[PHP-CVS-DAILY] cvs: php-src / ChangeLog
changelog Tue Mar 27 01:31:12 2007 UTC Modified files: /php-srcChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/php-src/ChangeLog?r1=1.2641r2=1.2642diff_format=u Index: php-src/ChangeLog diff -u php-src/ChangeLog:1.2641 php-src/ChangeLog:1.2642 --- php-src/ChangeLog:1.2641Mon Mar 26 01:30:58 2007 +++ php-src/ChangeLog Tue Mar 27 01:31:12 2007 @@ -1,3 +1,57 @@ +2007-03-26 Rob Richards [EMAIL PROTECTED] + +* (PHP_5_2) + NEWS: + BFN + +* ext/simplexml/simplexml.c + ext/simplexml/tests/bug37386.phpt: + MFB: fix bug #37386 (autocreating element doesn't assign value to first + node) + all single SimpleXMLElements are addressable using offset 0 + use correct node for xpath context node + add test + +* (PHP_5_2) + ext/simplexml/simplexml.c + ext/simplexml/tests/bug37386.phpt + ext/simplexml/tests/bug37386.phpt: + fix bug #37386 (autocreating element doesn't assign value to first node) + all single SimpleXMLElements are addressable using offset 0 + use correct node for xpath context node + add test + +2007-03-26 Antony Dovgal [EMAIL PROTECTED] + +* (PHP_4_4) + NEWS + main/php_variables.c: + revert by request of Derick + +* (PHP_4_4) + NEWS + main/php_variables.c: + fix #40586 (_ENV vars get escaped when magic_quotes_gpc is on) + +* (PHP_4_4) + NEWS + NEWS + ext/standard/string.c + ext/standard/string.c + ext/standard/tests/strings/bug40915.phpt: + MFH: fix #40915 (addcslashes unexpected behavior with binary input) + +* ext/standard/tests/strings/bug40915.phpt + ext/standard/tests/strings/bug40915.phpt: + + fix #40915 (addcslashes unexpected behavior with binary input) + +* ext/standard/string.c: + fix #40915 (addcslashes unexpected behavior with binary input) + +* ext/ftp/ftp.c: + MFB + 2007-03-25 Ilia Alshanetsky [EMAIL PROTECTED] * (PHP_4_4)
[PHP-CVS] cvs: php-src /ext/ftp ftp.c
tony2001Mon Mar 26 08:02:36 2007 UTC
Modified files:
/php-src/ext/ftpftp.c
Log:
MFB
http://cvs.php.net/viewvc.cgi/php-src/ext/ftp/ftp.c?r1=1.122r2=1.123diff_format=u
Index: php-src/ext/ftp/ftp.c
diff -u php-src/ext/ftp/ftp.c:1.122 php-src/ext/ftp/ftp.c:1.123
--- php-src/ext/ftp/ftp.c:1.122 Sat Feb 24 16:25:53 2007
+++ php-src/ext/ftp/ftp.c Mon Mar 26 08:02:36 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: ftp.c,v 1.122 2007/02/24 16:25:53 helly Exp $ */
+/* $Id: ftp.c,v 1.123 2007/03/26 08:02:36 tony2001 Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -1096,12 +1096,18 @@
int size;
char*data;
+ if (strpbrk(cmd, \r\n)) {
+ return 0;
+ }
/* build the output buffer */
if (args args[0]) {
/* cmd args\r\n\0 */
if (strlen(cmd) + strlen(args) + 4 FTP_BUFSIZE) {
return 0;
}
+ if (strpbrk(args, \r\n)) {
+ return 0;
+ }
size = snprintf(ftp-outbuf, sizeof(ftp-outbuf), %s %s\r\n,
cmd, args);
} else {
/* cmd\r\n\0 */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard string.c /ext/standard/tests/strings bug40915.phpt
tony2001Mon Mar 26 10:23:50 2007 UTC Added files: /php-src/ext/standard/tests/strings bug40915.phpt Modified files: /php-src/ext/standard string.c Log: fix #40915 (addcslashes unexpected behavior with binary input) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.632r2=1.633diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.632 php-src/ext/standard/string.c:1.633 --- php-src/ext/standard/string.c:1.632 Sat Feb 24 16:25:55 2007 +++ php-src/ext/standard/string.c Mon Mar 26 10:23:49 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.632 2007/02/24 16:25:55 helly Exp $ */ +/* $Id: string.c,v 1.633 2007/03/26 10:23:49 tony2001 Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -4555,8 +4555,8 @@ RETURN_STRINGL(str, str_len, 1); } - RETURN_STRING(php_addcslashes(str, str_len, Z_STRLEN_P(return_value), 0, - what, what_len TSRMLS_CC), 0); + Z_STRVAL_P(return_value) = php_addcslashes(str, str_len, Z_STRLEN_P(return_value), 0, what, what_len TSRMLS_CC); + RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0); } /* }}} */ http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug40915.