[PHP-CVS] cvs: php4 /ext/standard var.c
stasSun Jan 12 08:50:18 2003 EDT Modified files: /php4/ext/standard var.c Log: remove unneeded var Index: php4/ext/standard/var.c diff -u php4/ext/standard/var.c:1.152 php4/ext/standard/var.c:1.153 --- php4/ext/standard/var.c:1.152 Tue Dec 31 11:07:57 2002 +++ php4/ext/standard/var.c Sun Jan 12 08:50:17 2003 @@ -60,7 +60,6 @@ void php_var_dump(zval **struc, int level TSRMLS_DC) { HashTable *myht = NULL; - zend_object *object = NULL; if (level 1) { php_printf(%*c, level - 1, ' '); @@ -93,7 +92,6 @@ php_printf(%sarray(%d) {\n, COMMON, zend_hash_num_elements(myht)); goto head_done; case IS_OBJECT: - object = Z_OBJ_PP(struc); myht = Z_OBJPROP_PP(struc); if (myht-nApplyCount 1) { PUTS(*RECURSION*\n); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /ext/standard aggregation.c
stasSun Jan 12 13:42:16 2003 EDT Modified files: /php4/ext/standard aggregation.c Log: ZE2 compatibility Index: php4/ext/standard/aggregation.c diff -u php4/ext/standard/aggregation.c:1.14 php4/ext/standard/aggregation.c:1.15 --- php4/ext/standard/aggregation.c:1.14Sun Jan 12 09:43:04 2003 +++ php4/ext/standard/aggregation.c Sun Jan 12 13:42:16 2003 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: aggregation.c,v 1.14 2003/01/12 14:43:04 stas Exp $ */ +/* $Id: aggregation.c,v 1.15 2003/01/12 18:42:16 stas Exp $ */ #include php.h #include basic_functions.h @@ -399,10 +399,15 @@ new_ce-clone = Z_OBJCE_P(obj)-clone; #endif new_ce-builtin_functions = Z_OBJCE_P(obj)-builtin_functions; +#ifndef ZEND_ENGINE_2 new_ce-handle_function_call = Z_OBJCE_P(obj)-handle_function_call; new_ce-handle_property_get = Z_OBJCE_P(obj)-handle_property_get; new_ce-handle_property_set = Z_OBJCE_P(obj)-handle_property_set; - +#else + new_ce-__call = Z_OBJCE_P(obj)-__call; + new_ce-__get = Z_OBJCE_P(obj)-__get; + new_ce-__set = Z_OBJCE_P(obj)-__set; +#endif /* * Okay, that was kind of exhausting. Let's invoke programmer virtue #1 * and stuff this where it belongs so we don't have to work so hard next -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 / configure.in
stasMon Jun 16 04:32:35 2003 EDT Modified files: /php4 configure.in Log: default_classes belongs to ZE2 part Index: php4/configure.in diff -u php4/configure.in:1.446 php4/configure.in:1.447 --- php4/configure.in:1.446 Sat May 24 08:00:03 2003 +++ php4/configure.in Mon Jun 16 04:32:35 2003 @@ -1,4 +1,4 @@ -dnl ## $Id: configure.in,v 1.446 2003/05/24 12:00:03 helly Exp $ -*- sh -*- +dnl ## $Id: configure.in,v 1.447 2003/06/16 08:32:35 stas Exp $ -*- sh -*- dnl ## Process this file with autoconf to produce a configure script. divert(1) @@ -1136,10 +1136,10 @@ zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \ zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ -zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c zend_default_classes.c) +zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c) if test -r $abs_srcdir/Zend/zend_objects.c; then - PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_mm.c) + PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_mm.c zend_default_classes.c) fi dnl Selectively disable optimization due to high RAM usage during -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /tests/lang bug18872.phpt bug23279.phpt bug23384.phpt
stasMon Jun 16 05:20:42 2003 EDT Added files: /php4/tests/langbug18872.phpt bug23279.phpt bug23384.phpt Log: add tests for fixed bugs Index: php4/tests/lang/bug18872.phpt +++ php4/tests/lang/bug18872.phpt --TEST-- Bug #18872 (class constant used as default parameter) --FILE-- ?php class FooBar { const BIFF = 3; } function foo($biff = FooBar::BIFF) { echo $biff . \n; } foo(); foo(); ? --EXPECT-- 3 3 Index: php4/tests/lang/bug23279.phpt +++ php4/tests/lang/bug23279.phpt --TEST-- Bug #23279 (exception handler stops after first function call) --FILE-- ?php ob_start(); set_exception_handler('redirect_on_error'); echo Hello World\n; throw new Exception; function redirect_on_error($e) { ob_end_clean(); echo Goodbye Cruel World\n; } ? --EXPECT-- Goodbye Cruel World Index: php4/tests/lang/bug23384.phpt +++ php4/tests/lang/bug23384.phpt --TEST-- Bug #23384 (use of class constants in statics) --FILE-- ?php define('TEN', 10); class Foo { const HUN = 100; function test($x = Foo::HUN) { static $arr2 = array(TEN = 'ten'); static $arr = array(Foo::HUN = 'ten'); print_r($arr); print_r($arr2); print_r($x); } } Foo::test(); echo Foo::HUN.\n; ? --EXPECT-- Array ( [100] = ten ) Array ( [10] = ten ) 100100 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /tests/classes bug23951.phpt
stasMon Jun 16 05:27:33 2003 EDT Modified files: /php4/tests/classes bug23951.phpt Log: fix test so it does not depend on variable order Index: php4/tests/classes/bug23951.phpt diff -u php4/tests/classes/bug23951.phpt:1.1 php4/tests/classes/bug23951.phpt:1.2 --- php4/tests/classes/bug23951.phpt:1.1Mon Jun 2 07:12:25 2003 +++ php4/tests/classes/bug23951.phptMon Jun 16 05:27:33 2003 @@ -22,7 +22,8 @@ $b = new B; print_r($a); -print_r($b); +print_r($b-a_var); +print_r($b-b_var); ? --EXPECT-- @@ -35,13 +36,9 @@ ) ) -b Object +Array ( -[a_var] = Array -( -[1] = foo1_value -[2] = foo2_value -) - -[b_var] = foo +[1] = foo1_value +[2] = foo2_value ) +foo -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /tests/lang bug21669.phpt
stasMon Jun 16 08:26:07 2003 EDT Added files: /php4/tests/langbug21669.phpt Log: Add test for the bug - will fail for now! Index: php4/tests/lang/bug21669.phpt +++ php4/tests/lang/bug21669.phpt --TEST-- Bug #21669 $obj = new $this-var; doesn't work --FILE-- ?php class Test { function say_hello() { echo Hello world; } } class Factory { var $name = Test; function create() { $obj = new $this-name; /* Parse error */ return $obj; } } $factory = new Factory; $test = $factory-create(); $test-say_hello(); ? --EXPECT-- Hello world -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /sapi/cli php_cli.c
stasMon Jun 16 12:14:38 2003 EDT Modified files: /php4/sapi/cli php_cli.c Log: flush after banner print Index: php4/sapi/cli/php_cli.c diff -u php4/sapi/cli/php_cli.c:1.94 php4/sapi/cli/php_cli.c:1.95 --- php4/sapi/cli/php_cli.c:1.94Tue Jun 10 16:03:45 2003 +++ php4/sapi/cli/php_cli.c Mon Jun 16 12:14:38 2003 @@ -19,7 +19,7 @@ +--+ */ -/* $Id: php_cli.c,v 1.94 2003/06/10 20:03:45 imajes Exp $ */ +/* $Id: php_cli.c,v 1.95 2003/06/16 16:14:38 stas Exp $ */ #include php.h #include php_globals.h @@ -680,6 +680,7 @@ case 'a': /* interactive mode */ printf(Interactive mode enabled\n\n); + fflush(stdout); interactive=1; break; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /sapi/cli php_cli.c
Well, it mostly fixed the tests :) The problem is that if one doesn't flush, then on console everything is OK, but if you use some buffered stream (e.g., popen, or even maybe file) then the banner can get inside the rest of the output and not at the start. Using interactive mode outside console is a bit esoteric, but the tests did fail. I'm not sure if it really requires merging... JT JT MFH? (what exactly did this fix/change? :) JT JT --Jani JT JT On Mon, 16 Jun 2003, Stanislav Malyshev wrote: JT JT stas Mon Jun 16 12:14:38 2003 EDT JT JT Modified files: JT /php4/sapi/cliphp_cli.c JT Log: JT flush after banner print JT JT JT Index: php4/sapi/cli/php_cli.c JT diff -u php4/sapi/cli/php_cli.c:1.94 php4/sapi/cli/php_cli.c:1.95 JT --- php4/sapi/cli/php_cli.c:1.94 Tue Jun 10 16:03:45 2003 JT +++ php4/sapi/cli/php_cli.c Mon Jun 16 12:14:38 2003 JT @@ -19,7 +19,7 @@ JT +--+ JT */ JT JT -/* $Id: php_cli.c,v 1.94 2003/06/10 20:03:45 imajes Exp $ */ JT +/* $Id: php_cli.c,v 1.95 2003/06/16 16:14:38 stas Exp $ */ JT JT #include php.h JT #include php_globals.h JT @@ -680,6 +680,7 @@ JT JT case 'a': /* interactive mode */ JT printf(Interactive mode enabled\n\n); JT + fflush(stdout); JT interactive=1; JT break; JT JT -- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ +972-3-6139665 ext.109 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php5 /ext/standard string.c
stasMon Jun 23 10:09:15 2003 EDT Modified files: /php5/ext/standard string.c Log: Fix #24281 - str_replace not updating the count if value is not initialized Index: php5/ext/standard/string.c diff -u php5/ext/standard/string.c:1.391 php5/ext/standard/string.c:1.392 --- php5/ext/standard/string.c:1.391Fri Jun 20 11:41:43 2003 +++ php5/ext/standard/string.c Mon Jun 23 10:09:14 2003 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: string.c,v 1.391 2003/06/20 15:41:43 pollita Exp $ */ +/* $Id: string.c,v 1.392 2003/06/23 14:09:14 stas Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -3194,7 +3194,8 @@ php_str_replace_in_subject(*search, *replace, subject, return_value, case_sensitivity, (argc 3) ? count : NULL); } if (argc 3) { - Z_LVAL_PP(zcount) = count; + zval_dtor(*zcount); + ZVAL_LONG(*zcount, count); } } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php5 /ext/standard/tests/strings bug24281.phpt
stasMon Jun 23 10:18:33 2003 EDT Added files: /php5/ext/standard/tests/stringsbug24281.phpt Log: add test for #24281 Index: php5/ext/standard/tests/strings/bug24281.phpt +++ php5/ext/standard/tests/strings/bug24281.phpt --TEST-- Bug #24281: str_replace count not returned if variable wasn't initialized --SKIPIF-- ?php if (version_compare(zend_version(), '2.0.0-dev', '')) die('SKIP PHP5 functionality'); ? --FILE-- ?php $string = He had had to have had it; $newstring = str_replace(had, foo, $string, $count); print $count changes were made.\n; $count = foo; $newstring = str_replace(had, foo, $string, $count); print $count changes were made.\n; ? --EXPECT-- 3 changes were made. 3 changes were made. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard incomplete_class.c
stasTue Aug 5 05:06:02 2003 EDT Modified files: /php-src/ext/standard incomplete_class.c Log: fix incomplete class for ZE2 Index: php-src/ext/standard/incomplete_class.c diff -u php-src/ext/standard/incomplete_class.c:1.18 php-src/ext/standard/incomplete_class.c:1.19 --- php-src/ext/standard/incomplete_class.c:1.18Tue Jun 10 16:03:38 2003 +++ php-src/ext/standard/incomplete_class.c Tue Aug 5 05:06:02 2003 @@ -17,7 +17,7 @@ */ -/* $Id: incomplete_class.c,v 1.18 2003/06/10 20:03:38 imajes Exp $ */ +/* $Id: incomplete_class.c,v 1.19 2003/08/05 09:06:02 stas Exp $ */ #include php.h #include basic_functions.h @@ -33,13 +33,15 @@ /* {{{ incomplete_class_message */ -static void incomplete_class_message(zend_property_reference *ref, int error_type) +static void incomplete_class_message(int error_type) { char buf[1024]; - char *class_name; + char *class_name = NULL; TSRMLS_FETCH(); - class_name = php_lookup_class_name(ref-object, NULL, 0); + if(EG(This)) { + class_name = php_lookup_class_name(EG(This), NULL, 0); + } if (!class_name) class_name = estrdup(unknown); @@ -54,47 +56,58 @@ /* {{{ incomplete_class_call_func */ -static void incomplete_class_call_func(INTERNAL_FUNCTION_PARAMETERS, zend_property_reference *property_reference) +static void incomplete_class_call_func(INTERNAL_FUNCTION_PARAMETERS) { - incomplete_class_message(property_reference, E_ERROR); + incomplete_class_message(E_ERROR); } /* }}} */ /* {{{ incomplete_class_set_property */ -static int incomplete_class_set_property(zend_property_reference *property_reference, zval *value) +static void incomplete_class_set_property(INTERNAL_FUNCTION_PARAMETERS) { - incomplete_class_message(property_reference, E_NOTICE); - - /* does not reach this point */ - return (0); + incomplete_class_message(E_NOTICE); } /* }}} */ /* {{{ incomplete_class_get_property */ -static zval incomplete_class_get_property(zend_property_reference *property_reference) +static void incomplete_class_get_property(INTERNAL_FUNCTION_PARAMETERS) { - zval foo; - - incomplete_class_message(property_reference, E_NOTICE); - - /* does not reach this point */ - memset(foo, 0, sizeof(zval)); /* shut warnings up */ - return (foo); + incomplete_class_message(E_NOTICE); } /* }}} */ /* {{{ php_create_incomplete_class */ +zend_internal_function incomplete_class_call_func_fe; +zend_internal_function incomplete_class_get_property_fe; +zend_internal_function incomplete_class_set_property_fe; + +static void php_incomplete_class_init_func(zend_internal_function *fe, void (*handler)(INTERNAL_FUNCTION_PARAMETERS)) { + fe-type = ZEND_INTERNAL_FUNCTION; + fe-handler = handler; + fe-function_name = NULL; + fe-scope = NULL; + fe-fn_flags = 0; + fe-prototype = NULL; + fe-num_args = 2; + fe-arg_info = NULL; + fe-pass_rest_by_reference = 0; +} + zend_class_entry *php_create_incomplete_class(TSRMLS_D) { zend_class_entry incomplete_class; + php_incomplete_class_init_func(incomplete_class_call_func_fe, incomplete_class_call_func); + php_incomplete_class_init_func(incomplete_class_get_property_fe, incomplete_class_get_property); + php_incomplete_class_init_func(incomplete_class_set_property_fe, incomplete_class_set_property); + INIT_OVERLOADED_CLASS_ENTRY(incomplete_class, INCOMPLETE_CLASS, NULL, - incomplete_class_call_func, - incomplete_class_get_property, - incomplete_class_set_property); + (zend_function *)incomplete_class_call_func_fe, + (zend_function *)incomplete_class_get_property_fe, + (zend_function *)incomplete_class_set_property_fe); return zend_register_internal_class(incomplete_class TSRMLS_CC); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.re
stasTue Aug 5 05:15:31 2003 EDT Modified files: /php-src/ext/standard var_unserializer.re Log: don't try to wakeup incomplete classes Index: php-src/ext/standard/var_unserializer.re diff -u php-src/ext/standard/var_unserializer.re:1.19 php-src/ext/standard/var_unserializer.re:1.20 --- php-src/ext/standard/var_unserializer.re:1.19 Wed Jul 2 12:19:57 2003 +++ php-src/ext/standard/var_unserializer.reTue Aug 5 05:15:31 2003 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: var_unserializer.re,v 1.19 2003/07/02 16:19:57 moriyoshi Exp $ */ +/* $Id: var_unserializer.re,v 1.20 2003/08/05 09:15:31 stas Exp $ */ #include php.h #include ext/standard/php_var.h @@ -226,9 +226,11 @@ return 0; } - INIT_PZVAL(fname); - ZVAL_STRINGL(fname, __wakeup, sizeof(__wakeup) - 1, 0); - call_user_function_ex(CG(function_table), rval, fname, retval_ptr, 0, 0, 1, NULL TSRMLS_CC); + if(Z_OBJCE_PP(rval) != PHP_IC_ENTRY) { + INIT_PZVAL(fname); + ZVAL_STRINGL(fname, __wakeup, sizeof(__wakeup) - 1, 0); + call_user_function_ex(CG(function_table), rval, fname, retval_ptr, 0, 0, 1, NULL TSRMLS_CC); + } if (retval_ptr) zval_ptr_dtor(retval_ptr); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard incomplete_class.c
stasTue Aug 5 05:07:49 2003 EDT Modified files: /php-src/ext/standard incomplete_class.c Log: pass trsm via parameters Index: php-src/ext/standard/incomplete_class.c diff -u php-src/ext/standard/incomplete_class.c:1.19 php-src/ext/standard/incomplete_class.c:1.20 --- php-src/ext/standard/incomplete_class.c:1.19Tue Aug 5 05:06:02 2003 +++ php-src/ext/standard/incomplete_class.c Tue Aug 5 05:07:49 2003 @@ -17,7 +17,7 @@ */ -/* $Id: incomplete_class.c,v 1.19 2003/08/05 09:06:02 stas Exp $ */ +/* $Id: incomplete_class.c,v 1.20 2003/08/05 09:07:49 stas Exp $ */ #include php.h #include basic_functions.h @@ -33,11 +33,10 @@ /* {{{ incomplete_class_message */ -static void incomplete_class_message(int error_type) +static void incomplete_class_message(int error_type TSRMLS_DC) { char buf[1024]; char *class_name = NULL; - TSRMLS_FETCH(); if(EG(This)) { class_name = php_lookup_class_name(EG(This), NULL, 0); @@ -58,7 +57,7 @@ */ static void incomplete_class_call_func(INTERNAL_FUNCTION_PARAMETERS) { - incomplete_class_message(E_ERROR); + incomplete_class_message(E_ERROR TSRMLS_CC); } /* }}} */ @@ -66,7 +65,7 @@ */ static void incomplete_class_set_property(INTERNAL_FUNCTION_PARAMETERS) { - incomplete_class_message(E_NOTICE); + incomplete_class_message(E_NOTICE TSRMLS_CC); } /* }}} */ @@ -74,7 +73,7 @@ */ static void incomplete_class_get_property(INTERNAL_FUNCTION_PARAMETERS) { - incomplete_class_message(E_NOTICE); + incomplete_class_message(E_NOTICE TSRMLS_CC); } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard var_unserializer.c
