[PHP-CVS] cvs: php-src(PHP_5_2) / README.UPDATE_5_2

Pierre-Alain Joye Mon, 01 Oct 2007 01:14:15 -0700

pajoye          Mon Oct  1 08:14:03 2007 UTC

  Modified files:              (Branch: PHP_5_2)
    /php-src    README.UPDATE_5_2 
  Log:
  - add notice about glob regression (Lukas)
  
  
http://cvs.php.net/viewvc.cgi/php-src/README.UPDATE_5_2?r1=1.1.2.39&r2=1.1.2.40&diff_format=u
Index: php-src/README.UPDATE_5_2
diff -u php-src/README.UPDATE_5_2:1.1.2.39 php-src/README.UPDATE_5_2:1.1.2.40
--- php-src/README.UPDATE_5_2:1.1.2.39  Sat Jan  6 18:05:02 2007
+++ php-src/README.UPDATE_5_2   Mon Oct  1 08:14:03 2007
@@ -172,6 +172,21 @@
   from your error handler in order to populate $php_errormsg. This allows
   you to fine-grain the levels of the messages stored.
 
+==============================
+Regressions introduced/fixed
+==============================
+
+- In version 5.2.4 a security fix caused a regression for patterns of
+  the form "/foo/*/bar/*". Since version 5.2.5 instead of raising a warning the
+  glob() function will return false when openbase_dir restrictions are 
violated.
+
+  #See http://bugs.php.net/bug.php?id=41655
+
+  The warning that used to be raised looked like something as follows:
+  Warning: glob() [function.glob]: Unable to access /foo/*/bar/* in /foo.php 
on line xxx
+  #See 
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.169&r2=1.170
+
+  The patch can safely be applied to PHP 5.2.4 as well.
 
 ==============================
 Backwards incompatible changes


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) / README.UPDATE_5_2

Reply via email to