[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/main/php_variables.c branches/PHP_5_3/main/rfc1867.c branches/PHP_5_4/NEWS branches/PHP_5_4/main/php_variables.c branches/PHP_5_4/ma
dmitry Tue, 14 Feb 2012 08:58:52 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323202
Log:
Improved max_input_vars directive to check nested variables
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/main/php_variables.c
U php/php-src/branches/PHP_5_3/main/rfc1867.c
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/main/php_variables.c
U php/php-src/branches/PHP_5_4/main/rfc1867.c
U php/php-src/trunk/main/php_variables.c
U php/php-src/trunk/main/rfc1867.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2012-02-14 08:39:15 UTC (rev 323201)
+++ php/php-src/branches/PHP_5_3/NEWS 2012-02-14 08:58:52 UTC (rev 323202)
@@ -1,6 +1,9 @@
PHPNEWS
|||
?? ??? 2012, PHP 5.3.11
+- Core:
+ . Improved max_input_vars directive to check nested variables (Dmitry).
+
- Session:
. Fixed bug #60860 (session.save_handler=user without defined function core
dumps). (Felipe)
Modified: php/php-src/branches/PHP_5_3/main/php_variables.c
===
--- php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-14 08:39:15 UTC (rev 323201)
+++ php/php-src/branches/PHP_5_3/main/php_variables.c 2012-02-14 08:58:52 UTC (rev 323202)
@@ -196,21 +196,9 @@
}
if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
- if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) {
- if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars));
- }
- MAKE_STD_ZVAL(gpc_element);
- array_init(gpc_element);
- zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p);
- } else {
- if (index != escaped_index) {
- efree(escaped_index);
- }
- zval_dtor(val);
- efree(var_orig);
- return;
- }
+ MAKE_STD_ZVAL(gpc_element);
+ array_init(gpc_element);
+ zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p);
}
if (index != escaped_index) {
efree(escaped_index);
@@ -255,14 +243,7 @@
zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
zval_ptr_dtor(gpc_element);
} else {
-if (zend_hash_num_elements(symtable1) = PG(max_input_vars)) {
- if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars));
- }
- zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p);
-} else {
- zval_ptr_dtor(gpc_element);
-}
+zend_symtable_update(symtable1, escaped_index, index_len + 1, gpc_element, sizeof(zval *), (void **) gpc_element_p);
}
if (escaped_index != index) {
efree(escaped_index);
@@ -276,6 +257,7 @@
{
char *var, *val, *e, *s, *p;
zval *array_ptr = (zval *) arg;
+ long count = 0;
if (SG(request_info).post_data == NULL) {
return;
@@ -289,6 +271,10 @@
if ((val = memchr(s, '=', (p - s { /* have a value */
unsigned int val_len, new_val_len;
+ if (++count PG(max_input_vars)) {
+php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars));
+return;
+ }
var = s;
php_url_decode(var, (val - s));
@@ -322,6 +308,7 @@
zval *array_ptr;
int free_buffer = 0;
char *strtok_buf = NULL;
+ long count = 0;
switch (arg) {
case PARSE_POST:
@@ -411,6 +398,11 @@
}
}
+ if (++count PG(max_input_vars)) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini., PG(max_input_vars));
+ break;
+ }
+
if (val) { /* have a value */
int val_len;
unsigned int new_val_len;
Modified: php/php-src/branches/PHP_5_3/main/rfc1867.c
===
--- php/php-src/branches/PHP_5_3/main/rfc1867.c 2012-02-14 08:39:15 UTC (rev 323201)
+++ php/php-src/branches/PHP_5_3/main/rfc1867.c 2012-02-14 08:58:52 UTC (rev 323202)
@@ -779,6 +779,7 @@
void *event_extra_data = NULL;
int llen = 0;
int upload_cnt = INI_INT(max_file_uploads);
+ long count = 0;
if (SG(post_max_size) 0
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/Zend/zend_execute.c trunk/Zend/zend_execute.c
dmitry Tue, 14 Feb 2012 09:27:08 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323204
Log:
Added ability to reset user opcode handlers (Yoram)
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/Zend/zend_execute.c
U php/php-src/trunk/Zend/zend_execute.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-14 09:26:38 UTC (rev 323203)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-14 09:27:08 UTC (rev 323204)
@@ -2,6 +2,7 @@
|||
?? Feb 2012, PHP 5.4.0 RC 8
- Core:
+ . Added ability to reset user opcode handlers (Yoram).
