+{
+	magic_t magic_filed;
+	magic_filed = magic_open(MAGIC_ERROR);
+	magic_load(magic_filed , NULL);
+	if(magic_filed == NULL)
+		return 1;
+	const char *ftype = magic_file(magic_filed , file);
+	const char *stype = "PHP script text";
+	int len = strlen(stype);
+	int cmp = strncmp(ftype,stype,len);
+	DEBUG_Str("     FileMagicSaysItsPHP ftype=", ftype );
+	DEBUG_Str("     FileMagicSaysItsPHP stype=", stype );
+	DEBUG_Int("     FileMagicSaysItsPHP strncmp=",  cmp);
+	magic_close(magic_filed);
+	return cmp==0?0:1;
+}
+
+/*
  * Check if a path is safe to use
  *   Return true if 'path' contains any whitespace or non-printables
  *   Return true if 'path' contains '../'
Commit	Line	Data
f92be7ff	1	diff -ru cgiwrap-4.1/cgiwrap.c cgiwrap-4.1-bs/cgiwrap.c
	2	--- cgiwrap-4.1/cgiwrap.c 2008-06-16 16:34:37.000000000 +0200
	3	+++ cgiwrap-4.1-bs/cgiwrap.c 2010-04-21 15:56:07.517357390 +0200
	4	@@ -199,7 +199,11 @@
	5	StringEndsWith(scriptPath, ".php") \|\|
	6	StringEndsWith(scriptPath, ".php3") \|\|
	7	StringEndsWith(scriptPath, ".php4") \|\|
	8	- StringEndsWith(scriptPath, ".phtml") )
	9	+ StringEndsWith(scriptPath, ".php5") \|\|
	10	+ StringEndsWith(scriptPath, ".php6") \|\|
	11	+ StringEndsWith(scriptPath, ".php7") \|\|
	12	+ StringEndsWith(scriptPath, ".phtml") \|\|
	13	+ !FileMagicSaysItsPHP(scriptPath))
	14	{
	15	Context.interpreted_script = 1;
	16	interPath = PATH_PROG_PHP;
	17	diff -ru cgiwrap-4.1/util.c cgiwrap-4.1-bs/util.c
	18	--- cgiwrap-4.1/util.c 2008-06-16 16:34:37.000000000 +0200
	19	+++ cgiwrap-4.1-bs/util.c 2010-04-21 16:00:40.223979033 +0200
	20	@@ -22,6 +22,7 @@
	21	** Purpose: Various utility routines used by cgiwrap
	22	**/
	23
	24	+#include <magic.h>
	25	#include "cgiwrap.h" /* Headers for all CGIwrap source files */
	26	RCSID("$Id$");
	27
	28	@@ -246,7 +247,7 @@
	29	int len = strlen(string);
	30	int elen = strlen(ending);
	31
	32	- if ( len >= elen && !strncmp(string + len - elen, ending, elen) )
	33	+ if ( len >= elen && !strncasecmp(string + len - elen, ending, elen) )
	34	{
	35	return 1;
	36	}
	37	@@ -257,6 +258,28 @@
	38	}
	39
	40	/*
	41	+* Check Mime Magic to determine if file is really a php script, Bartosz Swiatek 04.06.2009
	42	+*/
	43	+
	44	+int FileMagicSaysItsPHP(char *file)
	45	+{
	46	+ magic_t magic_filed;
	47	+ magic_filed = magic_open(MAGIC_ERROR);
	48	+ magic_load(magic_filed , NULL);
	49	+ if(magic_filed == NULL)
	50	+ return 1;
	51	+ const char *ftype = magic_file(magic_filed , file);
	52	+ const char *stype = "PHP script text";
	53	+ int len = strlen(stype);
	54	+ int cmp = strncmp(ftype,stype,len);
	55	+ DEBUG_Str(" FileMagicSaysItsPHP ftype=", ftype );
	56	+ DEBUG_Str(" FileMagicSaysItsPHP stype=", stype );
	57	+ DEBUG_Int(" FileMagicSaysItsPHP strncmp=", cmp);
	58	+ magic_close(magic_filed);
	59	+ return cmp==0?0:1;
	60	+}
	61	+
	62	+/*
	63	* Check if a path is safe to use
	64	* Return true if 'path' contains any whitespace or non-printables
65	* Return true if 'path' contains '../'