there is one more problem just like the
http://bugs.php.net/bug.php?id=22904 bug
the problem is also for 'regular' magic mode.
the addslashes add slashes anly when the slash follow by '\'' or '\"' or
'\\' but on stripslashes it's nuke all the slashes without considering whats
came after that.
here is 'first shoot' fix for both bugs (i didn't even compiled it) hope
i'll time to debug it and write test tomorrow
Index: string.c
===================================================================
RCS file: /repository/php4/ext/standard/string.c,v
retrieving revision 1.365
diff -u -r1.365 string.c
--- string.c 31 Mar 2003 12:08:31 -0000 1.365
+++ string.c 31 Mar 2003 15:36:28 -0000
@@ -2322,8 +2322,9 @@
if (PG(magic_quotes_sybase)) {
while (l > 0) {
+ l--;
if (*t == '\'') {
- if ((l > 0) && (t[1] == '\'')) {
+ if ((l >= 0) && (t[1] == '\'')) {
t++;
if (len != NULL) {
(*len)--;
@@ -2331,17 +2332,24 @@
l--;
}
*s++ = *t++;
- } else if (*t == '\\' && l > 0 && t[1] == '0') {
+ } else if (*t == '\\' && l > 0) {
+ t++;
+ if (*t == '0') {
*s++='\0';
- t += 2;
- if (len != NULL) {
- (*len)--;
- }
- l--;
+ t++;
+ } else if (*s=='\\'){
+ *s++ = *t++;
+ }else{
+ *s++; = '\\';
+ continue;
+ }
+ l--;
+ if (len != NULL) {
+ (*len)--;
+ }
} else {
*s++ = *t++;
}
- l--;
}
*s = '\0';
@@ -2349,29 +2357,28 @@
}
while (l > 0) {
- if (*t == '\\') {
- t++; /* skip the slash */
- if (len != NULL) {
- (*len)--;
+ l--;
+ if (*t == '\\' && l > 0) {
+ t++;
+ if (*t == '0') {
+ *s++='\0';
+ t++;
+ } else if (*s=='\\'||*s=='\''||*s=='\"'){
+ *s++ = *t++;
+ }else{
+ *s++; = '\\';
+ continue;
}
l--;
- if (l > 0) {
- if (*t == '0') {
- *s++='\0';
- t++;
- } else {
- *s++ = *t++; /* preserve the next character */
- }
- l--;
+ if (len != NULL) {
+ (*len)--;
}
} else {
*s++ = *t++;
- l--;
}
}
- if (s != t) {
- *s = '\0';
- }
+ *s = '\0';
+
}
/* }}} */
@@ -2627,6 +2634,10 @@
case '\'':
*target++ = '\'';
*target++ = '\'';
+ break;
+ case '\\':
+ *target++ = '\\';
+ *target++ = '\\';
break;
default:
*target++ = *source;
"Jani Taskinen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> Heh..so magic_quotes_sybase ini setting affects how stripslashes()
> function works too? Pretty high WTF factor there. It should be
> an additional option for php_stripslashes() that is passed where
> appropriate.
>
> --Jani
>
>
>
> On Mon, 31 Mar 2003, Sander Roobol wrote:
>
> >On Mon, Mar 31, 2003 at 03:45:13PM +0200, moshe doron wrote:
> >> could some1 explain the first if here (php_stripslashes:cybase mode)
> >> http://lxr.php.net/source/php4/ext/standard/string.c#2324
> >> that have nothing with slashes but with quotes?
> >
> >Sybase escapes ' with '' and NUL with \0 so we needed a special
> >version of php_stripslashes().
> >
> >Sander
> >
> >>
> >> could this if be removed safely?
> >>
> >> tnx
> >> moshe.
> >>
> >>
> >>
> >> --
> >> PHP Internals - PHP Runtime Development Mailing List
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
> >
>
> --
> <- For Sale! ->
>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
