Re: [PHP-CVS] com php-src: - Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable): ext/json/json.c ext/json/tests/bug61978.phpt
This should probably not just insert null but let the whole function fail. Otherwise one has to add additional error checks on every call. Nikita On Wed, May 9, 2012 at 2:05 AM, Felipe Pena wrote: > Commit: 92bc49b2b06417f86dc0fc537326e60f4d0a0c0b > Author: Felipe Pena Tue, 8 May 2012 21:05:51 > -0300 > Parents: 2cb0ed1328da3bca00990648c3dfc90c957395f1 > Branches: PHP-5.4 master > > Link: > http://git.php.net/?p=php-src.git;a=commitdiff;h=92bc49b2b06417f86dc0fc537326e60f4d0a0c0b > > Log: > - Fixed bug #61978 (Object recursion not detected for classes that implement > JsonSerializable) > > Bugs: > https://bugs.php.net/61978 > > Changed paths: > M ext/json/json.c > A ext/json/tests/bug61978.phpt > > > Diff: > diff --git a/ext/json/json.c b/ext/json/json.c > index fc1fcb7..557fbc3 100644 > --- a/ext/json/json.c > +++ b/ext/json/json.c > @@ -513,6 +513,19 @@ static void json_encode_serializable_object(smart_str > *buf, zval *val, int optio > { > zend_class_entry *ce = Z_OBJCE_P(val); > zval *retval = NULL, fname; > + HashTable* myht; > + > + if (Z_TYPE_P(val) == IS_ARRAY) { > + myht = HASH_OF(val); > + } else { > + myht = Z_OBJPROP_P(val); > + } > + > + if (myht && myht->nApplyCount > 1) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion > detected"); > + smart_str_appendl(buf, "null", 4); > + return; > + } > > ZVAL_STRING(&fname, "jsonSerialize", 0); > > diff --git a/ext/json/tests/bug61978.phpt b/ext/json/tests/bug61978.phpt > new file mode 100644 > index 000..2c73297 > --- /dev/null > +++ b/ext/json/tests/bug61978.phpt > @@ -0,0 +1,47 @@ > +--TEST-- > +Bug #61978 (Object recursion not detected for classes that implement > JsonSerializable) > +--SKIPIF-- > + > +--FILE-- > + + > +class JsonTest1 { > + public $test; > + public $me; > + public function __construct() { > + $this->test = '123'; > + $this->me = $this; > + } > +} > + > +class JsonTest2 implements JsonSerializable { > + public $test; > + public function __construct() { > + $this->test = '123'; > + } > + public function jsonSerialize() { > + return array( > + 'test' => $this->test, > + 'me' => $this > + ); > + } > +} > + > + > +$obj1 = new JsonTest1(); > +var_dump(json_encode($obj1)); > + > +echo "\n==\n"; > + > +$obj2 = new JsonTest2(); > +var_dump(json_encode($obj2)); > + > +?> > +--EXPECTF-- > +Warning: json_encode(): recursion detected in %s on line %d > +string(44) "{"test":"123","me":{"test":"123","me":null}}" > + > +== > + > +Warning: json_encode(): recursion detected in %s on line %d > +string(44) "{"test":"123","me":{"test":"123","me":null}}" > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Correct test title: sapi/cli/tests/bug61977.phpt
Commit:d394c17293df2405b10aaec1804edd65e1d8efe8 Author:Xinchen Hui Wed, 9 May 2012 11:28:57 +0800 Parents: 1e60d0c105f065f395b5ae02608eaec9b42708f8 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=d394c17293df2405b10aaec1804edd65e1d8efe8 Log: Correct test title Changed paths: M sapi/cli/tests/bug61977.phpt Diff: diff --git a/sapi/cli/tests/bug61977.phpt b/sapi/cli/tests/bug61977.phpt index edb7b78..2f19806 100644 --- a/sapi/cli/tests/bug61977.phpt +++ b/sapi/cli/tests/bug61977.phpt @@ -1,5 +1,5 @@ --TEST-- -Bug #60159 (Router returns false, but POST is not passed to requested resource) +Bug #61977 (Need CLI web-server support for files with .htm & svg extensions) --SKIPIF-- http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions): NEWS sapi/cli/php_cli_server.c sapi/cli/tests/bug61977.phpt
