Skip to content

Commit 3f6e956

Browse files
xabbuhxabbuh
committed
do not search in $PATH entries not allowed by open_basedir
do not filter
1 parent 5d0fa8e commit 3f6e956

File tree

2 files changed

+45
-7
lines changed

2 files changed

+45
-7
lines changed

src/Symfony/Component/Process/ExecutableFinder.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,9 +48,14 @@ public function addSuffix(string $suffix)
4848
*/
4949
public function find(string $name, ?string $default = null, array $extraDirs = [])
5050
{
51+
$dirs = array_merge(
52+
explode(\PATH_SEPARATOR, getenv('PATH') ?: getenv('Path')),
53+
$extraDirs
54+
);
55+
5156
if (\ini_get('open_basedir')) {
5257
$searchPath = array_merge(explode(\PATH_SEPARATOR, \ini_get('open_basedir')), $extraDirs);
53-
$dirs = [];
58+
5459
foreach ($searchPath as $path) {
5560
// Silencing against https://bugs.php.net/69240
5661
if (@is_dir($path)) {
@@ -61,11 +66,6 @@ public function find(string $name, ?string $default = null, array $extraDirs = [
6166
}
6267
}
6368
}
64-
} else {
65-
$dirs = array_merge(
66-
explode(\PATH_SEPARATOR, getenv('PATH') ?: getenv('Path')),
67-
$extraDirs
68-
);
6969
}
7070

7171
$suffixes = [''];

src/Symfony/Component/Process/Tests/ExecutableFinderTest.php

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,13 @@ public function testFindWithOpenBaseDir()
109109
$this->markTestSkipped('Cannot test when open_basedir is set');
110110
}
111111

112-
$initialOpenBaseDir = ini_set('open_basedir', \dirname(\PHP_BINARY).\PATH_SEPARATOR.'/');
112+
$openBaseDir = \dirname(\PHP_BINARY).\PATH_SEPARATOR.sys_get_temp_dir().\PATH_SEPARATOR.getcwd();
113+
114+
if ($_SERVER['SYMFONY_PHPUNIT_DIR'] ?? null) {
115+
$openBaseDir .= \PATH_SEPARATOR.$_SERVER['SYMFONY_PHPUNIT_DIR'];
116+
}
117+
118+
$initialOpenBaseDir = ini_set('open_basedir', $openBaseDir);
113119

114120
try {
115121
$finder = new ExecutableFinder();
@@ -121,6 +127,38 @@ public function testFindWithOpenBaseDir()
121127
}
122128
}
123129

130+
/**
131+
* @runInSeparateProcess
132+
*/
133+
public function testFindWithSubdirectoryOfOpenBaseDir()
134+
{
135+
if (\ini_get('open_basedir')) {
136+
$this->markTestSkipped('Cannot test when open_basedir is set');
137+
}
138+
139+
$paths = explode(\PATH_SEPARATOR, getenv('PATH'));
140+
$phpBinaryPath = \dirname(\PHP_BINARY);
141+
142+
if (!in_array($phpBinaryPath, $paths, true)) {
143+
$paths[] = $phpBinaryPath;
144+
}
145+
146+
$this->setPath(implode(\PATH_SEPARATOR, $paths));
147+
148+
$openBaseDir = \dirname(\dirname(\PHP_BINARY)).\PATH_SEPARATOR.sys_get_temp_dir().\PATH_SEPARATOR.getcwd();
149+
150+
if ($_SERVER['SYMFONY_PHPUNIT_DIR'] ?? null) {
151+
$openBaseDir .= \PATH_SEPARATOR.$_SERVER['SYMFONY_PHPUNIT_DIR'];
152+
}
153+
154+
ini_set('open_basedir', $openBaseDir);
155+
156+
$finder = new ExecutableFinder();
157+
$result = $finder->find($this->getPhpBinaryName());
158+
159+
$this->assertSamePath(\PHP_BINARY, $result);
160+
}
161+
124162
/**
125163
* @runInSeparateProcess
126164
*/

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy