lbarnaud Mon Oct 20 18:45:24 2008 UTC
Added files: (Branch: PHP_5_2)
/php-src/tests/basic bug46313-win.phpt bug46313.phpt
Modified files:
/php-src/main rfc1867.c
/php-src NEWS
Log:
MFB PHP_5_3: Fixed #46313 (Magic quotes broke $_FILES)
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.173.2.1.2.13&r2=1.173.2.1.2.14&diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.173.2.1.2.13
php-src/main/rfc1867.c:1.173.2.1.2.14
--- php-src/main/rfc1867.c:1.173.2.1.2.13 Sun Sep 7 14:18:11 2008
+++ php-src/main/rfc1867.c Mon Oct 20 18:45:23 2008
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: rfc1867.c,v 1.173.2.1.2.13 2008/09/07 14:18:11 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.173.2.1.2.14 2008/10/20 18:45:23 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -788,7 +788,6 @@
int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL;
char **val_list = NULL;
#endif
- zend_bool magic_quotes_gpc;
multipart_buffer *mbuff;
zval *array_ptr = (zval *) arg;
int fd=-1;
@@ -1279,26 +1278,30 @@
}
s = "";
- /* Initialize variables */
- add_protected_variable(param TSRMLS_CC);
+ {
+ /* store temp_filename as-is (without
magic_quotes_gpc-ing it, in case upload_tmp_dir
+ * contains escapeable characters. escape only
the variable name.) */
+ zval zfilename;
- magic_quotes_gpc = PG(magic_quotes_gpc);
- PG(magic_quotes_gpc) = 0;
- /* if param is of form xxx[.*] this will cut it to xxx
*/
- if (!is_anonymous) {
- safe_php_register_variable(param,
temp_filename, strlen(temp_filename), NULL, 1 TSRMLS_CC);
- }
-
- /* Add $foo[tmp_name] */
- if (is_arr_upload) {
- snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf,
array_index);
- } else {
- snprintf(lbuf, llen, "%s[tmp_name]", param);
- }
- add_protected_variable(lbuf TSRMLS_CC);
- register_http_post_files_variable(lbuf, temp_filename,
http_post_files, 1 TSRMLS_CC);
+ /* Initialize variables */
+ add_protected_variable(param TSRMLS_CC);
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ /* if param is of form xxx[.*] this will cut it
to xxx */
+ if (!is_anonymous) {
+ ZVAL_STRING(&zfilename, temp_filename,
1);
+ safe_php_register_variable_ex(param,
&zfilename, NULL, 1 TSRMLS_CC);
+ }
+
+ /* Add $foo[tmp_name] */
+ if (is_arr_upload) {
+ snprintf(lbuf, llen,
"%s[tmp_name][%s]", abuf, array_index);
+ } else {
+ snprintf(lbuf, llen, "%s[tmp_name]",
param);
+ }
+ add_protected_variable(lbuf TSRMLS_CC);
+ ZVAL_STRING(&zfilename, temp_filename, 1);
+ register_http_post_files_variable_ex(lbuf,
&zfilename, http_post_files, 1 TSRMLS_CC);
+ }
{
zval file_size, error_type;
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1265&r2=1.2027.2.547.2.1266&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1265 php-src/NEWS:1.2027.2.547.2.1266
--- php-src/NEWS:1.2027.2.547.2.1265 Mon Oct 20 12:46:57 2008
+++ php-src/NEWS Mon Oct 20 18:45:23 2008
@@ -7,6 +7,7 @@
(Rob)
- Fixed bug #46319 (PHP sets default Content-Type header for HTTP 304
response code, in cgi sapi). (Ilia)
+- Fixed bug #46313 (Magic quotes broke $_FILES). (Arnaud)
- Fixed bug #46308 (Invalid write when changing property from inside getter).
(Dmitry)
- Fixed bug #46292 (PDO::setFetchMode() shouldn't requires the 2nd arg when
http://cvs.php.net/viewvc.cgi/php-src/tests/basic/bug46313-win.phpt?view=markup&rev=1.1
Index: php-src/tests/basic/bug46313-win.phpt
+++ php-src/tests/basic/bug46313-win.phpt
http://cvs.php.net/viewvc.cgi/php-src/tests/basic/bug46313.phpt?view=markup&rev=1.1
Index: php-src/tests/basic/bug46313.phpt
+++ php-src/tests/basic/bug46313.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