. Improved max_input_vars directive to check nested variables (Dmitry).
. Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false). (Gustavo)
Modified: php/php-src/branches/PHP_5_4/Zend/zend_execute.c
===
--- php/php-src/branches/PHP_5_4/Zend/zend_execute.c2012-02-14 09:26:38 UTC
(rev 323203)
+++ php/php-src/branches/PHP_5_4/Zend/zend_execute.c2012-02-14 09:27:08 UTC
(rev 323204)
@@ -1512,7 +1512,12 @@
ZEND_API int zend_set_user_opcode_handler(zend_uchar opcode,
user_opcode_handler_t handler)
{
if (opcode != ZEND_USER_OPCODE) {
- zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ if (handler == NULL) {
+ /* restore the original handler */
+ zend_user_opcodes[opcode] = opcode;
+ } else {
+ zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ }
zend_user_opcode_handlers[opcode] = handler;
return SUCCESS;
}
Modified: php/php-src/trunk/Zend/zend_execute.c
===
--- php/php-src/trunk/Zend/zend_execute.c 2012-02-14 09:26:38 UTC (rev
323203)
+++ php/php-src/trunk/Zend/zend_execute.c 2012-02-14 09:27:08 UTC (rev
323204)
@@ -1512,7 +1512,12 @@
ZEND_API int zend_set_user_opcode_handler(zend_uchar opcode,
user_opcode_handler_t handler)
{
if (opcode != ZEND_USER_OPCODE) {
- zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ if (handler == NULL) {
+ /* restore the original handler */
+ zend_user_opcodes[opcode] = opcode;
+ } else {
+ zend_user_opcodes[opcode] = ZEND_USER_OPCODE;
+ }
zend_user_opcode_handlers[opcode] = handler;
return SUCCESS;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/tests/basic/022.phpt branches/PHP_5_3/tests/basic/023.phpt branches/PHP_5_3/tests/basic/024.phpt branches/PHP_5_3/tests/basic/027.phpt branches/PHP_5_3/te
rasmus Tue, 14 Feb 2012 09:47:32 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323205 Log: These tests fail unless max_input_vars and/or max_file_uploads is set high enough Changed paths: U php/php-src/branches/PHP_5_3/tests/basic/022.phpt U php/php-src/branches/PHP_5_3/tests/basic/023.phpt U php/php-src/branches/PHP_5_3/tests/basic/024.phpt U php/php-src/branches/PHP_5_3/tests/basic/027.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_array_upload.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_empty_upload.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_max_file_size.phpt U php/php-src/branches/PHP_5_3/tests/basic/rfc1867_post_max_filesize.phpt U php/php-src/branches/PHP_5_4/tests/basic/022.phpt U php/php-src/branches/PHP_5_4/tests/basic/023.phpt U php/php-src/branches/PHP_5_4/tests/basic/024.phpt U php/php-src/branches/PHP_5_4/tests/basic/027.phpt U php/php-src/branches/PHP_5_4/tests/basic/028.phpt U php/php-src/branches/PHP_5_4/tests/basic/bug55500.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_anonymous_upload.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_array_upload.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_empty_upload.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_max_file_size.phpt U php/php-src/branches/PHP_5_4/tests/basic/rfc1867_post_max_filesize.phpt U php/php-src/trunk/tests/basic/022.phpt U php/php-src/trunk/tests/basic/023.phpt U php/php-src/trunk/tests/basic/024.phpt U php/php-src/trunk/tests/basic/027.phpt U php/php-src/trunk/tests/basic/028.phpt U php/php-src/trunk/tests/basic/bug55500.phpt U php/php-src/trunk/tests/basic/rfc1867_anonymous_upload.phpt U php/php-src/trunk/tests/basic/rfc1867_array_upload.phpt U php/php-src/trunk/tests/basic/rfc1867_empty_upload.phpt U php/php-src/trunk/tests/basic/rfc1867_max_file_size.phpt U php/php-src/trunk/tests/basic/rfc1867_post_max_filesize.phpt Modified: php/php-src/branches/PHP_5_3/tests/basic/022.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/022.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/022.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -1,5 +1,7 @@ --TEST-- Cookies test#1 +--INI-- +max_input_vars=1000 --COOKIE-- cookie1=val1 ; cookie2=val2%20; cookie3=val 3.; cookie 4= value 4 %3B; cookie1=bogus; %20cookie1=ignore;+cookie1=ignore;cookie1;cookie 5=%20 value; cookie%206=þæö;cookie+7=;$cookie.8;cookie-9=1;;;- % $cookie 10=10 --FILE-- Modified: php/php-src/branches/PHP_5_3/tests/basic/023.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/023.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/023.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -2,6 +2,7 @@ Cookies test#2 --INI-- magic_quotes_gpc=0 +max_input_vars=1000 --COOKIE-- c o o k i e=value; c o o k i e= v a l u e ;;c%20o+o k+i%20e=v;name=value,value,UEhQIQ==;UEhQIQ==foo --FILE-- Modified: php/php-src/branches/PHP_5_3/tests/basic/024.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/024.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/024.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -3,6 +3,7 @@ --INI-- magic_quotes_gpc=0 always_populate_raw_post_data=1 +max_input_vars=1000 --POST-- a=ABCy=XYZc[]=1c[]=2c[a]=3 --FILE-- Modified: php/php-src/branches/PHP_5_3/tests/basic/027.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/027.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/027.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -5,6 +5,7 @@ always_populate_raw_post_data=0 display_errors=0 max_input_nesting_level=10 +max_input_vars=1000 track_errors=1 log_errors=0 --POST-- Modified: php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt === --- php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt 2012-02-14 09:27:08 UTC (rev 323204) +++ php/php-src/branches/PHP_5_3/tests/basic/rfc1867_anonymous_upload.phpt 2012-02-14 09:47:32 UTC (rev 323205) @@ -5,6 +5,7 @@ error_reporting=E_ALL~E_NOTICE comment=debug builds show some additional E_NOTICE errors upload_max_filesize=1024 +max_file_uploads=10 --POST_RAW-- Content-Type: multipart/form-data; boundary=---20896060251896012921717172737 -20896060251896012921717172737 Modified:
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt trunk/ext/standard/tests/strings/parse_
rasmus Tue, 14 Feb 2012 09:50:46 + Revision: http://svn.php.net/viewvc?view=revisionrevision=323206 Log: This one depends on max_input_vars as well Changed paths: U php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt U php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt U php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt Modified: php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt === --- php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:47:32 UTC (rev 323205) +++ php/php-src/branches/PHP_5_3/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:50:46 UTC (rev 323206) @@ -2,6 +2,7 @@ Test parse_str() function : basic functionality --INI-- magic_quotes_gpc = on +max_input_vars=1000 --FILE-- ?php /* Prototype : void parse_str ( string $str [, array $arr ] ) Modified: php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt === --- php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:47:32 UTC (rev 323205) +++ php/php-src/branches/PHP_5_4/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:50:46 UTC (rev 323206) @@ -1,5 +1,7 @@ --TEST-- Test parse_str() function : basic functionality +--INI-- +max_input_vars=1000 --FILE-- ?php /* Prototype : void parse_str ( string $str [, array $arr ] ) Modified: php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt === --- php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:47:32 UTC (rev 323205) +++ php/php-src/trunk/ext/standard/tests/strings/parse_str_basic3.phpt 2012-02-14 09:50:46 UTC (rev 323206) @@ -1,5 +1,7 @@ --TEST-- Test parse_str() function : basic functionality +--INI-- +max_input_vars=100 --FILE-- ?php /* Prototype : void parse_str ( string $str [, array $arr ] ) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/NEWS branches/PHP_5_4/sapi/cgi/cgi_main.c trunk/sapi/cgi/cgi_main.c
dmitry Tue, 14 Feb 2012 13:31:23 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323212
Log:
Fixed reinitialization of SAPI callbacks after php_module_startup()
Changed paths:
U php/php-src/branches/PHP_5_4/NEWS
U php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c
U php/php-src/trunk/sapi/cgi/cgi_main.c
Modified: php/php-src/branches/PHP_5_4/NEWS
===
--- php/php-src/branches/PHP_5_4/NEWS 2012-02-14 13:05:31 UTC (rev 323211)
+++ php/php-src/branches/PHP_5_4/NEWS 2012-02-14 13:31:23 UTC (rev 323212)
@@ -7,6 +7,10 @@
. Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with
$double=false). (Gustavo)
+- CGI/FastCGI SAPI
+ . Fixed reinitialization of SAPI callbacks after php_module_startup().