stasTue Aug 5 05:23:17 2003 EDT Modified files: /php-src/ext/standard var_unserializer.c Log: syncronize Index: php-src/ext/standard/var_unserializer.c diff -u php-src/ext/standard/var_unserializer.c:1.28 php-src/ext/standard/var_unserializer.c:1.29 --- php-src/ext/standard/var_unserializer.c:1.28Wed Jul 2 12:19:57 2003 +++ php-src/ext/standard/var_unserializer.c Tue Aug 5 05:23:17 2003 @@ -1,5 +1,5 @@ -/* Generated by re2c 0.5 on Thu Jul 3 01:22:57 2003 */ -#line 1 /home/koizumi/src/php-src-5/ext/standard/var_unserializer.re +/* Generated by re2c 0.5 on Tue Aug 5 12:19:02 2003 */ +#line 1 /home/frodo/php5/ext/standard/var_unserializer.re /* +--+ | PHP Version 4| @@ -18,7 +18,7 @@ +--+ */ -/* $Id: var_unserializer.c,v 1.28 2003/07/02 16:19:57 moriyoshi Exp $ */ +/* $Id: var_unserializer.c,v 1.29 2003/08/05 09:23:17 stas Exp $ */ #include php.h #include ext/standard/php_var.h @@ -224,9 +224,11 @@ return 0; } - INIT_PZVAL(fname); - ZVAL_STRINGL(fname, __wakeup, sizeof(__wakeup) - 1, 0); - call_user_function_ex(CG(function_table), rval, fname, retval_ptr, 0, 0, 1, NULL TSRMLS_CC); + if(Z_OBJCE_PP(rval) != PHP_IC_ENTRY) { + INIT_PZVAL(fname); + ZVAL_STRINGL(fname, __wakeup, sizeof(__wakeup) - 1, 0); + call_user_function_ex(CG(function_table), rval, fname, retval_ptr, 0, 0, 1, NULL TSRMLS_CC); + } if (retval_ptr) zval_ptr_dtor(retval_ptr); @@ -339,7 +341,7 @@ yych = *(YYMARKER = ++YYCURSOR); if(yych == ':') goto yy74; yy4: -#line 443 +#line 445 { return 0; } yy5: yych = *++YYCURSOR; if(yych == ';') goto yy72; @@ -374,7 +376,7 @@ goto yy4; yy13: yych = *++YYCURSOR; yy14: -#line 437 +#line 439 { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, Unexpected end of serialized data); @@ -398,7 +400,7 @@ if(yych != '') goto yy2; yy21: yych = *++YYCURSOR; yy22: -#line 352 +#line 354 { int len; int elements; @@ -505,7 +507,7 @@ if(yych != '') goto yy2; yy28: yych = *++YYCURSOR; yy29: -#line 344 +#line 346 { INIT_PZVAL(*rval); @@ -535,7 +537,7 @@ if(yych != '{') goto yy2; yy35: yych = *++YYCURSOR; yy36: -#line 326 +#line 328 { int elements = parse_iv(start + 2); @@ -575,7 +577,7 @@ if(yych != '') goto yy2; yy42: yych = *++YYCURSOR; yy43: -#line 306 +#line 308 { int len; char *str; @@ -652,7 +654,7 @@ } yy51: yych = *++YYCURSOR; yy52: -#line 299 +#line 301 { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -725,7 +727,7 @@ if(yych != ';') goto yy2; yy64: yych = *++YYCURSOR; yy65: -#line 292 +#line 294 { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -752,7 +754,7 @@ if(yych != ';') goto yy2; yy70: yych = *++YYCURSOR; yy71: -#line 285 +#line 287 { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -761,7 +763,7 @@ } yy72: yych = *++YYCURSOR; yy73: -#line 278 +#line 280 { *p = YYCURSOR; INIT_PZVAL(*rval); @@ -788,7 +790,7 @@ if(yych != ';') goto yy2; yy78: yych = *++YYCURSOR; yy79: -#line 257 +#line 259 { int id; @@ -810,7 +812,7 @@ return 1; } } -#line 445 +#line 447 return 0; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard mail.c
stasMon Sep 1 04:18:32 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard mail.c Log: The sendmail_path executable check breaks setups that use parameters for sendmail - including the default setup - so I'm disabling it for now. Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.66.2.6 php-src/ext/standard/mail.c:1.66.2.7 --- php-src/ext/standard/mail.c:1.66.2.6Wed Aug 27 19:53:31 2003 +++ php-src/ext/standard/mail.c Mon Sep 1 04:18:31 2003 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mail.c,v 1.66.2.6 2003/08/27 23:53:31 iliaa Exp $ */ +/* $Id: mail.c,v 1.66.2.7 2003/09/01 08:18:31 stas Exp $ */ #include stdlib.h #include ctype.h @@ -197,10 +197,11 @@ #else /* make sure that sendmail_path contains a valid executable, failure to do * would make PHP abruptly exit without a useful error message. */ - if (access(sendmail_path, X_OK)) { +/* if (access(sendmail_path, X_OK)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Permission denied: unable to execute shell to run mail delivery binary '%s', sendmail_path); return 0; } +*/ /* Since popen() doesn't indicate if the internal fork() doesn't work * (e.g. the shell can't be executed) we explicitely set it to 0 to be -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard mail.c
stasMon Sep 1 04:20:18 2003 EDT Modified files: /php-src/ext/standard mail.c Log: The sendmail_path executable check breaks setups that use parameters for sendmail - including the default setup - so I'm disabling it for now. Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.74 php-src/ext/standard/mail.c:1.75 --- php-src/ext/standard/mail.c:1.74Wed Aug 27 19:53:15 2003 +++ php-src/ext/standard/mail.c Mon Sep 1 04:20:17 2003 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mail.c,v 1.74 2003/08/27 23:53:15 iliaa Exp $ */ +/* $Id: mail.c,v 1.75 2003/09/01 08:20:17 stas Exp $ */ #include stdlib.h #include ctype.h @@ -200,10 +200,11 @@ #else /* make sure that sendmail_path contains a valid executable, failure to do * would make PHP abruptly exit without a useful error message. */ - if (access(sendmail_path, X_OK)) { +/* if (access(sendmail_path, X_OK)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Permission denied: unable to execute shell to run mail delivery binary '%s', sendmail_path); return 0; } +*/ /* Since popen() doesn't indicate if the internal fork() doesn't work * (e.g. the shell can't be executed) we explicitely set it to 0 to be -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main streams.c
stasTue Sep 2 05:17:10 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/main streams.c Log: don't report errors if asked not to report Index: php-src/main/streams.c diff -u php-src/main/streams.c:1.125.2.76 php-src/main/streams.c:1.125.2.77 --- php-src/main/streams.c:1.125.2.76 Thu Aug 28 15:18:57 2003 +++ php-src/main/streams.c Tue Sep 2 05:17:09 2003 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: streams.c,v 1.125.2.76 2003/08/28 19:18:57 iliaa Exp $ */ +/* $Id: streams.c,v 1.125.2.77 2003/09/02 09:17:09 stas Exp $ */ #define _GNU_SOURCE #include php.h @@ -2462,19 +2462,23 @@ /* BC with older php scripts and zlib wrapper */ protocol = compress.zlib; n = 13; - php_error_docref(NULL TSRMLS_CC, E_WARNING, Use of \zlib:\ wrapper is deprecated; please use \compress.zlib://\ instead.); + if(options REPORT_ERRRORS) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Use of \zlib:\ wrapper is deprecated; please use \compress.zlib://\ instead.); + } } if (protocol) { if (FAILURE == zend_hash_find(url_stream_wrappers_hash, (char*)protocol, n, (void**)wrapper)) { char wrapper_name[32]; - if (n = sizeof(wrapper_name)) - n = sizeof(wrapper_name) - 1; - PHP_STRLCPY(wrapper_name, protocol, sizeof(wrapper_name), n); + if(options REPORT_ERRRORS) { + if (n = sizeof(wrapper_name)) + n = sizeof(wrapper_name) - 1; + PHP_STRLCPY(wrapper_name, protocol, sizeof(wrapper_name), n); - php_error_docref(NULL TSRMLS_CC, E_NOTICE, Unable to find the wrapper \%s\ - did you forget to enable it when you configured PHP?, - wrapper_name); + php_error_docref(NULL TSRMLS_CC, E_NOTICE, Unable to find the wrapper \%s\ - did you forget to enable it when you configured PHP?, + wrapper_name); + } wrapper = NULL; protocol = NULL; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main streams.c
stasTue Sep 2 06:21:03 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/main streams.c Log: fix typo Index: php-src/main/streams.c diff -u php-src/main/streams.c:1.125.2.77 php-src/main/streams.c:1.125.2.78 --- php-src/main/streams.c:1.125.2.77 Tue Sep 2 05:17:09 2003 +++ php-src/main/streams.c Tue Sep 2 06:21:02 2003 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: streams.c,v 1.125.2.77 2003/09/02 09:17:09 stas Exp $ */ +/* $Id: streams.c,v 1.125.2.78 2003/09/02 10:21:02 stas Exp $ */ #define _GNU_SOURCE #include php.h @@ -2462,7 +2462,7 @@ /* BC with older php scripts and zlib wrapper */ protocol = compress.zlib; n = 13; - if(options REPORT_ERRRORS) { + if(options REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Use of \zlib:\ wrapper is deprecated; please use \compress.zlib://\ instead.); } } @@ -2471,7 +2471,7 @@ if (FAILURE == zend_hash_find(url_stream_wrappers_hash, (char*)protocol, n, (void**)wrapper)) { char wrapper_name[32]; - if(options REPORT_ERRRORS) { + if(options REPORT_ERRORS) { if (n = sizeof(wrapper_name)) n = sizeof(wrapper_name) - 1; PHP_STRLCPY(wrapper_name, protocol, sizeof(wrapper_name), n); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /main streams.c
stasTue Sep 2 06:33:19 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/main streams.c Log: ws Index: php-src/main/streams.c diff -u php-src/main/streams.c:1.125.2.78 php-src/main/streams.c:1.125.2.79 --- php-src/main/streams.c:1.125.2.78 Tue Sep 2 06:21:02 2003 +++ php-src/main/streams.c Tue Sep 2 06:33:18 2003 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: streams.c,v 1.125.2.78 2003/09/02 10:21:02 stas Exp $ */ +/* $Id: streams.c,v 1.125.2.79 2003/09/02 10:33:18 stas Exp $ */ #define _GNU_SOURCE #include php.h @@ -2462,7 +2462,7 @@ /* BC with older php scripts and zlib wrapper */ protocol = compress.zlib; n = 13; - if(options REPORT_ERRORS) { + if (options REPORT_ERRORS) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Use of \zlib:\ wrapper is deprecated; please use \compress.zlib://\ instead.); } } @@ -2471,7 +2471,7 @@ if (FAILURE == zend_hash_find(url_stream_wrappers_hash, (char*)protocol, n, (void**)wrapper)) { char wrapper_name[32]; - if(options REPORT_ERRORS) { + if (options REPORT_ERRORS) { if (n = sizeof(wrapper_name)) n = sizeof(wrapper_name) - 1; PHP_STRLCPY(wrapper_name, protocol, sizeof(wrapper_name), n); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_3) /ext/standard basic_functions.c
stasMon Sep 29 10:02:56 2003 EDT Modified files: (Branch: PHP_4_3) /php-src/ext/standard basic_functions.c Log: allow realpath() for win32 non-ZTS Index: php-src/ext/standard/basic_functions.c diff -u php-src/ext/standard/basic_functions.c:1.543.2.21 php-src/ext/standard/basic_functions.c:1.543.2.22 --- php-src/ext/standard/basic_functions.c:1.543.2.21 Sun Aug 10 20:53:26 2003 +++ php-src/ext/standard/basic_functions.c Mon Sep 29 10:02:55 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: basic_functions.c,v 1.543.2.21 2003/08/11 00:53:26 sniper Exp $ */ +/* $Id: basic_functions.c,v 1.543.2.22 2003/09/29 14:02:55 stas Exp $ */ #include php.h #include php_streams.h @@ -675,7 +675,7 @@ PHP_FALIAS(socket_get_status, stream_get_meta_data, NULL) -#if (!defined(PHP_WIN32) !defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) +#if (!defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) PHP_FE(realpath, NULL) #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard basic_functions.c file.c file.h
stasTue Sep 30 05:52:11 2003 EDT Modified files: /php-src/ext/standard basic_functions.c file.c file.h Log: MF4: allow realpath() for win32 non-ZTS Index: php-src/ext/standard/basic_functions.c diff -u php-src/ext/standard/basic_functions.c:1.628 php-src/ext/standard/basic_functions.c:1.629 --- php-src/ext/standard/basic_functions.c:1.628Tue Sep 23 13:37:29 2003 +++ php-src/ext/standard/basic_functions.c Tue Sep 30 05:52:10 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: basic_functions.c,v 1.628 2003/09/23 17:37:29 andrey Exp $ */ +/* $Id: basic_functions.c,v 1.629 2003/09/30 09:52:10 stas Exp $ */ #include php.h #include php_streams.h @@ -740,7 +740,7 @@ PHP_FALIAS(socket_get_status, stream_get_meta_data, NULL) -#if (!defined(PHP_WIN32) !defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) +#if (!defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) PHP_FE(realpath, NULL) #endif Index: php-src/ext/standard/file.c diff -u php-src/ext/standard/file.c:1.358 php-src/ext/standard/file.c:1.359 --- php-src/ext/standard/file.c:1.358 Tue Sep 9 21:07:01 2003 +++ php-src/ext/standard/file.c Tue Sep 30 05:52:10 2003 @@ -21,7 +21,7 @@ +--+ */ -/* $Id: file.c,v 1.358 2003/09/10 01:07:01 iliaa Exp $ */ +/* $Id: file.c,v 1.359 2003/09/30 09:52:10 stas Exp $ */ /* Synced with php 3.0 revision 1.218 1999-06-16 [ssb] */ @@ -1925,7 +1925,7 @@ } /* }}} */ -#if (!defined(PHP_WIN32) !defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) +#if (!defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) /* {{{ proto string realpath(string path) Return the resolved path */ PHP_FUNCTION(realpath) Index: php-src/ext/standard/file.h diff -u php-src/ext/standard/file.h:1.85 php-src/ext/standard/file.h:1.86 --- php-src/ext/standard/file.h:1.85Sun Jun 15 19:27:05 2003 +++ php-src/ext/standard/file.h Tue Sep 30 05:52:11 2003 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: file.h,v 1.85 2003/06/15 23:27:05 edink Exp $ */ +/* $Id: file.h,v 1.86 2003/09/30 09:52:11 stas Exp $ */ /* Synced with php 3.0 revision 1.30 1999-06-16 [ssb] */ @@ -59,7 +59,7 @@ PHP_FUNCTION(flock); PHP_FUNCTION(fd_set); PHP_FUNCTION(fd_isset); -#if (!defined(PHP_WIN32) !defined(__BEOS__) HAVE_REALPATH) || defined(ZTS) +#if (!defined(__BEOS__) !defined(NETWARE) HAVE_REALPATH) || defined(ZTS) PHP_FUNCTION(realpath); PHP_FUNCTION(fnmatch); #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main php_variables.c
stasTue Oct 7 04:46:17 2003 EDT Modified files: /php-src/main php_variables.c Log: Fix $_SERVER['argv'] and $_SERVER['argc'] Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.69 php-src/main/php_variables.c:1.70 --- php-src/main/php_variables.c:1.69 Wed Oct 1 19:11:59 2003 +++ php-src/main/php_variables.cTue Oct 7 04:46:16 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: php_variables.c,v 1.69 2003/10/01 23:11:59 andrei Exp $ */ +/* $Id: php_variables.c,v 1.70 2003/10/07 08:46:16 stas Exp $ */ #include stdio.h #include php.h @@ -438,7 +438,8 @@ argc-refcount++; zend_hash_update(EG(symbol_table), argv, sizeof(argv), arr, sizeof(zval *), NULL); zend_hash_add(EG(symbol_table), argc, sizeof(argc), argc, sizeof(zval *), NULL); - } else if (!SG(request_info).argc) { + } + if (track_vars_array) { arr-refcount++; argc-refcount++; zend_hash_update(Z_ARRVAL_P(track_vars_array), argv, sizeof(argv), arr, sizeof(pval *), NULL); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session mod_files.c
stasTue Jul 10 17:40:41 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionmod_files.c Log: always check save_path (issue reported by Maksymilian Arciemowicz) http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.100.2.3.2.5r2=1.100.2.3.2.6diff_format=u Index: php-src/ext/session/mod_files.c diff -u php-src/ext/session/mod_files.c:1.100.2.3.2.5 php-src/ext/session/mod_files.c:1.100.2.3.2.6 --- php-src/ext/session/mod_files.c:1.100.2.3.2.5 Sat Mar 3 15:07:31 2007 +++ php-src/ext/session/mod_files.c Tue Jul 10 17:40:41 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mod_files.c,v 1.100.2.3.2.5 2007/03/03 15:07:31 iliaa Exp $ */ +/* $Id: mod_files.c,v 1.100.2.3.2.6 2007/07/10 17:40:41 stas Exp $ */ #include php.h @@ -294,6 +294,14 @@ } save_path = argv[argc - 1]; + if (PG(safe_mode) (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + return FAILURE; + } + + if (PG(open_basedir) php_check_open_basedir(save_path TSRMLS_CC)) { + return FAILURE; + } + data = emalloc(sizeof(*data)); memset(data, 0, sizeof(*data)); @@ -304,7 +312,7 @@ data-basedir = estrndup(save_path, data-basedir_len); PS_SET_MOD_DATA(data); - + return SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasTue Jul 10 17:46:15 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: fixes http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.824r2=1.2027.2.547.2.825diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.824 php-src/NEWS:1.2027.2.547.2.825 --- php-src/NEWS:1.2027.2.547.2.824 Tue Jul 10 12:27:15 2007 +++ php-src/NEWSTue Jul 10 17:46:15 2007 @@ -44,6 +44,8 @@ - Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Stas) - Fixed SimpleXML's behavior when used with empty(). (Sara) +- Fixed session.save_path and error_log values to be checked against + open_basedir and safe_mode (Stas, Maksymilian Arciemowicz) - Fixed PECL Bug #11345 (PDO_OCI crash after National language Support NLS environment initialization error). (Chris Jones) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session mod_files.c
stasTue Jul 10 17:50:47 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionmod_files.c Log: always check save_path (issue reported by Maksymilian Arciemowicz) http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.83.2.9.2.8r2=1.83.2.9.2.9diff_format=u Index: php-src/ext/session/mod_files.c diff -u php-src/ext/session/mod_files.c:1.83.2.9.2.8 php-src/ext/session/mod_files.c:1.83.2.9.2.9 --- php-src/ext/session/mod_files.c:1.83.2.9.2.8Fri Mar 9 10:29:33 2007 +++ php-src/ext/session/mod_files.c Tue Jul 10 17:50:46 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mod_files.c,v 1.83.2.9.2.8 2007/03/09 10:29:33 tony2001 Exp $ */ +/* $Id: mod_files.c,v 1.83.2.9.2.9 2007/07/10 17:50:46 stas Exp $ */ #include php.h @@ -264,6 +264,14 @@ } save_path = p + 1; } + + if (PG(safe_mode) (!php_checkuid(save_path, NULL, CHECKUID_ALLOW_ONLY_DIR))) { + return FAILURE; + } + if (php_check_open_basedir(save_path TSRMLS_CC)) { + return FAILURE; + } + data-basedir_len = strlen(save_path); data-basedir = estrndup(save_path, data-basedir_len); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/session mod_files.c