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/strings/bug40915.phpt +++ php-src/ext/standard/tests/strings/bug40915.phpt --TEST-- Bug #40915 (addcslashes unexpected behavior with binary input) --FILE-- ?php $str = (binary)a\000z; var_dump(addslashes($str)); var_dump(addcslashes($str, (binary))); var_dump(addcslashes($str, (binary)\000z)); var_dump(addcslashes( $str, (binary)z)); echo Done\n; ? --EXPECTF-- string(4) a\0z string(3) a string(7) a\000\z string(4) a Done --UEXPECTF-- unicode(4) a\0z string(3) a string(7) a\000\z string(4) a Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard string.c /ext/standard/tests/strings bug40915.phpt
tony2001Mon Mar 26 10:25:42 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/strings bug40915.phpt Modified files: /php-srcNEWS /php-src/ext/standard string.c Log: MFH: fix #40915 (addcslashes unexpected behavior with binary input) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.612r2=1.2027.2.547.2.613diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.612 php-src/NEWS:1.2027.2.547.2.613 --- php-src/NEWS:1.2027.2.547.2.612 Fri Mar 23 20:22:52 2007 +++ php-src/NEWSMon Mar 26 10:25:41 2007 @@ -35,6 +35,7 @@ - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) +- Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony) - Fixed bug #40899 (memory leak when nesting list()). (Dmitry) - Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony) - Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.53r2=1.445.2.14.2.54diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.445.2.14.2.53 php-src/ext/standard/string.c:1.445.2.14.2.54 --- php-src/ext/standard/string.c:1.445.2.14.2.53 Mon Mar 12 23:42:26 2007 +++ php-src/ext/standard/string.c Mon Mar 26 10:25:41 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.445.2.14.2.53 2007/03/12 23:42:26 tony2001 Exp $ */ +/* $Id: string.c,v 1.445.2.14.2.54 2007/03/26 10:25:41 tony2001 Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -2858,11 +2858,8 @@ RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1); } - RETURN_STRING(php_addcslashes(Z_STRVAL_PP(str), - Z_STRLEN_PP(str), - Z_STRLEN_P(return_value), 0, - Z_STRVAL_PP(what), - Z_STRLEN_PP(what) TSRMLS_CC), 0); + Z_STRVAL_P(return_value) = php_addcslashes(Z_STRVAL_PP(str), Z_STRLEN_PP(str), Z_STRLEN_P(return_value), 0, Z_STRVAL_PP(what), Z_STRLEN_PP(what) TSRMLS_CC); + RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0); } /* }}} */ http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug40915.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/strings/bug40915.phpt +++ php-src/ext/standard/tests/strings/bug40915.phpt --TEST-- Bug #40915 (addcslashes unexpected behavior with binary input) --FILE-- ?php $str = (binary)a\000z; var_dump(addslashes($str)); var_dump(addcslashes($str, (binary))); var_dump(addcslashes($str, (binary)\000z)); var_dump(addcslashes( $str, (binary)z)); echo Done\n; ? --EXPECTF-- string(4) a\0z string(3) a string(7) a\000\z string(4) a Done --UEXPECTF-- unicode(4) a\0z string(3) a string(7) a\000\z string(4) a Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard string.c
