2 files changed, 110 insertions, 12 deletions

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 2e1d69e46..de3514362 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: php_zip.c 300470 2010-06-15 18:48:33Z pajoye $ */
+/* $Id: php_zip.c 305848 2010-11-30 11:04:06Z pajoye $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -162,6 +162,9 @@ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int fil
 	 */
 	virtual_file_ex(&new_state, file, NULL, CWD_EXPAND);
 	path_cleaned =  php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
+	if(!path_cleaned) {
+		return 0;
+	}
 	path_cleaned_len = strlen(path_cleaned);
 
 	if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
@@ -1148,6 +1151,10 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
 		RETURN_FALSE;
 	}
 
+	if (strlen(filename) != filename_len) {
+		RETURN_FALSE;
+	}
+
 	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		RETURN_FALSE;
 	}
@@ -1437,6 +1444,10 @@ static ZIPARCHIVE_METHOD(open)
 		RETURN_FALSE;
 	}
 
+	if (strlen(filename) != filename_len) {
+		RETURN_FALSE;
+	}
+
 	if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
 		RETURN_FALSE;
 	}
@@ -1649,7 +1660,7 @@ static void php_zip_add_from_pattern(INTERNAL_FUNCTION_PARAMETERS, int type) /*
 
 				if (add_path) {
 					if ((add_path_len + file_stripped_len) > MAXPATHLEN) {
-						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Entry name too long (max: %i, %i given)", 
+						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Entry name too long (max: %d, %ld given)", 
 						MAXPATHLEN - 1, (add_path_len + file_stripped_len));
 						zval_dtor(return_value);
 						RETURN_FALSE;
@@ -1961,6 +1972,9 @@ static ZIPARCHIVE_METHOD(getArchiveComment)
 	}
 
 	comment = zip_get_archive_comment(intern, &comment_len, (int)flags);
+	if(comment==NULL) {
+		RETURN_FALSE;
+	}
 	RETURN_STRINGL((char *)comment, (long)comment_len, 1);
 }
 /* }}} */
@@ -2360,12 +2374,16 @@ static ZIPARCHIVE_METHOD(extractTo)
 		RETURN_FALSE;
 	}
 
-    if (php_stream_stat_path(pathto, &ssb) < 0) {
-        ret = php_stream_mkdir(pathto, 0777,  PHP_STREAM_MKDIR_RECURSIVE, NULL);
-        if (!ret) {
-            RETURN_FALSE;
-        }
-    }
+	if (strlen(pathto) != pathto_len) {
+		RETURN_FALSE;
+	}
+
+	if (php_stream_stat_path(pathto, &ssb) < 0) {
+		ret = php_stream_mkdir(pathto, 0777,  PHP_STREAM_MKDIR_RECURSIVE, NULL);
+		if (!ret) {
+			RETURN_FALSE;
+		}
+	}
 
 	ZIP_FROM_OBJECT(intern, this);
 	if (zval_files && (Z_TYPE_P(zval_files) != IS_NULL)) {
@@ -2446,6 +2464,9 @@ static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
 		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ll", &filename, &filename_len, &len, &flags) == FAILURE) {
 			return;
 		}
+		if (strlen(filename) != filename_len) {
+			return;
+		}
 		PHP_ZIP_STAT_PATH(intern, filename, filename_len, flags, sb);
 	} else {
 		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|ll", &index, &len, &flags) == FAILURE) {
@@ -2779,7 +2800,7 @@ static PHP_MINFO_FUNCTION(zip)
 	php_info_print_table_start();
 
 	php_info_print_table_row(2, "Zip", "enabled");
-	php_info_print_table_row(2, "Extension Version","$Id: php_zip.c 300470 2010-06-15 18:48:33Z pajoye $");
+	php_info_print_table_row(2, "Extension Version","$Id: php_zip.c 305848 2010-11-30 11:04:06Z pajoye $");
 	php_info_print_table_row(2, "Zip version", PHP_ZIP_VERSION_STRING);
 	php_info_print_table_row(2, "Libzip version", "0.9.0");
 
