[PHP-CVS-DAILY] cvs: php-src / ChangeLog
changelog Tue Mar 27 01:31:12 2007 UTC Modified files: /php-srcChangeLog Log: ChangeLog update http://cvs.php.net/viewvc.cgi/php-src/ChangeLog?r1=1.2641r2=1.2642diff_format=u Index: php-src/ChangeLog diff -u php-src/ChangeLog:1.2641 php-src/ChangeLog:1.2642 --- php-src/ChangeLog:1.2641Mon Mar 26 01:30:58 2007 +++ php-src/ChangeLog Tue Mar 27 01:31:12 2007 @@ -1,3 +1,57 @@ +2007-03-26 Rob Richards [EMAIL PROTECTED] + +* (PHP_5_2) + NEWS: + BFN + +* ext/simplexml/simplexml.c + ext/simplexml/tests/bug37386.phpt: + MFB: fix bug #37386 (autocreating element doesn't assign value to first + node) + all single SimpleXMLElements are addressable using offset 0 + use correct node for xpath context node + add test + +* (PHP_5_2) + ext/simplexml/simplexml.c + ext/simplexml/tests/bug37386.phpt + ext/simplexml/tests/bug37386.phpt: + fix bug #37386 (autocreating element doesn't assign value to first node) + all single SimpleXMLElements are addressable using offset 0 + use correct node for xpath context node + add test + +2007-03-26 Antony Dovgal [EMAIL PROTECTED] + +* (PHP_4_4) + NEWS + main/php_variables.c: + revert by request of Derick + +* (PHP_4_4) + NEWS + main/php_variables.c: + fix #40586 (_ENV vars get escaped when magic_quotes_gpc is on) + +* (PHP_4_4) + NEWS + NEWS + ext/standard/string.c + ext/standard/string.c + ext/standard/tests/strings/bug40915.phpt: + MFH: fix #40915 (addcslashes unexpected behavior with binary input) + +* ext/standard/tests/strings/bug40915.phpt + ext/standard/tests/strings/bug40915.phpt: + + fix #40915 (addcslashes unexpected behavior with binary input) + +* ext/standard/string.c: + fix #40915 (addcslashes unexpected behavior with binary input) + +* ext/ftp/ftp.c: + MFB + 2007-03-25 Ilia Alshanetsky [EMAIL PROTECTED] * (PHP_4_4)
[PHP-CVS] cvs: php-src /ext/ftp ftp.c
tony2001Mon Mar 26 08:02:36 2007 UTC Modified files: /php-src/ext/ftpftp.c Log: MFB http://cvs.php.net/viewvc.cgi/php-src/ext/ftp/ftp.c?r1=1.122r2=1.123diff_format=u Index: php-src/ext/ftp/ftp.c diff -u php-src/ext/ftp/ftp.c:1.122 php-src/ext/ftp/ftp.c:1.123 --- php-src/ext/ftp/ftp.c:1.122 Sat Feb 24 16:25:53 2007 +++ php-src/ext/ftp/ftp.c Mon Mar 26 08:02:36 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: ftp.c,v 1.122 2007/02/24 16:25:53 helly Exp $ */ +/* $Id: ftp.c,v 1.123 2007/03/26 08:02:36 tony2001 Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -1096,12 +1096,18 @@ int size; char*data; + if (strpbrk(cmd, \r\n)) { + return 0; + } /* build the output buffer */ if (args args[0]) { /* cmd args\r\n\0 */ if (strlen(cmd) + strlen(args) + 4 FTP_BUFSIZE) { return 0; } + if (strpbrk(args, \r\n)) { + return 0; + } size = snprintf(ftp-outbuf, sizeof(ftp-outbuf), %s %s\r\n, cmd, args); } else { /* cmd\r\n\0 */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard string.c /ext/standard/tests/strings bug40915.phpt
