Commit: 004941af15674eeb5d12b8459b8ff50c25758150 Author: Rasmus Lerdorf <ras...@php.net> Thu, 3 May 2012 15:51:52 +0200 Committer: Stanislav Malyshev <s...@php.net> Mon, 7 May 2012 12:06:45 -0700 Parents: 72507d38fb6701471053ef6bee65dfbe63184ec9 Branches: master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=004941af15674eeb5d12b8459b8ff50c25758150 Log: Fix for CVE-2012-1823 Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 56c736f..760ad66 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -70,6 +70,7 @@ #include "php_main.h" #include "fopen_wrappers.h" #include "ext/standard/php_standard.h" +#include "ext/standard/url.h" #ifdef PHP_WIN32 # include <io.h> @@ -1508,6 +1509,9 @@ int main(int argc, char *argv[]) #ifndef PHP_WIN32 int status = 0; #endif + char *query_string; + char *decoded_query_string; + int skip_getopt = 0; #if 0 && defined(PHP_DEBUG) /* IIS is always making things more difficult. This allows @@ -1557,7 +1561,16 @@ int main(int argc, char *argv[]) } } - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { + if(query_string = getenv("QUERY_STRING")) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); + if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); + } + + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { switch (c) { case 'c': if (cgi_sapi_module.php_ini_path_override) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
