On 03.06.2009, at 20:45, Matt Wilmas wrote:
Hi all,
I first noticed this with preg_replace()'s /e modifier (SO many
other issues with that...), but it also happens with
create_function() and a few other places where zend_eval_string() is
used. Other code evaluation in PHP is binary-safe, so it seems like
these areas should be as well? In case an example is needed:
$func = create_function('', "return strlen('Test\0string');");
echo $func();
Patches:
http://realplain.com/php/binary_eval_string.diff
http://realplain.com/php/binary_eval_string_5_3.diff
Can they be applied? (Also a small optimization by eliminating
strlen() usage.) May want to verify the ext/interbase change.
I noticed there are several zend_eval_string() references in PECL
sources [1], which would be a problem after adding a string length
parameter... How is that handled? Should the updated function be
eval_stringL instead and add macros for compatibility?
[1] http://lxr.php.net/ident?i=zend_eval_string
should this be applied now as it hasnt been applied yet, afaik?
regards,
Lukas Kahwe Smith
m...@pooteeweet.org
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