+(Dmitry)
+
02 Feb 2012, PHP 5.4.0 RC 7
- Core:
. Fixed bug #60895 (Possible invalid handler usage in windows random
Modified: php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c
===
--- php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c2012-02-14 13:05:31 UTC
(rev 323211)
+++ php/php-src/branches/PHP_5_4/sapi/cgi/cgi_main.c2012-02-14 13:31:23 UTC
(rev 323212)
@@ -1860,6 +1860,15 @@
php_optind = orig_optind;
php_optarg = orig_optarg;
+ if (fastcgi || bindpath) {
+ /* Override SAPI callbacks */
+ cgi_sapi_module.ub_write = sapi_fcgi_ub_write;
+ cgi_sapi_module.flush= sapi_fcgi_flush;
+ cgi_sapi_module.read_post= sapi_fcgi_read_post;
+ cgi_sapi_module.getenv = sapi_fcgi_getenv;
+ cgi_sapi_module.read_cookies = sapi_fcgi_read_cookies;
+ }
+
#ifdef ZTS
SG(request_info).path_translated = NULL;
#endif
@@ -1929,13 +1938,6 @@
fastcgi = fcgi_is_fastcgi();
}
if (fastcgi) {
- /* Override SAPI callbacks */
- sapi_module.ub_write = sapi_fcgi_ub_write;
- sapi_module.flush= sapi_fcgi_flush;
- sapi_module.read_post= sapi_fcgi_read_post;
- sapi_module.getenv = sapi_fcgi_getenv;
- sapi_module.read_cookies = sapi_fcgi_read_cookies;
-
/* How many times to run PHP scripts before dying */
if (getenv(PHP_FCGI_MAX_REQUESTS)) {
max_requests = atoi(getenv(PHP_FCGI_MAX_REQUESTS));
Modified: php/php-src/trunk/sapi/cgi/cgi_main.c
===
--- php/php-src/trunk/sapi/cgi/cgi_main.c 2012-02-14 13:05:31 UTC (rev
323211)
+++ php/php-src/trunk/sapi/cgi/cgi_main.c 2012-02-14 13:31:23 UTC (rev
323212)
@@ -1859,6 +1859,15 @@
php_optind = orig_optind;
php_optarg = orig_optarg;
+ if (fastcgi || bindpath) {
+ /* Override SAPI callbacks */
+ cgi_sapi_module.ub_write = sapi_fcgi_ub_write;
+ cgi_sapi_module.flush= sapi_fcgi_flush;
+ cgi_sapi_module.read_post= sapi_fcgi_read_post;
+ cgi_sapi_module.getenv = sapi_fcgi_getenv;
+ cgi_sapi_module.read_cookies = sapi_fcgi_read_cookies;
+ }
+
#ifdef ZTS
SG(request_info).path_translated = NULL;
#endif
@@ -1928,13 +1937,6 @@
fastcgi = fcgi_is_fastcgi();
}
if (fastcgi) {
- /* Override SAPI callbacks */
- sapi_module.ub_write = sapi_fcgi_ub_write;
- sapi_module.flush= sapi_fcgi_flush;
- sapi_module.read_post= sapi_fcgi_read_post;
- sapi_module.getenv = sapi_fcgi_getenv;
- sapi_module.read_cookies = sapi_fcgi_read_cookies;
-
/* How many times to run PHP scripts before dying */
if (getenv(PHP_FCGI_MAX_REQUESTS)) {
max_requests = atoi(getenv(PHP_FCGI_MAX_REQUESTS));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/main/streams/plain_wrapper.c trunk/main/streams/plain_wrapper.c
shm Tue, 14 Feb 2012 14:14:30 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323213
Log:
* fixed bug #60704 unlink() bug with some files path
Reviewed by: rasmus@
Bug: https://bugs.php.net/60704 (Assigned) unlink() bug with some files path
Changed paths:
U php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c
U php/php-src/trunk/main/streams/plain_wrapper.c
Modified: php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c
===
--- php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2012-02-14
13:31:23 UTC (rev 323212)
+++ php/php-src/branches/PHP_5_3/main/streams/plain_wrapper.c 2012-02-14
14:14:30 UTC (rev 323213)
@@ -1010,9 +1010,12 @@
static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url,
int flags, php_stream_statbuf *ssb, php_stream_context *context TSRMLS_DC)
{
+ char *p;
- if (strncmp(url, file://, sizeof(file://) - 1) == 0) {
- url += sizeof(file://) - 1;
+ if ((p = strstr(url, ://)) != NULL) {
+ if (p strchr(url, '/')) {
+ url = p + 3;
+ }
}
if (PG(safe_mode) (!php_checkuid_ex(url, NULL,
CHECKUID_CHECK_FILE_AND_DIR, (flags PHP_STREAM_URL_STAT_QUIET) ?
