diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | ext/standard/dir.c | 5 | ||||
| -rw-r--r-- | ext/standard/tests/file/bug41693.phpt | 13 |
3 files changed, 19 insertions, 0 deletions
@@ -92,6 +92,7 @@ PHP NEWS - Fixed altering $this via argument named "this". (Dmitry) - Fixed PHP CLI usage of php.ini from the binary location. (Hannes) - Fixed segfault in strripos(). (Tony, Joxean Koret) +- Fixed bug #41693 (scandir() allows empty directory names). (Ilia) - Fixed bug #41673 (json_encode breaks large numbers in arrays). (Ilia) - Fixed bug #41525 (ReflectionParameter::getPosition() not available). (Marcus) - Fixed bug #41511 (Compile failure under IRIX 6.5.30 building md5.c). (Jani) diff --git a/ext/standard/dir.c b/ext/standard/dir.c index cc52f32f29..4d119bfddb 100644 --- a/ext/standard/dir.c +++ b/ext/standard/dir.c @@ -482,6 +482,11 @@ PHP_FUNCTION(scandir) return; } + if (dirn_len < 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Directory name cannot be empty"); + RETURN_FALSE; + } + if (zcontext) { context = php_stream_context_from_zval(zcontext, 0); } diff --git a/ext/standard/tests/file/bug41693.phpt b/ext/standard/tests/file/bug41693.phpt new file mode 100644 index 0000000000..6c7ff5bf4b --- /dev/null +++ b/ext/standard/tests/file/bug41693.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #41693 (scandir() allows empty directory names) +--FILE-- +<?php + +var_dump(scandir('')); + +echo "Done\n"; +?> +--EXPECTF-- +Warning: scandir(): Directory name cannot be empty in %s on line %d +bool(false) +Done |