stasTue Jul 10 17:52:32 2007 UTC Modified files: /php-src/ext/sessionmod_files.c Log: always check save_path (issue reported by Maksymilian Arciemowicz) http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.111r2=1.112diff_format=u Index: php-src/ext/session/mod_files.c diff -u php-src/ext/session/mod_files.c:1.111 php-src/ext/session/mod_files.c:1.112 --- php-src/ext/session/mod_files.c:1.111 Fri Jan 5 17:29:30 2007 +++ php-src/ext/session/mod_files.c Tue Jul 10 17:52:32 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mod_files.c,v 1.111 2007/01/05 17:29:30 pollita Exp $ */ +/* $Id: mod_files.c,v 1.112 2007/07/10 17:52:32 stas Exp $ */ #include php.h @@ -313,6 +313,10 @@ } save_path = argv[argc - 1]; + if (PG(open_basedir) php_check_open_basedir(save_path TSRMLS_CC)) { + return FAILURE; + } + data = ecalloc(1, sizeof(*data)); data-fd = -1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main main.c
stasTue Jul 10 17:58:19 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main main.c Log: suppress warnings to avoid potential loop http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.40r2=1.640.2.23.2.41diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.40 php-src/main/main.c:1.640.2.23.2.41 --- php-src/main/main.c:1.640.2.23.2.40 Tue Jul 10 17:42:29 2007 +++ php-src/main/main.c Tue Jul 10 17:58:19 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.640.2.23.2.40 2007/07/10 17:42:29 stas Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.41 2007/07/10 17:58:19 stas Exp $ */ /* {{{ includes */ @@ -356,11 +356,11 @@ return; } #endif - if (PG(safe_mode) (!php_checkuid(PG(error_log), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + if (PG(safe_mode) (!php_checkuid(PG(error_log), NULL, CHECKUID_CHECK_FILE_AND_DIR|CHECKUID_NO_ERRORS))) { return FAILURE; } - if (PG(open_basedir) php_check_open_basedir(PG(error_log) TSRMLS_CC)) { + if (PG(open_basedir) php_check_open_basedir_ex(PG(error_log), 0 TSRMLS_CC)) { return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /main main.c
stasTue Jul 10 18:35:13 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/main main.c Log: check if write is allowed before writing to error log http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.512.2.63.2.15r2=1.512.2.63.2.16diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.512.2.63.2.15 php-src/main/main.c:1.512.2.63.2.16 --- php-src/main/main.c:1.512.2.63.2.15 Tue May 22 18:16:37 2007 +++ php-src/main/main.c Tue Jul 10 18:35:13 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.512.2.63.2.15 2007/05/22 18:16:37 stas Exp $ */ +/* $Id: main.c,v 1.512.2.63.2.16 2007/07/10 18:35:13 stas Exp $ */ /* {{{ includes */ @@ -384,6 +384,14 @@ return; } #endif + if (PG(safe_mode) (!php_checkuid(PG(error_log), NULL, CHECKUID_CHECK_FILE_AND_DIR|CHECKUID_NO_ERRORS))) { + return FAILURE; + } + + if (PG(open_basedir) php_check_open_basedir_ex(PG(error_log), 0 TSRMLS_CC)) { + return FAILURE; + } + log_file = VCWD_FOPEN(PG(error_log), ab); if (log_file != NULL) { time(error_time); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main main.c
stasTue Jul 10 18:42:01 2007 UTC Modified files: /php-src/main main.c Log: check if write is allowed before writing to error log http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.733r2=1.734diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.733 php-src/main/main.c:1.734 --- php-src/main/main.c:1.733 Tue Jul 3 10:22:55 2007 +++ php-src/main/main.c Tue Jul 10 18:42:01 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.733 2007/07/03 10:22:55 dmitry Exp $ */ +/* $Id: main.c,v 1.734 2007/07/10 18:42:01 stas Exp $ */ /* {{{ includes */ @@ -453,6 +453,9 @@ return; } #endif + if (PG(open_basedir) php_check_open_basedir_ex(PG(error_log), 0 TSRMLS_CC)) { + return FAILURE; + } fd = VCWD_OPEN_MODE(PG(error_log), O_CREAT | O_APPEND | O_WRONLY, 0644); if (fd != -1) { char *tmp; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS
stasTue Jul 10 20:16:33 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS Log: report fix http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.241r2=1.1247.2.920.2.242diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.241 php-src/NEWS:1.1247.2.920.2.242 --- php-src/NEWS:1.1247.2.920.2.241 Fri Jun 22 12:28:05 2007 +++ php-src/NEWSTue Jul 10 20:16:32 2007 @@ -12,6 +12,8 @@ input variables. Fix for MOPB-03-2007. (Stas) - Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active (Stas) +- Fixed session.save_path and error_log values to be checked against + open_basedir and safe_mode (Stas, Maksymilian Arciemowicz) - Fixed bug #41765 (Recode crashes/does not work on amd64) (nexus at smoula dot net, Stas) - Fixed bug #41630 (segfault when an invalid color index is present in -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard mail.c
stasTue Jul 10 20:21:24 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard mail.c Log: Escape mail.force_extra_parameters value http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.87.2.1.2.5r2=1.87.2.1.2.6diff_format=u Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.87.2.1.2.5 php-src/ext/standard/mail.c:1.87.2.1.2.6 --- php-src/ext/standard/mail.c:1.87.2.1.2.5Fri Mar 30 00:28:58 2007 +++ php-src/ext/standard/mail.c Tue Jul 10 20:21:24 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mail.c,v 1.87.2.1.2.5 2007/03/30 00:28:58 iliaa Exp $ */ +/* $Id: mail.c,v 1.87.2.1.2.6 2007/07/10 20:21:24 stas Exp $ */ #include stdlib.h #include ctype.h @@ -166,7 +166,7 @@ } if (force_extra_parameters) { - extra_cmd = estrdup(force_extra_parameters); + extra_cmd = php_escape_shell_cmd(force_extra_parameters); } else if (extra_cmd) { extra_cmd = php_escape_shell_cmd(extra_cmd); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard mail.c
stasTue Jul 10 20:23:26 2007 UTC Modified files: /php-src/ext/standard mail.c Log: Escape mail.force_extra_parameters value http://cvs.php.net/viewvc.cgi/php-src/ext/standard/mail.c?r1=1.92r2=1.93diff_format=u Index: php-src/ext/standard/mail.c diff -u php-src/ext/standard/mail.c:1.92 php-src/ext/standard/mail.c:1.93 --- php-src/ext/standard/mail.c:1.92Tue May 29 20:11:23 2007 +++ php-src/ext/standard/mail.c Tue Jul 10 20:23:26 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mail.c,v 1.92 2007/05/29 20:11:23 iliaa Exp $ */ +/* $Id: mail.c,v 1.93 2007/07/10 20:23:26 stas Exp $ */ #include stdlib.h #include ctype.h @@ -139,7 +139,7 @@ } if (force_extra_parameters) { - extra_cmd = estrdup(force_extra_parameters); + extra_cmd = php_escape_shell_cmd(force_extra_parameters); } else if (extra_cmd) { extra_cmd = php_escape_shell_cmd(extra_cmd); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasTue Jul 10 20:25:49 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: add CVE ref http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.825r2=1.2027.2.547.2.826diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.825 php-src/NEWS:1.2027.2.547.2.826 --- php-src/NEWS:1.2027.2.547.2.825 Tue Jul 10 17:46:15 2007 +++ php-src/NEWSTue Jul 10 20:25:49 2007 @@ -45,7 +45,7 @@ when open_basedir or safe_mode is active. (Stas) - Fixed SimpleXML's behavior when used with empty(). (Sara) - Fixed session.save_path and error_log values to be checked against - open_basedir and safe_mode (Stas, Maksymilian Arciemowicz) + open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz) - Fixed PECL Bug #11345 (PDO_OCI crash after National language Support NLS environment initialization error). (Chris Jones) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS
stasTue Jul 10 20:26:50 2007 UTC Modified files: (Branch: PHP_4_4) /php-srcNEWS Log: add CVE ref http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.242r2=1.1247.2.920.2.243diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.242 php-src/NEWS:1.1247.2.920.2.243 --- php-src/NEWS:1.1247.2.920.2.242 Tue Jul 10 20:16:32 2007 +++ php-src/NEWSTue Jul 10 20:26:50 2007 @@ -13,7 +13,7 @@ - Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active (Stas) - Fixed session.save_path and error_log values to be checked against - open_basedir and safe_mode (Stas, Maksymilian Arciemowicz) + open_basedir and safe_mode (CVE-2007-3378) (Stas, Maksymilian Arciemowicz) - Fixed bug #41765 (Recode crashes/does not work on amd64) (nexus at smoula dot net, Stas) - Fixed bug #41630 (segfault when an invalid color index is present in -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / README.namespaces
stasMon Jul 23 16:06:25 2007 UTC Added files: /php-srcREADME.namespaces Log: add announcement copy as README for easier reference http://cvs.php.net/viewvc.cgi/php-src/README.namespaces?view=markuprev=1.1 Index: php-src/README.namespaces +++ php-src/README.namespaces Main assumption of the model is that the problem that we are to solve is the problem of the very long class names in PHP libraries. We would not attempt to take autoloader's job or create packaging model - only make names manageable. Namespaces are defined the following way: Zend/DB/Connection.php: ?php namespace Zend::DB; class Connection { } function connect() { } ? Namespace definition does the following: All class and function names inside are automatically prefixed with namespace name. Inside namespace, local name always takes precedence over global name. It is possible to use the same namespace in several PHP files. The namespace declaration statement must be the very first statement in file. Every class and function from namespace can be referred to by the full name - e.g. Zend::DB::Connection or Zend::DB::connect - at any time. ?php require 'Zend/Db/Connection.php'; $x = new Zend::DB::Connection; Zend::DB::connect(); ? Namespace or class name can be imported: ?php require 'Zend/Db/Connection.php'; import Zend::DB; import Zend::DB::Connection as DbConnection; $x = new Zend::DB::Connection(); $y = new DB::connection(); $z = new DbConnection(); DB::connect(); ? import statement only defines name aliasing. It may create name alias for namespace or class. The simple form of statement import A::B::C::D; is equivalent to import A::B::C::D as D;. Import statement can be used at any time in global scope (not inside function/class) and takes effect from the point of definition down to the end of file. It is recommended however to place imports at the beginning of the file. Import statements have effect only on file where they are written. The special empty namespace (:: prefix) is useful as explicit global namespace qualification. All class and function names started from :: interpreted as global. ?php namespace A::B::C; $con = ::mysql_connect(...); ? A special constant __NAMESPACE__ indicates the current namespace. It can be used to construct fully-qualified names to pass them as callbacks. ?php namespace A::B::C; function foo() { } set_error_handler(__NAMESPACE__ . ::foo); ? In global namespace __NAMESPACE__ constant has value of empty string. Names inside namespace are resolved according to the following rules. 1) all qualified names are translated during compilation according to current import rules. So if we have import A::B::C; and then C::D::e(); it is translated to A::B::C::D::e() 2) unqualified class names translated during compilation according to current import rules. So if we have import A::B::C; and then new C(); it is translated to new A::B::C() 3) calls to unqualified functions that are defined in current namespace interpreted as calls to corresponding functions 4) calls to unqualified functions that are not defined in current namespace are resolved in run-time. The call to function foo() inside namespace (A::B) first tries to find and call function from current namespace A::B::foo() and if it doesn't exist PHP tries to call internal function foo(). Note that using foo() in namespace you can call only internal PHP functions, however using ::foo() you are able to call any function from global namespace. 5) unqualified class names are resolved at run-time. E.q. new Exception() first tries to use (end even __autoload()) class from current namespace and in case of failure uses internal PHP class. Note that using new A in namespace you can call only create internal PHP class, however using new ::A you are able to create any class from global namespace 6) Calls to qualified functions are resolved at run-time. Call to A::B::foo() first tries to call function foo() from namespace A::B, then it tries to find class A::B (__autoload() it if necessary) and call its static function foo() 7) qualified class names are interpreted as class from corresponding namespace. So new A::B::C() creates class C from namespace A::B. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/imap php_imap.c
stasTue Jul 31 00:31:11 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/imap php_imap.c Log: sometimes c-client lib returns non-null entry with null host http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.25r2=1.208.2.7.2.26diff_format=u Index: php-src/ext/imap/php_imap.c diff -u php-src/ext/imap/php_imap.c:1.208.2.7.2.25 php-src/ext/imap/php_imap.c:1.208.2.7.2.26 --- php-src/ext/imap/php_imap.c:1.208.2.7.2.25 Fri Jul 6 00:13:56 2007 +++ php-src/ext/imap/php_imap.c Tue Jul 31 00:31:10 2007 @@ -26,7 +26,7 @@ | PHP 4.0 updates: Zeev Suraski [EMAIL PROTECTED] | +--+ */ -/* $Id: php_imap.c,v 1.208.2.7.2.25 2007/07/06 00:13:56 iliaa Exp $ */ +/* $Id: php_imap.c,v 1.208.2.7.2.26 2007/07/31 00:31:10 stas Exp $ */ #define IMAP41 @@ -3407,7 +3407,7 @@ addr = NULL; rfc822_parse_adrlist(addr, tempMailTo, NULL); while (addr) { - if (strcmp(addr-host, ERRHOST) == 0) { + if (addr-host == NULL || strcmp(addr-host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { bufferTo = safe_erealloc(bufferTo, bt_len, 1, strlen(addr-mailbox)); @@ -3436,7 +3436,7 @@ addr = NULL; rfc822_parse_adrlist(addr, tempMailTo, NULL); while (addr) { - if (strcmp(addr-host, ERRHOST) == 0) { + if (addr-host == NULL || strcmp(addr-host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { bufferCc = safe_erealloc(bufferCc, bt_len, 1, strlen(addr-mailbox)); @@ -3462,7 +3462,7 @@ addr = NULL; rfc822_parse_adrlist(addr, tempMailTo, NULL); while (addr) { - if (strcmp(addr-host, ERRHOST) == 0) { + if (addr-host == NULL || strcmp(addr-host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { bufferBcc = safe_erealloc(bufferBcc, bt_len, 1, strlen(addr-mailbox)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/imap php_imap.c
stasTue Jul 31 00:32:18 2007 UTC Modified files: /php-src/ext/imap php_imap.c Log: sometimes c-client returns non-null entry with null host http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.239r2=1.240diff_format=u Index: php-src/ext/imap/php_imap.c diff -u php-src/ext/imap/php_imap.c:1.239 php-src/ext/imap/php_imap.c:1.240 --- php-src/ext/imap/php_imap.c:1.239 Mon May 28 23:33:13 2007 +++ php-src/ext/imap/php_imap.c Tue Jul 31 00:32:18 2007 @@ -26,7 +26,7 @@ | PHP 4.0 updates: Zeev Suraski [EMAIL PROTECTED] | +--+ */ -/* $Id: php_imap.c,v 1.239 2007/05/28 23:33:13 iliaa Exp $ */ +/* $Id: php_imap.c,v 1.240 2007/07/31 00:32:18 stas Exp $ */ #define IMAP41 @@ -3406,7 +3406,7 @@ addr = NULL; rfc822_parse_adrlist(addr, tempMailTo, NULL); while (addr) { - if (strcmp(addr-host, ERRHOST) == 0) { + if (addr-host == NULL || strcmp(addr-host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { bufferTo = safe_erealloc(bufferTo, bt_len, 1, strlen(addr-mailbox)); @@ -3435,7 +3435,7 @@ addr = NULL; rfc822_parse_adrlist(addr, tempMailTo, NULL); while (addr) { - if (strcmp(addr-host, ERRHOST) == 0) { + if (addr-host == NULL || strcmp(addr-host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { bufferCc = safe_erealloc(bufferCc, bt_len, 1, strlen(addr-mailbox)); @@ -3461,7 +3461,7 @@ addr = NULL; rfc822_parse_adrlist(addr, tempMailTo, NULL); while (addr) { - if (strcmp(addr-host, ERRHOST) == 0) { + if (addr-host == NULL || strcmp(addr-host, ERRHOST) == 0) { PHP_IMAP_BAD_DEST; } else { bufferBcc = safe_erealloc(bufferBcc, bt_len, 1, strlen(addr-mailbox)); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main main.c
stasWed Aug 1 23:54:06 2007 UTC Modified files: /php-src/main main.c Log: revert wrong fix http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.742r2=1.743diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.742 php-src/main/main.c:1.743 --- php-src/main/main.c:1.742 Wed Aug 1 12:49:23 2007 +++ php-src/main/main.c Wed Aug 1 23:54:06 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.742 2007/08/01 12:49:23 johannes Exp $ */ +/* $Id: main.c,v 1.743 2007/08/01 23:54:06 stas Exp $ */ /* {{{ includes */ @@ -542,9 +542,6 @@ return; } #endif - if (PG(open_basedir) php_check_open_basedir_ex(PG(error_log), 0 TSRMLS_CC)) { - return; - } fd = VCWD_OPEN_MODE(PG(error_log), O_CREAT | O_APPEND | O_WRONLY, 0644); if (fd != -1) { char *tmp; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /main main.c
