[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/mbstring mbstring.c

Sun, 18 Mar 2007 09:20:37 -0800 

iliaa           Sun Mar 18 17:19:30 2007 UTC

  Modified files:              (Branch: PHP_4_4)
    /php-src/ext/mbstring       mbstring.c 
    /php-src    NEWS 
  Log:
  MFB:  Fixed MOPB-26-2007 mb_parse_str() can be used to activate
  register_globals
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.142.2.47.2.19&r2=1.142.2.47.2.20&diff_format=u
Index: php-src/ext/mbstring/mbstring.c
diff -u php-src/ext/mbstring/mbstring.c:1.142.2.47.2.19 
php-src/ext/mbstring/mbstring.c:1.142.2.47.2.20
--- php-src/ext/mbstring/mbstring.c:1.142.2.47.2.19     Thu Dec 21 17:28:57 2006
+++ php-src/ext/mbstring/mbstring.c     Sun Mar 18 17:19:30 2007
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: mbstring.c,v 1.142.2.47.2.19 2006/12/21 17:28:57 masugata Exp $ */
+/* $Id: mbstring.c,v 1.142.2.47.2.20 2007/03/18 17:19:30 iliaa Exp $ */
 
 /*
  * PHP4 Multibyte String module "mbstring"
@@ -1954,9 +1954,9 @@
        string.no_encoding = from_encoding;
        old_rg = PG(register_globals);
        if (argc == 1) {
-               PG(register_globals) = 1;
+               zend_alter_ini_entry("register_globals", 
sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, 
PHP_INI_STAGE_RUNTIME);
        } else {
-               PG(register_globals) = 0;
+               zend_alter_ini_entry("register_globals", 
sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, 
PHP_INI_STAGE_RUNTIME);
        }
        n = 0;
        while (n < num) {
@@ -1985,7 +1985,11 @@
                mbfl_string_clear(&resvar);
                mbfl_string_clear(&resval);
        }
-       PG(register_globals) = old_rg;
+       if (old_rg) {
+               zend_alter_ini_entry("register_globals", 
sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, 
PHP_INI_STAGE_RUNTIME);
+       } else {
+               zend_alter_ini_entry("register_globals", 
sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, 
PHP_INI_STAGE_RUNTIME);
+       }
 
        if (convd != NULL) {
                MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.212&r2=1.1247.2.920.2.213&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.212 php-src/NEWS:1.1247.2.920.2.213
--- php-src/NEWS:1.1247.2.920.2.212     Fri Mar 16 21:48:08 2007
+++ php-src/NEWS        Sun Mar 18 17:19:30 2007
@@ -5,6 +5,8 @@
   compress.bzip2 wraper. (Ilia)
 - Fixed MOPB-22-2007 PHP session_regenerate_id() Double Free Vulnerability.
   (Ilia)
+- Fixed MOPB-26-2007 mb_parse_str() can be used to activate
+  register_globals. (Ilia)
 - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre)
 - Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf
   function) (Kees Cook, Pierre)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to