Commit: 29300b1f9dab068d477b241d8fd872e3a7c829b3 Author: Rasmus Lerdorf <ras...@php.net> Thu, 3 May 2012 15:51:52 +0200 Committer: Johannes Schlüter <johan...@php.net> Thu, 3 May 2012 15:51:52 +0200 Parents: 704bbb3263d0ec9a6b4a767bbc516e55388f4b0e Branches: PHP-5.3.12
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=29300b1f9dab068d477b241d8fd872e3a7c829b3 Log: Fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index dfd77e4..bb37aba 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -70,6 +70,7 @@ #include "php_main.h" #include "fopen_wrappers.h" #include "ext/standard/php_standard.h" +#include "ext/standard/url.h" #ifdef PHP_WIN32 # include <io.h> @@ -1507,6 +1508,9 @@ int main(int argc, char *argv[]) #ifndef PHP_WIN32 int status = 0; #endif + char *query_string; + char *decoded_query_string; + int skip_getopt = 0; #if 0 && defined(PHP_DEBUG) /* IIS is always making things more difficult. This allows @@ -1556,7 +1560,16 @@ int main(int argc, char *argv[]) } } - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { + if(query_string = getenv("QUERY_STRING")) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); + if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); + } + + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { switch (c) { case 'c': if (cgi_sapi_module.php_ini_path_override) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
