Skip to content

ext/standard: validate mode is within 0..07777 #21152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
arshidkv12 wants to merge 5 commits into
base: master
Choose a base branch
from
Open

ext/standard: validate mode is within 0..07777 #21152

arshidkv12 wants to merge 5 commits into from
+52 −0

Conversation

@arshidkv12
Copy link
Contributor

@arshidkv12 arshidkv12 commented Feb 6, 2026

No description provided.

@arshidkv12 arshidkv12 requested a review from bukka as a code owner February 6, 2026 12:18
devnexen
devnexen reviewed Feb 7, 2026
View reviewed changes
ext/standard/tests/file/mkdir_invalid_mode.phpt
--TEST--
mkdir(): invalid mode
--FILE--
<?php
Copy link
Member

@devnexen devnexen Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add few more cases (e.g. -1)

Copy link
Contributor Author

@arshidkv12 arshidkv12 Feb 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok

@arshidkv12 arshidkv12 requested a review from devnexen February 8, 2026 03:36
Girgias
Girgias reviewed Feb 9, 2026
View reviewed changes
ext/standard/file.c Outdated
Z_PARAM_RESOURCE_OR_NULL(zcontext)
ZEND_PARSE_PARAMETERS_END();

if (mode < 0 || (mode & ~07777)) {
Copy link
Member

@Girgias Girgias Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it makes sense to provide a Zend API for this. As a lot of code does file permissions checks (including INI settings (or should at least))

Copy link
Contributor Author

@arshidkv12 arshidkv12 Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’ve created a helper function zend_validate_file_permissions(). I think this can be used to validate permission masks for any filesystem-related operations. Please let me know if this approach makes sense.

@arshidkv12 arshidkv12 requested a review from dstogov as a code owner February 9, 2026 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Girgias Girgias Girgias left review comments

@devnexen devnexen devnexen approved these changes

@bukka bukka Awaiting requested review from bukka bukka is a code owner

@dstogov dstogov Awaiting requested review from dstogov dstogov is a code owner

Assignees

No one assigned

Labels

ABI break Category: Engine Extension: standard

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arshidkv12 @devnexen @Girgias