summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorValentin Bartenev <vbart@nginx.com>2020-01-28 19:18:26 +0300
committerValentin Bartenev <vbart@nginx.com>2020-01-28 19:18:26 +0300
commitf860c20a96d9d844aad53f81dfcfc72f30ff977e (patch)
tree3d5da8c9d371e7793796a6462c0a630f2fdf66b3 /src
parent4024b18bcc070240a5d1d79ff255b8209dd6908d (diff)
downloadunit-f860c20a96d9d844aad53f81dfcfc72f30ff977e.tar.gz
unit-f860c20a96d9d844aad53f81dfcfc72f30ff977e.tar.bz2
PHP: added check for the ".php" extension.
A check for the ".php" extension is added to prevent execution of files with arbitrary extensions in cases where "index" and "script" options aren't used.
Diffstat (limited to 'src')
-rw-r--r--src/nxt_php_sapi.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/nxt_php_sapi.c b/src/nxt_php_sapi.c
index 0f6ce686..26bf915f 100644
--- a/src/nxt_php_sapi.c
+++ b/src/nxt_php_sapi.c
@@ -599,20 +599,27 @@ nxt_php_request_handler(nxt_unit_request_info_t *req)
path.start = nxt_unit_sptr_get(&r->path);
if (nxt_php_script_filename.start == NULL) {
+ nxt_str_null(&script_name);
+
ctx->path_info.start = (u_char *) strstr((char *) path.start, ".php/");
if (ctx->path_info.start != NULL) {
ctx->path_info.start += 4;
path.length = ctx->path_info.start - path.start;
ctx->path_info.length = r->path_length - path.length;
- }
- if (path.start[path.length - 1] == '/') {
+ } else if (path.start[path.length - 1] == '/') {
script_name = nxt_php_index;
} else {
- script_name.length = 0;
- script_name.start = NULL;
+ if (nxt_slow_path(path.length < 4
+ || nxt_memcmp(path.start + (path.length - 4),
+ ".php", 4)))
+ {
+ nxt_unit_request_done(req, NXT_UNIT_ERROR);
+
+ return;
+ }
}
ctx->script_filename.length = nxt_php_root.length + path.length