Commit:1e60d0c105f065f395b5ae02608eaec9b42708f8 Author:Xinchen Hui Wed, 9 May 2012 11:27:39 +0800 Parents: 7b2ab569976f63b22ba1c69e78e782a693d5076a Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1e60d0c105f065f395b5ae02608eaec9b42708f8 Log: Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions) Bugs: https://bugs.php.net/61977 Changed paths: M NEWS M sapi/cli/php_cli_server.c A sapi/cli/tests/bug61977.phpt Diff: diff --git a/NEWS b/NEWS index d989f34..cb00f7a 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP NEWS ?? ??? 2012, PHP 5.4.2 - CLI Server: + . Implemented FR #61977 (Need CLI web-server support for files with .htm & +svg extensions). (Sixd, Laruence) . Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, reeze@gmail.com) . Improved performance while sending error page, this also fixed diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index e052aa8..87ab7b4 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -251,15 +251,17 @@ static php_cli_server_http_reponse_status_code_pair template_map[] = { }; static php_cli_server_ext_mime_type_pair mime_type_map[] = { + { "html", "text/html" }, + { "htm", "text/html" }, + { "js", "text/javascript" }, + { "css", "text/css" }, { "gif", "image/gif" }, - { "png", "image/png" }, - { "jpe", "image/jpeg" }, { "jpg", "image/jpeg" }, { "jpeg", "image/jpeg" }, - { "css", "text/css" }, - { "html", "text/html" }, + { "png", "image/png" }, + { "jpe", "image/jpeg" }, + { "svg", "image/svg+xml" }, { "txt", "text/plain" }, - { "js", "text/javascript" }, { NULL, NULL } }; diff --git a/sapi/cli/tests/bug61977.phpt b/sapi/cli/tests/bug61977.phpt new file mode 100644 index 000..edb7b78 --- /dev/null +++ b/sapi/cli/tests/bug61977.phpt @@ -0,0 +1,157 @@ +--TEST-- +Bug #60159 (Router returns false, but POST is not passed to requested resource) +--SKIPIF-- + +--FILE-- +', true); +$doc_root = __DIR__; + +list($host, $port) = explode(':', PHP_CLI_SERVER_ADDRESS); +$port = intval($port)?:80; + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} + +file_put_contents($doc_root . '/foo.html', ''); +if(fwrite($fp, << ", $text; +} + } +} +@unlink($doc_root . '/foo.html'); +fclose($fp); + + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} +file_put_contents($doc_root . '/foo.htm', ''); +if(fwrite($fp, << ", $text; +} + } +} +@unlink($doc_root . '/foo.htm'); +fclose($fp); + + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} +file_put_contents($doc_root . '/foo.svg', ''); +if(fwrite($fp, << ", $text; +} + } +} +@unlink($doc_root . '/foo.svg'); +fclose($fp); + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} +file_put_contents($doc_root . '/foo.css', ''); +if(fwrite($fp, << ", $text; +} + } +} +@unlink($doc_root . '/foo.css'); +fclose($fp); + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} +file_put_contents($doc_root . '/foo.js', ''); +if(fwrite($fp, << ", $text; +} + } +} +@unlink($doc_root . '/foo.js'); +fclose($fp); + +$fp = fsockopen($host, $port, $errno, $errstr, 0.5); +if (!$fp) { + die("connect failed"); +} +file_put_contents($doc_root . '/foo.png', ''); +if(fwrite($fp, << ", $text; +} + } +} +@unlink($doc_root . '/foo.png'); +fclose($fp); +?> +--EXPECTF-- +foo.html => Content-Type: text/html; charset=UTF-8 +foo.htm => Content-Type: text/html; charset=UTF-8 +foo.svg => Content-Type: image/svg+xml +foo.css => Content-Type: text/css; charset=UTF-8 +foo.js => Content-Type: text/javascript; charset=UTF-8 +foo.png => Content-Type: image/png -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix test failed, the fsockopen will be refused immediately if the server is not set up.: sapi/cli/tests/php_cli_server.inc
