[impr-OpenMage#966] Prevent filename with null byte(s) in Varien_Io_File

damien-biasotto · edannenberg · commit c9f2985ef216 · 2020-08-17T16:51:27.000+02:00
diff --git a/lib/Varien/Io/File.php b/lib/Varien/Io/File.php
@@ -486,7 +486,8 @@ public function write($filename, $src, $mode=null)
      */
     protected function _IsValidSource($src)
     {
-        if (is_string($src) || is_resource($src)) {
+        //Treat string that contains a null byte as invalid
+        if ((is_string($src) && strpos($src, chr(0)) === false) || is_resource($src)) {
             return true;
         }
 
@@ -505,7 +506,7 @@ protected function _isFilenameWriteable($filename)
     {
         $error = false;
         @chdir($this->_cwd);
-         if (file_exists($filename)) {
+        if (file_exists($filename)) {
             if (!is_writeable($filename)) {
                 $error = "File '{$this->getFilteredPath($filename)}' isn't writeable";
             }
@@ -532,7 +533,7 @@ protected function _isFilenameWriteable($filename)
     protected function _checkSrcIsFile($src)
     {
         $result = false;
-        if (is_string($src) && @is_readable($src) && is_file($src)) {
+        if (is_string($src) && is_readable($src) && is_file($src)) {
             $result = true;
         }
 
@@ -845,7 +846,7 @@ public function dirname($file)
     {
         return $this->getCleanPath(dirname($file));
     }
-    
+
     public function getStreamHandler()
     {
         return $this->_streamHandler;

Original file line number	Diff line number	Diff line change
`@@ -486,7 +486,8 @@ public function write($filename, $src, $mode=null)`
`486`	`486`	`*/`
`487`	`487`	`protected function _IsValidSource($src)`
`488`	`488`	`{`
`489`		`- if (is_string($src) \|\| is_resource($src)) {`
	`489`	`+ //Treat string that contains a null byte as invalid`
	`490`	`+ if ((is_string($src) && strpos($src, chr(0)) === false) \|\| is_resource($src)) {`
`490`	`491`	`return true;`
`491`	`492`	`}`
`492`	`493`
`@@ -505,7 +506,7 @@ protected function _isFilenameWriteable($filename)`
`505`	`506`	`{`
`506`	`507`	`$error = false;`
`507`	`508`	`@chdir($this->_cwd);`
`508`		`- if (file_exists($filename)) {`
	`509`	`+ if (file_exists($filename)) {`
`509`	`510`	`if (!is_writeable($filename)) {`
`510`	`511`	`$error = "File '{$this->getFilteredPath($filename)}' isn't writeable";`
`511`	`512`	`}`
`@@ -532,7 +533,7 @@ protected function _isFilenameWriteable($filename)`
`532`	`533`	`protected function _checkSrcIsFile($src)`
`533`	`534`	`{`
`534`	`535`	`$result = false;`
`535`		`- if (is_string($src) && @is_readable($src) && is_file($src)) {`
	`536`	`+ if (is_string($src) && is_readable($src) && is_file($src)) {`
`536`	`537`	`$result = true;`
`537`	`538`	`}`
`538`	`539`
`@@ -845,7 +846,7 @@ public function dirname($file)`
`845`	`846`	`{`
`846`	`847`	`return $this->getCleanPath(dirname($file));`
`847`	`848`	`}`
`848`		`-`
	`849`	`+`
`849`	`850`	`public function getStreamHandler()`
`850`	`851`	`{`
`851`	`852`	`return $this->_streamHandler;`