iliaa Sun Apr 24 14:10:30 2005 EDT
Modified files: (Branch: PHP_4_3)
/php-src NEWS
/php-src/main php_variables.c
Log:
MFH: Fixed bug #32802 (General cookie overrides more specific cookie).
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.885&r2=1.1247.2.886&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.885 php-src/NEWS:1.1247.2.886
--- php-src/NEWS:1.1247.2.885 Sat Apr 23 19:57:40 2005
+++ php-src/NEWS Sun Apr 24 14:10:29 2005
@@ -6,6 +6,7 @@
them sort based on the current locale. (Derick)
- Changed sha1_file() and md5_file() functions to use streams instead of
low level IO. (Uwe)
+- Fixed bug #32802 (General cookie overrides more specific cookie). (Ilia)
- Fixed bug #32730 (ext/crack.c fails to compile with cracklib-2.8.3). (Jani)
- Fixed bug #32699 (pg_affected_rows() was defined when it was not available).
(Derick)
http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.45.2.9&r2=1.45.2.10&ty=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.9
php-src/main/php_variables.c:1.45.2.10
--- php-src/main/php_variables.c:1.45.2.9 Sat Apr 23 16:34:15 2005
+++ php-src/main/php_variables.c Sun Apr 24 14:10:30 2005
@@ -16,7 +16,7 @@
| Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.45.2.9 2005/04/23 20:34:15 sniper Exp $ */
+/* $Id: php_variables.c,v 1.45.2.10 2005/04/24 18:10:30 iliaa Exp $ */
#include <stdio.h>
#include "php.h"
@@ -63,7 +63,7 @@
char *ip; /* index pointer */
char *index;
int var_len, index_len;
- zval *gpc_element, **gpc_element_p;
+ zval *gpc_element, **gpc_element_p, *tmp;
zend_bool is_array;
HashTable *symtable1=NULL;
@@ -184,9 +184,20 @@
} else {
if (PG(magic_quotes_gpc) && (index!=var)) {
char *escaped_index =
php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
+ /*
+ * According to rfc2965, more specific
paths are listed above the less specific ones.
+ * If we encounter a duplicate cookie
name, we should skip it, since it is not possible
+ * to have the same (plain text) cookie
name for the same path and we should not overwrite
+ * more specific cookies with the less
specific ones.
+ */
+ if (PG(http_globals)[TRACK_VARS_COOKIE]
&& symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) &&
+
zend_hash_find(symtable1, escaped_index, index_len+1, (void **) &tmp) !=
FAILURE) {
+ efree(escaped_index);
+ break;
+ }
zend_hash_update(symtable1,
escaped_index, index_len+1, &gpc_element, sizeof(zval *), (void **)
&gpc_element_p);
efree(escaped_index);
- } else {
+ } else if (!PG(http_globals)[TRACK_VARS_COOKIE]
|| symtable1 != Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) ||
zend_hash_find(symtable1, index, index_len+1, (void **) tmp) == FAILURE) {
zend_hash_update(symtable1, index,
index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