Commit:7b2ab569976f63b22ba1c69e78e782a693d5076a Author:Xinchen Hui Wed, 9 May 2012 11:21:24 +0800 Parents: f46a064760bd99223d8a8aec9df9807bab262022 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=7b2ab569976f63b22ba1c69e78e782a693d5076a Log: Fix test failed, the fsockopen will be refused immediately if the server is not set up. Changed paths: M sapi/cli/tests/php_cli_server.inc Diff: diff --git a/sapi/cli/tests/php_cli_server.inc b/sapi/cli/tests/php_cli_server.inc index d24a679..3479cd0 100644 --- a/sapi/cli/tests/php_cli_server.inc +++ b/sapi/cli/tests/php_cli_server.inc @@ -37,16 +37,14 @@ function php_cli_server_start($code = 'echo "Hello world";', $no_router = FALSE) // note: even when server prints 'Listening on localhost:8964...Press Ctrl-C to quit.' // it might not be listening yet...need to wait until fsockopen() call returns - $fp = fsockopen(PHP_CLI_SERVER_HOSTNAME, PHP_CLI_SERVER_PORT); - if ($fp) { - // server will report Unexpected EOF error (socket opened, closed without writing - // anything) but that can be ignored - fclose($fp); - } else { - // test will fail to connect if server doesn't start listening/accepting - // in the next few microseconds - } +$i = 0; +while (($i++ < 5) && !($fp = @fsockopen(PHP_CLI_SERVER_HOSTNAME, PHP_CLI_SERVER_PORT))) { +usleep(1); +} +if ($fp) { +fclose($fp); +} register_shutdown_function( function($handle) use($router) { @@ -56,7 +54,6 @@ function php_cli_server_start($code = 'echo "Hello world";', $no_router = FALSE) $handle ); // don't bother sleeping, server is already up - //usleep(5); // server can take a variable amount of time to be up, so just sleeping a guessed amount of time // does not work. this is why tests sometimes pass and sometimes fail. to get a reliable pass // sleeping doesn't work. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] com php-src: Typo: sapi/cli/php_cli_server.c
Hi: sorry for the typo, didn't test windows build , thanks for the fix ;) thanks On Wed, May 9, 2012 at 4:08 AM, David Soria Parra wrote: > Commit: 2cb0ed1328da3bca00990648c3dfc90c957395f1 > Author: David Soria Parra Tue, 8 May 2012 22:08:54 > +0200 > Parents: 87fa84abde7bb49e58136ea239ce4d25d211bb7e > Branches: PHP-5.4 master > > Link: > http://git.php.net/?p=php-src.git;a=commitdiff;h=2cb0ed1328da3bca00990648c3dfc90c957395f1 > > Log: > Typo > > Changed paths: > M sapi/cli/php_cli_server.c > > > Diff: > diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c > index 0850425..e052aa8 100644 > --- a/sapi/cli/php_cli_server.c > +++ b/sapi/cli/php_cli_server.c > @@ -1356,7 +1356,7 @@ static void > php_cli_server_request_translate_vpath(php_cli_server_request *reque > if (prev_path) { > request->path_info_len = prev_path_len; > #ifdef PHP_WIN32 > - while (prev_pach_len--) { > + while (prev_path_len--) { > if (prev_path[prev_path_len] == '\\') { > prev_path[prev_path_len] = '/'; > } > > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- Laruence Xinchen Hui http://www.laruence.com/ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: - BFN: NEWS
Commit:f46a064760bd99223d8a8aec9df9807bab262022 Author:Felipe Pena Tue, 8 May 2012 21:07:29 -0300 Parents: 92bc49b2b06417f86dc0fc537326e60f4d0a0c0b Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=f46a064760bd99223d8a8aec9df9807bab262022 Log: - BFN Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index 6008f42..d989f34 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,8 @@ PHP NEWS (Laruence) - Core: + . Fixed bug #61978 (Object recursion not detected for classes that implement +JsonSerializable). (Felipe) . Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference). (Laruence) . Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: - Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable): ext/json/json.c ext/json/tests/bug61978.phpt
