iliaa Sun Jan 6 17:12:30 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/curl interface.c /php-src NEWS Log: Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. http://cvs.php.net/viewvc.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.33&r2=1.62.2.14.2.34&diff_format=u Index: php-src/ext/curl/interface.c diff -u php-src/ext/curl/interface.c:1.62.2.14.2.33 php-src/ext/curl/interface.c:1.62.2.14.2.34 --- php-src/ext/curl/interface.c:1.62.2.14.2.33 Mon Dec 31 07:20:05 2007 +++ php-src/ext/curl/interface.c Sun Jan 6 17:12:29 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: interface.c,v 1.62.2.14.2.33 2007/12/31 07:20:05 sebastian Exp $ */ +/* $Id: interface.c,v 1.62.2.14.2.34 2008/01/06 17:12:29 iliaa Exp $ */ #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS @@ -173,7 +173,7 @@ php_curl_ret(__ret); \ } \ \ - if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ + if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str); \ php_url_free(tmp_url); \ php_curl_ret(__ret); \ http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1046&r2=1.2027.2.547.2.1047&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.1046 php-src/NEWS:1.2027.2.547.2.1047 --- php-src/NEWS:1.2027.2.547.2.1046 Wed Jan 2 19:20:15 2008 +++ php-src/NEWS Sun Jan 6 17:12:29 2008 @@ -2,6 +2,8 @@ ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2008, PHP 5.2.6 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson) +- Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. + (Ilia) - Fixed bug #43663 (Extending PDO class with a __call() function doesn't work). (David Soria Parra)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php