CHECKUID_NO_ERRORS : 0))) {
@@ -1045,7 +1048,9 @@
int ret;
if ((p = strstr(url, ://)) != NULL) {
- url = p + 3;
+ if (p strchr(url, '/')) {
+ url = p + 3;
+ }
}
if (options ENFORCE_SAFE_MODE) {
@@ -1093,11 +1098,15 @@
#endif
if ((p = strstr(url_from, ://)) != NULL) {
- url_from = p + 3;
+ if (p strchr(url_from, '/')) {
+ url_from = p + 3;
+ }
}
if ((p = strstr(url_to, ://)) != NULL) {
- url_to = p + 3;
+ if (p strchr(url_to, '/')) {
+ url_to = p + 3;
+ }
}
if (PG(safe_mode) (!php_checkuid(url_from, NULL,
CHECKUID_CHECK_FILE_AND_DIR) ||
@@ -1168,7 +1177,9 @@
char *p;
if ((p = strstr(dir, ://)) != NULL) {
- dir = p + 3;
+ if (p strchr(dir, '/')) {
+ dir = p + 3;
+ }
}
if (!recursive) {
Modified: php/php-src/trunk/main/streams/plain_wrapper.c
===
--- php/php-src/trunk/main/streams/plain_wrapper.c 2012-02-14 13:31:23 UTC
(rev 323212)
+++ php/php-src/trunk/main/streams/plain_wrapper.c 2012-02-14 14:14:30 UTC
(rev 323213)
@@ -1001,9 +1001,12 @@
static int php_plain_files_url_stater(php_stream_wrapper *wrapper, char *url,
int flags, php_stream_statbuf *ssb, php_stream_context *context TSRMLS_DC)
{
+ char *p;
- if (strncmp(url, file://, sizeof(file://) - 1) == 0) {
- url += sizeof(file://) - 1;
+ if ((p = strstr(url, ://)) != NULL) {
+ if (p strchr(url, '/')) {
+ url = p + 3;
+ }
}
if (php_check_open_basedir_ex(url, (flags PHP_STREAM_URL_STAT_QUIET)
? 0 : 1 TSRMLS_CC)) {
@@ -1032,7 +1035,9 @@
int ret;
if ((p = strstr(url, ://)) != NULL) {
- url = p + 3;
+ if (p strchr(url, '/')) {
+ url = p + 3;
+ }
}
if (php_check_open_basedir(url TSRMLS_CC)) {
@@ -1074,11 +1079,15 @@
#endif
if ((p = strstr(url_from, ://)) != NULL) {
- url_from = p + 3;
+ if (p strchr(url_from, '/')) {
+ url_from = p + 3;
+ }
}
if ((p = strstr(url_to, ://)) != NULL) {
- url_to = p + 3;
+ if (p strchr(url_to, '/')) {
+ url_to = p + 3;
+ }
}
if (php_check_open_basedir(url_from TSRMLS_CC) ||
php_check_open_basedir(url_to TSRMLS_CC)) {
@@ -1144,7 +1153,9 @@
char *p;
if ((p = strstr(dir, ://)) != NULL) {
- dir = p + 3;
+ if (p strchr(dir, '/')) {
+ dir = p + 3;
+ }
}
if (!recursive) {
@@ -1273,7 +1284,9 @@
#endif
if ((p = strstr(url, ://)) != NULL) {
- url = p + 3;
+ if (p strchr(url, '/')) {
+ url = p + 3;
+ }
}
if (php_check_open_basedir(url TSRMLS_CC)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c
mike Tue, 14 Feb 2012 19:31:54 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323219
Log:
fix compat function not passing along input buffer with
php_output_context_pass() if the output_handler_func does not set out_str
Changed paths:
U php/php-src/branches/PHP_5_4/main/output.c
U php/php-src/trunk/main/output.c
Modified: php/php-src/branches/PHP_5_4/main/output.c
===
--- php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 18:35:06 UTC (rev
323218)
+++ php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 19:31:54 UTC (rev
323219)
@@ -1260,11 +1260,19 @@
PHP_OUTPUT_TSRMLS(output_context);
if (func) {
- uint safe_out_len;
+ char *out_str = NULL;
+ uint out_len = 0;
- func(output_context-in.data, output_context-in.used,
output_context-out.data, safe_out_len, output_context-op TSRMLS_CC);
- output_context-out.used = safe_out_len;
- output_context-out.free = 1;
+ func(output_context-in.data, output_context-in.used,
out_str, out_len, output_context-op TSRMLS_CC);
+
+ if (out_str) {
+ output_context-out.data = out_str;
