robin/smb
1
0
Fork 0
mirror of https://codeberg.org/icewind/SMB.git synced 2026-06-03 17:24:07 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dont send the command as shell argument when making a read/write stream

Browse source
This commit is contained in:
Robin Appelman 2015-08-14 14:03:46 +02:00
commit c36739bdc5
2 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/Share.php
View file

@ -258,20 +258,19 @@ class Share implements IShare {
*/ */
public function read($source) { public function read($source) {
$source = $this->escapePath($source); $source = $this->escapePath($source);
// close the single quote, open a double quote where we put the single quote...
$source = str_replace('\'', '\'"\'"\'', $source);
// since returned stream is closed by the caller we need to create a new instance // since returned stream is closed by the caller we need to create a new instance
// since we can't re-use the same file descriptor over multiple calls // since we can't re-use the same file descriptor over multiple calls
$workgroupArgument = ($this->server->getWorkgroup()) ? ' -W ' . escapeshellarg($this->server->getWorkgroup()) : ''; $workgroupArgument = ($this->server->getWorkgroup()) ? ' -W ' . escapeshellarg($this->server->getWorkgroup()) : '';
$command = sprintf('%s %s --authentication-file=/proc/self/fd/3 //%s/%s -c \'get %s /proc/self/fd/5\'', $command = sprintf('%s %s --authentication-file=/proc/self/fd/3 //%s/%s',
Server::CLIENT, Server::CLIENT,
$workgroupArgument, $workgroupArgument,
$this->server->getHost(), $this->server->getHost(),
$this->name, $this->name
$source
); );
$connection = new Connection($command); $connection = new Connection($command);
$connection->writeAuthentication($this->server->getUser(), $this->server->getPassword()); $connection->writeAuthentication($this->server->getUser(), $this->server->getPassword());
$connection->write('get ' . $source . ' /proc/self/fd/5');
$connection->write('exit');
$fh = $connection->getFileOutputStream(); $fh = $connection->getFileOutputStream();
stream_context_set_option($fh, 'file', 'connection', $connection); stream_context_set_option($fh, 'file', 'connection', $connection);
return $fh; return $fh;
@ -288,25 +287,25 @@ class Share implements IShare {
*/ */
public function write($target) { public function write($target) {
$target = $this->escapePath($target); $target = $this->escapePath($target);
// close the single quote, open a double quote where we put the single quote...
$target = str_replace('\'', '\'"\'"\'', $target);
// since returned stream is closed by the caller we need to create a new instance // since returned stream is closed by the caller we need to create a new instance
// since we can't re-use the same file descriptor over multiple calls // since we can't re-use the same file descriptor over multiple calls
$workgroupArgument = ($this->server->getWorkgroup()) ? ' -W ' . escapeshellarg($this->server->getWorkgroup()) : ''; $workgroupArgument = ($this->server->getWorkgroup()) ? ' -W ' . escapeshellarg($this->server->getWorkgroup()) : '';
$command = sprintf('%s %s --authentication-file=/proc/self/fd/3 //%s/%s -c \'put /proc/self/fd/4 %s\'', $command = sprintf('%s %s --authentication-file=/proc/self/fd/3 //%s/%s',
Server::CLIENT, Server::CLIENT,
$workgroupArgument, $workgroupArgument,
$this->server->getHost(), $this->server->getHost(),
$this->name, $this->name
$target
); );
$connection = new RawConnection($command); $connection = new Connection($command);
$connection->writeAuthentication($this->server->getUser(), $this->server->getPassword()); $connection->writeAuthentication($this->server->getUser(), $this->server->getPassword());
$fh = $connection->getFileInputStream(); $fh = $connection->getFileInputStream();
$connection->write('put /proc/self/fd/4 ' . $target);
$connection->write('exit');
// use a close callback to ensure the upload is finished before continuing // use a close callback to ensure the upload is finished before continuing
// this also serves as a way to keep the connection in scope // this also serves as a way to keep the connection in scope
return CallbackWrapper::wrap($fh, null, null, function () use ($connection) { return CallbackWrapper::wrap($fh, null, null, function () use ($connection, $target) {
$connection->close(false); // dont terminate, give the upload some time $connection->close(false); // dont terminate, give the upload some time
}); });
} }

1
tests/AbstractShare.php
View file

@ -45,6 +45,7 @@ abstract class AbstractShare extends TestCase {
array('simple'), array('simple'),
array('with spaces_and-underscores'), array('with spaces_and-underscores'),
array("single'quote'"), array("single'quote'"),
array("foo ; asd -- bar"),
array('日本語'), array('日本語'),
array('url %2F +encode'), array('url %2F +encode'),
array('a somewhat longer filename than the other with more charaters as the all the other filenames'), array('a somewhat longer filename than the other with more charaters as the all the other filenames'),