diff options
author | Valentin Bartenev <vbart@nginx.com> | 2020-01-28 19:18:26 +0300 |
---|---|---|
committer | Valentin Bartenev <vbart@nginx.com> | 2020-01-28 19:18:26 +0300 |
commit | f860c20a96d9d844aad53f81dfcfc72f30ff977e (patch) | |
tree | 3d5da8c9d371e7793796a6462c0a630f2fdf66b3 /src | |
parent | 4024b18bcc070240a5d1d79ff255b8209dd6908d (diff) | |
download | unit-f860c20a96d9d844aad53f81dfcfc72f30ff977e.tar.gz unit-f860c20a96d9d844aad53f81dfcfc72f30ff977e.tar.bz2 |
PHP: added check for the ".php" extension.
A check for the ".php" extension is added to prevent execution of files
with arbitrary extensions in cases where "index" and "script" options
aren't used.
Diffstat (limited to 'src')
-rw-r--r-- | src/nxt_php_sapi.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/nxt_php_sapi.c b/src/nxt_php_sapi.c index 0f6ce686..26bf915f 100644 --- a/src/nxt_php_sapi.c +++ b/src/nxt_php_sapi.c @@ -599,20 +599,27 @@ nxt_php_request_handler(nxt_unit_request_info_t *req) path.start = nxt_unit_sptr_get(&r->path); if (nxt_php_script_filename.start == NULL) { + nxt_str_null(&script_name); + ctx->path_info.start = (u_char *) strstr((char *) path.start, ".php/"); if (ctx->path_info.start != NULL) { ctx->path_info.start += 4; path.length = ctx->path_info.start - path.start; ctx->path_info.length = r->path_length - path.length; - } - if (path.start[path.length - 1] == '/') { + } else if (path.start[path.length - 1] == '/') { script_name = nxt_php_index; } else { - script_name.length = 0; - script_name.start = NULL; + if (nxt_slow_path(path.length < 4 + || nxt_memcmp(path.start + (path.length - 4), + ".php", 4))) + { + nxt_unit_request_done(req, NXT_UNIT_ERROR); + + return; + } } ctx->script_filename.length = nxt_php_root.length + path.length |