[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/main/php_variables.c branches/PHP_5_3/main/rfc1867.c branches/PHP_5_4/NEWS branches/PHP_5_4/main/php_variables.c branches/PHP_5_4/ma
dmitry Tue, 14 Feb 2012 08:58:52 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323202 Log: Improved max_input_vars directive to check nested variables Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/main/php_variables.c U php/php-src/branches/PHP_5_3/main/rfc1867.c U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/main/php_variables.c U php/php-src/branches/PHP_5_4/main/rfc1867.c U php/php-src/trunk/main/php_variables.c U php/php-src/trunk/main/rfc1867.c Modified: php/php-src/branches/PHP_5_3/NEWS === --- php/php-src/branches/PHP_5_3/NEWS 2012-02-14 08:39:15 UTC (rev 323201) +++ php/php-src/branches/PHP_5_3/NEWS 2012-02-14 08:58:52 UTC (rev 323202) @@ -1,6 +1,9 @@ PHPNEWS ||| ?? ??? 2012, PHP 5.3.11 +- Core: + . Improved max_input_vars directive to check nested variables (Dmitry). + - Session: . Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe) Modified: php/php-src/branches/PHP_5_3/main/php_variables.c === --- php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-14 08:39:15 UTC (rev 323201) +++ php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-14 08:58:52 UTC (rev 323202) @@ -196,21 +196,9 @@ } if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { - if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); - } - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); - } else { - if (index != escaped_index) { - efree(escaped_index); - } - zval_dtor(val); - efree(var_orig); - return; - } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); } if (index != escaped_index) { efree(escaped_index); @@ -255,14 +243,7 @@ zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { zval_ptr_dtor(gpc_element); } else { -if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); - } - zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); -} else { - zval_ptr_dtor(gpc_element); -} +zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p); } if (escaped_index != index) { efree(escaped_index); @@ -276,6 +257,7 @@ { char *var, *val, *e, *s, *p; zval *array_ptr = (zval *) arg; + long count = 0; if (SG(request_info).post_data == NULL) { return; @@ -289,6 +271,10 @@ if ((val = memchr(s, '=', (p - s { /* have a value */ unsigned int val_len, new_val_len; + if (++count PG(max_input_vars)) { +php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); +return; + } var = s; php_url_decode(var, (val - s)); @@ -322,6 +308,7 @@ zval *array_ptr; int free_buffer = 0; char *strtok_buf = NULL; + long count = 0; switch (arg) { case PARSE_POST: @@ -411,6 +398,11 @@ } } + if (++count PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars)); + break; + } + if (val) { /* have a value */ int val_len; unsigned int new_val_len; Modified: php/php-src/branches/PHP_5_3/main/rfc1867.c === --- php/php-src/branches/PHP_5_3/main/rfc1867.c 2012-02-14 08:39:15 UTC (rev 323201) +++ php/php-src/branches/PHP_5_3/main/rfc1867.c 2012-02-14 08:58:52 UTC (rev 323202) @@ -779,6 +779,7 @@ void *event_extra_data = NULL; int llen = 0; int upload_cnt = INI_INT(max_file_uploads); + long count = 0; if (SG(post_max_size) 0
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_execute.c trunk/Zend/zend_execute.c
