felipe Fri, 19 Nov 2010 22:06:44 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=305570
Log: - Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. patch by: jorto at redhat dot com Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/standard/array.c A php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/standard/array.c A php/php-src/branches/PHP_5_3/ext/standard/tests/array/extract_safety.phpt U php/php-src/trunk/ext/standard/array.c A php/php-src/trunk/ext/standard/tests/array/extract_safety.phpt Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_2/NEWS 2010-11-19 22:06:44 UTC (rev 305570) @@ -1,6 +1,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2010, PHP 5.2.15RC2 +- Fixed extract() to do not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE. (jorto at redhat dot com) 18 Nov 2010, PHP 5.2.15RC1 - Fixed a possible double free in imap extension (Identified by Mateusz Modified: php/php-src/branches/PHP_5_2/ext/standard/array.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/standard/array.c 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_2/ext/standard/array.c 2010-11-19 22:06:44 UTC (rev 305570) @@ -1516,10 +1516,10 @@ case EXTR_OVERWRITE: /* GLOBALS protection */ - if (var_exists && var_name_len == sizeof("GLOBALS") && !strcmp(var_name, "GLOBALS")) { + if (var_exists && var_name_len == sizeof("GLOBALS")-1 && !strcmp(var_name, "GLOBALS")) { break; } - if (var_exists && var_name_len == sizeof("this") && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { + if (var_exists && var_name_len == sizeof("this")-1 && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { break; } smart_str_appendl(&final_name, var_name, var_name_len); Added: php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt =================================================================== --- php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt (rev 0) +++ php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt 2010-11-19 22:06:44 UTC (rev 305570) @@ -0,0 +1,24 @@ +--TEST-- +Test extract() for overwrite of GLOBALS +--FILE-- +<?php +$str = "John"; +debug_zval_dump($GLOBALS["str"]); + +/* Extracting Global Variables */ +$splat = array("foo" => "bar"); +var_dump(extract(array("GLOBALS" => $splat, EXTR_OVERWRITE))); + +unset ($splat); + +debug_zval_dump($GLOBALS["str"]); + +echo "\nDone"; +?> + +--EXPECTF-- +string(4) "John" refcount(2) +int(0) +string(4) "John" refcount(2) + +Done \ No newline at end of file Property changes on: php/php-src/branches/PHP_5_2/ext/standard/tests/array/extract_safety.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_3/NEWS 2010-11-19 22:06:44 UTC (rev 305570) @@ -1,6 +1,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2010, PHP 5.3.4 +- Fixed extract() to do not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE. (jorto at redhat dot com) - Fixed bug #53362 (Segmentation fault when extending SplFixedArray). (Felipe) - Fixed bug #47168 (printf of floating point variable prints maximum of 40 decimal places). (Ilia) Modified: php/php-src/branches/PHP_5_3/ext/standard/array.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/array.c 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/branches/PHP_5_3/ext/standard/array.c 2010-11-19 22:06:44 UTC (rev 305570) @@ -1389,10 +1389,10 @@ case EXTR_OVERWRITE: /* GLOBALS protection */ - if (var_exists && var_name_len == sizeof("GLOBALS") && !strcmp(var_name, "GLOBALS")) { + if (var_exists && var_name_len == sizeof("GLOBALS")-1 && !strcmp(var_name, "GLOBALS")) { break; } - if (var_exists && var_name_len == sizeof("this") && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { + if (var_exists && var_name_len == sizeof("this")-1 && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { break; } ZVAL_STRINGL(&final_name, var_name, var_name_len, 1); Added: php/php-src/branches/PHP_5_3/ext/standard/tests/array/extract_safety.phpt =================================================================== --- php/php-src/branches/PHP_5_3/ext/standard/tests/array/extract_safety.phpt (rev 0) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/array/extract_safety.phpt 2010-11-19 22:06:44 UTC (rev 305570) @@ -0,0 +1,24 @@ +--TEST-- +Test extract() for overwrite of GLOBALS +--FILE-- +<?php +$str = "John"; +debug_zval_dump($GLOBALS["str"]); + +/* Extracting Global Variables */ +$splat = array("foo" => "bar"); +var_dump(extract(array("GLOBALS" => $splat, EXTR_OVERWRITE))); + +unset ($splat); + +debug_zval_dump($GLOBALS["str"]); + +echo "\nDone"; +?> + +--EXPECTF-- +string(4) "John" refcount(2) +int(0) +string(4) "John" refcount(2) + +Done \ No newline at end of file Property changes on: php/php-src/branches/PHP_5_3/ext/standard/tests/array/extract_safety.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native Modified: php/php-src/trunk/ext/standard/array.c =================================================================== --- php/php-src/trunk/ext/standard/array.c 2010-11-19 21:38:48 UTC (rev 305569) +++ php/php-src/trunk/ext/standard/array.c 2010-11-19 22:06:44 UTC (rev 305570) @@ -1389,10 +1389,10 @@ case EXTR_OVERWRITE: /* GLOBALS protection */ - if (var_exists && var_name_len == sizeof("GLOBALS") && !strcmp(var_name, "GLOBALS")) { + if (var_exists && var_name_len == sizeof("GLOBALS")-1 && !strcmp(var_name, "GLOBALS")) { break; } - if (var_exists && var_name_len == sizeof("this") && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { + if (var_exists && var_name_len == sizeof("this")-1 && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { break; } ZVAL_STRINGL(&final_name, var_name, var_name_len, 1); Added: php/php-src/trunk/ext/standard/tests/array/extract_safety.phpt =================================================================== --- php/php-src/trunk/ext/standard/tests/array/extract_safety.phpt (rev 0) +++ php/php-src/trunk/ext/standard/tests/array/extract_safety.phpt 2010-11-19 22:06:44 UTC (rev 305570) @@ -0,0 +1,24 @@ +--TEST-- +Test extract() for overwrite of GLOBALS +--FILE-- +<?php +$str = "John"; +debug_zval_dump($GLOBALS["str"]); + +/* Extracting Global Variables */ +$splat = array("foo" => "bar"); +var_dump(extract(array("GLOBALS" => $splat, EXTR_OVERWRITE))); + +unset ($splat); + +debug_zval_dump($GLOBALS["str"]); + +echo "\nDone"; +?> + +--EXPECTF-- +string(4) "John" refcount(2) +int(0) +string(4) "John" refcount(2) + +Done \ No newline at end of file Property changes on: php/php-src/trunk/ext/standard/tests/array/extract_safety.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php