Commit:92bc49b2b06417f86dc0fc537326e60f4d0a0c0b Author:Felipe Pena Tue, 8 May 2012 21:05:51 -0300 Parents: 2cb0ed1328da3bca00990648c3dfc90c957395f1 Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=92bc49b2b06417f86dc0fc537326e60f4d0a0c0b Log: - Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable) Bugs: https://bugs.php.net/61978 Changed paths: M ext/json/json.c A ext/json/tests/bug61978.phpt Diff: diff --git a/ext/json/json.c b/ext/json/json.c index fc1fcb7..557fbc3 100644 --- a/ext/json/json.c +++ b/ext/json/json.c @@ -513,6 +513,19 @@ static void json_encode_serializable_object(smart_str *buf, zval *val, int optio { zend_class_entry *ce = Z_OBJCE_P(val); zval *retval = NULL, fname; + HashTable* myht; + + if (Z_TYPE_P(val) == IS_ARRAY) { + myht = HASH_OF(val); + } else { + myht = Z_OBJPROP_P(val); + } + + if (myht && myht->nApplyCount > 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "recursion detected"); + smart_str_appendl(buf, "null", 4); + return; + } ZVAL_STRING(&fname, "jsonSerialize", 0); diff --git a/ext/json/tests/bug61978.phpt b/ext/json/tests/bug61978.phpt new file mode 100644 index 000..2c73297 --- /dev/null +++ b/ext/json/tests/bug61978.phpt @@ -0,0 +1,47 @@ +--TEST-- +Bug #61978 (Object recursion not detected for classes that implement JsonSerializable) +--SKIPIF-- + +--FILE-- +test = '123'; +$this->me = $this; +} +} + +class JsonTest2 implements JsonSerializable { +public $test; +public function __construct() { +$this->test = '123'; +} +public function jsonSerialize() { +return array( +'test' => $this->test, +'me' => $this +); +} +} + + +$obj1 = new JsonTest1(); +var_dump(json_encode($obj1)); + +echo "\n==\n"; + +$obj2 = new JsonTest2(); +var_dump(json_encode($obj2)); + +?> +--EXPECTF-- +Warning: json_encode(): recursion detected in %s on line %d +string(44) "{"test":"123","me":{"test":"123","me":null}}" + +== + +Warning: json_encode(): recursion detected in %s on line %d +string(44) "{"test":"123","me":{"test":"123","me":null}}" -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Typo: sapi/cli/php_cli_server.c
Commit:2cb0ed1328da3bca00990648c3dfc90c957395f1 Author:David Soria Parra Tue, 8 May 2012 22:08:54 +0200 Parents: 87fa84abde7bb49e58136ea239ce4d25d211bb7e Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cb0ed1328da3bca00990648c3dfc90c957395f1 Log: Typo Changed paths: M sapi/cli/php_cli_server.c Diff: diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c index 0850425..e052aa8 100644 --- a/sapi/cli/php_cli_server.c +++ b/sapi/cli/php_cli_server.c @@ -1356,7 +1356,7 @@ static void php_cli_server_request_translate_vpath(php_cli_server_request *reque if (prev_path) { request->path_info_len = prev_path_len; #ifdef PHP_WIN32 - while (prev_pach_len--) { + while (prev_path_len--) { if (prev_path[prev_path_len] == '\\') { prev_path[prev_path_len] = '/'; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug 61746 Failing tests in ext/standard/tests/file/windows_links/*: ext/standard/tests/file/windows_links/bug48746.phpt ext/standard/tests/file/windows_links/bug48746_1.phpt