dmitry Tue, 14 Feb 2012 09:27:08 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323204 Log: Added ability to reset user opcode handlers (Yoram) Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/Zend/zend_execute.c U php/php-src/trunk/Zend/zend_execute.c Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-14 09:26:38 UTC (rev 323203) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-14 09:27:08 UTC (rev 323204) @@ -2,6 +2,7 @@ ||| ?? Feb 2012, PHP 5.4.0 RC 8 - Core: + . Added ability to reset user opcode handlers (Yoram). . Improved max_input_vars directive to check nested variables (Dmitry). . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false). (Gustavo) Modified: php/php-src/branches/PHP_5_4/Zend/zend_execute.c === --- php/php-src/branches/PHP_5_4/Zend/zend_execute.c2012-02-14 09:26:38 UTC (rev 323203) +++ php/php-src/branches/PHP_5_4/Zend/zend_execute.c2012-02-14 09:27:08 UTC (rev 323204) @@ -1512,7 +1512,12 @@ ZEND_API int zend_set_user_opcode_handler(zend_uchar opcode, user_opcode_handler_t handler) { if (opcode != ZEND_USER_OPCODE) { - zend_user_opcodes[opcode] = ZEND_USER_OPCODE; + if (handler == NULL) { + /* restore the original handler */ + zend_user_opcodes[opcode] = opcode; + } else { + zend_user_opcodes[opcode] = ZEND_USER_OPCODE; + } zend_user_opcode_handlers[opcode] = handler; return SUCCESS; } Modified: php/php-src/trunk/Zend/zend_execute.c === --- php/php-src/trunk/Zend/zend_execute.c 2012-02-14 09:26:38 UTC (rev 323203) +++ php/php-src/trunk/Zend/zend_execute.c 2012-02-14 09:27:08 UTC (rev 323204) @@ -1512,7 +1512,12 @@ ZEND_API int zend_set_user_opcode_handler(zend_uchar opcode, user_opcode_handler_t handler) { if (opcode != ZEND_USER_OPCODE) { - zend_user_opcodes[opcode] = ZEND_USER_OPCODE; + if (handler == NULL) { + /* restore the original handler */ + zend_user_opcodes[opcode] = opcode; + } else { + zend_user_opcodes[opcode] = ZEND_USER_OPCODE; + } zend_user_opcode_handlers[opcode] = handler; return SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/tests/basic/022.phpt branches/PHP_5_3/tests/basic/023.phpt branches/PHP_5_3/tests/basic/024.phpt branches/PHP_5_3/tests/basic/027.phpt branches/PHP_5_3/te
rasmus Tue, 14 Feb 2012 09:47:32 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323205 Log: These tests fail unless max_input_vars and/or max_file_uploads is set high enough Changed paths: U php/php-src/branches/PHP_5_3/tests/basic/022.phpt U php/php-src/branches/PHP_5_3/tests/basic/023.phpt U php/php-src/branches/PHP_5_3/tests/basic/024.phpt U php/php-src/branches/PHP_5_3/tests/basic/027.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_array_upload.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_empty_upload.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_max_file_size.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_post_max_filesize.phpt U php/php-src/branches/PHP_5_4/tests/basic/022.phpt U php/php-src/branches/PHP_5_4/tests/basic/023.phpt U php/php-src/branches/PHP_5_4/tests/basic/024.phpt U php/php-src/branches/PHP_5_4/tests/basic/027.phpt U php/php-src/branches/PHP_5_4/tests/basic/028.phpt U php/php-src/branches/PHP_5_4/tests/basic/bug55500.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_anonymous_upload.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_array_upload.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_empty_upload.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_max_file_size.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_post_max_filesize.phpt U php/php-src/trunk/tests/basic/022.phpt U php/php-src/trunk/tests/basic/023.phpt U php/php-src/trunk/tests/basic/024.phpt U php/php-src/trunk/tests/basic/027.phpt U php/php-src/trunk/tests/basic/028.phpt U php/php-src/trunk/tests/basic/bug55500.phpt U php/php-src/trunk/tests/basic/rfc1867_anonymous_upload.phpt U php/php-src/trunk/tests/basic/rfc1867_array_upload.phpt U php/php-src/trunk/tests/basic/rfc1867_empty_upload.phpt U php/php-src/trunk/tests/basic/rfc1867_max_file_size.phpt U php/php-src/trunk/tests/basic/rfc1867_post_max_filesize.phpt Modified: php/php-src/branches/PHP_5_3/tests/basic/022.