sniper Thu Jan 15 01:09:19 2004 EDT Modified files: /php-src NEWS /php-src/ext/mime_magic mime_magic.c Log: - Fixed bug #26844 (ext/mime_magic: magic file validation broken). Index: php-src/NEWS diff -u php-src/NEWS:1.1576 php-src/NEWS:1.1577 --- php-src/NEWS:1.1576 Wed Jan 14 16:17:07 2004 +++ php-src/NEWS Thu Jan 15 01:09:14 2004 @@ -8,6 +8,7 @@ - Fixed class name case preserving of user defined classes. (Marcus) - Fixed bug #26911 (crash in sqlite extension when fetching data from empty queries). (Ilia) +- Fixed bug #26844 (ext/mime_magic: magic file validation broken). (Jani) - Fixed bug #26819 (http_build_query() crashes on NULL output). (Ilia) - Fixed bug #26817 (http_build_query() does not handle private & protected object properties correctly). (Ilia) Index: php-src/ext/mime_magic/mime_magic.c diff -u php-src/ext/mime_magic/mime_magic.c:1.35 php-src/ext/mime_magic/mime_magic.c:1.36 --- php-src/ext/mime_magic/mime_magic.c:1.35 Thu Jan 8 03:16:07 2004 +++ php-src/ext/mime_magic/mime_magic.c Thu Jan 15 01:09:16 2004 @@ -15,7 +15,7 @@ | Author: Hartmut Holzgraefe <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ - $Id: mime_magic.c,v 1.35 2004/01/08 08:16:07 andi Exp $ + $Id: mime_magic.c,v 1.36 2004/01/15 06:09:16 sniper Exp $ This module contains a lot of stuff taken from Apache mod_mime_magic, so the license section is a little bit longer than usual: @@ -483,15 +483,21 @@ /* * */ -static int is_valid_mimetype(char *p) +static int is_valid_mimetype(char *p, int p_len) { - do { - if(!isalnum(*p) && (*p != '-')) return 0; - } while(*(++p) != '/'); - ++p; - do { - if(!isalnum(*p) && (*p != '-')) return 0; - } while(*(++p)); + if (p_len > 0) { + do { + if (!isalnum(*p) && (*p != '-') && (*p != '.')) { + return 0; + } + } while (*(++p) != '/'); + ++p; + do { + if (!isalnum(*p) && (*p != '-') && (*p != '.') && !isspace(*p)) { + return 0; + } + } while (*(++p)); + } return 1; } @@ -710,9 +716,9 @@ else m->nospflag = 0; - if(!is_valid_mimetype(l)) { + if (!is_valid_mimetype(l, strlen(l))) { if(MIME_MAGIC_G(debug)) - php_error_docref("http://www.php.net/mime_magic" TSRMLS_CC, E_WARNING, ": (%s:%d) '%s' is not a valid mimetype, etry skipped", MIME_MAGIC_G(magicfile), lineno, l); + php_error_docref("http://www.php.net/mime_magic" TSRMLS_CC, E_WARNING, ": (%s:%d) '%s' is not a valid mimetype, entry skipped", MIME_MAGIC_G(magicfile), lineno, l); return -1; } @@ -992,7 +998,7 @@ req_dat = MIME_MAGIC_G(req_dat); /* allocate the result string */ - result = (char *) emalloc(len + 1); + result = (char *) emalloc(len + 2); /* loop through and collect the string */ res_pos = 0;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php