stasWed Aug 1 23:52:43 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/main main.c Log: revert wrong fix http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.512.2.63.2.16r2=1.512.2.63.2.17diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.512.2.63.2.16 php-src/main/main.c:1.512.2.63.2.17 --- php-src/main/main.c:1.512.2.63.2.16 Tue Jul 10 18:35:13 2007 +++ php-src/main/main.c Wed Aug 1 23:52:43 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.512.2.63.2.16 2007/07/10 18:35:13 stas Exp $ */ +/* $Id: main.c,v 1.512.2.63.2.17 2007/08/01 23:52:43 stas Exp $ */ /* {{{ includes */ @@ -384,14 +384,6 @@ return; } #endif - if (PG(safe_mode) (!php_checkuid(PG(error_log), NULL, CHECKUID_CHECK_FILE_AND_DIR|CHECKUID_NO_ERRORS))) { - return FAILURE; - } - - if (PG(open_basedir) php_check_open_basedir_ex(PG(error_log), 0 TSRMLS_CC)) { - return FAILURE; - } - log_file = VCWD_FOPEN(PG(error_log), ab); if (log_file != NULL) { time(error_time); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main main.c
stasWed Aug 1 23:51:45 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main main.c Log: revert wrong fix http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.50r2=1.640.2.23.2.51diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.50 php-src/main/main.c:1.640.2.23.2.51 --- php-src/main/main.c:1.640.2.23.2.50 Wed Aug 1 12:49:34 2007 +++ php-src/main/main.c Wed Aug 1 23:51:45 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.640.2.23.2.50 2007/08/01 12:49:34 johannes Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.51 2007/08/01 23:51:45 stas Exp $ */ /* {{{ includes */ @@ -442,14 +442,6 @@ return; } #endif - if (PG(safe_mode) (!php_checkuid(PG(error_log), NULL, CHECKUID_CHECK_FILE_AND_DIR|CHECKUID_NO_ERRORS))) { - return; - } - - if (PG(open_basedir) php_check_open_basedir_ex(PG(error_log), 0 TSRMLS_CC)) { - return; - } - fd = VCWD_OPEN_MODE(PG(error_log), O_CREAT | O_APPEND | O_WRONLY, 0644); if (fd != -1) { char *tmp; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/tokenizer config.w32
stasThu Aug 2 00:04:05 2007 UTC Modified files: /php-src/ext/tokenizer config.w32 Log: fix win32 build http://cvs.php.net/viewvc.cgi/php-src/ext/tokenizer/config.w32?r1=1.1r2=1.2diff_format=u Index: php-src/ext/tokenizer/config.w32 diff -u php-src/ext/tokenizer/config.w32:1.1 php-src/ext/tokenizer/config.w32:1.2 --- php-src/ext/tokenizer/config.w32:1.1Tue Dec 2 23:16:59 2003 +++ php-src/ext/tokenizer/config.w32Thu Aug 2 00:04:05 2007 @@ -1,10 +1,10 @@ -// $Id: config.w32,v 1.1 2003/12/02 23:16:59 wez Exp $ +// $Id: config.w32,v 1.2 2007/08/02 00:04:05 stas Exp $ // vim:ft=javascript ARG_ENABLE(tokenizer, tokenizer support, yes); if (PHP_TOKENIZER == yes) { - EXTENSION(tokenizer, tokenizer.c); + EXTENSION(tokenizer, tokenizer.c tokenizer_data.c); AC_DEFINE(HAVE_TOKENIZER, 1, Tokenizer support); } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/embed php_embed.c
stasThu Aug 2 23:49:51 2007 UTC Modified files: /php-src/sapi/embed php_embed.c Log: use hardcoded INI like CLI http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.17r2=1.18diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.17 php-src/sapi/embed/php_embed.c:1.18 --- php-src/sapi/embed/php_embed.c:1.17 Mon Jan 1 09:29:36 2007 +++ php-src/sapi/embed/php_embed.c Thu Aug 2 23:49:50 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.17 2007/01/01 09:29:36 sebastian Exp $ */ +/* $Id: php_embed.c,v 1.18 2007/08/02 23:49:50 stas Exp $ */ #include php_embed.h #include ext/standard/dl.h @@ -25,6 +25,14 @@ #include fcntl.h #endif +#define HARDCODED_INI \ + html_errors=0\n \ + register_argc_argv=1\n\ + implicit_flush=1\n\ + output_buffering=0\n \ + max_execution_time=0\n\ + max_input_time=-1\n + static char* php_embed_read_cookies(TSRMLS_D) { return NULL; @@ -153,6 +161,7 @@ sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif + int ini_entries_len = 0; #ifdef HAVE_SIGNAL_H #if defined(SIGPIPE) defined(SIG_IGN) @@ -186,6 +195,12 @@ #endif php_embed_module.additional_functions = additional_functions; + + ini_entries_len = strlen(HARDCODED_INI); + php_embed_module.ini_entries = malloc(ini_entries_len+2); + memcpy(php_embed_module.ini_entries, HARDCODED_INI, ini_entries_len+1); + php_embed_module.ini_entries[ini_entries_len+1] = 0; + sapi_startup(php_embed_module); if (php_embed_module.startup(php_embed_module)==FAILURE) { @@ -200,11 +215,12 @@ /* Set some Embedded PHP defaults */ SG(options) |= SAPI_OPTION_NO_CHDIR; - zend_alter_ini_entry(register_argc_argv, 19, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - zend_alter_ini_entry(html_errors, 12, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - zend_alter_ini_entry(implicit_flush, 15, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - zend_alter_ini_entry(max_execution_time, 19, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - +#if 0 +// zend_alter_ini_entry(register_argc_argv, 19, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +// zend_alter_ini_entry(html_errors, 12, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +// zend_alter_ini_entry(implicit_flush, 15, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +// zend_alter_ini_entry(max_execution_time, 19, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +#endif SG(request_info).argc=argc; SG(request_info).argv=argv; @@ -228,6 +244,10 @@ #ifdef ZTS tsrm_shutdown(); #endif + if (php_embed_module.ini_entries) { + free(php_embed_module.ini_entries); + php_embed_module.ini_entries = NULL; + } } /* -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main php_ini.h
stasThu Aug 2 23:57:52 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main php_ini.h Log: add stage for .htaccess http://cvs.php.net/viewvc.cgi/php-src/main/php_ini.h?r1=1.45.2.3.2.1r2=1.45.2.3.2.2diff_format=u Index: php-src/main/php_ini.h diff -u php-src/main/php_ini.h:1.45.2.3.2.1 php-src/main/php_ini.h:1.45.2.3.2.2 --- php-src/main/php_ini.h:1.45.2.3.2.1 Mon Jan 1 09:36:11 2007 +++ php-src/main/php_ini.h Thu Aug 2 23:57:52 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_ini.h,v 1.45.2.3.2.1 2007/01/01 09:36:11 sebastian Exp $ */ +/* $Id: php_ini.h,v 1.45.2.3.2.2 2007/08/02 23:57:52 stas Exp $ */ #ifndef PHP_INI_H #define PHP_INI_H @@ -65,6 +65,7 @@ #define PHP_INI_STAGE_ACTIVATE ZEND_INI_STAGE_ACTIVATE #define PHP_INI_STAGE_DEACTIVATE ZEND_INI_STAGE_DEACTIVATE #define PHP_INI_STAGE_RUNTIME ZEND_INI_STAGE_RUNTIME +#define PHP_INI_STAGE_HTACCESS ZEND_INI_STAGE_HTACCESS #define php_ini_boolean_displayer_cb zend_ini_boolean_displayer_cb #define php_ini_color_displayer_cb zend_ini_color_displayer_cb -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/embed php_embed.c
stasThu Aug 2 23:45:28 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/embed php_embed.c Log: use hardcoded ini like CLI http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.11.2.1.2.1r2=1.11.2.1.2.2diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.11.2.1.2.1 php-src/sapi/embed/php_embed.c:1.11.2.1.2.2 --- php-src/sapi/embed/php_embed.c:1.11.2.1.2.1 Mon Jan 1 09:36:12 2007 +++ php-src/sapi/embed/php_embed.c Thu Aug 2 23:45:28 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.11.2.1.2.1 2007/01/01 09:36:12 sebastian Exp $ */ +/* $Id: php_embed.c,v 1.11.2.1.2.2 2007/08/02 23:45:28 stas Exp $ */ #include php_embed.h @@ -24,6 +24,14 @@ #include fcntl.h #endif +#define HARDCODED_INI \ + html_errors=0\n \ + register_argc_argv=1\n\ + implicit_flush=1\n\ + output_buffering=0\n \ + max_execution_time=0\n\ + max_input_time=-1\n + static char* php_embed_read_cookies(TSRMLS_D) { return NULL; @@ -141,6 +149,7 @@ sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif + int ini_entries_len = 0; #ifdef HAVE_SIGNAL_H #if defined(SIGPIPE) defined(SIG_IGN) @@ -173,6 +182,11 @@ *ptsrm_ls = tsrm_ls; #endif + ini_entries_len = strlen(HARDCODED_INI); + php_embed_module.ini_entries = malloc(ini_entries_len+2); + memcpy(php_embed_module.ini_entries, HARDCODED_INI, ini_entries_len+1); + php_embed_module.ini_entries[ini_entries_len+1] = 0; + sapi_startup(php_embed_module); if (php_embed_module.startup(php_embed_module)==FAILURE) { @@ -187,11 +201,12 @@ /* Set some Embedded PHP defaults */ SG(options) |= SAPI_OPTION_NO_CHDIR; - zend_alter_ini_entry(register_argc_argv, 19, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - zend_alter_ini_entry(html_errors, 12, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - zend_alter_ini_entry(implicit_flush, 15, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - zend_alter_ini_entry(max_execution_time, 19, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); - +#if 0 +// zend_alter_ini_entry(register_argc_argv, 19, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +// zend_alter_ini_entry(html_errors, 12, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +// zend_alter_ini_entry(implicit_flush, 15, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +// zend_alter_ini_entry(max_execution_time, 19, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); +#endif SG(request_info).argc=argc; SG(request_info).argv=argv; @@ -215,6 +230,10 @@ #ifdef ZTS tsrm_shutdown(); #endif + if (php_embed_module.ini_entries) { + free(php_embed_module.ini_entries); + php_embed_module.ini_entries = NULL; + } } /* -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/apache2handler apache_config.c
stasFri Aug 3 01:14:23 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/apache2handlerapache_config.c Log: implement separate .htaccess stage http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?r1=1.7.2.1.2.2r2=1.7.2.1.2.3diff_format=u Index: php-src/sapi/apache2handler/apache_config.c diff -u php-src/sapi/apache2handler/apache_config.c:1.7.2.1.2.2 php-src/sapi/apache2handler/apache_config.c:1.7.2.1.2.3 --- php-src/sapi/apache2handler/apache_config.c:1.7.2.1.2.2 Mon Jan 1 09:36:12 2007 +++ php-src/sapi/apache2handler/apache_config.c Fri Aug 3 01:14:23 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: apache_config.c,v 1.7.2.1.2.2 2007/01/01 09:36:12 sebastian Exp $ */ +/* $Id: apache_config.c,v 1.7.2.1.2.3 2007/08/03 01:14:23 stas Exp $ */ #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS @@ -51,6 +51,7 @@ char *value; size_t value_len; char status; +char htaccess; } php_dir_entry; static const char *real_value_hnd(cmd_parms *cmd, void *dummy, const char *name, const char *value, int status) @@ -67,7 +68,8 @@ e.value = apr_pstrdup(cmd-pool, value); e.value_len = strlen(value); e.status = status; - + e.htaccess = ((cmd-override (RSRC_CONF|ACCESS_CONF)) == 0); + zend_hash_update(d-config, (char *) name, strlen(name) + 1, e, sizeof(e), NULL); return NULL; } @@ -170,7 +172,7 @@ zend_hash_move_forward(d-config)) { zend_hash_get_current_data(d-config, (void **) data); phpapdebug((stderr, APPLYING (%s)(%s)\n, str, data-value)); - if (zend_alter_ini_entry(str, str_len, data-value, data-value_len, data-status, PHP_INI_STAGE_ACTIVATE) == FAILURE) { + if (zend_alter_ini_entry(str, str_len, data-value, data-value_len, data-status, data-htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE) == FAILURE) { phpapdebug((stderr, ..FAILED\n)); } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/apache mod_php5.c
stasFri Aug 3 01:14:44 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/apachemod_php5.c Log: implement separate .htaccess stage http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.10r2=1.19.2.7.2.11diff_format=u Index: php-src/sapi/apache/mod_php5.c diff -u php-src/sapi/apache/mod_php5.c:1.19.2.7.2.10 php-src/sapi/apache/mod_php5.c:1.19.2.7.2.11 --- php-src/sapi/apache/mod_php5.c:1.19.2.7.2.10Mon Jun 18 15:52:46 2007 +++ php-src/sapi/apache/mod_php5.c Fri Aug 3 01:14:44 2007 @@ -17,7 +17,7 @@ | PHP 4.0 patches by Zeev Suraski [EMAIL PROTECTED] | +--+ */ -/* $Id: mod_php5.c,v 1.19.2.7.2.10 2007/06/18 15:52:46 scottmac Exp $ */ +/* $Id: mod_php5.c,v 1.19.2.7.2.11 2007/08/03 01:14:44 stas Exp $ */ #include php_apache_http.h #include http_conf_globals.h @@ -80,6 +80,7 @@ uint key_length; uint value_length; int type; +char htaccess; } php_per_dir_entry; /* some systems are missing these from their header files */ @@ -547,7 +548,7 @@ */ static int php_apache_alter_ini_entries(php_per_dir_entry *per_dir_entry TSRMLS_DC) { - zend_alter_ini_entry(per_dir_entry-key, per_dir_entry-key_length+1, per_dir_entry-value, per_dir_entry-value_length, per_dir_entry-type, PHP_INI_STAGE_ACTIVATE); + zend_alter_ini_entry(per_dir_entry-key, per_dir_entry-key_length+1, per_dir_entry-value, per_dir_entry-value_length, per_dir_entry-type, data-htaccess?PHP_INI_STAGE_HTACCESS:PHP_INI_STAGE_ACTIVATE); return 0; } /* }}} */ @@ -791,6 +792,7 @@ php_apache_startup(apache_sapi_module); } per_dir_entry.type = mode; + per_dir_entry.htaccess = ((cmd-override (RSRC_CONF|ACCESS_CONF)) == 0); if (strcasecmp(arg2, none) == 0) { arg2 = ; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/session mod_files.c session.c
stasFri Aug 3 01:16:41 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/sessionmod_files.c session.c Log: correct fix for access control for save_path and .htaccess http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.100.2.3.2.6r2=1.100.2.3.2.7diff_format=u Index: php-src/ext/session/mod_files.c diff -u php-src/ext/session/mod_files.c:1.100.2.3.2.6 php-src/ext/session/mod_files.c:1.100.2.3.2.7 --- php-src/ext/session/mod_files.c:1.100.2.3.2.6 Tue Jul 10 17:40:41 2007 +++ php-src/ext/session/mod_files.c Fri Aug 3 01:16:40 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mod_files.c,v 1.100.2.3.2.6 2007/07/10 17:40:41 stas Exp $ */ +/* $Id: mod_files.c,v 1.100.2.3.2.7 2007/08/03 01:16:40 stas Exp $ */ #include php.h @@ -294,14 +294,6 @@ } save_path = argv[argc - 1]; - if (PG(safe_mode) (!php_checkuid(save_path, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { - return FAILURE; - } - - if (PG(open_basedir) php_check_open_basedir(save_path TSRMLS_CC)) { - return FAILURE; - } - data = emalloc(sizeof(*data)); memset(data, 0, sizeof(*data)); http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.39r2=1.417.2.8.2.40diff_format=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.417.2.8.2.39 php-src/ext/session/session.c:1.417.2.8.2.40 --- php-src/ext/session/session.c:1.417.2.8.2.39Sun Jul 29 14:43:30 2007 +++ php-src/ext/session/session.c Fri Aug 3 01:16:40 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: session.c,v 1.417.2.8.2.39 2007/07/29 14:43:30 iliaa Exp $ */ +/* $Id: session.c,v 1.417.2.8.2.40 2007/08/03 01:16:40 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -151,7 +151,7 @@ static PHP_INI_MH(OnUpdateSaveDir) { /* Only do the safemode/open_basedir check at runtime */ - if (stage == PHP_INI_STAGE_RUNTIME) { + if (stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) { char *p; if (memchr(new_value, '\0', new_value_length) != NULL) { @@ -168,7 +168,7 @@ return FAILURE; } - if (php_check_open_basedir(p TSRMLS_CC)) { + if (PG(open_basedir) php_check_open_basedir(p TSRMLS_CC)) { return FAILURE; } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /ext/session mod_files.c
stasFri Aug 3 01:27:18 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/ext/sessionmod_files.c Log: revert - not a correct fix http://cvs.php.net/viewvc.cgi/php-src/ext/session/mod_files.c?r1=1.83.2.9.2.9r2=1.83.2.9.2.10diff_format=u Index: php-src/ext/session/mod_files.c diff -u php-src/ext/session/mod_files.c:1.83.2.9.2.9 php-src/ext/session/mod_files.c:1.83.2.9.2.10 --- php-src/ext/session/mod_files.c:1.83.2.9.2.9Tue Jul 10 17:50:46 2007 +++ php-src/ext/session/mod_files.c Fri Aug 3 01:27:18 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: mod_files.c,v 1.83.2.9.2.9 2007/07/10 17:50:46 stas Exp $ */ +/* $Id: mod_files.c,v 1.83.2.9.2.10 2007/08/03 01:27:18 stas Exp $ */ #include php.h @@ -265,13 +265,6 @@ save_path = p + 1; } - if (PG(safe_mode) (!php_checkuid(save_path, NULL, CHECKUID_ALLOW_ONLY_DIR))) { - return FAILURE; - } - if (php_check_open_basedir(save_path TSRMLS_CC)) { - return FAILURE; - } - data-basedir_len = strlen(save_path); data-basedir = estrndup(save_path, data-basedir_len); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/session mod_files.c session.c /main main.c php_ini.h /sapi/apache mod_php.c /sapi/apache2handler apache_config.c ZendEngine2 zend_ini.h