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/022.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/022.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -1,5 +1,7 @@ --TEST-- Cookies test#1 +--INI-- +max_input_vars=1000 --COOKIE-- cookie1=val1 ; cookie2=val2%20; cookie3=val 3.; cookie 4= value 4 %3B; cookie1=bogus; %20cookie1=ignore;+cookie1=ignore;cookie1;cookie 5=%20 value; cookie%206=þæö;cookie+7=;$cookie.8;cookie-9=1;;;- % $cookie 10=10 --FILE-- Modified: php/php-src/branches/PHP_5_3/tests/basic/023.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/023.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/023.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -2,6 +2,7 @@ Cookies test#2 --INI-- magic_quotes_gpc=0 +max_input_vars=1000 --COOKIE-- c o o k i e=value; c o o k i e= v a l u e ;;c%20o+o k+i%20e=v;name=value,value,UEhQIQ==;UEhQIQ==foo --FILE-- Modified: php/php-src/branches/PHP_5_3/tests/basic/024.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/024.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/024.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -3,6 +3,7 @@ --INI-- magic_quotes_gpc=0 always_populate_raw_post_data=1 +max_input_vars=1000 --POST-- a=ABCy=XYZc[]=1c[]=2c[a]=3 --FILE-- Modified: php/php-src/branches/PHP_5_3/tests/basic/027.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/027.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/027.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -5,6 +5,7 @@ always_populate_raw_post_data=0 display_errors=0 max_input_nesting_level=10 +max_input_vars=1000 track_errors=1 log_errors=0 --POST-- Modified: php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -5,6 +5,7 @@ error_reporting=E_ALL~E_NOTICE comment=debug builds show some additional E_NOTICE errors upload_max_filesize=1024 +max_file_uploads=10 --POST_RAW-- Content-Type: multipart/form-data; boundary=---20896060251896012921717172737 -20896060251896012921717172737 Modified:
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt trunk/ext/standard/tests/strings/parse_
rasmus Tue, 14 Feb 2012 09:50:46 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323206 Log: This one depends on max_input_vars as well Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt U php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt U php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:47:32 UTC (rev 323205) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:50:46 UTC (rev 323206) @@ -2,6 +2,7 @@ Test parse_str() function : basic functionality --INI-- magic_quotes_gpc = on +max_input_vars=1000 --FILE-- ?php /* Prototype : void parse_str ( string $str [, array $arr ] ) Modified: php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt === --- php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:47:32 UTC (rev 323205) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:50:46 UTC (rev 323206) @@ -1,5 +1,7 @@ --TEST-- Test parse_str() function : basic functionality +--INI-- +max_input_vars=1000 --FILE-- ?php /* Prototype : void parse_str ( string $str [, array $arr ] ) Modified: php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt === --- php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:47:32 UTC (rev 323205) +++ php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:50:46 UTC (rev 323206) @@ -1,5 +1,7 @@ --TEST-- Test parse_str() function : basic functionality +--INI-- +max_input_vars=100 --FILE-- ?php /* Prototype : void parse_str ( string $str [, array $arr ] ) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/sapi/cgi/cgi_main.c trunk/sapi/cgi/cgi_main.c
