tony2001 Mon Mar 26 10:33:03 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src NEWS
/php-src/main php_variables.c
Log:
fix #40586 (_ENV vars get escaped when magic_quotes_gpc is on)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.215&r2=1.1247.2.920.2.216&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.215 php-src/NEWS:1.1247.2.920.2.216
--- php-src/NEWS:1.1247.2.920.2.215 Mon Mar 26 10:28:28 2007
+++ php-src/NEWS Mon Mar 26 10:33:02 2007
@@ -17,6 +17,7 @@
handle). (Tony)
- Fixed bug #40747 (possible crash in session when save_path is out of
open_basedir). (Tony)
+- Fixed bug #40586 (_ENV vars get escaped when magic_quotes_gpc is on). (Tony)
- Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas)
- Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser) (Stas)
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.7&r2=1.45.2.13.2.8&diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.7
php-src/main/php_variables.c:1.45.2.13.2.8
--- php-src/main/php_variables.c:1.45.2.13.2.7 Mon Jan 1 09:46:50 2007
+++ php-src/main/php_variables.c Mon Mar 26 10:33:03 2007
@@ -16,7 +16,7 @@
| Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.45.2.13.2.7 2007/01/01 09:46:50 sebastian Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.8 2007/03/26 10:33:03 tony2001 Exp $ */
#include <stdio.h>
#include "php.h"
@@ -351,6 +351,8 @@
void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
{
char **env, *p, *t;
+ int magic_quotes_gpc = PG(magic_quotes_gpc);
+ PG(magic_quotes_gpc) = 0;
for (env = environ; env != NULL && *env != NULL; env++) {
p = strchr(*env, '=');
@@ -361,6 +363,7 @@
php_register_variable(t, p+1, array_ptr TSRMLS_CC);
efree(t);
}
+ PG(magic_quotes_gpc) = magic_quotes_gpc;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