tony2001Mon Mar 26 10:28:29 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/standard string.c Log: MFH: fix #40915 (addcslashes unexpected behavior with binary input) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.214r2=1.1247.2.920.2.215diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.214 php-src/NEWS:1.1247.2.920.2.215 --- php-src/NEWS:1.1247.2.920.2.214 Sun Mar 25 15:27:51 2007 +++ php-src/NEWSMon Mar 26 10:28:28 2007 @@ -12,6 +12,7 @@ - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) - Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf function) (Kees Cook, Pierre) +- Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony) - Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused handle). (Tony) - Fixed bug #40747 (possible crash in session when save_path is out of http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.333.2.52.2.10r2=1.333.2.52.2.11diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.333.2.52.2.10 php-src/ext/standard/string.c:1.333.2.52.2.11 --- php-src/ext/standard/string.c:1.333.2.52.2.10 Thu Feb 15 09:31:01 2007 +++ php-src/ext/standard/string.c Mon Mar 26 10:28:28 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.333.2.52.2.10 2007/02/15 09:31:01 tony2001 Exp $ */ +/* $Id: string.c,v 1.333.2.52.2.11 2007/03/26 10:28:28 tony2001 Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -2220,11 +2220,8 @@ RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1); } - RETURN_STRING(php_addcslashes(Z_STRVAL_PP(str), - Z_STRLEN_PP(str), - Z_STRLEN_P(return_value), 0, - Z_STRVAL_PP(what), - Z_STRLEN_PP(what) TSRMLS_CC), 0); + Z_STRVAL_P(return_value) = php_addcslashes(Z_STRVAL_PP(str), Z_STRLEN_PP(str), Z_STRLEN_P(return_value), 0, Z_STRVAL_PP(what), Z_STRLEN_PP(what) TSRMLS_CC); + RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /main php_variables.c
tony2001Mon Mar 26 10:33:03 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/main php_variables.c
Log:
fix #40586 (_ENV vars get escaped when magic_quotes_gpc is on)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.215r2=1.1247.2.920.2.216diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.215 php-src/NEWS:1.1247.2.920.2.216
--- php-src/NEWS:1.1247.2.920.2.215 Mon Mar 26 10:28:28 2007
+++ php-src/NEWSMon Mar 26 10:33:02 2007
@@ -17,6 +17,7 @@
handle). (Tony)
- Fixed bug #40747 (possible crash in session when save_path is out of
open_basedir). (Tony)
+- Fixed bug #40586 (_ENV vars get escaped when magic_quotes_gpc is on). (Tony)
- Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas)
- Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser) (Stas)
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.7r2=1.45.2.13.2.8diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.7
php-src/main/php_variables.c:1.45.2.13.2.8
--- php-src/main/php_variables.c:1.45.2.13.2.7 Mon Jan 1 09:46:50 2007
+++ php-src/main/php_variables.cMon Mar 26 10:33:03 2007
@@ -16,7 +16,7 @@
| Zeev Suraski [EMAIL PROTECTED]|
+--+
*/
-/* $Id: php_variables.c,v 1.45.2.13.2.7 2007/01/01 09:46:50 sebastian Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.8 2007/03/26 10:33:03 tony2001 Exp $ */
#include stdio.h
#include php.h
@@ -351,6 +351,8 @@
void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
{
char **env, *p, *t;
+ int magic_quotes_gpc = PG(magic_quotes_gpc);
+ PG(magic_quotes_gpc) = 0;
for (env = environ; env != NULL *env != NULL; env++) {
p = strchr(*env, '=');
@@ -361,6 +363,7 @@