stasFri Aug 3 01:40:06 2007 UTC Modified files: /php-src/main main.c php_ini.h /ZendEngine2zend_ini.h /php-src/sapi/apachemod_php.c /php-src/sapi/apache2handlerapache_config.c /php-src/ext/sessionmod_files.c session.c Log: MF5: fix for access control with .htaccess http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.743r2=1.744diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.743 php-src/main/main.c:1.744 --- php-src/main/main.c:1.743 Wed Aug 1 23:54:06 2007 +++ php-src/main/main.c Fri Aug 3 01:40:05 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.743 2007/08/01 23:54:06 stas Exp $ */ +/* $Id: main.c,v 1.744 2007/08/03 01:40:05 stas Exp $ */ /* {{{ includes */ @@ -416,6 +416,24 @@ } /* }}} */ +/* {{{ PHP_INI_MH + */ +static PHP_INI_MH(OnUpdateErrorLog) +{ + /* Only do the safemode/open_basedir check at runtime */ + if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) + strcmp(new_value, syslog)) { + + if (PG(open_basedir) php_check_open_basedir(new_value TSRMLS_CC)) { + return FAILURE; + } + + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} +/* }}} */ + /* * Need to be read from the environment (?): * PHP_AUTO_PREPEND_FILE @@ -481,7 +499,7 @@ STD_PHP_INI_ENTRY(default_charset,SAPI_DEFAULT_CHARSET, PHP_INI_ALL,OnUpdateDefaultCharset, default_charset, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY(default_mimetype, SAPI_DEFAULT_MIMETYPE, PHP_INI_ALL,OnUpdateDefaultMimetype, default_mimetype, sapi_globals_struct,sapi_globals) ZEND_INI_ENTRY(unicode.output_encoding, NULL, ZEND_INI_ALL, OnUpdateOutputEncoding) - STD_PHP_INI_ENTRY(error_log, NULL, PHP_INI_ALL,OnUpdateString, error_log, php_core_globals, core_globals) + STD_PHP_INI_ENTRY(error_log, NULL, PHP_INI_ALL,OnUpdateErrorLog, error_log, php_core_globals, core_globals) STD_PHP_INI_ENTRY(extension_dir, PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(include_path, PHP_INCLUDE_PATH, PHP_INI_ALL,OnUpdateStringUnempty, include_path, php_core_globals, core_globals) PHP_INI_ENTRY(max_execution_time, 30, PHP_INI_ALL,OnUpdateTimeout) http://cvs.php.net/viewvc.cgi/php-src/main/php_ini.h?r1=1.49r2=1.50diff_format=u Index: php-src/main/php_ini.h diff -u php-src/main/php_ini.h:1.49 php-src/main/php_ini.h:1.50 --- php-src/main/php_ini.h:1.49 Mon Jan 1 09:29:35 2007 +++ php-src/main/php_ini.h Fri Aug 3 01:40:05 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: php_ini.h,v 1.49 2007/01/01 09:29:35 sebastian Exp $ */ +/* $Id: php_ini.h,v 1.50 2007/08/03 01:40:05 stas Exp $ */ #ifndef PHP_INI_H #define PHP_INI_H @@ -65,6 +65,7 @@ #define PHP_INI_STAGE_ACTIVATE ZEND_INI_STAGE_ACTIVATE #define PHP_INI_STAGE_DEACTIVATE ZEND_INI_STAGE_DEACTIVATE #define PHP_INI_STAGE_RUNTIME ZEND_INI_STAGE_RUNTIME +#define PHP_INI_STAGE_HTACCESS ZEND_INI_STAGE_HTACCESS #define php_ini_boolean_displayer_cb zend_ini_boolean_displayer_cb #define php_ini_color_displayer_cb zend_ini_color_displayer_cb http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?r1=1.40r2=1.41diff_format=u Index: ZendEngine2/zend_ini.h diff -u ZendEngine2/zend_ini.h:1.40 ZendEngine2/zend_ini.h:1.41 --- ZendEngine2/zend_ini.h:1.40 Mon Jan 1 09:29:21 2007 +++ ZendEngine2/zend_ini.h Fri Aug 3 01:40:05 2007 @@ -16,7 +16,7 @@ +--+ */ -/* $Id: zend_ini.h,v 1.40 2007/01/01 09:29:21 sebastian Exp $ */ +/* $Id: zend_ini.h,v 1.41 2007/08/03 01:40:05 stas Exp $ */ #ifndef ZEND_INI_H #define ZEND_INI_H @@ -190,6 +190,7 @@ #define ZEND_INI_STAGE_ACTIVATE(12) #define ZEND_INI_STAGE_DEACTIVATE (13) #define ZEND_INI_STAGE_RUNTIME (14) +#define ZEND_INI_STAGE_HTACCESS(15) /* INI parsing engine */ typedef void (*zend_ini_parser_cb_t)(zval *arg1, zval *arg2, int callback_type, void *arg);
[PHP-CVS] cvs: php-src(PHP_5_2) /main main.c
stasFri Aug 3 01:15:51 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main main.c Log: make error_log setting access-controlled by safe_mode/open_basedir http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.51r2=1.640.2.23.2.52diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.51 php-src/main/main.c:1.640.2.23.2.52 --- php-src/main/main.c:1.640.2.23.2.51 Wed Aug 1 23:51:45 2007 +++ php-src/main/main.c Fri Aug 3 01:15:51 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.640.2.23.2.51 2007/08/01 23:51:45 stas Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.52 2007/08/03 01:15:51 stas Exp $ */ /* {{{ includes */ @@ -297,6 +297,27 @@ } /* }}} */ +/* {{{ PHP_INI_MH + */ +static PHP_INI_MH(OnUpdateErrorLog) +{ + /* Only do the safemode/open_basedir check at runtime */ + if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) + strcmp(PG(error_log), syslog)) { + if (PG(safe_mode) (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { + return FAILURE; + } + + if (PG(open_basedir) php_check_open_basedir(new_value TSRMLS_CC)) { + return FAILURE; + } + + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} +/* }}} */ + /* Need to convert to strings and make use of: * PHP_SAFE_MODE * @@ -381,7 +402,7 @@ STD_PHP_INI_ENTRY(doc_root, NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, doc_root, php_core_globals, core_globals) STD_PHP_INI_ENTRY(default_charset,SAPI_DEFAULT_CHARSET, PHP_INI_ALL,OnUpdateString, default_charset, sapi_globals_struct,sapi_globals) STD_PHP_INI_ENTRY(default_mimetype, SAPI_DEFAULT_MIMETYPE, PHP_INI_ALL,OnUpdateString, default_mimetype, sapi_globals_struct,sapi_globals) - STD_PHP_INI_ENTRY(error_log, NULL, PHP_INI_ALL,OnUpdateString, error_log, php_core_globals, core_globals) + STD_PHP_INI_ENTRY(error_log, NULL, PHP_INI_ALL,OnUpdateErrorLog, error_log, php_core_globals, core_globals) STD_PHP_INI_ENTRY(extension_dir, PHP_EXTENSION_DIR, PHP_INI_SYSTEM, OnUpdateStringUnempty, extension_dir, php_core_globals, core_globals) STD_PHP_INI_ENTRY(include_path, PHP_INCLUDE_PATH, PHP_INI_ALL,OnUpdateStringUnempty, include_path, php_core_globals, core_globals) PHP_INI_ENTRY(max_execution_time, 30, PHP_INI_ALL,OnUpdateTimeout) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main main.c
stasFri Aug 3 01:30:22 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main main.c Log: check correct value http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.52r2=1.640.2.23.2.53diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.52 php-src/main/main.c:1.640.2.23.2.53 --- php-src/main/main.c:1.640.2.23.2.52 Fri Aug 3 01:15:51 2007 +++ php-src/main/main.c Fri Aug 3 01:30:21 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.640.2.23.2.52 2007/08/03 01:15:51 stas Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.53 2007/08/03 01:30:21 stas Exp $ */ /* {{{ includes */ @@ -303,7 +303,7 @@ { /* Only do the safemode/open_basedir check at runtime */ if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) - strcmp(PG(error_log), syslog)) { + strcmp(new_value, syslog)) { if (PG(safe_mode) (!php_checkuid(new_value, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { return FAILURE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/embed php_embed.c
stasWed Aug 8 21:06:28 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/embed php_embed.c Log: fix TSRM embed startup http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.11.2.1.2.2r2=1.11.2.1.2.3diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.11.2.1.2.2 php-src/sapi/embed/php_embed.c:1.11.2.1.2.3 --- php-src/sapi/embed/php_embed.c:1.11.2.1.2.2 Thu Aug 2 23:45:28 2007 +++ php-src/sapi/embed/php_embed.c Wed Aug 8 21:06:28 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.11.2.1.2.2 2007/08/02 23:45:28 stas Exp $ */ +/* $Id: php_embed.c,v 1.11.2.1.2.3 2007/08/08 21:06:28 stas Exp $ */ #include php_embed.h @@ -143,9 +143,6 @@ { zend_llist global_vars; #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif @@ -173,15 +170,6 @@ tsrm_startup(1, 1, 0, NULL); #endif -#ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); - *ptsrm_ls = tsrm_ls; -#endif - ini_entries_len = strlen(HARDCODED_INI); php_embed_module.ini_entries = malloc(ini_entries_len+2); memcpy(php_embed_module.ini_entries, HARDCODED_INI, ini_entries_len+1); @@ -189,24 +177,24 @@ sapi_startup(php_embed_module); + if (argv) { + php_embed_module.executable_location = argv[0]; + } + if (php_embed_module.startup(php_embed_module)==FAILURE) { return FAILURE; } - if (argv) { - php_embed_module.executable_location = argv[0]; - } +#ifdef ZTS + sapi_globals = ts_resource(sapi_globals_id); + tsrm_ls = ts_resource(0); + *ptsrm_ls = tsrm_ls; +#endif zend_llist_init(global_vars, sizeof(char *), NULL, 0); /* Set some Embedded PHP defaults */ SG(options) |= SAPI_OPTION_NO_CHDIR; -#if 0 -// zend_alter_ini_entry(register_argc_argv, 19, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -// zend_alter_ini_entry(html_errors, 12, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -// zend_alter_ini_entry(implicit_flush, 15, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -// zend_alter_ini_entry(max_execution_time, 19, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -#endif SG(request_info).argc=argc; SG(request_info).argv=argv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/embed php_embed.c
stasWed Aug 8 21:08:51 2007 UTC Modified files: /php-src/sapi/embed php_embed.c Log: fix TSRM embed startup http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.18r2=1.19diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.18 php-src/sapi/embed/php_embed.c:1.19 --- php-src/sapi/embed/php_embed.c:1.18 Thu Aug 2 23:49:50 2007 +++ php-src/sapi/embed/php_embed.c Wed Aug 8 21:08:51 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.18 2007/08/02 23:49:50 stas Exp $ */ +/* $Id: php_embed.c,v 1.19 2007/08/08 21:08:51 stas Exp $ */ #include php_embed.h #include ext/standard/dl.h @@ -155,9 +155,6 @@ { zend_llist global_vars; #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif @@ -185,15 +182,6 @@ tsrm_startup(1, 1, 0, NULL); #endif -#ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); - *ptsrm_ls = tsrm_ls; -#endif - php_embed_module.additional_functions = additional_functions; ini_entries_len = strlen(HARDCODED_INI); @@ -203,24 +191,24 @@ sapi_startup(php_embed_module); + if (argv) { + php_embed_module.executable_location = argv[0]; + } + if (php_embed_module.startup(php_embed_module)==FAILURE) { return FAILURE; } - if (argv) { - php_embed_module.executable_location = argv[0]; - } +#ifdef ZTS + sapi_globals = ts_resource(sapi_globals_id); + tsrm_ls = ts_resource(0); + *ptsrm_ls = tsrm_ls; +#endif zend_llist_init(global_vars, sizeof(char *), NULL, 0); /* Set some Embedded PHP defaults */ SG(options) |= SAPI_OPTION_NO_CHDIR; -#if 0 -// zend_alter_ini_entry(register_argc_argv, 19, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -// zend_alter_ini_entry(html_errors, 12, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -// zend_alter_ini_entry(implicit_flush, 15, 1, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -// zend_alter_ini_entry(max_execution_time, 19, 0, 1, PHP_INI_SYSTEM, PHP_INI_STAGE_ACTIVATE); -#endif SG(request_info).argc=argc; SG(request_info).argv=argv; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/embed php_embed.c
stasWed Aug 8 21:11:53 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/embed php_embed.c Log: initialize values http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.11.2.1.2.3r2=1.11.2.1.2.4diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.11.2.1.2.3 php-src/sapi/embed/php_embed.c:1.11.2.1.2.4 --- php-src/sapi/embed/php_embed.c:1.11.2.1.2.3 Wed Aug 8 21:06:28 2007 +++ php-src/sapi/embed/php_embed.c Wed Aug 8 21:11:53 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.11.2.1.2.3 2007/08/08 21:06:28 stas Exp $ */ +/* $Id: php_embed.c,v 1.11.2.1.2.4 2007/08/08 21:11:53 stas Exp $ */ #include php_embed.h @@ -143,8 +143,8 @@ { zend_llist global_vars; #ifdef ZTS - sapi_globals_struct *sapi_globals; - void ***tsrm_ls; + sapi_globals_struct *sapi_globals = NULL; + void ***tsrm_ls = NULL; #endif int ini_entries_len = 0; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/embed php_embed.c
stasWed Aug 8 21:14:11 2007 UTC Modified files: /php-src/sapi/embed php_embed.c Log: initialize variables http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.19r2=1.20diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.19 php-src/sapi/embed/php_embed.c:1.20 --- php-src/sapi/embed/php_embed.c:1.19 Wed Aug 8 21:08:51 2007 +++ php-src/sapi/embed/php_embed.c Wed Aug 8 21:14:11 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.19 2007/08/08 21:08:51 stas Exp $ */ +/* $Id: php_embed.c,v 1.20 2007/08/08 21:14:11 stas Exp $ */ #include php_embed.h #include ext/standard/dl.h @@ -155,8 +155,8 @@ { zend_llist global_vars; #ifdef ZTS - sapi_globals_struct *sapi_globals; - void ***tsrm_ls; + sapi_globals_struct *sapi_globals = NULL; + void ***tsrm_ls = NULL; #endif int ini_entries_len = 0; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/embed php_embed.c
stasWed Aug 8 21:57:30 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/embed php_embed.c Log: fix startup - remove unneeded variables http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.11.2.1.2.4r2=1.11.2.1.2.5diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.11.2.1.2.4 php-src/sapi/embed/php_embed.c:1.11.2.1.2.5 --- php-src/sapi/embed/php_embed.c:1.11.2.1.2.4 Wed Aug 8 21:11:53 2007 +++ php-src/sapi/embed/php_embed.c Wed Aug 8 21:57:30 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.11.2.1.2.4 2007/08/08 21:11:53 stas Exp $ */ +/* $Id: php_embed.c,v 1.11.2.1.2.5 2007/08/08 21:57:30 stas Exp $ */ #include php_embed.h @@ -143,7 +143,6 @@ { zend_llist global_vars; #ifdef ZTS - sapi_globals_struct *sapi_globals = NULL; void ***tsrm_ls = NULL; #endif int ini_entries_len = 0; @@ -168,6 +167,8 @@ #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); + *ptsrm_ls = tsrm_ls; #endif ini_entries_len = strlen(HARDCODED_INI); @@ -185,12 +186,6 @@ return FAILURE; } -#ifdef ZTS - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); - *ptsrm_ls = tsrm_ls; -#endif - zend_llist_init(global_vars, sizeof(char *), NULL, 0); /* Set some Embedded PHP defaults */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_4_4) /sapi/embed php_embed.c
stasWed Aug 8 21:58:53 2007 UTC Modified files: (Branch: PHP_4_4) /php-src/sapi/embed php_embed.c Log: remove unneded variables http://cvs.php.net/viewvc.cgi/php-src/sapi/embed/php_embed.c?r1=1.1.2.5.2.3r2=1.1.2.5.2.4diff_format=u Index: php-src/sapi/embed/php_embed.c diff -u php-src/sapi/embed/php_embed.c:1.1.2.5.2.3 php-src/sapi/embed/php_embed.c:1.1.2.5.2.4 --- php-src/sapi/embed/php_embed.c:1.1.2.5.2.3 Wed Aug 8 21:12:41 2007 +++ php-src/sapi/embed/php_embed.c Wed Aug 8 21:58:53 2007 @@ -15,7 +15,7 @@ | Author: Edin Kadribasic [EMAIL PROTECTED] | +--+ */ -/* $Id: php_embed.c,v 1.1.2.5.2.3 2007/08/08 21:12:41 stas Exp $ */ +/* $Id: php_embed.c,v 1.1.2.5.2.4 2007/08/08 21:58:53 stas Exp $ */ #include php_embed.h @@ -137,7 +137,6 @@ { zend_llist global_vars; #ifdef ZTS - sapi_globals_struct *sapi_globals = NULL; void ***tsrm_ls = NULL; #endif @@ -161,6 +160,8 @@ #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); + *ptsrm_ls = tsrm_ls; #endif sapi_startup(php_embed_module); @@ -173,12 +174,6 @@ return FAILURE; } -#ifdef ZTS - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); - *ptsrm_ls = tsrm_ls; -#endif - zend_llist_init(global_vars, sizeof(char *), NULL, 0); /* Set some Embedded PHP defaults */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/cli php_cli.c
stasWed Aug 8 23:51:24 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/cli php_cli.c Log: remove unneeded variables http://cvs.php.net/viewvc.cgi/php-src/sapi/cli/php_cli.c?r1=1.129.2.13.2.21r2=1.129.2.13.2.22diff_format=u Index: php-src/sapi/cli/php_cli.c diff -u php-src/sapi/cli/php_cli.c:1.129.2.13.2.21 php-src/sapi/cli/php_cli.c:1.129.2.13.2.22 --- php-src/sapi/cli/php_cli.c:1.129.2.13.2.21 Mon Jun 4 09:47:54 2007 +++ php-src/sapi/cli/php_cli.c Wed Aug 8 23:51:24 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: php_cli.c,v 1.129.2.13.2.21 2007/06/04 09:47:54 tony2001 Exp $ */ +/* $Id: php_cli.c,v 1.129.2.13.2.22 2007/08/08 23:51:24 stas Exp $ */ #include php.h #include php_globals.h @@ -607,10 +607,6 @@ int hide_argv = 0; /* end of temporary locals */ #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; - sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif #ifdef PHP_CLI_WIN32_NO_CONSOLE @@ -648,6 +644,7 @@ #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); #endif cli_sapi_module.ini_defaults = sapi_cli_ini_defaults; @@ -716,14 +713,6 @@ cli_sapi_module.executable_location = argv[0]; -#ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); -#endif - /* startup after we get the above ini override se we get things right */ if (cli_sapi_module.startup(cli_sapi_module)==FAILURE) { /* there is no way to see if we must call zend_ini_deactivate() -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /sapi/cgi cgi_main.c
stasWed Aug 8 23:51:57 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/sapi/cgi cgi_main.c Log: remove unneeded variables http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.45r2=1.267.2.15.2.46diff_format=u Index: php-src/sapi/cgi/cgi_main.c diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.45 php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.46 --- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.45 Wed Aug 8 13:01:40 2007 +++ php-src/sapi/cgi/cgi_main.c Wed Aug 8 23:51:57 2007 @@ -21,7 +21,7 @@ +--+ */ -/* $Id: cgi_main.c,v 1.267.2.15.2.45 2007/08/08 13:01:40 dmitry Exp $ */ +/* $Id: cgi_main.c,v 1.267.2.15.2.46 2007/08/08 23:51:57 stas Exp $ */ #include php.h #include php_globals.h @@ -1161,10 +1161,6 @@ /* end of temporary locals */ #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; - sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif @@ -1204,6 +1200,7 @@ #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); #endif sapi_startup(cgi_sapi_module); @@ -1295,11 +1292,6 @@ php_optarg = orig_optarg; #ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); SG(request_info).path_translated = NULL; #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/cgi cgi_main.c
