iliaa Sun Jan 6 17:12:44 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/curl interface.c
Log:
MFB: Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.27.2.7&r2=1.62.2.14.2.27.2.8&diff_format=u
Index: php-src/ext/curl/interface.c
diff -u php-src/ext/curl/interface.c:1.62.2.14.2.27.2.7
php-src/ext/curl/interface.c:1.62.2.14.2.27.2.8
--- php-src/ext/curl/interface.c:1.62.2.14.2.27.2.7 Mon Dec 31 07:17:06 2007
+++ php-src/ext/curl/interface.c Sun Jan 6 17:12:44 2008
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: interface.c,v 1.62.2.14.2.27.2.7 2007/12/31 07:17:06 sebastian Exp $ */
+/* $Id: interface.c,v 1.62.2.14.2.27.2.8 2008/01/06 17:12:44 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -173,7 +173,7 @@
php_curl_ret(__ret);
\
}
\
\
- if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str
+ len)) { \
+ if (tmp_url->host || !php_memnstr(str, tmp_url->path,
strlen(tmp_url->path), str + len)) { \
php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s'
contains unencoded control characters", str); \
php_url_free(tmp_url);
\
php_curl_ret(__ret);
\
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
