tony2001 Fri Nov 24 21:57:31 2006 UTC
Added files:
/php-src/ext/standard/tests/strings bug39621.phpt
Modified files:
/php-src/ext/standard string.c
Log:
fix #39621 (str_replace() is not binary safe on strings with equal length)
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.613&r2=1.614&diff_format=u
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.613 php-src/ext/standard/string.c:1.614
--- php-src/ext/standard/string.c:1.613 Fri Nov 17 16:45:28 2006
+++ php-src/ext/standard/string.c Fri Nov 24 21:57:31 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: string.c,v 1.613 2006/11/17 16:45:28 andrei Exp $ */
+/* $Id: string.c,v 1.614 2006/11/24 21:57:31 tony2001 Exp $ */
/* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
@@ -5150,16 +5150,33 @@
new_str = estrndup(haystack, length);
return new_str;
} else {
- if (case_sensitivity ? strncmp(haystack, needle, length) :
strncasecmp(haystack, needle, length)) {
+ if (case_sensitivity && memcmp(haystack, needle, length)) {
goto nothing_todo;
- } else {
- *_new_length = str_len;
- new_str = estrndup(str, str_len);
- if (replace_count) {
- (*replace_count)++;
+ } else if (!case_sensitivity) {
+ char *l_haystack, *l_needle;
+
+ l_haystack = estrndup(haystack, length);
+ l_needle = estrndup(needle, length);
+
+ php_strtolower(l_haystack, length);
+ php_strtolower(l_needle, length);
+
+ if (memcmp(l_haystack, l_needle, length)) {
+ efree(l_haystack);
+ efree(l_needle);
+ goto nothing_todo;
}
- return new_str;
+ efree(l_haystack);
+ efree(l_needle);
+ }
+
+ *_new_length = str_len;
+ new_str = estrndup(str, str_len);
+
+ if (replace_count) {
+ (*replace_count)++;
}
+ return new_str;
}
}
@@ -5253,7 +5270,7 @@
new_str = eustrndup(haystack, length);
return new_str;
} else {
- if (u_strncmp(haystack, needle, length)) {
+ if (u_memcmp(haystack, needle, length)) {
goto nothing_todo;
} else {
*_new_length = repl_len;
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug39621.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/strings/bug39621.phpt
+++ php-src/ext/standard/tests/strings/bug39621.phpt
--TEST--
Bug #39621 (str_replace() is not binary safe on strings with equal length)
--FILE--
<?php
$search = "qxxx\0qqqqqqqq";
$subject = "qxxx\0xxxxxxxx";
$replace = "any text";
$result = str_replace ( $search, $replace, $subject );
var_dump($result);
$search = "QXXX\0qqqqqqqq";
$subject = "qxxx\0xxxxxxxx";
$replace = "any text";
$result = str_ireplace ( $search, $replace, $subject );
var_dump($result);
$search = "qxxx\0xxxxxxxx";
$subject = "qxxx\0xxxxxxxx";
$replace = "any text";
$result = str_replace ( $search, $replace, $subject );
var_dump($result);
$search = "qXxx\0xXxXxXxx";
$subject = "qxXx\0xxxxxxxx";
$replace = "any text";
$result = str_ireplace ( $search, $replace, $subject );
var_dump($result);
echo "Done\n";
?>
--EXPECTF--
string(13) "qxxx
string(13) "qxxx
string(8) "any text"
string(8) "any text"
Done
--UEXPECTF--
unicode(13) "qxxx
unicode(13) "qxxx
unicode(8) "any text"
unicode(8) "any text"
Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