php_register_variable(t, p+1, array_ptr TSRMLS_CC);
efree(t);
}
+ PG(magic_quotes_gpc) = magic_quotes_gpc;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /main php_variables.c
tony2001Mon Mar 26 11:19:37 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-srcNEWS
/php-src/main php_variables.c
Log:
revert by request of Derick
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.216r2=1.1247.2.920.2.217diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.216 php-src/NEWS:1.1247.2.920.2.217
--- php-src/NEWS:1.1247.2.920.2.216 Mon Mar 26 10:33:02 2007
+++ php-src/NEWSMon Mar 26 11:19:37 2007
@@ -17,7 +17,6 @@
handle). (Tony)
- Fixed bug #40747 (possible crash in session when save_path is out of
open_basedir). (Tony)
-- Fixed bug #40586 (_ENV vars get escaped when magic_quotes_gpc is on). (Tony)
- Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas)
- Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser) (Stas)
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.8r2=1.45.2.13.2.9diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.8
php-src/main/php_variables.c:1.45.2.13.2.9
--- php-src/main/php_variables.c:1.45.2.13.2.8 Mon Mar 26 10:33:03 2007
+++ php-src/main/php_variables.cMon Mar 26 11:19:37 2007
@@ -16,7 +16,7 @@
| Zeev Suraski [EMAIL PROTECTED]|
+--+
*/
-/* $Id: php_variables.c,v 1.45.2.13.2.8 2007/03/26 10:33:03 tony2001 Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.9 2007/03/26 11:19:37 tony2001 Exp $ */
#include stdio.h
#include php.h
@@ -351,8 +351,6 @@
void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
{
char **env, *p, *t;
- int magic_quotes_gpc = PG(magic_quotes_gpc);
- PG(magic_quotes_gpc) = 0;
for (env = environ; env != NULL *env != NULL; env++) {
p = strchr(*env, '=');
@@ -363,7 +361,6 @@
php_register_variable(t, p+1, array_ptr TSRMLS_CC);
efree(t);
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/simplexml simplexml.c /ext/simplexml/tests bug37386.phpt
rrichards Mon Mar 26 20:14:58 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/simplexml/testsbug37386.phpt
Modified files:
/php-src/ext/simplexml simplexml.c
Log:
fix bug #37386 (autocreating element doesn't assign value to first node)
all single SimpleXMLElements are addressable using offset 0
use correct node for xpath context node
add test
http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/simplexml.c?r1=1.151.2.22.2.23r2=1.151.2.22.2.24diff_format=u
Index: php-src/ext/simplexml/simplexml.c
diff -u php-src/ext/simplexml/simplexml.c:1.151.2.22.2.23
php-src/ext/simplexml/simplexml.c:1.151.2.22.2.24
--- php-src/ext/simplexml/simplexml.c:1.151.2.22.2.23 Tue Feb 20 14:08:43 2007
+++ php-src/ext/simplexml/simplexml.c Mon Mar 26 20:14:58 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: simplexml.c,v 1.151.2.22.2.23 2007/02/20 14:08:43 tony2001 Exp $ */
+/* $Id: simplexml.c,v 1.151.2.22.2.24 2007/03/26 20:14:58 rrichards Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -138,7 +138,14 @@
long nodendx = 0;
if (sxe-iter.type == SXE_ITER_NONE) {
- return NULL;
+ if (offset == 0) {
+ if (cnt) {
+ *cnt = 0;
+ }
+ return node;
+ } else {
+ return NULL;
+ }
}
while (node nodendx = offset) {
SKIP_TEXT(node)
@@ -429,7 +436,7 @@
int nodendx = 0;
int test = 0;
int new_value = 0;
- longcnt;
+ longcnt = 0;
zvaltmp_zv, trim_zv, value_copy;
if (!member) {
@@ -1122,9 +1129,11 @@
php_libxml_increment_node_ptr((php_libxml_node_object *)sxe,
xmlDocGetRootElement((xmlDocPtr) sxe-document-ptr), NULL TSRMLS_CC);
}
- sxe-xpath-node = sxe-node-node;
