Matt Wilmas wrote:
Hi all,
I first noticed this with preg_replace()'s /e modifier (SO many other
issues with that...), but it also happens with create_function() and a
few other places where zend_eval_string() is used. Other code
evaluation in PHP is binary-safe, so it seems like these areas should be
as well? In case an example is needed:
$func = create_function('', "return strlen('Test\0string');");
echo $func();
Patches:
http://realplain.com/php/binary_eval_string.diff
http://realplain.com/php/binary_eval_string_5_3.diff
Can they be applied? (Also a small optimization by eliminating strlen()
usage.) May want to verify the ext/interbase change.
Yes, apply them (though I didn't verify the interbase patch).
I noticed there are several zend_eval_string() references in PECL
sources [1], which would be a problem after adding a string length
parameter... How is that handled? Should the updated function be
eval_stringL instead and add macros for compatibility?
I'd prefer that.
-Andrei
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