Commit:c12fdbde5fe1da3f5ddd3be70a807b46755ff118 Author:Matt Ficken Tue, 8 May 2012 19:31:41 +0200 Committer: Anatoliy Belsky Tue, 8 May 2012 19:31:41 +0200 Parents: 838b4b8ff7d78dfb0da99e0b17568558a85a1c2a Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=c12fdbde5fe1da3f5ddd3be70a807b46755ff118 Log: Fix bug 61746 Failing tests in ext/standard/tests/file/windows_links/* Fixed that again for systems having their %SYSTEMROOT% not in c:\windows Bugs: https://bugs.php.net/61746 Changed paths: M ext/standard/tests/file/windows_links/bug48746.phpt M ext/standard/tests/file/windows_links/bug48746_1.phpt M ext/standard/tests/file/windows_links/bug48746_2.phpt M ext/standard/tests/file/windows_links/bug48746_3.phpt A ext/standard/tests/file/windows_links/common.inc Diff: diff --git a/ext/standard/tests/file/windows_links/bug48746.phpt b/ext/standard/tests/file/windows_links/bug48746.phpt index a47b7cb..55465ae 100644 --- a/ext/standard/tests/file/windows_links/bug48746.phpt +++ b/ext/standard/tests/file/windows_links/bug48746.phpt @@ -9,7 +9,8 @@ Venkat Raman Don (don.ra...@microsoft.com) if(substr(PHP_OS, 0, 3) != 'WIN' ) { die('skip windows only test'); } -$cmd = "mklink.exe /?"; +include_once __DIR__ . '/common.inc'; +$cmd = "mklink /?"; $ret = @exec($cmd, $output, $return_val); if (count($output) == 0) { die("mklink.exe not found in PATH"); @@ -17,7 +18,8 @@ if (count($output) == 0) { ?> --FILE-- --FILE-- &1', $out); if (strpos($ret, 'privilege')) { die('skip. SeCreateSymbolicLinkPrivilege not enable for this user.'); } -unlink('mklink bug48746_tmp.lnk'); +unlink('bug48746_tmp.lnk'); ?> --FILE-- .. [2] => a.php [3] => b.php -) +) diff --git a/ext/standard/tests/file/windows_links/bug48746_3.phpt b/ext/standard/tests/file/windows_links/bug48746_3.phpt index a0dcbdc..b88ab76 100644 --- a/ext/standard/tests/file/windows_links/bug48746_3.phpt +++ b/ext/standard/tests/file/windows_links/bug48746_3.phpt @@ -9,7 +9,8 @@ Venkat Raman Don (don.ra...@microsoft.com) if(substr(PHP_OS, 0, 3) != 'WIN' ) { die('skip windows only test'); } -$ret = exec('junction /? 2>&1', $out); +include_once __DIR__ . '/common.inc'; +$ret = exec(get_junction().' /? 2>&1', $out); if (strpos($out[0], 'recognized')) { die('skip. junction.exe not found in PATH.'); } @@ -17,11 +18,12 @@ if (strpos($out[0], 'recognized')) { ?> --FILE-- "); file_put_contents("junction\\b.php", ""); include "junction/a.php"; @@ -45,4 +47,4 @@ Array [1] => .. [2] => a.php [3] => b.php -) +) diff --git a/ext/standard/tests/file/windows_links/common.inc b/ext/standard/tests/file/windows_links/common.inc new file mode 100644 index 000..2d4b47c --- /dev/null +++ b/ext/standard/tests/file/windows_links/common.inc @@ -0,0 +1,23 @@ +http://technet.microsoft.com/en-us/sysinternals/bb896768 + + // install somewhere that is on %path% or added to %path% + return "junction.exe"; +} + +function get_mountvol() { + $sysroot = get_sysroot(); + + return "$sysroot\\System32\\mountvol.exe"; +} + +?> -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Merge branch 'PHP-5.4': sapi/cgi/cgi_main.c
Commit:08779069e86d72336f52078276c3296455fae4f7 Author:Stanislav Malyshev Tue, 8 May 2012 10:21:10 -0700 Parents: eafc567213886cc049fdbca147ab5d84dd93b117 057f4719d3825fff3f0cfe0f263168b227d93205 Branches: master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=08779069e86d72336f52078276c3296455fae4f7 Log: Merge branch 'PHP-5.4' * PHP-5.4: c++ comments restore BC ws + restore BC to apache_request_headers fix bug #61807 - Buffer Overflow in apache_request_headers Bugs: https://bugs.php.net/61807 Changed paths: MM sapi/cgi/cgi_main.c Diff: -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: fix bug #61807 - Buffer Overflow in apache_request_headers: sapi/cgi/cgi_main.c sapi/cgi/tests/apache_request_headers.phpt