tony2001Mon Mar 26 10:23:50 2007 UTC Added files: /php-src/ext/standard/tests/strings bug40915.phpt Modified files: /php-src/ext/standard string.c Log: fix #40915 (addcslashes unexpected behavior with binary input) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.632r2=1.633diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.632 php-src/ext/standard/string.c:1.633 --- php-src/ext/standard/string.c:1.632 Sat Feb 24 16:25:55 2007 +++ php-src/ext/standard/string.c Mon Mar 26 10:23:49 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.632 2007/02/24 16:25:55 helly Exp $ */ +/* $Id: string.c,v 1.633 2007/03/26 10:23:49 tony2001 Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -4555,8 +4555,8 @@ RETURN_STRINGL(str, str_len, 1); } - RETURN_STRING(php_addcslashes(str, str_len, Z_STRLEN_P(return_value), 0, - what, what_len TSRMLS_CC), 0); + Z_STRVAL_P(return_value) = php_addcslashes(str, str_len, Z_STRLEN_P(return_value), 0, what, what_len TSRMLS_CC); + RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0); } /* }}} */ http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug40915.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/strings/bug40915.phpt +++ php-src/ext/standard/tests/strings/bug40915.phpt --TEST-- Bug #40915 (addcslashes unexpected behavior with binary input) --FILE-- ?php $str = (binary)a\000z; var_dump(addslashes($str)); var_dump(addcslashes($str, (binary))); var_dump(addcslashes($str, (binary)\000z)); var_dump(addcslashes( $str, (binary)z)); echo Done\n; ? --EXPECTF-- string(4) a\0z string(3) a string(7) a\000\z string(4) a Done --UEXPECTF-- unicode(4) a\0z string(3) a string(7) a\000\z string(4) a Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/standard string.c /ext/standard/tests/strings bug40915.phpt
tony2001Mon Mar 26 10:25:42 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/strings bug40915.phpt Modified files: /php-srcNEWS /php-src/ext/standard string.c Log: MFH: fix #40915 (addcslashes unexpected behavior with binary input) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.612r2=1.2027.2.547.2.613diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.612 php-src/NEWS:1.2027.2.547.2.613 --- php-src/NEWS:1.2027.2.547.2.612 Fri Mar 23 20:22:52 2007 +++ php-src/NEWSMon Mar 26 10:25:41 2007 @@ -35,6 +35,7 @@ - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) +- Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony) - Fixed bug #40899 (memory leak when nesting list()). (Dmitry) - Fixed bug #40883 (mysql_query() is allocating memory incorrectly). (Tony) - Fixed bug #40872 (inconsistency in offsetSet, offsetExists treatment of http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.53r2=1.445.2.14.2.54diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.445.2.14.2.53 php-src/ext/standard/string.c:1.445.2.14.2.54 --- php-src/ext/standard/string.c:1.445.2.14.2.53 Mon Mar 12 23:42:26 2007 +++ php-src/ext/standard/string.c Mon Mar 26 10:25:41 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.445.2.14.2.53 2007/03/12 23:42:26 tony2001 Exp $ */ +/* $Id: string.c,v 1.445.2.14.2.54 2007/03/26 10:25:41 tony2001 Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -2858,11 +2858,8 @@ RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1); } - RETURN_STRING(php_addcslashes(Z_STRVAL_PP(str), - Z_STRLEN_PP(str), - Z_STRLEN_P(return_value), 0, - Z_STRVAL_PP(what), - Z_STRLEN_PP(what) TSRMLS_CC), 0); + Z_STRVAL_P(return_value) = php_addcslashes(Z_STRVAL_PP(str), Z_STRLEN_PP(str), Z_STRLEN_P(return_value), 0, Z_STRVAL_PP(what), Z_STRLEN_PP(what) TSRMLS_CC); + RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0); } /* }}} */ http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/bug40915.