Why not MFH to PHP_4_3 ? (or doesn't this apply there..? :)
--Jani
On Mon, 14 Feb 2005, Marcus Boerger wrote:
helly Mon Feb 14 15:58:25 2005 EDT
Modified files:
/php-src/ext/standard var_unserializer.re
Log:
- Disallow illegal class names
http://cvs.php.net/diff.php/php-src/ext/standard/var_unserializer.re?r1=1.40&r2=1.41&ty=u
Index: php-src/ext/standard/var_unserializer.re
diff -u php-src/ext/standard/var_unserializer.re:1.40
php-src/ext/standard/var_unserializer.re:1.41
--- php-src/ext/standard/var_unserializer.re:1.40 Sun Jan 30 11:38:53 2005
+++ php-src/ext/standard/var_unserializer.re Mon Feb 14 15:58:22 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: var_unserializer.re,v 1.40 2005/01/30 16:38:53 iliaa Exp $ */
+/* $Id: var_unserializer.re,v 1.41 2005/02/14 20:58:22 helly Exp $ */
#include "php.h"
#include "ext/standard/php_var.h"
@@ -473,7 +473,7 @@
}
"O:" uiv ":" ["] {
- size_t len, len2, maxlen;
+ size_t len, len2, len3, maxlen;
int elements;
char *class_name;
zend_class_entry *ce;
@@ -506,6 +506,13 @@
return 0;
}
+ len3 = strspn(class_name,
"0123456789_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
+ if (len3 != len)
+ {
+ *p = YYCURSOR + len3 - len;
+ return 0;
+ }
+
class_name = estrndup(class_name, len);
do {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php