diff --git a/ext/zip/zip_stream.c b/ext/zip/zip_stream.c
index c40b834b4..ef05b9510 100644
--- a/ext/zip/zip_stream.c
+++ b/ext/zip/zip_stream.c
@@ -1,4 +1,4 @@
-/* $Id: zip_stream.c 298626 2010-04-26 23:55:03Z kalle $ */
+/* $Id: zip_stream.c 305467 2010-11-17 17:55:18Z pierrick $ */
 #ifdef HAVE_CONFIG_H
 #   include "config.h"
 #endif
@@ -30,7 +30,7 @@ struct php_zip_stream_data_t {
 /* {{{ php_zip_ops_read */
 static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
 {
-	int n = 0;
+	size_t n = 0;
 	STREAM_DATA_FROM_STREAM();
 
 	if (self->za && self->zf) {
@@ -95,13 +95,90 @@ static int php_zip_ops_flush(php_stream *stream TSRMLS_DC)
 }
 /* }}} */
 
+static int php_zip_ops_stat(php_stream *stream, php_stream_statbuf *ssb TSRMLS_DC) /* {{{ */
+{
+	struct zip_stat sb;
+	const char *path = stream->orig_path;
+	int path_len = strlen(stream->orig_path);
+	char *file_basename;
+	size_t file_basename_len;
+	char file_dirname[MAXPATHLEN];
+	struct zip *za;
+	char *fragment;
+	int fragment_len;
+	int err;
+
+	fragment = strchr(path, '#');
+	if (!fragment) {
+		return -1;
+	}
+
+
+	if (strncasecmp("zip://", path, 6) == 0) {
+		path += 6;
+	}
+
+	fragment_len = strlen(fragment);
+
+	if (fragment_len < 1) {
+		return -1;
+	}
+	path_len = strlen(path);
+	if (path_len >= MAXPATHLEN) {
+		return -1;
+	}
+
+	memcpy(file_dirname, path, path_len - fragment_len);
+	file_dirname[path_len - fragment_len] = '\0';
+
+	php_basename((char *)path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
+	fragment++;
+
+	if (ZIP_OPENBASEDIR_CHECKPATH(file_dirname)) {
+		efree(file_basename);
+		return -1;
+	}
+
+	za = zip_open(file_dirname, ZIP_CREATE, &err);
+	if (za) {
+		memset(ssb, 0, sizeof(php_stream_statbuf));
+		if (zip_stat(za, fragment, ZIP_FL_NOCASE, &sb) != 0) {
+			efree(file_basename);
+			return -1;
+		}
+		zip_close(za);
+
+		if (path[path_len-1] != '/') {
+			ssb->sb.st_size = sb.size;
+			ssb->sb.st_mode |= S_IFREG; /* regular file */
+		} else {
+			ssb->sb.st_size = 0;
+			ssb->sb.st_mode |= S_IFDIR; /* regular directory */
+		}
+
+		ssb->sb.st_mtime = sb.mtime;
+		ssb->sb.st_atime = sb.mtime;
+		ssb->sb.st_ctime = sb.mtime;
+		ssb->sb.st_nlink = 1;
+		ssb->sb.st_rdev = -1;
+#ifndef PHP_WIN32
+		ssb->sb.st_blksize = -1;
+		ssb->sb.st_blocks = -1;
+#endif
+		ssb->sb.st_ino = -1;
+	}
+	efree(file_basename);
+	return 0;
+}
+/* }}} */
+
 php_stream_ops php_stream_zipio_ops = {
 	php_zip_ops_write, php_zip_ops_read,
 	php_zip_ops_close, php_zip_ops_flush,
 	"zip",
 	NULL, /* seek */
 	NULL, /* cast */
-	NULL, /* stat */
+	php_zip_ops_stat, /* stat */
 	NULL  /* set_option */
 };