dmitry Tue, 14 Feb 2012 13:31:23 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323212 Log: Fixed reinitialization of SAPI callbacks after php_module_startup() Changed paths: U php/php-src/branches/PHP_5_4/NEWS U php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c U php/php-src/trunk/sapi/cgi/cgi_main.c Modified: php/php-src/branches/PHP_5_4/NEWS === --- php/php-src/branches/PHP_5_4/NEWS 2012-02-14 13:05:31 UTC (rev 323211) +++ php/php-src/branches/PHP_5_4/NEWS 2012-02-14 13:31:23 UTC (rev 323212) @@ -7,6 +7,10 @@ . Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false). (Gustavo) +- CGI/FastCGI SAPI + . Fixed reinitialization of SAPI callbacks after php_module_startup(). +(Dmitry) + 02 Feb 2012, PHP 5.4.0 RC 7 - Core: . Fixed bug #60895 (Possible invalid handler usage in windows random Modified: php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c === --- php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c2012-02-14 13:05:31 UTC (rev 323211) +++ php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c2012-02-14 13:31:23 UTC (rev 323212) @@ -1860,6 +1860,15 @@ php_optind = orig_optind; php_optarg = orig_optarg; + if (fastcgi || bindpath) { + /* Override SAPI callbacks */ + cgi_sapi_module.ub_write = sapi_fcgi_ub_write; + cgi_sapi_module.flush= sapi_fcgi_flush; + cgi_sapi_module.read_post= sapi_fcgi_read_post; + cgi_sapi_module.getenv = sapi_fcgi_getenv; + cgi_sapi_module.read_cookies = sapi_fcgi_read_cookies; + } + #ifdef ZTS SG(request_info).path_translated = NULL; #endif @@ -1929,13 +1938,6 @@ fastcgi = fcgi_is_fastcgi(); } if (fastcgi) { - /* Override SAPI callbacks */ - sapi_module.ub_write = sapi_fcgi_ub_write; - sapi_module.flush= sapi_fcgi_flush; - sapi_module.read_post= sapi_fcgi_read_post; - sapi_module.getenv = sapi_fcgi_getenv; - sapi_module.read_cookies = sapi_fcgi_read_cookies; - /* How many times to run PHP scripts before dying */ if (getenv(PHP_FCGI_MAX_REQUESTS)) { max_requests = atoi(getenv(PHP_FCGI_MAX_REQUESTS)); Modified: php/php-src/trunk/sapi/cgi/cgi_main.c === --- php/php-src/trunk/sapi/cgi/cgi_main.c 2012-02-14 13:05:31 UTC (rev 323211) +++ php/php-src/trunk/sapi/cgi/cgi_main.c 2012-02-14 13:31:23 UTC (rev 323212) @@ -1859,6 +1859,15 @@ php_optind = orig_optind; php_optarg = orig_optarg; + if (fastcgi || bindpath) { + /* Override SAPI callbacks */ + cgi_sapi_module.ub_write = sapi_fcgi_ub_write; + cgi_sapi_module.flush= sapi_fcgi_flush; + cgi_sapi_module.read_post= sapi_fcgi_read_post; + cgi_sapi_module.getenv = sapi_fcgi_getenv; + cgi_sapi_module.read_cookies = sapi_fcgi_read_cookies; + } + #ifdef ZTS SG(request_info).path_translated = NULL; #endif @@ -1928,13 +1937,6 @@ fastcgi = fcgi_is_fastcgi(); } if (fastcgi) { - /* Override SAPI callbacks */ - sapi_module.ub_write = sapi_fcgi_ub_write; - sapi_module.flush= sapi_fcgi_flush; - sapi_module.read_post= sapi_fcgi_read_post; - sapi_module.getenv = sapi_fcgi_getenv; - sapi_module.read_cookies = sapi_fcgi_read_cookies; - /* How many times to run PHP scripts before dying */ if (getenv(PHP_FCGI_MAX_REQUESTS)) { max_requests = atoi(getenv(PHP_FCGI_MAX_REQUESTS)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