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/strings/bug40915.phpt +++ php-src/ext/standard/tests/strings/bug40915.phpt --TEST-- Bug #40915 (addcslashes unexpected behavior with binary input) --FILE-- ?php $str = (binary)a\000z; var_dump(addslashes($str)); var_dump(addcslashes($str, (binary))); var_dump(addcslashes($str, (binary)\000z)); var_dump(addcslashes( $str, (binary)z)); echo Done\n; ? --EXPECTF-- string(4) a\0z string(3) a string(7) a\000\z string(4) a Done --UEXPECTF-- unicode(4) a\0z string(3) a string(7) a\000\z string(4) a Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard string.c
tony2001Mon Mar 26 10:28:29 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/ext/standard string.c Log: MFH: fix #40915 (addcslashes unexpected behavior with binary input) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.214r2=1.1247.2.920.2.215diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.214 php-src/NEWS:1.1247.2.920.2.215 --- php-src/NEWS:1.1247.2.920.2.214 Sun Mar 25 15:27:51 2007 +++ php-src/NEWSMon Mar 26 10:28:28 2007 @@ -12,6 +12,7 @@ - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) - Fixed CVE-2007-0455, Buffer overflow in gdImageStringFTEx (used by imagettf function) (Kees Cook, Pierre) +- Fixed bug #40915 (addcslashes unexpected behavior with binary input). (Tony) - Fixed bug #40831 (cURL extension doesn't clean up the buffer of reused handle). (Tony) - Fixed bug #40747 (possible crash in session when save_path is out of http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.333.2.52.2.10r2=1.333.2.52.2.11diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.333.2.52.2.10 php-src/ext/standard/string.c:1.333.2.52.2.11 --- php-src/ext/standard/string.c:1.333.2.52.2.10 Thu Feb 15 09:31:01 2007 +++ php-src/ext/standard/string.c Mon Mar 26 10:28:28 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.333.2.52.2.10 2007/02/15 09:31:01 tony2001 Exp $ */ +/* $Id: string.c,v 1.333.2.52.2.11 2007/03/26 10:28:28 tony2001 Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -2220,11 +2220,8 @@ RETURN_STRINGL(Z_STRVAL_PP(str), Z_STRLEN_PP(str), 1); } - RETURN_STRING(php_addcslashes(Z_STRVAL_PP(str), - Z_STRLEN_PP(str), - Z_STRLEN_P(return_value), 0, - Z_STRVAL_PP(what), - Z_STRLEN_PP(what) TSRMLS_CC), 0); + Z_STRVAL_P(return_value) = php_addcslashes(Z_STRVAL_PP(str), Z_STRLEN_PP(str), Z_STRLEN_P(return_value), 0, Z_STRVAL_PP(what), Z_STRLEN_PP(what) TSRMLS_CC); + RETURN_STRINGL(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), 0); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /main php_variables.c
tony2001Mon Mar 26 10:33:03 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/main php_variables.c Log: fix #40586 (_ENV vars get escaped when magic_quotes_gpc is on) http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.215r2=1.1247.2.920.2.216diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.215 php-src/NEWS:1.1247.2.920.2.216 --- php-src/NEWS:1.1247.2.920.2.215 Mon Mar 26 10:28:28 2007 +++ php-src/NEWSMon Mar 26 10:33:02 2007 @@ -17,6 +17,7 @@ handle). (Tony) - Fixed bug #40747 (possible crash in session when save_path is out of open_basedir). (Tony) +- Fixed bug #40586 (_ENV vars get escaped when magic_quotes_gpc is on). (Tony) - Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas) - Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas) http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.7r2=1.45.2.13.2.8diff_format=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.45.2.13.2.7 