Bug #61043 [Fbk->Ctl]: Regression in magic_quotes_gpc fix (CVE-2012-0831)

Fri, 09 Mar 2012 05:10:17 -0800 

Edit report at https://bugs.php.net/bug.php?id=61043&edit=1

 ID:                 61043
 Updated by:         ond...@php.net
 Reported by:        ond...@php.net
 Summary:            Regression in magic_quotes_gpc fix (CVE-2012-0831)
-Status:             Feedback
+Status:             Critical
 Type:               Bug
 Package:            Variables related
 PHP Version:        5.3SVN-2012-02-10 (SVN)
 Assigned To:        johannes
 Block user comment: N
 Private report:     N



Previous Comments:
------------------------------------------------------------------------
[2012-03-09 08:23:57] ond...@php.net

Nope, r323016 is the commit which broke it.

Please look at the patch and look at the broken code before jumping to 
conclusions.

------------------------------------------------------------------------
[2012-03-08 13:17:17] johan...@php.net

I think this was fixed in r323016. Please verify.

------------------------------------------------------------------------
[2012-03-05 22:46:30] paj...@php.net

Johannes, can you check this please?

------------------------------------------------------------------------
[2012-02-13 18:37:04] sbeat...@php.net

Ondřej's patch is the patch we went with in Ubuntu. I verified in our testing 
that it did address the issue.

------------------------------------------------------------------------
[2012-02-10 13:19:41] ond...@php.net

I can confirm that the attached patch fixes the reported problem:

root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(1) "1"
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini 
magic_quotes_gpc = On
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(1) "1"
root@howl:/tmp# emacs php.ini 
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini 
magic_quotes_gpc = Off
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(0) ""

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    https://bugs.php.net/bug.php?id=61043


-- 
Edit this bug report at https://bugs.php.net/bug.php?id=61043&edit=1

Reply via email to