Commit:20364bcff9f38bed83245d785cc8ec3a072e4da5 Author:Stanislav Malyshev Mon, 7 May 2012 12:24:22 -0700 Parents: 0b4d7a455d8f2bffaa9c4f9cbd7aff8e3e740fe8 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=20364bcff9f38bed83245d785cc8ec3a072e4da5 Log: fix bug #61807 - Buffer Overflow in apache_request_headers Bugs: https://bugs.php.net/61807 Changed paths: M sapi/cgi/cgi_main.c A sapi/cgi/tests/apache_request_headers.phpt Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index d25cad4..a0a1ada 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1615,15 +1615,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */ p = var + 5; var = q = t; +// First char keep uppercase *q++ = *p++; while (*p) { - if (*p == '_') { + if (*p == '=') { + // End of name + break; +} else if (*p == '_') { *q++ = '-'; p++; - if (*p) { +// First char after - keep uppercase + if (*p && *p!='=' && *p!='_') { *q++ = *p++; } } else if (*p >= 'A' && *p <= 'Z') { +// lowercase *q++ = (*p++ - 'A' + 'a'); } else { *q++ = *p++; diff --git a/sapi/cgi/tests/apache_request_headers.phpt b/sapi/cgi/tests/apache_request_headers.phpt new file mode 100644 index 000..37e077e --- /dev/null +++ b/sapi/cgi/tests/apache_request_headers.phpt @@ -0,0 +1,49 @@ +--TEST-- +apache_request_headers() stack overflow. +--SKIPIF-- + +--FILE-- +'); + +passthru("$php $file"); + +$names = array('HTTP_X_TEST', 'HTTP_X__TEST', 'HTTP_X_'); +foreach ($names as $name) { + putenv($name."=".str_repeat("A", 256)); + passthru("$php -q $file"); + putenv($name); +} +unlink($file); + +echo "Done\n"; +?> +--EXPECTF-- +X-Powered-By: PHP/%s +Content-type: text/html + +Array +( +) +Array +( +[X-Test] => +) +Array +( +[X--Test] => +) +Array +( +[X-] => +) +Done -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: c++ comments: sapi/cgi/cgi_main.c
Commit:057f4719d3825fff3f0cfe0f263168b227d93205 Author:Stanislav Malyshev Tue, 8 May 2012 10:18:06 -0700 Parents: 1919ec5a55d971610eab86eb64b18b7eacfefe81 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=057f4719d3825fff3f0cfe0f263168b227d93205 Log: c++ comments Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index ba89c54..7856e0c 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1615,21 +1615,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */ p = var + 5; var = q = t; - // First char keep uppercase + /* First char keep uppercase */ *q++ = *p++; while (*p) { if (*p == '=') { - // End of name + /* End of name */ break; } else if (*p == '_') { *q++ = '-'; p++; - // First char after - keep uppercase + /* First char after - keep uppercase */ if (*p && *p!='=') { *q++ = *p++; } } else if (*p >= 'A' && *p <= 'Z') { - // lowercase + /* lowercase */ *q++ = (*p++ - 'A' + 'a'); } else { *q++ = *p++; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: ws + restore BC to apache_request_headers: sapi/cgi/cgi_main.c
Commit:bd8912e47c8a74406fe49555a3eb76a8c3197b27 Author:Stanislav Malyshev Mon, 7 May 2012 21:54:19 -0700 Parents: 20364bcff9f38bed83245d785cc8ec3a072e4da5 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=bd8912e47c8a74406fe49555a3eb76a8c3197b27 Log: ws + restore BC to apache_request_headers Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index a0a1ada..ba89c54 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1615,21 +1615,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */ p = var + 5; var = q = t; -// First char keep uppercase + // First char keep uppercase *q++ = *p++; while (*p) { if (*p == '=') { - // End of name - break; -} else if (*p == '_') { + // End of name + break; + } else if (*p == '_') { *q++ = '-'; p++; -// First char after - keep uppercase - if (*p && *p!='=' && *p!='_') { + // First char after - keep uppercase + if (*p && *p!='=') { *q++ = *p++; } } else if (*p >= 'A' && *p <= 'Z') { -// lowercase + // lowercase *q++ = (*p++ - 'A' + 'a'); } else { *q++ = *p++; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: restore BC: sapi/cgi/tests/apache_request_headers.phpt
