From ca8fa7e3008bd74636354a754666611a86acc512 Mon Sep 17 00:00:00 2001 From: joshuaruesweg Date: Mon, 8 Apr 2024 13:55:30 +0200 Subject: [PATCH 1/3] Add test for \PHP_MAXPATHLEN errors A PHP warning can occur if the filename is a little less than (or equal to) \PHP_MAXPATHLEN [1] AND open_basedir [2] is configured (otherwise PHP will not throw this error [3]). By searching for the filename and appending a suffix (and also using the absolute path), we may exceed the limit. If the limit is exceeded, PHP throws a warning message [4] and Laravel aborts the execution of the code. [1] https://www.php.net/manual/en/reserved.constants.php#constant.php-maxpathlen [2] https://www.php.net/manual/en/ini.core.php#ini.open-basedir [3] https://github.com/php/php-src/blob/7c860628cd2bf11ee867bfb41b3fd0314c5177c5/main/fopen_wrappers.c#L302 [4] File name is longer than the maximum allowed path length on this platform --- tests/Integration/View/BladeTest.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/Integration/View/BladeTest.php b/tests/Integration/View/BladeTest.php index 61dc2cb32814..cff73e6a7bca 100644 --- a/tests/Integration/View/BladeTest.php +++ b/tests/Integration/View/BladeTest.php @@ -7,6 +7,7 @@ use Illuminate\Support\Facades\View; use Illuminate\View\Component; use Orchestra\Testbench\TestCase; +use PHPUnit\Framework\Attributes\RunInSeparateProcess; use Symfony\Component\Finder\Finder; use Symfony\Component\Finder\SplFileInfo; @@ -26,6 +27,29 @@ public function test_rendering_blade_long_maxpathlen_string() $this->assertSame($longString.'a', $result); } + #[RunInSeparateProcess] + public function test_rendering_blade_long_maxpathlen_string_with_exact_length() + { + // The PHP_MAXPATHLEN restriction is only active, if + // open_basedir is set and active. Otherwise, the check + // for the PHP_MAXPATHLEN is not active. + if (ini_get('open_basedir') === '') { + $openBaseDir = windows_os() ? explode('\\', __DIR__)[0].'\\'.';'.sys_get_temp_dir() : '/'; + $iniSet = ini_set( + 'open_basedir', + $openBaseDir + ); + + $this->assertNotFalse($iniSet, 'Could not set config for open_basedir.'); + } + + $longString = str_repeat('x', PHP_MAXPATHLEN); + + $result = Blade::render($longString); + + $this->assertSame($longString, $result); + } + public function test_rendering_blade_component_instance() { $component = new HelloComponent('Taylor'); From 50b8885bfe6f477eafd770fca382e862e0d3f7c6 Mon Sep 17 00:00:00 2001 From: joshuaruesweg Date: Mon, 8 Apr 2024 14:09:40 +0200 Subject: [PATCH 2/3] Fix `PHP_MAXPATHLEN` check for existing check of files for views A PHP warning can occur if the filename is a little less than (or equal to) \PHP_MAXPATHLEN [1] AND open_basedir [2] is configured (otherwise PHP will not throw this error [3]). By searching for the filename and appending a suffix (and also using the absolute path), we may exceed the limit. If the limit is exceeded, PHP throws a warning message [4] and Laravel aborts the execution of the code. [1] https://www.php.net/manual/en/reserved.constants.php#constant.php-maxpathlen [2] https://www.php.net/manual/en/ini.core.php#ini.open-basedir [3] https://github.com/php/php-src/blob/7c860628cd2bf11ee867bfb41b3fd0314c5177c5/main/fopen_wrappers.c#L302 [4] File name is longer than the maximum allowed path length on this platform --- src/Illuminate/View/Component.php | 2 +- src/Illuminate/View/FileViewFinder.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Illuminate/View/Component.php b/src/Illuminate/View/Component.php index dcbe764c506b..6768fdcbb1c2 100644 --- a/src/Illuminate/View/Component.php +++ b/src/Illuminate/View/Component.php @@ -170,7 +170,7 @@ protected function extractBladeViewFromString($contents) return static::$bladeViewCache[$key]; } - if (strlen($contents) <= PHP_MAXPATHLEN && $this->factory()->exists($contents)) { + if ($this->factory()->exists($contents)) { return static::$bladeViewCache[$key] = $contents; } diff --git a/src/Illuminate/View/FileViewFinder.php b/src/Illuminate/View/FileViewFinder.php index 107bf7c36bdc..d3a54d35e765 100755 --- a/src/Illuminate/View/FileViewFinder.php +++ b/src/Illuminate/View/FileViewFinder.php @@ -128,7 +128,8 @@ protected function findInPaths($name, $paths) { foreach ((array) $paths as $path) { foreach ($this->getPossibleViewFiles($name) as $file) { - if ($this->files->exists($viewPath = $path.'/'.$file)) { + $viewPath = $path.'/'.$file; + if (strlen($viewPath) <= PHP_MAXPATHLEN && $this->files->exists($viewPath)) { return $viewPath; } } From 11572d5738f58d9aae125c02a873954a837b7caf Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Tue, 9 Apr 2024 09:28:51 -0500 Subject: [PATCH 3/3] Update FileViewFinder.php --- src/Illuminate/View/FileViewFinder.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Illuminate/View/FileViewFinder.php b/src/Illuminate/View/FileViewFinder.php index d3a54d35e765..4b2f32679307 100755 --- a/src/Illuminate/View/FileViewFinder.php +++ b/src/Illuminate/View/FileViewFinder.php @@ -129,6 +129,7 @@ protected function findInPaths($name, $paths) foreach ((array) $paths as $path) { foreach ($this->getPossibleViewFiles($name) as $file) { $viewPath = $path.'/'.$file; + if (strlen($viewPath) <= PHP_MAXPATHLEN && $this->files->exists($viewPath)) { return $viewPath; }