php-src/main/php_variables.c:1.45.2.13.2.8 --- php-src/main/php_variables.c:1.45.2.13.2.7 Mon Jan 1 09:46:50 2007 +++ php-src/main/php_variables.cMon Mar 26 10:33:03 2007 @@ -16,7 +16,7 @@ | Zeev Suraski [EMAIL PROTECTED]| +--+ */ -/* $Id: php_variables.c,v 1.45.2.13.2.7 2007/01/01 09:46:50 sebastian Exp $ */ +/* $Id: php_variables.c,v 1.45.2.13.2.8 2007/03/26 10:33:03 tony2001 Exp $ */ #include stdio.h #include php.h @@ -351,6 +351,8 @@ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC) { char **env, *p, *t; + int magic_quotes_gpc = PG(magic_quotes_gpc); + PG(magic_quotes_gpc) = 0; for (env = environ; env != NULL *env != NULL; env++) { p = strchr(*env, '='); @@ -361,6 +363,7 @@ php_register_variable(t, p+1, array_ptr TSRMLS_CC); efree(t); } + PG(magic_quotes_gpc) = magic_quotes_gpc; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /main php_variables.c
tony2001Mon Mar 26 11:19:37 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS /php-src/main php_variables.c Log: revert by request of Derick http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.216r2=1.1247.2.920.2.217diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.216 php-src/NEWS:1.1247.2.920.2.217 --- php-src/NEWS:1.1247.2.920.2.216 Mon Mar 26 10:33:02 2007 +++ php-src/NEWSMon Mar 26 11:19:37 2007 @@ -17,7 +17,6 @@ handle). (Tony) - Fixed bug #40747 (possible crash in session when save_path is out of open_basedir). (Tony) -- Fixed bug #40586 (_ENV vars get escaped when magic_quotes_gpc is on). (Tony) - Fixed MOPB-8, XSS in phpinfo() (Joe Orton, Stas) - Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas) http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.8r2=1.45.2.13.2.9diff_format=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.45.2.13.2.8 php-src/main/php_variables.c:1.45.2.13.2.9 --- php-src/main/php_variables.c:1.45.2.13.2.8 Mon Mar 26 10:33:03 2007 +++ php-src/main/php_variables.cMon Mar 26 11:19:37 2007 @@ -16,7 +16,7 @@ | Zeev Suraski [EMAIL PROTECTED]| +--+ */ -/* $Id: php_variables.c,v 1.45.2.13.2.8 2007/03/26 10:33:03 tony2001 Exp $ */ +/* $Id: php_variables.c,v 1.45.2.13.2.9 2007/03/26 11:19:37 tony2001 Exp $ */ #include stdio.h #include php.h @@ -351,8 +351,6 @@ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC) { char **env, *p, *t; - int magic_quotes_gpc = PG(magic_quotes_gpc); - PG(magic_quotes_gpc) = 0; for (env = environ; env != NULL *env != NULL; env++) { p = strchr(*env, '='); @@ -363,7 +361,6 @@ php_register_variable(t, p+1, array_ptr TSRMLS_CC); efree(t); } - PG(magic_quotes_gpc) = magic_quotes_gpc; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/simplexml simplexml.c /ext/simplexml/tests bug37386.phpt
rrichards Mon Mar 26 20:14:58 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/simplexml/testsbug37386.phpt Modified files: /php-src/ext/simplexml simplexml.c Log: fix bug #37386 (autocreating element doesn't assign value to first node) all single SimpleXMLElements are addressable using offset 0 use correct node for xpath context node add test http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/simplexml.c?r1=1.151.2.22.2.23r2=1.151.2.22.2.24diff_format=u Index: php-src/ext/simplexml/simplexml.c diff -u php-src/ext/simplexml/simplexml.c:1.151.2.22.2.23 php-src/ext/simplexml/simplexml.c:1.151.2.22.2.24 --- php-src/ext/simplexml/simplexml.c:1.151.2.22.2.23 Tue Feb 20 14:08:43 2007 +++ php-src/ext/simplexml/simplexml.c Mon Mar 26 20:14:58 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: simplexml.c,v 1.151.2.22.2.23 2007/02/20 14:08:43 tony2001 Exp $ */ +/* $Id: simplexml.c,v 1.151.2.22.2.24 2007/03/26 20:14:58 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -138,7 +138,14 @@ long nodendx = 0; if (sxe-iter.type == SXE_ITER_NONE) { - return NULL; + if (offset == 0) { + if (cnt) { + *cnt = 0; + } + return node; + } else { + return NULL; + } } while (node nodendx = offset) { SKIP_TEXT(node) @@ -429,7 +436,7 @@ int nodendx = 0; int test = 0; int new_value = 0; - longcnt; + longcnt = 0; zvaltmp_zv, trim_zv, value_copy; if (!member) { @@ -1122,9 +1129,11 @@ php_libxml_increment_node_ptr((php_libxml_node_object *)sxe, xmlDocGetRootElement((xmlDocPtr) sxe-document-ptr), NULL TSRMLS_CC); } - sxe-xpath-node = sxe-node-node; + nodeptr = php_sxe_get_first_node(sxe, sxe-node-node TSRMLS_CC); + + sxe-xpath-node = nodeptr; - ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, (xmlNodePtr) sxe-node-node); + ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, nodeptr); if (ns != NULL) { while (ns[nsnbr] != NULL) { nsnbr++; @@ -2359,7 +2368,7 @@ { php_info_print_table_start(); php_info_print_table_header(2, Simplexml support, enabled); - php_info_print_table_row(2, Revision, $Revision: 1.151.2.22.2.23 $); + php_info_print_table_row(2, Revision, $Revision: 1.151.2.22.2.24 $); php_info_print_table_row(2, Schema support, #ifdef LIBXML_SCHEMAS_ENABLED enabled); http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/tests/bug37386.phpt?view=markuprev=1.1 Index: php-src/ext/simplexml/tests/bug37386.phpt +++ php-src/ext/simplexml/tests/bug37386.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/simplexml simplexml.c /ext/simplexml/tests bug37386.phpt
rrichards Mon Mar 26 20:16:16 2007 UTC Modified files: /php-src/ext/simplexml simplexml.c /php-src/ext/simplexml/testsbug37386.phpt Log: MFB: fix bug #37386 (autocreating element doesn't assign value to first node) all single SimpleXMLElements are addressable using offset 0 use correct node for xpath context node add test http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/simplexml.c?r1=1.230r2=1.231diff_format=u Index: php-src/ext/simplexml/simplexml.c diff -u php-src/ext/simplexml/simplexml.c:1.230 php-src/ext/simplexml/simplexml.c:1.231 --- php-src/ext/simplexml/simplexml.c:1.230 Tue Feb 20 14:04:59 2007 +++ php-src/ext/simplexml/simplexml.c Mon Mar 26 20:16:15 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: simplexml.c,v 1.230 2007/02/20 14:04:59 tony2001 Exp $ */ +/* $Id: simplexml.c,v 1.231 2007/03/26 20:16:15 rrichards Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -138,7 +138,14 @@ long nodendx = 0; if (sxe-iter.type == SXE_ITER_NONE) { - return NULL; + if (offset == 0) { + if (cnt) { + *cnt = 0; + } + return node; + } else { + return NULL; + } } while (node nodendx = offset) { SKIP_TEXT(node) @@ -430,7 +437,7 @@ int nodendx = 0; int test = 0; int new_value = 0; - longcnt; + longcnt = 0; zvaltmp_zv, trim_zv, value_copy; if (!member) { @@ -1158,9 +1165,11 @@ php_libxml_increment_node_ptr((php_libxml_node_object *)sxe, xmlDocGetRootElement((xmlDocPtr) sxe-document-ptr), NULL TSRMLS_CC); } - sxe-xpath-node = sxe-node-node; + nodeptr = php_sxe_get_first_node(sxe, sxe-node-node TSRMLS_CC); + + sxe-xpath-node = nodeptr; - ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, (xmlNodePtr) sxe-node-node); + ns = xmlGetNsList((xmlDocPtr) sxe-document-ptr, nodeptr); if (ns != NULL) { while (ns[nsnbr] != NULL) { nsnbr++; @@ -2416,7 +2425,7 @@ { php_info_print_table_start(); php_info_print_table_header(2, Simplexml support, enabled); - php_info_print_table_row(2, Revision, $Revision: 1.230 $); + php_info_print_table_row(2, Revision, $Revision: 1.231 $); php_info_print_table_row(2, Schema support, #ifdef LIBXML_SCHEMAS_ENABLED enabled); http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/tests/bug37386.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/simplexml/tests/bug37386.phpt diff -u /dev/null php-src/ext/simplexml/tests/bug37386.phpt:1.2 --- /dev/null Mon Mar 26 20:16:16 2007 +++ php-src/ext/simplexml/tests/bug37386.phpt Mon Mar 26 20:16:16 2007 @@ -0,0 +1,25 @@ +--TEST-- +Bug #39760 (autocreating element doesn't assign value to first node) +--SKIPIF-- +?php if (!extension_loaded(simplexml)) print skip simplexml extension is not loaded; ? +--FILE-- +?php + +$sx1 = new SimpleXMLElement((binary)root /); + +$sx1-node[0] = 'node1'; +$sx1-node[1] = 'node2'; + +print $sx1-asXML().\n; +$node = $sx1-node[0]; +$node[0] = 'New Value'; + +print $sx1-asXML(); + +? +--EXPECTF-- +?xml version=1.0? +rootnodenode1/nodenodenode2/node/root + +?xml version=1.0? +rootnodeNew Value/nodenodenode2/node/root -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
rrichards Mon Mar 26 20:17:31 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: BFN http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.613r2=1.2027.2.547.2.614diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.613 php-src/NEWS:1.2027.2.547.2.614 --- php-src/NEWS:1.2027.2.547.2.613 Mon Mar 26 10:25:41 2007 +++ php-src/NEWSMon Mar 26 20:17:30 2007 @@ -133,6 +133,8 @@ - Fixed crash on op-assign where argument is string offset (Brian, Stas) - Fixed bug #38710 (data leakage because of nonexisting boundary checking in statements in mysqli) (Stas) +- Fixed bug #37386 (autocreating element doesn't assign value to first node). + (Rob) - Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) (Stas) - Fixed wrong length calculation in unserialize S type -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard mail.c
iliaa Tue Mar 27 00:13:09 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard mail.c Log: Fixed MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.87.2.1.2.2r2=1.87.2.1.2.3diff_format=u Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.87.2.1.2.2 php-src/ext/standard/mail.c:1.87.2.1.2.3 --- php-src/ext/standard/mail.c:1.87.2.1.2.2Thu Jan 25 00:26:51 2007 +++ php-src/ext/standard/mail.c Tue Mar 27 00:13:09 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mail.c,v 1.87.2.1.2.2 2007/01/25 00:26:51 iliaa Exp $ */ +/* $Id: mail.c,v 1.87.2.1.2.3 2007/03/27 00:13:09 iliaa Exp $ */ #include stdlib.h #include ctype.h @@ -55,6 +55,14 @@ continue; \ } \ +#define MAIL_ASCIIZ_CHECK(str, len)\ + p = str;\ + e = p + len;\ + while (p = memchr(p, '\0', (e - p))) { \ + *p = ' '; \ + } \ + + /* {{{ proto int ezmlm_hash(string addr) Calculate EZMLM list hash value. */ PHP_FUNCTION(ezmlm_hash) @@ -88,6 +96,7 @@ int