+ nodeptr = php_sxe_get_first_node(sxe, sxe-node-node TSRMLS_CC);
+
+ sxe-xpath-node = nodeptr;
- ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, (xmlNodePtr)
sxe-node-node);
+ ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, nodeptr);
if (ns != NULL) {
while (ns[nsnbr] != NULL) {
nsnbr++;
@@ -2359,7 +2368,7 @@
{
php_info_print_table_start();
php_info_print_table_header(2, Simplexml support, enabled);
- php_info_print_table_row(2, Revision, $Revision: 1.151.2.22.2.23 $);
+ php_info_print_table_row(2, Revision, $Revision: 1.151.2.22.2.24 $);
php_info_print_table_row(2, Schema support,
#ifdef LIBXML_SCHEMAS_ENABLED
enabled);
http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/tests/bug37386.phpt?view=markuprev=1.1
Index: php-src/ext/simplexml/tests/bug37386.phpt
+++ php-src/ext/simplexml/tests/bug37386.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/simplexml simplexml.c /ext/simplexml/tests bug37386.phpt
rrichards Mon Mar 26 20:16:16 2007 UTC
Modified files:
/php-src/ext/simplexml simplexml.c
/php-src/ext/simplexml/testsbug37386.phpt
Log:
MFB: fix bug #37386 (autocreating element doesn't assign value to first node)
all single SimpleXMLElements are addressable using offset 0
use correct node for xpath context node
add test
http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/simplexml.c?r1=1.230r2=1.231diff_format=u
Index: php-src/ext/simplexml/simplexml.c
diff -u php-src/ext/simplexml/simplexml.c:1.230
php-src/ext/simplexml/simplexml.c:1.231
--- php-src/ext/simplexml/simplexml.c:1.230 Tue Feb 20 14:04:59 2007
+++ php-src/ext/simplexml/simplexml.c Mon Mar 26 20:16:15 2007
@@ -18,7 +18,7 @@
+--+
*/
-/* $Id: simplexml.c,v 1.230 2007/02/20 14:04:59 tony2001 Exp $ */
+/* $Id: simplexml.c,v 1.231 2007/03/26 20:16:15 rrichards Exp $ */
#ifdef HAVE_CONFIG_H
#include config.h
@@ -138,7 +138,14 @@
long nodendx = 0;
if (sxe-iter.type == SXE_ITER_NONE) {
- return NULL;
+ if (offset == 0) {
+ if (cnt) {
+ *cnt = 0;
+ }
+ return node;
+ } else {
+ return NULL;
+ }
}
while (node nodendx = offset) {
SKIP_TEXT(node)
@@ -430,7 +437,7 @@
int nodendx = 0;
int test = 0;
int new_value = 0;
- longcnt;
+ longcnt = 0;
zvaltmp_zv, trim_zv, value_copy;
if (!member) {
@@ -1158,9 +1165,11 @@
php_libxml_increment_node_ptr((php_libxml_node_object *)sxe,
xmlDocGetRootElement((xmlDocPtr) sxe-document-ptr), NULL TSRMLS_CC);
}
- sxe-xpath-node = sxe-node-node;
+ nodeptr = php_sxe_get_first_node(sxe, sxe-node-node TSRMLS_CC);
+
+ sxe-xpath-node = nodeptr;
- ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, (xmlNodePtr)
sxe-node-node);
+ ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, nodeptr);
if (ns != NULL) {
while (ns[nsnbr] != NULL) {
nsnbr++;
@@ -2416,7 +2425,7 @@
{
php_info_print_table_start();
php_info_print_table_header(2, Simplexml support, enabled);
- php_info_print_table_row(2, Revision, $Revision: 1.230 $);
+ php_info_print_table_row(2, Revision, $Revision: 1.231 $);
php_info_print_table_row(2, Schema support,
#ifdef LIBXML_SCHEMAS_ENABLED
enabled);
http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/tests/bug37386.phpt?r1=1.1r2=1.2diff_format=u
Index: php-src/ext/simplexml/tests/bug37386.phpt
diff -u /dev/null php-src/ext/simplexml/tests/bug37386.phpt:1.2
--- /dev/null Mon Mar 26 20:16:16 2007
+++ php-src/ext/simplexml/tests/bug37386.phpt Mon Mar 26 20:16:16 2007
@@ -0,0 +1,25 @@
+--TEST--
+Bug #39760 (autocreating element doesn't assign value to first node)
+--SKIPIF--
+?php if (!extension_loaded(simplexml)) print skip simplexml extension is
not loaded; ?