stasWed Aug 8 23:55:42 2007 UTC Modified files: /php-src/sapi/cgi cgi_main.c Log: remove unneeded variables http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.329r2=1.330diff_format=u Index: php-src/sapi/cgi/cgi_main.c diff -u php-src/sapi/cgi/cgi_main.c:1.329 php-src/sapi/cgi/cgi_main.c:1.330 --- php-src/sapi/cgi/cgi_main.c:1.329 Wed Aug 8 13:02:01 2007 +++ php-src/sapi/cgi/cgi_main.c Wed Aug 8 23:55:42 2007 @@ -21,7 +21,7 @@ +--+ */ -/* $Id: cgi_main.c,v 1.329 2007/08/08 13:02:01 dmitry Exp $ */ +/* $Id: cgi_main.c,v 1.330 2007/08/08 23:55:42 stas Exp $ */ #include php.h #include php_globals.h @@ -1117,10 +1117,6 @@ /* end of temporary locals */ #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; - sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif @@ -1158,6 +1154,7 @@ #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); #endif sapi_startup(cgi_sapi_module); @@ -1240,11 +1237,6 @@ php_optarg = orig_optarg; #ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); SG(request_info).path_translated = NULL; #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /sapi/cli php_cli.c
stasWed Aug 8 23:56:19 2007 UTC Modified files: /php-src/sapi/cli php_cli.c Log: remove unneeded variables http://cvs.php.net/viewvc.cgi/php-src/sapi/cli/php_cli.c?r1=1.179r2=1.180diff_format=u Index: php-src/sapi/cli/php_cli.c diff -u php-src/sapi/cli/php_cli.c:1.179 php-src/sapi/cli/php_cli.c:1.180 --- php-src/sapi/cli/php_cli.c:1.179Sun May 6 12:57:27 2007 +++ php-src/sapi/cli/php_cli.c Wed Aug 8 23:56:19 2007 @@ -20,7 +20,7 @@ +--+ */ -/* $Id: php_cli.c,v 1.179 2007/05/06 12:57:27 johannes Exp $ */ +/* $Id: php_cli.c,v 1.180 2007/08/08 23:56:19 stas Exp $ */ #include php.h #include php_globals.h @@ -609,10 +609,6 @@ int hide_argv = 0; /* end of temporary locals */ #ifdef ZTS - zend_compiler_globals *compiler_globals; - zend_executor_globals *executor_globals; - php_core_globals *core_globals; - sapi_globals_struct *sapi_globals; void ***tsrm_ls; #endif #ifdef PHP_CLI_WIN32_NO_CONSOLE @@ -650,6 +646,7 @@ #ifdef ZTS tsrm_startup(1, 1, 0, NULL); + tsrm_ls = ts_resource(0); #endif cli_sapi_module.ini_defaults = sapi_cli_ini_defaults; @@ -719,14 +716,6 @@ cli_sapi_module.executable_location = argv[0]; cli_sapi_module.additional_functions = additional_functions; -#ifdef ZTS - compiler_globals = ts_resource(compiler_globals_id); - executor_globals = ts_resource(executor_globals_id); - core_globals = ts_resource(core_globals_id); - sapi_globals = ts_resource(sapi_globals_id); - tsrm_ls = ts_resource(0); -#endif - /* startup after we get the above ini override se we get things right */ if (cli_sapi_module.startup(cli_sapi_module)==FAILURE) { /* there is no way to see if we must call zend_ini_deactivate() -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /tests/lang 041.phpt 042.phpt 043.phpt 044.phpt
stasMon Aug 13 21:20:20 2007 UTC Removed files: (Branch: PHP_5_2) /php-src/tests/lang 041.phpt 042.phpt 043.phpt 044.phpt Log: revert variable class support for 5.2 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasTue Aug 14 00:50:45 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: variable class patch was reverted for 5.2.4 http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.893r2=1.2027.2.547.2.894diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.893 php-src/NEWS:1.2027.2.547.2.894 --- php-src/NEWS:1.2027.2.547.2.893 Mon Aug 13 23:17:38 2007 +++ php-src/NEWSTue Aug 14 00:50:45 2007 @@ -64,8 +64,6 @@ - Added PCRE_VERSION constant. (Tony) - Added ReflectionExtension::info() function to print the phpinfo() block for an extension. (Johannes) -- Added possibility to call static class members using variables. (Etienne - Kneuss) - Implemented FR #41884 (ReflectionClass::getDefaultProperties() does not handle static attributes). (Tony) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main/streams userspace.c
stasThu Aug 16 23:53:40 2007 UTC Modified files: /php-src/main/streams userspace.c Log: fix proto http://cvs.php.net/viewvc.cgi/php-src/main/streams/userspace.c?r1=1.43r2=1.44diff_format=u Index: php-src/main/streams/userspace.c diff -u php-src/main/streams/userspace.c:1.43 php-src/main/streams/userspace.c:1.44 --- php-src/main/streams/userspace.c:1.43 Tue Jul 3 10:22:55 2007 +++ php-src/main/streams/userspace.cThu Aug 16 23:53:40 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: userspace.c,v 1.43 2007/07/03 10:22:55 dmitry Exp $ */ +/* $Id: userspace.c,v 1.44 2007/08/16 23:53:40 stas Exp $ */ #include php.h #include php_globals.h @@ -443,7 +443,7 @@ } -/* {{{ proto bool stream_wrapper_register(string protocol, string classname) +/* {{{ proto bool stream_wrapper_register(string protocol, string classname[, integer flags]) Registers a custom URL protocol handler class */ PHP_FUNCTION(stream_wrapper_register) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main/streams userspace.c
stasThu Aug 16 23:54:24 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main/streams userspace.c Log: fix proto http://cvs.php.net/viewvc.cgi/php-src/main/streams/userspace.c?r1=1.31.2.3.2.6r2=1.31.2.3.2.7diff_format=u Index: php-src/main/streams/userspace.c diff -u php-src/main/streams/userspace.c:1.31.2.3.2.6 php-src/main/streams/userspace.c:1.31.2.3.2.7 --- php-src/main/streams/userspace.c:1.31.2.3.2.6 Mon Jul 9 17:27:24 2007 +++ php-src/main/streams/userspace.cThu Aug 16 23:54:24 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: userspace.c,v 1.31.2.3.2.6 2007/07/09 17:27:24 dmitry Exp $ */ +/* $Id: userspace.c,v 1.31.2.3.2.7 2007/08/16 23:54:24 stas Exp $ */ #include php.h #include php_globals.h @@ -443,7 +443,7 @@ } -/* {{{ proto bool stream_wrapper_register(string protocol, string classname) +/* {{{ proto bool stream_wrapper_register(string protocol, string classname[, integer flags]) Registers a custom URL protocol handler class */ PHP_FUNCTION(stream_wrapper_register) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src / README.namespaces
stasFri Aug 17 21:53:59 2007 UTC Modified files: /php-srcREADME.namespaces Log: some rewording and typofixing http://cvs.php.net/viewvc.cgi/php-src/README.namespaces?r1=1.5r2=1.6diff_format=u Index: php-src/README.namespaces diff -u php-src/README.namespaces:1.5 php-src/README.namespaces:1.6 --- php-src/README.namespaces:1.5 Fri Aug 17 17:12:28 2007 +++ php-src/README.namespaces Fri Aug 17 21:53:58 2007 @@ -22,11 +22,11 @@ Namespace definition does the following: All class and function names inside are automatically prefixed with namespace name. Inside namespace, local name always takes precedence over -global name. Several files may be included into the same namespace. +global name. Several files may be using the same namespace. The namespace declaration statement must be the very first statement in -file. The only exception is declare statement that can be used before. +the file. The only exception is declare statement that can be used before. -Every class and function from namespace can be referred to by the full name +Every class and function in a namespace can be referred to by the full name - e.g. Zend::DB::Connection or Zend::DB::connect - at any time. ?php @@ -41,6 +41,7 @@ require 'Zend/Db/Connection.php'; import Zend::DB; import Zend::DB::Connection as DbConnection; + $x = new Zend::DB::Connection(); $y = new DB::connection(); $z = new DbConnection(); @@ -50,20 +51,23 @@ import statement only defines name aliasing. It may create name alias for namespace or class. The simple form of statement import A::B::C::D; is equivalent to import A::B::C::D as D;. Import statement can be used at any -time in global scope (not inside function/class) and takes effect from the -point of definition down to the end of file. It is recommended however to +time in the global scope (not inside function/class) and takes effect from +the point of definition down to the end of file. It is recommended however to place imports at the beginning of the file. Import statements have effect -only on file where they are written. +only on the file where they appear. The special empty namespace (:: prefix) is useful as explicit global namespace qualification. All class and function names started from :: -interpreted as global. ?php namespace A::B::C; +interpreted as global. + +?php +namespace A::B::C; $con = ::mysql_connect(...); ? -A special constant __NAMESPACE__ indicates the current namespace. It can be -used to construct fully-qualified names to pass them as callbacks. +A special constant __NAMESPACE__ contains the name of the current namespace. +It can be used to construct fully-qualified names to pass them as callbacks. ?php namespace A::B::C; @@ -74,37 +78,37 @@ set_error_handler(__NAMESPACE__ . ::foo); ? -In global namespace __NAMESPACE__ constant has value of empty string. +In global namespace __NAMESPACE__ constant has the value of empty string. -Names inside namespace are resolved according to the following rules. +Names inside namespace are resolved according to the following rules: 1) all qualified names are translated during compilation according to -current import rules. So if we have import A::B::C; and then C::D::e(); -it is translated to A::B::C::D::e() +current import rules. So if we have import A::B::C and then C::D::e() +it is translated to A::B::C::D::e(). 2) unqualified class names translated during compilation according to -current import rules. So if we have import A::B::C; and then new C(); it -is translated to new A::B::C() - -3) calls to unqualified functions that are defined in current namespace -interpreted as calls to corresponding functions -4) calls to unqualified functions that are not defined in current namespace -are resolved in run-time. The call to function foo() inside namespace (A::B) -first tries to find and call function from current namespace A::B::foo() and -if it doesn't exist PHP tries to call internal function foo(). Note that -using foo() in namespace you can call only internal PHP functions, however -using ::foo() you are able to call any function from global namespace. +current import rules. So if we have import A::B::C and then new C() it +is translated to new A::B::C(). +3) inside namespace, calls to unqualified functions that are defined in +current namespace (and are known at the time the call is parsed) are +interpreted as calls to these namespace functions. +4) inside namespace, calls to unqualified functions that are not defined +in current namespace are resolved at run-time. The call to function foo() +inside namespace (A::B) first tries to find and call function from current +namespace A::B::foo() and if it doesn't exist PHP tries to call internal +function foo(). Note that using foo() inside namespace you can call only +internal PHP functions, however using ::foo() you are able to call any +function from the global namespace. 5) unqualified class names are
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/pdo pdo_stmt.c
stasWed Sep 12 21:21:18 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/pdopdo_stmt.c Log: fix crash if stream is empty and reader function sets buffer as null http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.118.2.38.2.23r2=1.118.2.38.2.24diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.23 php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.24 --- php-src/ext/pdo/pdo_stmt.c:1.118.2.38.2.23 Thu Aug 30 14:06:12 2007 +++ php-src/ext/pdo/pdo_stmt.c Wed Sep 12 21:21:18 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: pdo_stmt.c,v 1.118.2.38.2.23 2007/08/30 14:06:12 bjori Exp $ */ +/* $Id: pdo_stmt.c,v 1.118.2.38.2.24 2007/09/12 21:21:18 stas Exp $ */ /* The PDO Statement Handle Class */ @@ -569,7 +569,11 @@ char *buf = NULL; size_t len; len = php_stream_copy_to_mem((php_stream*)value, buf, PHP_STREAM_COPY_ALL, 0); - ZVAL_STRINGL(dest, buf, len, 0); + if(buf == NULL) { + ZVAL_EMPTY_STRING(dest); + } else { + ZVAL_STRINGL(dest, buf, len, 0); + } php_stream_close((php_stream*)value); } else { php_stream_to_zval((php_stream*)value, dest); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/pdo pdo_stmt.c
stasWed Sep 12 21:27:57 2007 UTC Modified files: /php-src/ext/pdopdo_stmt.c Log: MFB: fix crash if stream is empty and reader function sets buffer as null http://cvs.php.net/viewvc.cgi/php-src/ext/pdo/pdo_stmt.c?r1=1.175r2=1.176diff_format=u Index: php-src/ext/pdo/pdo_stmt.c diff -u php-src/ext/pdo/pdo_stmt.c:1.175 php-src/ext/pdo/pdo_stmt.c:1.176 --- php-src/ext/pdo/pdo_stmt.c:1.175Wed May 16 20:12:53 2007 +++ php-src/ext/pdo/pdo_stmt.c Wed Sep 12 21:27:56 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: pdo_stmt.c,v 1.175 2007/05/16 20:12:53 iliaa Exp $ */ +/* $Id: pdo_stmt.c,v 1.176 2007/09/12 21:27:56 stas Exp $ */ /* The PDO Statement Handle Class */ @@ -538,7 +538,11 @@ char *buf = NULL; size_t len; len = php_stream_copy_to_mem((php_stream*)value, buf, PHP_STREAM_COPY_ALL, 0); - ZVAL_STRINGL(dest, buf, len, 0); + if(buf == NULL) { + ZVAL_EMPTY_STRING(dest); + } else { + ZVAL_STRINGL(dest, buf, len, 0); + } php_stream_close((php_stream*)value); } else { php_stream_to_zval((php_stream*)value, dest); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: CVSROOT / avail
stasWed Sep 12 21:58:55 2007 UTC Modified files: /CVSROOTavail Log: ICU group access to unicode module http://cvs.php.net/viewvc.cgi/CVSROOT/avail?r1=1.1303r2=1.1304diff_format=u Index: CVSROOT/avail diff -u CVSROOT/avail:1.1303 CVSROOT/avail:1.1304 --- CVSROOT/avail:1.1303Wed Sep 12 21:57:30 2007 +++ CVSROOT/avail Wed Sep 12 21:58:55 2007 @@ -282,7 +282,7 @@ avail|tias|pear/PEAR_Frontend_Web,peardoc avail|va|pecl/yami avail|msaraujo,mansion|pecl/lua -avail|merletenney,kirtig,harveyrd|pecl/intl +avail|merletenney,kirtig,harveyrd|pecl/intl,pecl/unicode # php windows installer -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard dl.c
stasThu Sep 13 00:56:31 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard dl.c Log: docs say dl() parameter can be filename only - enforce it http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.106.2.1.2.2r2=1.106.2.1.2.3diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.106.2.1.2.2 php-src/ext/standard/dl.c:1.106.2.1.2.3 --- php-src/ext/standard/dl.c:1.106.2.1.2.2 Fri Feb 23 00:37:35 2007 +++ php-src/ext/standard/dl.c Thu Sep 13 00:56:31 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.106.2.1.2.2 2007/02/23 00:37:35 iliaa Exp $ */ +/* $Id: dl.c,v 1.106.2.1.2.3 2007/09/13 00:56:31 stas Exp $ */ #include php.h #include dl.h @@ -125,6 +125,13 @@ if (extension_dir extension_dir[0]){ int extension_dir_len = strlen(extension_dir); + if(type == MODULE_TEMPORARY) { + if(strchr(Z_STRVAL_P(file), '/') != NULL || strchr(Z_STRVAL_P(file), DEFAULT_SLASH) != NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Temporary module name should contain only filename); + RETURN_FALSE; + } + } + if (IS_SLASH(extension_dir[extension_dir_len-1])) { spprintf(libpath, 0, %s%s, extension_dir, Z_STRVAL_P(file)); } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasThu Sep 13 01:16:24 2007 UTC Modified files: /php-src/ext/standard dl.c Log: MFB: docs say dl() parameter can be filename only - enforce it http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.114r2=1.115diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.114 php-src/ext/standard/dl.c:1.115 --- php-src/ext/standard/dl.c:1.114 Tue May 29 21:24:45 2007 +++ php-src/ext/standard/dl.c Thu Sep 13 01:16:24 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.114 2007/05/29 21:24:45 tony2001 Exp $ */ +/* $Id: dl.c,v 1.115 2007/09/13 01:16:24 stas Exp $ */ #include php.h #include dl.h @@ -115,6 +115,13 @@ if (extension_dir extension_dir[0]){ int extension_dir_len = strlen(extension_dir); + if(type == MODULE_TEMPORARY) { + if(strchr(filename, '/') != NULL || strchr(filename, DEFAULT_SLASH) != NULL) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Temporary module name should contain only filename); + RETURN_FALSE; + } + } + if (IS_SLASH(extension_dir[extension_dir_len-1])) { spprintf(libpath, 0, %s%s, extension_dir, filename); /* SAFE */ } else { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /ext/standard dl.c