+ output_context-out.used = out_len;
+ output_context-out.free = 1;
+ } else {
+ php_output_context_pass(output_context);
+ }
+
return SUCCESS;
}
return FAILURE;
Modified: php/php-src/trunk/main/output.c
===
--- php/php-src/trunk/main/output.c 2012-02-14 18:35:06 UTC (rev 323218)
+++ php/php-src/trunk/main/output.c 2012-02-14 19:31:54 UTC (rev 323219)
@@ -1260,11 +1260,19 @@
PHP_OUTPUT_TSRMLS(output_context);
if (func) {
- uint safe_out_len;
+ char *out_str = NULL;
+ uint out_len = 0;
- func(output_context-in.data, output_context-in.used,
output_context-out.data, safe_out_len, output_context-op TSRMLS_CC);
- output_context-out.used = safe_out_len;
- output_context-out.free = 1;
+ func(output_context-in.data, output_context-in.used,
out_str, out_len, output_context-op TSRMLS_CC);
+
+ if (out_str) {
+ output_context-out.data = out_str;
+ output_context-out.used = out_len;
+ output_context-out.free = 1;
+ } else {
+ php_output_context_pass(output_context);
+ }
+
return SUCCESS;
}
return FAILURE;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c
It would be great to have a NEWS entry and a testcase and a bug number.
Chris
On 02/14/2012 11:31 AM, Michael Wallner wrote:
mike Tue, 14 Feb 2012 19:31:54 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=323219
Log:
fix compat function not passing along input buffer with
php_output_context_pass() if the output_handler_func does not set out_str
Changed paths:
U php/php-src/branches/PHP_5_4/main/output.c
U php/php-src/trunk/main/output.c
Modified: php/php-src/branches/PHP_5_4/main/output.c
===
--- php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 18:35:06 UTC (rev
323218)
+++ php/php-src/branches/PHP_5_4/main/output.c 2012-02-14 19:31:54 UTC (rev
323219)
@@ -1260,11 +1260,19 @@
PHP_OUTPUT_TSRMLS(output_context);
if (func) {
- uint safe_out_len;
+ char *out_str = NULL;
+ uint out_len = 0;
- func(output_context-in.data,
output_context-in.used,output_context-out.data,safe_out_len,
output_context-op TSRMLS_CC);
- output_context-out.used = safe_out_len;
- output_context-out.free = 1;
+ func(output_context-in.data,
output_context-in.used,out_str,out_len, output_context-op TSRMLS_CC);
+
+ if (out_str) {
+ output_context-out.data = out_str;
+ output_context-out.used = out_len;
+ output_context-out.free = 1;
+ } else {
+ php_output_context_pass(output_context);
+ }
+
return SUCCESS;
}
return FAILURE;
Modified: php/php-src/trunk/main/output.c
===
--- php/php-src/trunk/main/output.c 2012-02-14 18:35:06 UTC (rev 323218)
+++ php/php-src/trunk/main/output.c 2012-02-14 19:31:54 UTC (rev 323219)
@@ -1260,11 +1260,19 @@
PHP_OUTPUT_TSRMLS(output_context);
if (func) {
- uint safe_out_len;
+ char *out_str = NULL;
+ uint out_len = 0;
- func(output_context-in.data,
output_context-in.used,output_context-out.data,safe_out_len,
output_context-op TSRMLS_CC);
- output_context-out.used = safe_out_len;
- output_context-out.free = 1;
+ func(output_context-in.data,
output_context-in.used,out_str,out_len, output_context-op TSRMLS_CC);
+
+ if (out_str) {
+ output_context-out.data = out_str;
+ output_context-out.used = out_len;
+ output_context-out.free = 1;
+ } else {
+ php_output_context_pass(output_context);
+ }
+
return SUCCESS;
}
return FAILURE;
--
Email: christopher.jo...@oracle.com
Tel: +1 650 506 8630
Blog: http://blogs.oracle.com/opal/
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