+--FILE--
+?php
+
+$sx1 = new SimpleXMLElement((binary)root /);
+
+$sx1-node[0] = 'node1';
+$sx1-node[1] = 'node2';
+
+print $sx1-asXML().\n;
+$node = $sx1-node[0];
+$node[0] = 'New Value';
+
+print $sx1-asXML();
+
+?
+--EXPECTF--
+?xml version=1.0?
+rootnodenode1/nodenodenode2/node/root
+
+?xml version=1.0?
+rootnodeNew Value/nodenodenode2/node/root
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
rrichards Mon Mar 26 20:17:31 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: BFN http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.613r2=1.2027.2.547.2.614diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.613 php-src/NEWS:1.2027.2.547.2.614 --- php-src/NEWS:1.2027.2.547.2.613 Mon Mar 26 10:25:41 2007 +++ php-src/NEWSMon Mar 26 20:17:30 2007 @@ -133,6 +133,8 @@ - Fixed crash on op-assign where argument is string offset (Brian, Stas) - Fixed bug #38710 (data leakage because of nonexisting boundary checking in statements in mysqli) (Stas) +- Fixed bug #37386 (autocreating element doesn't assign value to first node). + (Rob) - Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas) - Fixed wrong length calculation in unserialize S type -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard mail.c
iliaa Tue Mar 27 00:13:09 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/standard mail.c
Log:
Fixed MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.87.2.1.2.2r2=1.87.2.1.2.3diff_format=u
Index: php-src/ext/standard/mail.c
diff -u php-src/ext/standard/mail.c:1.87.2.1.2.2
php-src/ext/standard/mail.c:1.87.2.1.2.3
--- php-src/ext/standard/mail.c:1.87.2.1.2.2Thu Jan 25 00:26:51 2007
+++ php-src/ext/standard/mail.c Tue Mar 27 00:13:09 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: mail.c,v 1.87.2.1.2.2 2007/01/25 00:26:51 iliaa Exp $ */
+/* $Id: mail.c,v 1.87.2.1.2.3 2007/03/27 00:13:09 iliaa Exp $ */
#include stdlib.h
#include ctype.h
@@ -55,6 +55,14 @@
continue;
\
}
\
+#define MAIL_ASCIIZ_CHECK(str, len)\
+ p = str;\
+ e = p + len;\
+ while (p = memchr(p, '\0', (e - p))) { \
+ *p = ' '; \
+ } \
+
+
/* {{{ proto int ezmlm_hash(string addr)
Calculate EZMLM list hash value. */
PHP_FUNCTION(ezmlm_hash)
@@ -88,6 +96,7 @@
int subject_len, extra_cmd_len, i;
char *force_extra_parameters = INI_STR(mail.force_extra_parameters);
char *to_r, *subject_r;
+ char *p, *e;
if (PG(safe_mode) (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, SAFE MODE
Restriction in effect. The fifth parameter is disabled in SAFE MODE.);
@@ -104,6 +113,17 @@
return;
}
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK(to, to_len);
+ MAIL_ASCIIZ_CHECK(subject, subject_len);
+ MAIL_ASCIIZ_CHECK(message, message_len);
+ if (headers) {
+ MAIL_ASCIIZ_CHECK(headers, headers_len);
+ }
+ if (extra_cmd) {
+ MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