shm Tue, 14 Feb 2012 14:14:30 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323213 Log: * fixed bug #60704 unlink() bug with some files path Reviewed by: rasmus@ Bug: https://bugs.php.net/60704 (Assigned) unlink() bug with some files path Changed paths: U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c U php/php-src/trunk/main/streams/plain_wrapper.c Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c === --- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2012-02-14 13:31:23 UTC (rev 323212) +++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2012-02-14 14:14:30 UTC (rev 323213) @@ -1010,9 +1010,12 @@ static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, int flags, php_stream_statbuf *ssb, php_stream_context *context TSRMLS_DC) { + char *p; - if (strncmp(url, file://, sizeof(file://) - 1) == 0) { - url += sizeof(file://) - 1; + if ((p = strstr(url, ://)) != NULL) { + if (p strchr(url, '/')) { + url = p + 3; + } } if (PG(safe_mode) (!php_checkuid_ex(url, NULL, CHECKUID_CHECK_FILE_AND_DIR, (flags PHP_STREAM_URL_STAT_QUIET) ? CHECKUID_NO_ERRORS : 0))) { @@ -1045,7 +1048,9 @@ int ret; if ((p = strstr(url, ://)) != NULL) { - url = p + 3; + if (p strchr(url, '/')) { + url = p + 3; + } } if (options ENFORCE_SAFE_MODE) { @@ -1093,11 +1098,15 @@ #endif if ((p = strstr(url_from, ://)) != NULL) { - url_from = p + 3; + if (p strchr(url_from, '/')) { + url_from = p + 3; + } } if ((p = strstr(url_to, ://)) != NULL) { - url_to = p + 3; + if (p strchr(url_to, '/')) { + url_to = p + 3; + } } if (PG(safe_mode) (!php_checkuid(url_from, NULL, CHECKUID_CHECK_FILE_AND_DIR) || @@ -1168,7 +1177,9 @@ char *p; if ((p = strstr(dir, ://)) != NULL) { - dir = p + 3; + if (p strchr(dir, '/')) { + dir = p + 3; + } } if (!recursive) { Modified: php/php-src/trunk/main/streams/plain_wrapper.c === --- php/php-src/trunk/main/streams/plain_wrapper.c 2012-02-14 13:31:23 UTC (rev 323212) +++ php/php-src/trunk/main/streams/plain_wrapper.c 2012-02-14 14:14:30 UTC (rev 323213) @@ -1001,9 +1001,12 @@ static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url, int flags, php_stream_statbuf *ssb, php_stream_context *context TSRMLS_DC) { + char *p; - if (strncmp(url, file://, sizeof(file://) - 1) == 0) { - url += sizeof(file://) - 1; + if ((p = strstr(url, ://)) != NULL) { + if (p strchr(url, '/')) { + url = p + 3; + } } if (php_check_open_basedir_ex(url, (flags PHP_STREAM_URL_STAT_QUIET) ? 0 : 1 TSRMLS_CC)) { @@ -1032,7 +1035,9 @@ int ret; if ((p = strstr(url, ://)) != NULL) { - url = p + 3; + if (p strchr(url, '/')) { + url = p + 3; + } } if (php_check_open_basedir(url TSRMLS_CC)) { @@ -1074,11 +1079,15 @@ #endif if ((p = strstr(url_from, ://)) != NULL) { - url_from = p + 3; + if (p strchr(url_from, '/')) { + url_from = p + 3; + } } if ((p = strstr(url_to, ://)) != NULL) { - url_to = p + 3; + if (p strchr(url_to, '/')) { + url_to = p + 3; + } } if (php_check_open_basedir(url_from TSRMLS_CC) || php_check_open_basedir(url_to TSRMLS_CC)) { @@ -1144,7 +1153,9 @@ char *p; if ((p = strstr(dir, ://)) != NULL) { - dir = p + 3; + if (p strchr(dir, '/')) { + dir = p + 3; + } } if (!recursive) { @@ -1273,7 +1284,9 @@ #endif if ((p = strstr(url, ://)) != NULL) { - url = p + 3; + if (p strchr(url, '/')) { + url = p + 3; + } } if (php_check_open_basedir(url TSRMLS_CC)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c
mike Tue, 14 Feb 2012 19:31:54 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323219 Log: fix compat function not passing along input buffer with php_output_context_pass() if the output_handler_func does not set out_str Changed paths: U php/php-src/branches/PHP_5_4/main/output.c U php/php-src/trunk/main/output.c Modified: php/php-src/branches/PHP_5_4/main/output.c === --- php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 18:35:06 UTC (rev 323218) +++ php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 19:31:54 UTC (rev 323219) @@ -1260,11 +1260,19 @@ PHP_OUTPUT_TSRMLS(output_context); if (func) { - uint safe_out_len; + char *out_str = NULL; + uint out_len = 0; - func(output_context-in.data, output_context-in.used, output_context-out.data, safe_out_len, output_context-op