Wouldn't something with strcspn and a string build form '/' and DEFAULT_SLASH be faster? Not sure. I would rather use strpbrk, though I'm not sure how easy is to actually build that string from macros. But dl() is anyway not the shining star of performance, so saving a dozen of CPU cycles while we are going to spend thousands on loading new module wasn't a big priority. But you may fix it if you feel it's worth it :) -- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasThu Sep 13 17:15:03 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: List recent fixes http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.947r2=1.2027.2.547.2.948diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.947 php-src/NEWS:1.2027.2.547.2.948 --- php-src/NEWS:1.2027.2.547.2.947 Wed Sep 12 18:26:48 2007 +++ php-src/NEWSThu Sep 13 17:15:02 2007 @@ -14,6 +14,8 @@ imlplementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent gaffie. (Ilia) - Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) +- Fixed PDO crash when dirver returns empty LOB stream (Stas). +- Fixed dl() to accept only filenames - reported by Laurent Gaffie. (Stas) - Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) - Fixed bug #42627 (bz2 extension fails to build with -fno-common). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /main main.c
stasThu Sep 13 20:04:23 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/main main.c Log: disallow setting mail.force_extra_parameters from .htaccess http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.54r2=1.640.2.23.2.55diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.640.2.23.2.54 php-src/main/main.c:1.640.2.23.2.55 --- php-src/main/main.c:1.640.2.23.2.54 Fri Aug 31 08:35:37 2007 +++ php-src/main/main.c Thu Sep 13 20:04:22 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.640.2.23.2.54 2007/08/31 08:35:37 jani Exp $ */ +/* $Id: main.c,v 1.640.2.23.2.55 2007/09/13 20:04:22 stas Exp $ */ /* {{{ includes */ @@ -318,6 +318,19 @@ } /* }}} */ +/* {{{ PHP_INI_MH + */ +static PHP_INI_MH(OnChangeMailForceExtra) +{ + /* Don't allow changing it in htaccess */ + if (stage == PHP_INI_STAGE_HTACCESS) { + return FAILURE; + } + return SUCCESS; +} +/* }}} */ + + /* Need to convert to strings and make use of: * PHP_SAFE_MODE * @@ -428,7 +441,7 @@ PHP_INI_ENTRY(precision, 14, PHP_INI_ALL,OnSetPrecision) PHP_INI_ENTRY(sendmail_from, NULL, PHP_INI_ALL,NULL) PHP_INI_ENTRY(sendmail_path, DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY(mail.force_extra_parameters,NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) + PHP_INI_ENTRY(mail.force_extra_parameters,NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra) PHP_INI_ENTRY(disable_functions, , PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY(disable_classes,, PHP_INI_SYSTEM, NULL) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main main.c
stasThu Sep 13 20:06:15 2007 UTC Modified files: /php-src/main main.c Log: MFB: disallow setting mail.force_extra_parameters from .htaccess http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.746r2=1.747diff_format=u Index: php-src/main/main.c diff -u php-src/main/main.c:1.746 php-src/main/main.c:1.747 --- php-src/main/main.c:1.746 Fri Aug 31 08:35:07 2007 +++ php-src/main/main.c Thu Sep 13 20:06:15 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: main.c,v 1.746 2007/08/31 08:35:07 jani Exp $ */ +/* $Id: main.c,v 1.747 2007/09/13 20:06:15 stas Exp $ */ /* {{{ includes */ @@ -434,6 +434,18 @@ } /* }}} */ +/* {{{ PHP_INI_MH + */ +static PHP_INI_MH(OnChangeMailForceExtra) +{ + /* Don't allow changing it in htaccess */ + if (stage == PHP_INI_STAGE_HTACCESS) { + return FAILURE; + } + return SUCCESS; +} +/* }}} */ + /* * Need to be read from the environment (?): * PHP_AUTO_PREPEND_FILE @@ -524,7 +536,7 @@ PHP_INI_ENTRY(precision, 14, PHP_INI_ALL,OnSetPrecision) PHP_INI_ENTRY(sendmail_from, NULL, PHP_INI_ALL,NULL) PHP_INI_ENTRY(sendmail_path, DEFAULT_SENDMAIL_PATH, PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY(mail.force_extra_parameters,NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) + PHP_INI_ENTRY(mail.force_extra_parameters,NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnChangeMailForceExtra) PHP_INI_ENTRY(disable_functions, , PHP_INI_SYSTEM, NULL) PHP_INI_ENTRY(disable_classes,, PHP_INI_SYSTEM, NULL) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasThu Sep 13 20:08:00 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: register mail.force_extra_parameters change http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.948r2=1.2027.2.547.2.949diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.948 php-src/NEWS:1.2027.2.547.2.949 --- php-src/NEWS:1.2027.2.547.2.948 Thu Sep 13 17:15:02 2007 +++ php-src/NEWSThu Sep 13 20:08:00 2007 @@ -16,6 +16,8 @@ - Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) - Fixed PDO crash when dirver returns empty LOB stream (Stas). - Fixed dl() to accept only filenames - reported by Laurent Gaffie. (Stas) +- Disallowed setting mail.force_extra_parameters from .htaccess due + to the security implications - reported by SecurityReason (Stas) - Fixed bug #42643 (CLI segfaults if using ATTR_PERSISTENT). (Ilia) - Fixed bug #42627 (bz2 extension fails to build with -fno-common). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src(PHP_5_2) /main main.c
Isn't it a bit easier to just make it PHP_INI_SYSTEM since you can't set it anyplace else than php.ini now..? Somehow this patch feels a bit overkill to me now. :) You surely can - in apache .conf files. PERDIR covers both .htaccess and .conf files. -- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard dl.c
stasTue Sep 18 20:19:34 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard dl.c Log: limit dl() argument length (patch by Christian Hoffmann) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.106.2.1.2.4r2=1.106.2.1.2.5diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.106.2.1.2.4 php-src/ext/standard/dl.c:1.106.2.1.2.5 --- php-src/ext/standard/dl.c:1.106.2.1.2.4 Thu Sep 13 07:42:12 2007 +++ php-src/ext/standard/dl.c Tue Sep 18 20:19:34 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.106.2.1.2.4 2007/09/13 07:42:12 jani Exp $ */ +/* $Id: dl.c,v 1.106.2.1.2.5 2007/09/18 20:19:34 stas Exp $ */ #include php.h #include dl.h @@ -73,6 +73,11 @@ RETURN_FALSE; } + if (Z_STRLEN_PP(file) = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); + RETURN_FALSE; + } + if ((strncmp(sapi_module.name, cgi, 3)!=0) (strcmp(sapi_module.name, cli)!=0) (strncmp(sapi_module.name, embed, 5)!=0)) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasTue Sep 18 20:21:04 2007 UTC Modified files: /php-src/ext/standard dl.c Log: limit dl() argument length (patch by Christian Hoffmann) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.116r2=1.117diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.116 php-src/ext/standard/dl.c:1.117 --- php-src/ext/standard/dl.c:1.116 Thu Sep 13 07:41:59 2007 +++ php-src/ext/standard/dl.c Tue Sep 18 20:21:04 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.116 2007/09/13 07:41:59 jani Exp $ */ +/* $Id: dl.c,v 1.117 2007/09/18 20:21:04 stas Exp $ */ #include php.h #include dl.h @@ -63,6 +63,11 @@ return; } + if (Z_STRLEN_PP(file) = MAXPATHLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); + RETURN_FALSE; + } + php_dl(filename, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC); EG(full_tables_cleanup) = 1; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasTue Sep 18 20:25:08 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: add dl() limit patch http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.954r2=1.2027.2.547.2.955diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.954 php-src/NEWS:1.2027.2.547.2.955 --- php-src/NEWS:1.2027.2.547.2.954 Tue Sep 18 19:49:53 2007 +++ php-src/NEWSTue Sep 18 20:25:07 2007 @@ -10,6 +10,8 @@ (Stas) - Fixed PDO crash when driver returns empty LOB stream. (Stas) - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) +- Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). + (Christian Hoffmann) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv iconv.c php_iconv.h
stasWed Sep 19 00:37:43 2007 UTC Modified files: /php-src/ext/iconv iconv.c php_iconv.h Log: limit iconv parameter sizes - workaround for libc bug http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.153r2=1.154diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.153 php-src/ext/iconv/iconv.c:1.154 --- php-src/ext/iconv/iconv.c:1.153 Mon May 28 23:52:13 2007 +++ php-src/ext/iconv/iconv.c Wed Sep 19 00:37:43 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.153 2007/05/28 23:52:13 iliaa Exp $ */ +/* $Id: iconv.c,v 1.154 2007/09/19 00:37:43 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -230,12 +230,21 @@ #define GENERIC_SUPERSET_NBYTES 4 /* }}} */ +static PHP_INI_MH(OnUpdateStringIconvCharset) +{ + if(new_value_length = ICONV_CSNMAXLEN) { + return FAILURE; + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + /* {{{ PHP_INI */ PHP_INI_BEGIN() - STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateString, input_encoding,zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateString, output_encoding, zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateString, internal_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, input_encoding,zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, output_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, internal_encoding, zend_iconv_globals, iconv_globals) PHP_INI_END() /* }}} */ @@ -1921,7 +1930,7 @@ PHP_FUNCTION(iconv_strlen) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; @@ -1936,6 +1945,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strlen(retval, str, str_len, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); if (err == PHP_ICONV_ERR_SUCCESS) { @@ -1951,7 +1965,7 @@ PHP_FUNCTION(iconv_substr) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; long offset, length; @@ -1968,6 +1982,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (ZEND_NUM_ARGS() 3) { length = str_len; } @@ -1993,7 +2012,7 @@ PHP_FUNCTION(iconv_strpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -2013,6 +2032,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (offset 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Offset not contained in string); RETURN_FALSE; @@ -2039,7 +2063,7 @@ PHP_FUNCTION(iconv_strrpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -2061,6 +2085,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strpos(retval, haystk, haystk_len, ndl, ndl_len, -1, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); @@ -2117,6 +2146,11 @@ } if (zend_hash_find(Z_ARRVAL_P(pref), input-charset, sizeof(input-charset), (void **)ppval) == SUCCESS) { + if (Z_STRLEN_PP(ppval) =
[PHP-CVS] cvs: php-src /ext/xmlrpc/libxmlrpc encodings.c
stasWed Sep 19 00:38:48 2007 UTC Modified files: /php-src/ext/xmlrpc/libxmlrpc encodings.c Log: MFB: limit iconv parameters here too http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/encodings.c?r1=1.7r2=1.8diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/encodings.c diff -u php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7 php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.8 --- php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7Mon Mar 8 23:04:33 2004 +++ php-src/ext/xmlrpc/libxmlrpc/encodings.cWed Sep 19 00:38:48 2007 @@ -41,7 +41,7 @@ #include stdlib.h #endif -static const char rcsid[] = #(@) $Id: encodings.c,v 1.7 2004/03/08 23:04:33 abies Exp $; +static const char rcsid[] = #(@) $Id: encodings.c,v 1.8 2007/09/19 00:38:48 stas Exp $; #include errno.h @@ -53,6 +53,10 @@ #include encodings.h +#ifndef ICONV_CSNMAXLEN +#define ICONV_CSNMAXLEN 64 +#endif + static char* convert(const char* src, int src_len, int *new_len, const char* from_enc, const char* to_enc) { char* outbuf = 0; @@ -60,9 +64,13 @@ size_t outlenleft = src_len; size_t inlenleft = src_len; int outlen = src_len; - iconv_t ic = iconv_open(to_enc, from_enc); + iconv_t ic; char* out_ptr = 0; + if(strlen(to_enc) = ICONV_CSNMAXLEN || strlen(from_enc) = ICONV_CSNMAXLEN) { + return NULL; + } + ic = iconv_open(to_enc, from_enc); if(ic != (iconv_t)-1) { size_t st; outbuf = (char*)malloc(outlen + 1); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasWed Sep 19 00:41:11 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: report iconv fix http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.955r2=1.2027.2.547.2.956diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.955 php-src/NEWS:1.2027.2.547.2.956 --- php-src/NEWS:1.2027.2.547.2.955 Tue Sep 18 20:25:07 2007 +++ php-src/NEWSWed Sep 19 00:41:10 2007 @@ -12,6 +12,8 @@ - Fixed dl() to only accept filenames - reported by Laurent Gaffie. (Stas) - Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). (Christian Hoffmann) +- Fixed iconv_*() functions to limit argument sizes as workaround to libc + bug (CVE-2007-4783, CVE-2007-4840). (Christian Hoffmann, Stas) - Fixed missing brackets leading to build warning and error in the log. Win32 code). (Andrey) - Fixed leaks with multiple connects on one mysqli object. (Andrey) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv/tests iconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_se
stasWed Sep 19 00:42:20 2007 UTC Modified files: /php-src/ext/iconv/testsiconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_set_encoding-charset-length-cve-2007-4840.phpt iconv_strlen-charset-length-cve-2007-4840.phpt iconv_strpos-charset-length-cve-2007-4840.phpt iconv_strrpos-charset-length-cve-2007-4840.phpt iconv_substr-charset-length-cve-2007-4783.phpt Log: MFB length tests http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,17 @@ +--TEST-- +iconv() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv($a, b, test)); +var_dump(iconv(x, $a, test)); +? +--EXPECTF-- + +Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) + +Warning: iconv(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,13 @@ +--TEST-- +iconv_mime_decode() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv_mime_decode(a, null, $a)); +? +--EXPECTF-- + +Warning: iconv_mime_decode(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,13 @@ +--TEST-- +iconv_mime_decode_headers() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv_mime_decode_headers(a, null, $a)); +? +--EXPECTF-- + +Warning: iconv_mime_decode_headers(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:42:20 2007 +++ php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt Wed Sep 19 00:42:20 2007 @@ -0,0 +1,21 @@ +--TEST-- +iconv_set_encoding() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +$a = str_repeat(/, 900); +var_dump(iconv_set_encoding(input_encoding, $a)); +var_dump(iconv_set_encoding(output_encoding, $a)); +var_dump(iconv_set_encoding(internal_encoding, $a)); +? +--EXPECTF-- + +Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) + +Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) + +Warning: iconv_set_encoding(): Charset parameter exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:49:02 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt Log: one more test http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:49:25 2007 UTC Modified files: /php-src/ext/iconv/tests ob_iconv_handler-charset-length-cve-2007-4840.phpt Log: MFB one more test http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt diff -u /dev/null php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt:1.2 --- /dev/null Wed Sep 19 00:49:25 2007 +++ php-src/ext/iconv/tests/ob_iconv_handler-charset-length-cve-2007-4840.phpt Wed Sep 19 00:49:25 2007 @@ -0,0 +1,12 @@ +--TEST-- +ob_iconv_handler() charset parameter length checks (CVE-2007-4840) +--SKIPIF-- +?php extension_loaded('iconv') or die('skip iconv extension is not available'); ? +--FILE-- +?php +ini_set(iconv.output_encoding, str_repeat(a, 900)); +ob_start(ob_iconv_handler); +print done; +? +--EXPECT-- +done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/xmlrpc/libxmlrpc encodings.c
stasWed Sep 19 00:33:43 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/xmlrpc/libxmlrpc encodings.c Log: limit iconv parameters here too http://cvs.php.net/viewvc.cgi/php-src/ext/xmlrpc/libxmlrpc/encodings.c?r1=1.7r2=1.7.6.1diff_format=u Index: php-src/ext/xmlrpc/libxmlrpc/encodings.c diff -u php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7 php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7.6.1 --- php-src/ext/xmlrpc/libxmlrpc/encodings.c:1.7Mon Mar 8 23:04:33 2004 +++ php-src/ext/xmlrpc/libxmlrpc/encodings.cWed Sep 19 00:33:43 2007 @@ -41,7 +41,7 @@ #include stdlib.h #endif -static const char rcsid[] = #(@) $Id: encodings.c,v 1.7 2004/03/08 23:04:33 abies Exp $; +static const char rcsid[] = #(@) $Id: encodings.c,v 1.7.6.1 2007/09/19 00:33:43 stas Exp $; #include errno.h @@ -53,6 +53,10 @@ #include encodings.h +#ifndef ICONV_CSNMAXLEN +#define ICONV_CSNMAXLEN 64 +#endif + static char* convert(const char* src, int src_len, int *new_len, const char* from_enc, const char* to_enc) { char* outbuf = 0; @@ -60,9 +64,13 @@ size_t outlenleft = src_len; size_t inlenleft = src_len; int outlen = src_len; - iconv_t ic = iconv_open(to_enc, from_enc); + iconv_t ic; char* out_ptr = 0; + if(strlen(to_enc) = ICONV_CSNMAXLEN || strlen(from_enc) = ICONV_CSNMAXLEN) { + return NULL; + } + ic = iconv_open(to_enc, from_enc); if(ic != (iconv_t)-1) { size_t st; outbuf = (char*)malloc(outlen + 1); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv iconv.c php_iconv.h