+ }
+
if (to_len 0) {
to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
@@ -150,7 +170,7 @@
} else if (extra_cmd) {
extra_cmd = php_escape_shell_cmd(extra_cmd);
}
-
+
if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) {
RETVAL_TRUE;
} else {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard mail.c
iliaa Tue Mar 27 00:14:17 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/standard mail.c
/php-srcNEWS
Log:
MFB: MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.66.2.12.4.3r2=1.66.2.12.4.4diff_format=u
Index: php-src/ext/standard/mail.c
diff -u php-src/ext/standard/mail.c:1.66.2.12.4.3
php-src/ext/standard/mail.c:1.66.2.12.4.4
--- php-src/ext/standard/mail.c:1.66.2.12.4.3 Mon Jan 1 09:46:48 2007
+++ php-src/ext/standard/mail.c Tue Mar 27 00:14:16 2007
@@ -16,7 +16,7 @@
+--+
*/
-/* $Id: mail.c,v 1.66.2.12.4.3 2007/01/01 09:46:48 sebastian Exp $ */
+/* $Id: mail.c,v 1.66.2.12.4.4 2007/03/27 00:14:16 iliaa Exp $ */
#include stdlib.h
#include ctype.h
@@ -55,6 +55,14 @@
continue;
\
}
\
+#define MAIL_ASCIIZ_CHECK(str, len)\
+ p = str;\
+ e = p + len;\
+ while (p = memchr(p, '\0', (e - p))) { \
+ *p = ' '; \
+ } \
+
+
/* {{{ proto int ezmlm_hash(string addr)
Calculate EZMLM list hash value. */
PHP_FUNCTION(ezmlm_hash)
@@ -87,6 +95,7 @@
int to_len, message_len, headers_len;
int subject_len, extra_cmd_len, i;
char *to_r, *subject_r;
+ char *p, *e;
if (PG(safe_mode) (ZEND_NUM_ARGS() == 5)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, SAFE MODE
Restriction in effect. The fifth parameter is disabled in SAFE MODE.);
@@ -103,6 +112,17 @@
return;
}
+ /* ASCIIZ check */
+ MAIL_ASCIIZ_CHECK(to, to_len);
+ MAIL_ASCIIZ_CHECK(subject, subject_len);
+ MAIL_ASCIIZ_CHECK(message, message_len);
+ if (headers) {
+ MAIL_ASCIIZ_CHECK(headers, headers_len);
+ }
+ if (extra_cmd) {
+ MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len);
+ }
+
if (to_len 0) {
to_r = estrndup(to, to_len);
for (; to_len; to_len--) {
@@ -147,7 +167,7 @@
if (extra_cmd) {
extra_cmd = php_escape_shell_cmd(extra_cmd);
}
-
+
if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) {
RETVAL_TRUE;
} else {
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.217r2=1.1247.2.920.2.218diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.217 php-src/NEWS:1.1247.2.920.2.218
--- php-src/NEWS:1.1247.2.920.2.217 Mon Mar 26 11:19:37 2007
+++ php-src/NEWSTue Mar 27 00:14:16 2007
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||
?? ??? 2007, Version 4.4.7
+- Fixed MOPB-33-2007 PHP mail() Message ASCIIZ Byte Truncation. (Ilia)
- Fixed CRLF injection inside ftp_putcmd(). (Ilia)
- Fixed MOPB-32-2007 (Double free inside session_decode()). (Ilia)
- Fixed MOPB-21-2007 An open_basedir/safe_mode bypass inside the
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
