[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /main php_variables.c
sniper Mon Apr 25 17:22:49 2005 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/main php_variables.c Log: MFH: Revert. Nokia didn't pay me enough. :) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.888r2=1.1247.2.889ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.888 php-src/NEWS:1.1247.2.889 --- php-src/NEWS:1.1247.2.888 Mon Apr 25 08:03:53 2005 +++ php-src/NEWSMon Apr 25 17:22:47 2005 @@ -28,7 +28,6 @@ (Uwe Schindler) - Fixed bug #32311 (mb_encode_mimeheader() does not properly escape characters). (Moriyoshi) -- Fixed bug #32111 (Cookies can also be separated by comma). (Jani) - Fixed bug #31887 (ISAPI: Custom 5xx error does not return correct HTTP response message). (Jani) - Fixed bug #31583 (php_std_date() uses short day names in non-y2k_compliance mode). http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.45.2.10r2=1.45.2.11ty=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.45.2.10 php-src/main/php_variables.c:1.45.2.11 --- php-src/main/php_variables.c:1.45.2.10 Sun Apr 24 14:10:30 2005 +++ php-src/main/php_variables.cMon Apr 25 17:22:48 2005 @@ -16,7 +16,7 @@ | Zeev Suraski [EMAIL PROTECTED]| +--+ */ -/* $Id: php_variables.c,v 1.45.2.10 2005/04/24 18:10:30 iliaa Exp $ */ +/* $Id: php_variables.c,v 1.45.2.11 2005/04/25 21:22:48 sniper Exp $ */ #include stdio.h #include php.h @@ -301,7 +301,7 @@ separator = (char *) estrdup(PG(arg_separator).input); break; case PARSE_COOKIE: - separator = ;,\0; /* Cookies can be separated with , or ; */ + separator = ;\0; break; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /main php_variables.c
iliaa Sun Apr 24 14:10:30 2005 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/main php_variables.c Log: MFH: Fixed bug #32802 (General cookie overrides more specific cookie). http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1247.2.885r2=1.1247.2.886ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.885 php-src/NEWS:1.1247.2.886 --- php-src/NEWS:1.1247.2.885 Sat Apr 23 19:57:40 2005 +++ php-src/NEWSSun Apr 24 14:10:29 2005 @@ -6,6 +6,7 @@ them sort based on the current locale. (Derick) - Changed sha1_file() and md5_file() functions to use streams instead of low level IO. (Uwe) +- Fixed bug #32802 (General cookie overrides more specific cookie). (Ilia) - Fixed bug #32730 (ext/crack.c fails to compile with cracklib-2.8.3). (Jani) - Fixed bug #32699 (pg_affected_rows() was defined when it was not available). (Derick) http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.45.2.9r2=1.45.2.10ty=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.45.2.9 php-src/main/php_variables.c:1.45.2.10 --- php-src/main/php_variables.c:1.45.2.9 Sat Apr 23 16:34:15 2005 +++ php-src/main/php_variables.cSun Apr 24 14:10:30 2005 @@ -16,7 +16,7 @@ | Zeev Suraski [EMAIL PROTECTED]| +--+ */ -/* $Id: php_variables.c,v 1.45.2.9 2005/04/23 20:34:15 sniper Exp $ */ +/* $Id: php_variables.c,v 1.45.2.10 2005/04/24 18:10:30 iliaa Exp $ */ #include stdio.h #include php.h @@ -63,7 +63,7 @@ char *ip; /* index pointer */ char *index; int var_len, index_len; - zval *gpc_element, **gpc_element_p; + zval *gpc_element, **gpc_element_p, *tmp; zend_bool is_array; HashTable *symtable1=NULL; @@ -184,9 +184,20 @@ } else { if (PG(magic_quotes_gpc) (index!=var)) { char *escaped_index = php_addslashes(index, index_len, index_len, 0 TSRMLS_CC); + /* +* According to rfc2965, more specific paths are listed above the less specific ones. +* If we encounter a duplicate cookie name, we should skip it, since it is not possible +* to have the same (plain text) cookie name for the same path and we should not overwrite +* more specific cookies with the less specific ones. +*/ + if (PG(http_globals)[TRACK_VARS_COOKIE] symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) + zend_hash_find(symtable1, escaped_index, index_len+1, (void **) tmp) != FAILURE) { + efree(escaped_index); + break; + } zend_hash_update(symtable1, escaped_index, index_len+1, gpc_element, sizeof(zval *), (void **) gpc_element_p); efree(escaped_index); - } else { + } else if (!PG(http_globals)[TRACK_VARS_COOKIE] || symtable1 != Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) || zend_hash_find(symtable1, index, index_len+1, (void **) tmp) == FAILURE) { zend_hash_update(symtable1, index, index_len+1, gpc_element, sizeof(zval *), (void **) gpc_element_p); } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) / NEWS /main php_variables.c
iliaa Mon Oct 13 23:48:10 2003 EDT Modified files: (Branch: PHP_4_3) /php-srcNEWS /php-src/main php_variables.c Log: MFH: Fixed bug #25836 (last key of multi-dimensional array passed via GPC not being escaped when magic_quotes_gpc is on). Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.435 php-src/NEWS:1.1247.2.436 --- php-src/NEWS:1.1247.2.435 Mon Oct 13 00:28:34 2003 +++ php-src/NEWSMon Oct 13 23:48:08 2003 @@ -3,6 +3,8 @@ ?? Oct 2003, Version 4.3.4RC2 - Fixed multibyte regex engine to properly handle .* pattern under POSIX compatible mode. (K.Kosako kosako at sofnec.co.jp, Moriyoshi) +- Fixed bug #25836 (last key of multi-dimensional array passed via GPC not + being escaped when magic_quotes_gpc is on). (Ilia) - Fixed bug #25814 (Make flock() return correct value when 3rd argument is used). (Ilia) - Fixed bug #25800 (parse_url() could not parse urls with empty port). (Ilia) Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.45.2.5 php-src/main/php_variables.c:1.45.2.6 --- php-src/main/php_variables.c:1.45.2.5 Mon Jun 16 15:25:06 2003 +++ php-src/main/php_variables.cMon Oct 13 23:48:09 2003 @@ -16,7 +16,7 @@ | Zeev Suraski [EMAIL PROTECTED]| +--+ */ -/* $Id: php_variables.c,v 1.45.2.5 2003/06/16 19:25:06 iliaa Exp $ */ +/* $Id: php_variables.c,v 1.45.2.6 2003/10/14 03:48:09 iliaa Exp $ */ #include stdio.h #include php.h @@ -178,7 +178,13 @@ if (!index) { zend_hash_next_index_insert(symtable1, gpc_element, sizeof(zval *), (void **) gpc_element_p); } else { - zend_hash_update(symtable1, index, index_len+1, gpc_element, sizeof(zval *), (void **) gpc_element_p); + if (PG(magic_quotes_gpc) (index!=var)) { + char *escaped_index = php_addslashes(index, index_len, index_len, 0 TSRMLS_CC); + zend_hash_update(symtable1, escaped_index, index_len+1, gpc_element, sizeof(zval *), (void **) gpc_element_p); + efree(escaped_index); + } else { + zend_hash_update(symtable1, index, index_len+1, gpc_element, sizeof(zval *), (void **) gpc_element_p); + } } break; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php