iliaa Thu Jul 22 22:05:55 2004 EDT Modified files: (Branch: PHP_4_3) /php-src NEWS /php-src/ext/standard url_scanner_ex.re url_scanner_ex.c Log: MFH: Fixed bug #29333 (output_buffering + trans_sess_id can corrupt output) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.706&r2=1.1247.2.707&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.706 php-src/NEWS:1.1247.2.707 --- php-src/NEWS:1.1247.2.706 Wed Jul 21 17:57:12 2004 +++ php-src/NEWS Thu Jul 22 22:05:54 2004 @@ -4,6 +4,7 @@ - Updated PCRE to provide better error handling in certain cases. (Andrei) - NSAPI: added "bucket" parameter to list of non-php.ini-keys of php4_execute for doing performance stats without warnings in server-log. (Uwe Schindler) +- Fixed bug #29333 (output_buffering+trans_sess_id can corrupt output). (Ilia) - Fixed bug #29226 (ctype_* functions missing validation of numeric string representations). (Ilia) - Fixed bug #29209 (imap_fetchbody() doesn't check message index). (Ilia, http://cvs.php.net/diff.php/php-src/ext/standard/url_scanner_ex.re?r1=1.63.2.6&r2=1.63.2.7&ty=u Index: php-src/ext/standard/url_scanner_ex.re diff -u php-src/ext/standard/url_scanner_ex.re:1.63.2.6 php-src/ext/standard/url_scanner_ex.re:1.63.2.7 --- php-src/ext/standard/url_scanner_ex.re:1.63.2.6 Wed Feb 11 12:00:54 2004 +++ php-src/ext/standard/url_scanner_ex.re Thu Jul 22 22:05:55 2004 @@ -416,16 +416,31 @@ { size_t len; - if (BG(url_adapt_state_ex).url_app.len != 0) { - *handled_output = url_adapt_ext(output, output_len, &len, (zend_bool) (mode & (PHP_OUTPUT_HANDLER_END|PHP_OUTPUT_HANDLER_CONT) ? 1 : 0) TSRMLS_CC); + if (BG(url_adapt_state_ex).url_app.len != 0) { + *handled_output = url_adapt_ext(output, output_len, &len, (zend_bool) (mode & PHP_OUTPUT_HANDLER_END ? 1 : 0) TSRMLS_CC); if (sizeof(uint) < sizeof(size_t)) { if (len > UINT_MAX) len = UINT_MAX; } *handled_output_len = len; - } else { - *handled_output = NULL; - } + } else if (BG(url_adapt_state_ex).url_app.len == 0) { + url_adapt_state_ex_t *ctx = &BG(url_adapt_state_ex); + if (ctx->buf.len) { + smart_str_appendl(&ctx->result, ctx->buf.c, ctx->buf.len); + smart_str_appendl(&ctx->result, output, output_len); + + *handled_output = ctx->result.c; + *handled_output_len = ctx->buf.len + output_len; + + ctx->result.c = NULL; + ctx->result.len = 0; + smart_str_free(&ctx->buf); + } else { + *handled_output = NULL; + } + } else { + *handled_output = NULL; + } } int php_url_scanner_add_var(char *name, int name_len, char *value, int value_len, int urlencode TSRMLS_DC) http://cvs.php.net/diff.php/php-src/ext/standard/url_scanner_ex.c?r1=1.72.2.10&r2=1.72.2.11&ty=u Index: php-src/ext/standard/url_scanner_ex.c diff -u php-src/ext/standard/url_scanner_ex.c:1.72.2.10 php-src/ext/standard/url_scanner_ex.c:1.72.2.11 --- php-src/ext/standard/url_scanner_ex.c:1.72.2.10 Wed Feb 11 12:32:41 2004 +++ php-src/ext/standard/url_scanner_ex.c Thu Jul 22 22:05:55 2004 @@ -1,5 +1,5 @@ -/* Generated by re2c 0.5 on Wed Feb 11 11:33:22 2004 */ -#line 1 "/home/php4/ext/standard/url_scanner_ex.re" +/* Generated by re2c 0.5 on Thu Jul 22 21:53:53 2004 */ +#line 1 "/home/rei/php4/ext/standard/url_scanner_ex.re" /* +----------------------------------------------------------------------+ | PHP Version 4 | @@ -917,16 +917,31 @@ { size_t len; - if (BG(url_adapt_state_ex).url_app.len != 0) { - *handled_output = url_adapt_ext(output, output_len, &len, (zend_bool) (mode & (PHP_OUTPUT_HANDLER_END|PHP_OUTPUT_HANDLER_CONT) ? 1 : 0) TSRMLS_CC); + if (BG(url_adapt_state_ex).url_app.len != 0) { + *handled_output = url_adapt_ext(output, output_len, &len, (zend_bool) (mode & PHP_OUTPUT_HANDLER_END ? 1 : 0) TSRMLS_CC); if (sizeof(uint) < sizeof(size_t)) { if (len > UINT_MAX) len = UINT_MAX; } *handled_output_len = len; - } else { - *handled_output = NULL; - } + } else if (BG(url_adapt_state_ex).url_app.len == 0) { + url_adapt_state_ex_t *ctx = &BG(url_adapt_state_ex); + if (ctx->buf.len) { + smart_str_appendl(&ctx->result, ctx->buf.c, ctx->buf.len); + smart_str_appendl(&ctx->result, output, output_len); + + *handled_output = ctx->result.c; + *handled_output_len = ctx->buf.len + output_len; + + ctx->result.c = NULL; + ctx->result.len = 0; + smart_str_free(&ctx->buf); + } else { + *handled_output = NULL; + } + } else { + *handled_output = NULL; + } } int php_url_scanner_add_var(char *name, int name_len, char *value, int value_len, int urlencode TSRMLS_DC)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php