TSRMLS_CC); - output_context-out.used = safe_out_len; - output_context-out.free = 1; + func(output_context-in.data, output_context-in.used, out_str, out_len, output_context-op TSRMLS_CC); + + if (out_str) { + output_context-out.data = out_str; + output_context-out.used = out_len; + output_context-out.free = 1; + } else { + php_output_context_pass(output_context); + } + return SUCCESS; } return FAILURE; Modified: php/php-src/trunk/main/output.c === --- php/php-src/trunk/main/output.c 2012-02-14 18:35:06 UTC (rev 323218) +++ php/php-src/trunk/main/output.c 2012-02-14 19:31:54 UTC (rev 323219) @@ -1260,11 +1260,19 @@ PHP_OUTPUT_TSRMLS(output_context); if (func) { - uint safe_out_len; + char *out_str = NULL; + uint out_len = 0; - func(output_context-in.data, output_context-in.used, output_context-out.data, safe_out_len, output_context-op TSRMLS_CC); - output_context-out.used = safe_out_len; - output_context-out.free = 1; + func(output_context-in.data, output_context-in.used, out_str, out_len, output_context-op TSRMLS_CC); + + if (out_str) { + output_context-out.data = out_str; + output_context-out.used = out_len; + output_context-out.free = 1; + } else { + php_output_context_pass(output_context); + } + return SUCCESS; } return FAILURE; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c
It would be great to have a NEWS entry and a testcase and a bug number. Chris On 02/14/2012 11:31 AM, Michael Wallner wrote: mike Tue, 14 Feb 2012 19:31:54 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323219 Log: fix compat function not passing along input buffer with php_output_context_pass() if the output_handler_func does not set out_str Changed paths: U php/php-src/branches/PHP_5_4/main/output.c U php/php-src/trunk/main/output.c Modified: php/php-src/branches/PHP_5_4/main/output.c === --- php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 18:35:06 UTC (rev 323218) +++ php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 19:31:54 UTC (rev 323219) @@ -1260,11 +1260,19 @@ PHP_OUTPUT_TSRMLS(output_context); if (func) { - uint safe_out_len; + char *out_str = NULL; + uint out_len = 0; - func(output_context-in.data, output_context-in.used,output_context-out.data,safe_out_len, output_context-op TSRMLS_CC); - output_context-out.used = safe_out_len; - output_context-out.free = 1; + func(output_context-in.data, output_context-in.used,out_str,out_len, output_context-op TSRMLS_CC); + + if (out_str) { + output_context-out.data = out_str; + output_context-out.used = out_len; + output_context-out.free = 1; + } else { + php_output_context_pass(output_context); + } + return SUCCESS; } return FAILURE; Modified: php/php-src/trunk/main/output.c === --- php/php-src/trunk/main/output.c 2012-02-14 18:35:06 UTC (rev 323218) +++ php/php-src/trunk/main/output.c 2012-02-14 19:31:54 UTC (rev 323219) @@ -1260,11 +1260,19 @@ PHP_OUTPUT_TSRMLS(output_context); if (func) { - uint safe_out_len; + char *out_str = NULL; + uint out_len = 0; - func(output_context-in.data, output_context-in.used,output_context-out.data,safe_out_len, output_context-op TSRMLS_CC); - output_context-out.used = safe_out_len; - output_context-out.free = 1; + func(output_context-in.data, output_context-in.used,out_str,out_len, output_context-op TSRMLS_CC); + + if (out_str) { + output_context-out.data = out_str; + output_context-out.used = out_len; + output_context-out.free = 1; + } else { + php_output_context_pass(output_context); + } + return SUCCESS; } return FAILURE; -- Email: christopher.jo...@oracle.com Tel: +1 650 506 8630 Blog: http://blogs.oracle.com/opal/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php