stasWed Sep 19 00:30:53 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/iconv iconv.c php_iconv.h Log: limit iconv parameter sizes - workaround for glibc bug http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.124.2.8.2.16r2=1.124.2.8.2.17diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.124.2.8.2.16 php-src/ext/iconv/iconv.c:1.124.2.8.2.17 --- php-src/ext/iconv/iconv.c:1.124.2.8.2.16Sat May 19 17:52:30 2007 +++ php-src/ext/iconv/iconv.c Wed Sep 19 00:30:52 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.124.2.8.2.16 2007/05/19 17:52:30 iliaa Exp $ */ +/* $Id: iconv.c,v 1.124.2.8.2.17 2007/09/19 00:30:52 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -233,12 +233,21 @@ #define GENERIC_SUPERSET_NBYTES 4 /* }}} */ +static PHP_INI_MH(OnUpdateStringIconvCharset) +{ + if(new_value_length = ICONV_CSNMAXLEN) { + return FAILURE; + } + OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return SUCCESS; +} + /* {{{ PHP_INI */ PHP_INI_BEGIN() - STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateString, input_encoding,zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateString, output_encoding, zend_iconv_globals, iconv_globals) - STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateString, internal_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.input_encoding,ICONV_INPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, input_encoding,zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.output_encoding, ICONV_OUTPUT_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, output_encoding, zend_iconv_globals, iconv_globals) + STD_PHP_INI_ENTRY(iconv.internal_encoding, ICONV_INTERNAL_ENCODING, PHP_INI_ALL, OnUpdateStringIconvCharset, internal_encoding, zend_iconv_globals, iconv_globals) PHP_INI_END() /* }}} */ @@ -1858,7 +1867,7 @@ PHP_FUNCTION(iconv_strlen) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; @@ -1873,6 +1882,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strlen(retval, str, str_len, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); if (err == PHP_ICONV_ERR_SUCCESS) { @@ -1888,7 +1902,7 @@ PHP_FUNCTION(iconv_substr) { char *charset; - int charset_len; + int charset_len = 0; char *str; int str_len; long offset, length; @@ -1905,6 +1919,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (ZEND_NUM_ARGS() 3) { length = str_len; } @@ -1925,7 +1944,7 @@ PHP_FUNCTION(iconv_strpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -1945,6 +1964,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + if (offset 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, Offset not contained in string.); RETURN_FALSE; @@ -1971,7 +1995,7 @@ PHP_FUNCTION(iconv_strrpos) { char *charset; - int charset_len; + int charset_len = 0; char *haystk; int haystk_len; char *ndl; @@ -1993,6 +2017,11 @@ RETURN_FALSE; } + if (charset_len = ICONV_CSNMAXLEN) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, Charset parameter exceeds the maximum allowed length of %d characters, ICONV_CSNMAXLEN); + RETURN_FALSE; + } + err = _php_iconv_strpos(retval, haystk, haystk_len, ndl, ndl_len, -1, charset); _php_iconv_show_error(err, GENERIC_SUPERSET_NAME, charset TSRMLS_CC); @@ -2049,6 +2078,11 @@ } if (zend_hash_find(Z_ARRVAL_P(pref), input-charset, sizeof(input-charset), (void
[PHP-CVS] cvs: php-src /ext/standard dl.c
stasWed Sep 19 00:06:06 2007 UTC Modified files: /php-src/ext/standard dl.c Log: use right variable name http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dl.c?r1=1.117r2=1.118diff_format=u Index: php-src/ext/standard/dl.c diff -u php-src/ext/standard/dl.c:1.117 php-src/ext/standard/dl.c:1.118 --- php-src/ext/standard/dl.c:1.117 Tue Sep 18 20:21:04 2007 +++ php-src/ext/standard/dl.c Wed Sep 19 00:06:05 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: dl.c,v 1.117 2007/09/18 20:21:04 stas Exp $ */ +/* $Id: dl.c,v 1.118 2007/09/19 00:06:05 stas Exp $ */ #include php.h #include dl.h @@ -63,7 +63,7 @@ return; } - if (Z_STRLEN_PP(file) = MAXPATHLEN) { + if (Z_STRLEN_PP(filename) = MAXPATHLEN) { php_error_docref(NULL TSRMLS_CC, E_WARNING, File name exceeds the maximum allowed length of %d characters, MAXPATHLEN); RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv/tests iconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt
stasWed Sep 19 00:18:01 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/iconv/testsiconv-charset-length-cve-2007-4840.phpt iconv_mime_decode-charset-length-cve-2007-4840.phpt iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt iconv_set_encoding-charset-length-cve-2007-4840.phpt iconv_strlen-charset-length-cve-2007-4840.phpt iconv_strpos-charset-length-cve-2007-4840.phpt iconv_strrpos-charset-length-cve-2007-4840.phpt iconv_substr-charset-length-cve-2007-4783.phpt Log: add length tests for iconv functions http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_mime_decode-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_mime_decode_headers-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_set_encoding-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strlen-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strpos-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt +++ php-src/ext/iconv/tests/iconv_strrpos-charset-length-cve-2007-4840.phpt http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt?view=markuprev=1.1 Index: php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt +++ php-src/ext/iconv/tests/iconv_substr-charset-length-cve-2007-4783.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard/tests/general_functions dl-cve-2007-4887.phpt
stasThu Sep 20 18:44:24 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/general_functions dl-cve-2007-4887.phpt Log: add test for dl() with long name http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt +++ php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/standard/tests/general_functions dl-cve-2007-4887.phpt
stasThu Sep 20 18:45:03 2007 UTC Modified files: /php-src/ext/standard/tests/general_functions dl-cve-2007-4887.phpt Log: add test for dl() with long name http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt?r1=1.1r2=1.2diff_format=u Index: php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt diff -u /dev/null php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt:1.2 --- /dev/null Thu Sep 20 18:45:03 2007 +++ php-src/ext/standard/tests/general_functions/dl-cve-2007-4887.phpt Thu Sep 20 18:45:03 2007 @@ -0,0 +1,10 @@ +--TEST-- +dl() filename length checks (CVE-2007-4887) +--FILE-- +?php +var_dump(dl(str_repeat(a, 8376757))); +? +--EXPECTF-- + +Warning: dl(): File name exceeds the maximum allowed length of %d characters in %s on line %d +bool(false) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv iconv.c
stasThu Sep 20 21:55:15 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/iconv iconv.c Log: fix potential overflow (Mattias Bengtsson) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.124.2.8.2.17r2=1.124.2.8.2.18diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.124.2.8.2.17 php-src/ext/iconv/iconv.c:1.124.2.8.2.18 --- php-src/ext/iconv/iconv.c:1.124.2.8.2.17Wed Sep 19 00:30:52 2007 +++ php-src/ext/iconv/iconv.c Thu Sep 20 21:55:14 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.124.2.8.2.17 2007/09/19 00:30:52 stas Exp $ */ +/* $Id: iconv.c,v 1.124.2.8.2.18 2007/09/20 21:55:14 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -700,11 +700,11 @@ } } - if (offset = total_len) { + if (offset = total_len || len total_len) { return PHP_ICONV_ERR_SUCCESS; } - if ((offset + len) total_len) { + if ((offset + len) total_len ) { /* trying to compute the length */ len = total_len - offset; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv iconv.c
stasThu Sep 20 21:57:11 2007 UTC Modified files: /php-src/ext/iconv iconv.c Log: MFB length check fix (Mattias Bengtsson) http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.154r2=1.155diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.154 php-src/ext/iconv/iconv.c:1.155 --- php-src/ext/iconv/iconv.c:1.154 Wed Sep 19 00:37:43 2007 +++ php-src/ext/iconv/iconv.c Thu Sep 20 21:57:11 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.154 2007/09/19 00:37:43 stas Exp $ */ +/* $Id: iconv.c,v 1.155 2007/09/20 21:57:11 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -765,7 +765,7 @@ } } - if (offset = total_len) { + if (offset = total_len || len total_len) { return PHP_ICONV_ERR_SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/iconv iconv.c
stasThu Sep 20 22:35:25 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/iconv iconv.c Log: better fix for iconv_substr http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.124.2.8.2.18r2=1.124.2.8.2.19diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.124.2.8.2.18 php-src/ext/iconv/iconv.c:1.124.2.8.2.19 --- php-src/ext/iconv/iconv.c:1.124.2.8.2.18Thu Sep 20 21:55:14 2007 +++ php-src/ext/iconv/iconv.c Thu Sep 20 22:35:24 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.124.2.8.2.18 2007/09/20 21:55:14 stas Exp $ */ +/* $Id: iconv.c,v 1.124.2.8.2.19 2007/09/20 22:35:24 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -700,7 +700,12 @@ } } - if (offset = total_len || len total_len) { + if(len total_len) { + len = total_len; + } + + + if (offset = total_len) { return PHP_ICONV_ERR_SUCCESS; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /ext/iconv iconv.c
stasThu Sep 20 22:38:25 2007 UTC Modified files: /php-src/ext/iconv iconv.c Log: better fix for iconv_substr http://cvs.php.net/viewvc.cgi/php-src/ext/iconv/iconv.c?r1=1.155r2=1.156diff_format=u Index: php-src/ext/iconv/iconv.c diff -u php-src/ext/iconv/iconv.c:1.155 php-src/ext/iconv/iconv.c:1.156 --- php-src/ext/iconv/iconv.c:1.155 Thu Sep 20 21:57:11 2007 +++ php-src/ext/iconv/iconv.c Thu Sep 20 22:38:25 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: iconv.c,v 1.155 2007/09/20 21:57:11 stas Exp $ */ +/* $Id: iconv.c,v 1.156 2007/09/20 22:38:25 stas Exp $ */ #ifdef HAVE_CONFIG_H #include config.h @@ -765,10 +765,14 @@ } } - if (offset = total_len || len total_len) { + if(len total_len) { + len = total_len; + } + + if (offset = total_len) { return PHP_ICONV_ERR_SUCCESS; } - + if ((offset + len) total_len) { /* trying to compute the length */ len = total_len - offset; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard html.c
stasWed Oct 3 04:53:06 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/standard html.c Log: do not accept partial multibyte sequences in html* functions http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14r2=1.111.2.2.2.15diff_format=u Index: php-src/ext/standard/html.c diff -u php-src/ext/standard/html.c:1.111.2.2.2.14 php-src/ext/standard/html.c:1.111.2.2.2.15 --- php-src/ext/standard/html.c:1.111.2.2.2.14 Sun May 27 15:57:11 2007 +++ php-src/ext/standard/html.c Wed Oct 3 04:53:05 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: html.c,v 1.111.2.2.2.14 2007/05/27 15:57:11 nlopess Exp $ */ +/* $Id: html.c,v 1.111.2.2.2.15 2007/10/03 04:53:05 stas Exp $ */ /* * HTML entity resources: @@ -484,18 +484,29 @@ }\ mbseq[mbpos++] = (mbchar); } +#define CHECK_LEN(pos, chars_need) \ + if((str_len - (pos)) chars_need) {\ + *status = FAILURE; \ + return 0; \ + } + /* {{{ get_next_char */ inline static unsigned short get_next_char(enum entity_charset charset, unsigned char * str, + int str_len, int * newpos, unsigned char * mbseq, - int * mbseqlen) + int * mbseqlen, + int *status) { int pos = *newpos; int mbpos = 0; int mbspace = *mbseqlen; unsigned short this_char = str[pos++]; + unsigned char next_char; + + *status = SUCCESS; if (mbspace = 0) { *mbseqlen = 0; @@ -517,6 +528,10 @@ do { if (this_char 0x80) { more = 0; + if(stat) { + /* we didn't finish the UTF sequence correctly */ + *status = FAILURE; + } break; } else if (this_char 0xc0) { switch (stat) { @@ -555,6 +570,7 @@ break; default: /* invalid */ + *status = FAILURE; more = 0; } } @@ -562,21 +578,27 @@ else if (this_char 0xe0) { stat = 0x10;/* 2 byte */ utf = (this_char 0x1f) 6; + CHECK_LEN(pos, 1); } else if (this_char 0xf0) { stat = 0x20;/* 3 byte */ utf = (this_char 0xf) 12; + CHECK_LEN(pos, 2); } else if (this_char 0xf8) { stat = 0x30;/* 4 byte */ utf = (this_char 0x7) 18; + CHECK_LEN(pos, 3); } else if (this_char 0xfc) { stat = 0x40;/* 5 byte */ utf = (this_char 0x3) 24; + CHECK_LEN(pos, 4); } else if (this_char 0xfe) { stat = 0x50;/* 6 byte */ utf = (this_char 0x1) 30; + CHECK_LEN(pos, 5); } else { /* invalid; bail */ more = 0; + *status = FAILURE; break; } @@ -594,7 +616,8 @@ /* check if this is the first of a 2-byte sequence */ if (this_char = 0xa1 this_char = 0xfe) {
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/standard/tests/strings htmlentities-utf.phpt
stasWed Oct 3 04:58:40 2007 UTC Added files: (Branch: PHP_5_2) /php-src/ext/standard/tests/strings htmlentities-utf.phpt Log: add test with invalid sequences http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/htmlentities-utf.phpt?view=markuprev=1.1 Index: php-src/ext/standard/tests/strings/htmlentities-utf.phpt +++ php-src/ext/standard/tests/strings/htmlentities-utf.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS
stasWed Oct 3 05:03:12 2007 UTC Modified files: (Branch: PHP_5_2) /php-srcNEWS Log: add html* utf fix http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.966r2=1.2027.2.547.2.967diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.2027.2.547.2.966 php-src/NEWS:1.2027.2.547.2.967 --- php-src/NEWS:1.2027.2.547.2.966 Mon Oct 1 15:23:15 2007 +++ php-src/NEWSWed Oct 3 05:03:12 2007 @@ -29,6 +29,8 @@ implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent gaffie. (Ilia) - Fixed imagerectangle regression with 1x1 rectangle (libgd #106). (Pierre) +- Fixed htmlentities/htmlspecialchars not to accept partial multibyte + sequences. (Stas) - Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_3) /ext/standard html.c
stasWed Oct 3 05:05:08 2007 UTC Modified files: (Branch: PHP_5_3) /php-src/ext/standard html.c Log: MFB do not accept partial multibyte sequences in html* functions http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14r2=1.111.2.2.2.14.2.1diff_format=u Index: php-src/ext/standard/html.c diff -u php-src/ext/standard/html.c:1.111.2.2.2.14 php-src/ext/standard/html.c:1.111.2.2.2.14.2.1 --- php-src/ext/standard/html.c:1.111.2.2.2.14 Sun May 27 15:57:11 2007 +++ php-src/ext/standard/html.c Wed Oct 3 05:05:08 2007 @@ -18,7 +18,7 @@ +--+ */ -/* $Id: html.c,v 1.111.2.2.2.14 2007/05/27 15:57:11 nlopess Exp $ */ +/* $Id: html.c,v 1.111.2.2.2.14.2.1 2007/10/03 05:05:08 stas Exp $ */ /* * HTML entity resources: @@ -484,18 +484,29 @@ }\ mbseq[mbpos++] = (mbchar); } +#define CHECK_LEN(pos, chars_need) \ + if((str_len - (pos)) chars_need) {\ + *status = FAILURE; \ + return 0; \ + } + /* {{{ get_next_char */ inline static unsigned short get_next_char(enum entity_charset charset, unsigned char * str, + int str_len, int * newpos, unsigned char * mbseq, - int * mbseqlen) + int * mbseqlen, + int *status) { int pos = *newpos; int mbpos = 0; int mbspace = *mbseqlen; unsigned short this_char = str[pos++]; + unsigned char next_char; + + *status = SUCCESS; if (mbspace = 0) { *mbseqlen = 0; @@ -555,6 +566,7 @@ break; default: /* invalid */ + *status = FAILURE; more = 0; } } @@ -562,21 +574,27 @@ else if (this_char 0xe0) { stat = 0x10;/* 2 byte */ utf = (this_char 0x1f) 6; + CHECK_LEN(pos, 1); } else if (this_char 0xf0) { stat = 0x20;/* 3 byte */ utf = (this_char 0xf) 12; + CHECK_LEN(pos, 2); } else if (this_char 0xf8) { stat = 0x30;/* 4 byte */ utf = (this_char 0x7) 18; + CHECK_LEN(pos, 3); } else if (this_char 0xfc) { stat = 0x40;/* 5 byte */ utf = (this_char 0x3) 24; + CHECK_LEN(pos, 4); } else if (this_char 0xfe) { stat = 0x50;/* 6 byte */ utf = (this_char 0x1) 30; + CHECK_LEN(pos, 5); } else { /* invalid; bail */ more = 0; + *status = FAILURE; break; } @@ -594,7 +612,8 @@ /* check if this is the first of a 2-byte sequence */ if (this_char = 0xa1 this_char = 0xfe) { /* peek at the next char */ - unsigned char next_char = str[pos]; + CHECK_LEN(pos, 1); + next_char = str[pos]; if ((next_char = 0x40 next_char = 0x7e) || (next_char = 0xa1 next_char = 0xfe)) { /* yes, this a wide char */ @@ -614,7 +633,8 @@ (this_char = 0xe0 this_char = 0xef) )