iliaa Sun Jan 6 17:12:44 2008 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/curl interface.c Log: MFB: Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. http://cvs.php.net/viewvc.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.27.2.7&r2=1.62.2.14.2.27.2.8&diff_format=u Index: php-src/ext/curl/interface.c diff -u php-src/ext/curl/interface.c:1.62.2.14.2.27.2.7 php-src/ext/curl/interface.c:1.62.2.14.2.27.2.8 --- php-src/ext/curl/interface.c:1.62.2.14.2.27.2.7 Mon Dec 31 07:17:06 2007 +++ php-src/ext/curl/interface.c Sun Jan 6 17:12:44 2008 @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: interface.c,v 1.62.2.14.2.27.2.7 2007/12/31 07:17:06 sebastian Exp $ */ +/* $Id: interface.c,v 1.62.2.14.2.27.2.8 2008/01/06 17:12:44 iliaa Exp $ */ #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS @@ -173,7 +173,7 @@ php_curl_ret(__ret); \ } \ \ - if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ + if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str); \ php_url_free(tmp_url); \ php_curl_ret(__ret); \
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php