subject_len, extra_cmd_len, i; char *force_extra_parameters = INI_STR(mail.force_extra_parameters); char *to_r, *subject_r; + char *p, *e; if (PG(safe_mode) (ZEND_NUM_ARGS() == 5)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE.); @@ -104,6 +113,17 @@ return; } + /* ASCIIZ check */ + MAIL_ASCIIZ_CHECK(to, to_len); + MAIL_ASCIIZ_CHECK(subject, subject_len); + MAIL_ASCIIZ_CHECK(message, message_len); + if (headers) { + MAIL_ASCIIZ_CHECK(headers, headers_len); + } + if (extra_cmd) { + MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len); + } + if (to_len 0) { to_r = estrndup(to, to_len); for (; to_len; to_len--) { @@ -150,7 +170,7 @@ } else if (extra_cmd) { extra_cmd = php_escape_shell_cmd(extra_cmd); } - + if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) { RETVAL_TRUE; } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard mail.c
iliaa Tue Mar 27 00:14:17 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/standard mail.c /php-srcNEWS Log: MFB: MOPB-33-2007:PHP mail() Message ASCIIZ Byte Truncation http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.66.2.12.4.3r2=1.66.2.12.4.4diff_format=u Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.66.2.12.4.3 php-src/ext/standard/mail.c:1.66.2.12.4.4 --- php-src/ext/standard/mail.c:1.66.2.12.4.3 Mon Jan 1 09:46:48 2007 +++ php-src/ext/standard/mail.c Tue Mar 27 00:14:16 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mail.c,v 1.66.2.12.4.3 2007/01/01 09:46:48 sebastian Exp $ */ +/* $Id: mail.c,v 1.66.2.12.4.4 2007/03/27 00:14:16 iliaa Exp $ */ #include stdlib.h #include ctype.h @@ -55,6 +55,14 @@ continue; \ } \ +#define MAIL_ASCIIZ_CHECK(str, len)\ + p = str;\ + e = p + len;\ + while (p = memchr(p, '\0', (e - p))) { \ + *p = ' '; \ + } \ + + /* {{{ proto int ezmlm_hash(string addr) Calculate EZMLM list hash value. */ PHP_FUNCTION(ezmlm_hash) @@ -87,6 +95,7 @@ int to_len, message_len, headers_len; int subject_len, extra_cmd_len, i; char *to_r, *subject_r; + char *p, *e; if (PG(safe_mode) (ZEND_NUM_ARGS() == 5)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, SAFE MODE Restriction in effect. The fifth parameter is disabled in SAFE MODE.); @@ -103,6 +112,17 @@ return; } + /* ASCIIZ check */ + MAIL_ASCIIZ_CHECK(to, to_len); + MAIL_ASCIIZ_CHECK(subject, subject_len); + MAIL_ASCIIZ_CHECK(message, message_len); + if (headers) { + MAIL_ASCIIZ_CHECK(headers, headers_len); + } + if (extra_cmd) { + MAIL_ASCIIZ_CHECK(extra_cmd, extra_cmd_len); + } + if (to_len 0) { to_r = estrndup(to, to_len); for (; to_len; to_len--) { @@ -147,7 +167,7 @@ if (extra_cmd) { extra_cmd = php_escape_shell_cmd(extra_cmd); } - + if (php_mail(to_r, subject_r, message, headers, extra_cmd TSRMLS_CC)) { RETVAL_TRUE; } else { http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.217r2=1.1247.2.920.2.218diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.217 php-src/NEWS:1.1247.2.920.2.218 --- php-src/NEWS:1.1247.2.920.2.217 Mon Mar 26 11:19:37 2007 +++ php-src/NEWSTue Mar 27 00:14:16 2007 @@ -1,6 +1,7 @@ PHP 4 NEWS ||| ?? ??? 2007, Version 4.4.7 +- Fixed MOPB-33-2007 PHP mail() Message ASCIIZ Byte Truncation. (Ilia) - Fixed CRLF injection inside ftp_putcmd(). (Ilia) - Fixed MOPB-32-2007 (Double free inside session_decode()). (Ilia) - Fixed MOPB-21-2007 An open_basedir/safe_mode bypass inside the -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php