Commit:1919ec5a55d971610eab86eb64b18b7eacfefe81 Author:Stanislav Malyshev Mon, 7 May 2012 22:22:56 -0700 Parents: bd8912e47c8a74406fe49555a3eb76a8c3197b27 Branches: PHP-5.4 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=1919ec5a55d971610eab86eb64b18b7eacfefe81 Log: restore BC Changed paths: M sapi/cgi/tests/apache_request_headers.phpt Diff: diff --git a/sapi/cgi/tests/apache_request_headers.phpt b/sapi/cgi/tests/apache_request_headers.phpt index 37e077e..2c82d57 100644 --- a/sapi/cgi/tests/apache_request_headers.phpt +++ b/sapi/cgi/tests/apache_request_headers.phpt @@ -40,7 +40,7 @@ Array ) Array ( -[X--Test] => +[X-_test] => ) Array ( -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: updated NEWS: NEWS
Commit:838b4b8ff7d78dfb0da99e0b17568558a85a1c2a Author:Anatoliy Belsky Tue, 8 May 2012 18:51:49 +0200 Parents: d776a933eb270c7aa094c937168966fa89e2fa5c Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=838b4b8ff7d78dfb0da99e0b17568558a85a1c2a Log: updated NEWS Changed paths: M NEWS Diff: diff --git a/NEWS b/NEWS index c354b39..bd194be 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,8 @@ PHP NEWS . Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64). (Gustavo) . Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null). (Anatoliy) + . Fixed bug #61713 (Logic error in charset detection for htmlentities). +(Anatoliy) - Fileinfo: . Fixed bug #61812 (Uninitialised value used in libmagic). -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug 61713 check also that mbstring's found any internal_encoding: ext/standard/html.c
Commit:d776a933eb270c7aa094c937168966fa89e2fa5c Author:Anatoliy Belsky Tue, 8 May 2012 18:31:11 +0200 Parents: 3a4a25358fe3f389c434f68e59bfd70b25b93b29 Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=d776a933eb270c7aa094c937168966fa89e2fa5c Log: Fix bug 61713 check also that mbstring's found any internal_encoding Bugs: https://bugs.php.net/61713 Changed paths: M ext/standard/html.c Diff: diff --git a/ext/standard/html.c b/ext/standard/html.c index c813af5..058708e 100644 --- a/ext/standard/html.c +++ b/ext/standard/html.c @@ -785,18 +785,20 @@ static enum entity_charset determine_charset(char *charset_hint TSRMLS_DC) charset_hint = Z_STRVAL_P(uf_result); len = Z_STRLEN_P(uf_result); - if (len == 4) { /* sizeof(none|auto|pass)-1 */ - if (!memcmp("pass", charset_hint, sizeof("pass") - 1) || - !memcmp("auto", charset_hint, sizeof("auto") - 1) || - !memcmp("none", charset_hint, sizeof("none") - 1)) { - - charset_hint = NULL; - len = 0; + if (charset_hint != NULL && len != 0) { + if (len == 4) { /* sizeof(none|auto|pass)-1 */ + if (!memcmp("pass", charset_hint, sizeof("pass") - 1) || + !memcmp("auto", charset_hint, sizeof("auto") - 1) || + !memcmp("none", charset_hint, sizeof("none") - 1)) { + + charset_hint = NULL; + len = 0; + } + } else { + /* Jump to det_charset only if mbstring isn't one of above eq pass, auto, none. + Otherwise try default_charset next */ + goto det_charset; } - } else { - /* Jump to det_charset only if mbstring isn't one of above eq pass, auto, none. - Otherwise try default_charset next */ - goto det_charset; } } } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix bug #61713 ext\standard\tests\strings\htmlentities10.phpt fails: ext/standard/html.c
