[wp-trac] [WordPress Trac] #43054: wp_is_stream fails with stream definition containing nonascii chars

Wed Jan 10 02:47:07 UTC 2018

#43054: wp_is_stream fails with stream definition containing nonascii chars
----------------------------+--------------------
 Reporter:  tpaksu          |       Owner:
     Type:  defect (bug)    |      Status:  new
 Priority:  normal          |   Milestone:  5.0
Component:  Filesystem API  |     Version:  4.9.1
 Severity:  normal          |  Resolution:
 Keywords:                  |     Focuses:
----------------------------+--------------------
Changes (by dd32):

 * keywords:  reporter-feedback =>
 * milestone:  Awaiting Review => 5.0

Comment:

 This sounds like a PHP Memory corruption issue, as the stream wrapper name
 looks completely invalid.

 For reference, [https://github.com/php/php-
 src/blob/a7fe2570d3ce6915d4ea85c62c0f880ddc225ba7/main/streams/streams.c#L1648-L1665
 PHP allows the following characters] in a stream wrapper name: `a-z, A-Z,
 0-9, +, -, .`. The value you've got in there looks like a raw DNS packet
 data - which certainly shouldn't be there. If this is your own server,
 update/restart PHP and ensure everything else is up to date.

 However, that being said, this function still needs some more escaping,
 for example, if you have a `compress.zlib` wrapper installed (which most
 PHP's do) this will return `true` incorrectly.
 {{{
 var_dump( wp_is_stream( "compressZzlib://testing/invalid/stuff" ) );
 }}}

 Fixing this and avoiding the warning generated in your case here is the
 same change, so lets fix that.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43054#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform