iliaa Sun Jan 6 17:12:30 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/curl interface.c
/php-src NEWS
Log:
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.33&r2=1.62.2.14.2.34&diff_format=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.62.2.14.2.33
php-src/ext/curl/interface.c:1.62.2.14.2.34
--- php-src/ext/curl/interface.c:1.62.2.14.2.33 Mon Dec 31 07:20:05 2007
+++ php-src/ext/curl/interface.c Sun Jan 6 17:12:29 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: interface.c,v 1.62.2.14.2.33 2007/12/31 07:20:05 sebastian Exp $ */
+/* $Id: interface.c,v 1.62.2.14.2.34 2008/01/06 17:12:29 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -173,7 +173,7 @@
php_curl_ret(__ret);
\
}
\
\
- if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str
+ len)) { \
+ if (tmp_url->host || !php_memnstr(str, tmp_url->path,
strlen(tmp_url->path), str + len)) { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s'
contains unencoded control characters", str); \
php_url_free(tmp_url);
\
php_curl_ret(__ret);
\
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1046&r2=1.2027.2.547.2.1047&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1046 php-src/NEWS:1.2027.2.547.2.1047
--- php-src/NEWS:1.2027.2.547.2.1046 Wed Jan 2 19:20:15 2008
+++ php-src/NEWS Sun Jan 6 17:12:29 2008
@@ -2,6 +2,8 @@
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2008, PHP 5.2.6
- Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
+- Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
+ (Ilia)
- Fixed bug #43663 (Extending PDO class with a __call() function doesn't
work).
(David Soria Parra)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