Commit:3a4a25358fe3f389c434f68e59bfd70b25b93b29 Author:Anatoliy Belsky Tue, 8 May 2012 17:42:01 +0200 Parents: e120a0c7f30953774d3ff2ac1a14b2ab623a047c Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=3a4a25358fe3f389c434f68e59bfd70b25b93b29 Log: Fix bug #61713 ext\standard\tests\strings\htmlentities10.phpt fails There is a logic error in charset detection part for htmlentities. When mbstring is compiled shared and mbstring.internal_encoding is set to pass, it prevents default_charset from being checked resulting iso-8859-1 being choosed. Bugs: https://bugs.php.net/61713 Changed paths: M ext/standard/html.c Diff: diff --git a/ext/standard/html.c b/ext/standard/html.c index 81c69de..c813af5 100644 --- a/ext/standard/html.c +++ b/ext/standard/html.c @@ -793,8 +793,11 @@ static enum entity_charset determine_charset(char *charset_hint TSRMLS_DC) charset_hint = NULL; len = 0; } + } else { + /* Jump to det_charset only if mbstring isn't one of above eq pass, auto, none. + Otherwise try default_charset next */ + goto det_charset; } - goto det_charset; } } #endif -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] com php-src: fix bug #61807 - Buffer Overflow in apache_request_headers: NEWS sapi/cgi/cgi_main.c sapi/cgi/tests/apache_request_headers.phpt
2012/5/7 Stanislav Malyshev : > Commit: eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354 > Author: Stanislav Malyshev Mon, 7 May 2012 12:24:22 > -0700 > Parents: fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4 > Branches: PHP-5.4.3 > > Link: > http://git.php.net/?p=php-src.git;a=commitdiff;h=eb8f3b025b0a6dbbf6b44bf51d8cf345437b7354 > > Log: > fix bug #61807 - Buffer Overflow in apache_request_headers > > Bugs: > https://bugs.php.net/61807 > > Changed paths: > M NEWS > M sapi/cgi/cgi_main.c > A sapi/cgi/tests/apache_request_headers.phpt > > > Diff: > diff --git a/NEWS b/NEWS > index a41a5d1..7603cfb 100644 > --- a/NEWS > +++ b/NEWS > @@ -5,6 +5,7 @@ PHP > NEWS > - CGI > . Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. > (Stas) > + . Fix bug #61807 - Buffer Overflow in apache_request_headers. > > 03 May 2012, PHP 5.4.2 > > diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c > index 71404a4..a1690b1 100644 > --- a/sapi/cgi/cgi_main.c > +++ b/sapi/cgi/cgi_main.c > @@ -1614,15 +1614,21 @@ PHP_FUNCTION(apache_request_headers) /* {{{ */ > p = var + 5; > > var = q = t; > + // First char keep uppercase > *q++ = *p++; > while (*p) { > - if (*p == '_') { > + if (*p == '=') { > + // End of name > + break; > + } else if (*p == '_') { > *q++ = '-'; > p++; > - if (*p) { > + // First char after - keep > uppercase > + if (*p && *p!='=' && *p!='_') > { > *q++ = *p++; > } > } else if (*p >= 'A' && *p <= 'Z') { > + // lowercase > *q++ = (*p++ - 'A' + 'a'); > } else { > *q++ = *p++; I see C++ comments. -- Regards, Felipe Pena
[PHP-CVS] com php-src: Fix #61704 (Crash apache, phpinfo() threading issue): NEWS ext/mysqlnd/mysqlnd_plugin.c ext/mysqlnd/php_mysqlnd.c
Commit:e8e661128a4dcee9d2f35ed3443d567ba2ad7870 Author:Johannes Schlüter Tue, 8 May 2012 17:30:05 +0200 Parents: fb3b6bcf8384c375ddffce85d5e652ec609ccf7a Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e8e661128a4dcee9d2f35ed3443d567ba2ad7870 Log: Fix #61704 (Crash apache, phpinfo() threading issue) Bugs: https://bugs.php.net/61704 Changed paths: M NEWS M ext/mysqlnd/mysqlnd_plugin.c M ext/mysqlnd/php_mysqlnd.c Diff: diff --git a/NEWS b/NEWS index f88bf70..6008f42 100644 --- a/NEWS +++ b/NEWS @@ -110,6 +110,7 @@ PHP NEWS . Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes). - mysqlnd + . Fixed bug #61704 (Crash apache, phpinfo() threading issue). (Johannes) . Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). (Johannes) diff --git a/ext/mysqlnd/mysqlnd_plugin.c b/ext/mysqlnd/mysqlnd_plugin.c index 457596f..2dbb57d 100644 --- a/ext/mysqlnd/mysqlnd_plugin.c +++ b/ext/mysqlnd/mysqlnd_plugin.c @@ -169,7 +169,24 @@ PHPAPI void * _mysqlnd_plugin_find(const char * const name TSRMLS_DC) /* {{{ _mysqlnd_plugin_apply_with_argument */ PHPAPI void _mysqlnd_plugin_apply_with_argument(apply_func_arg_t apply_func, void * argument TSRMLS_DC) { - zend_hash_apply_with_argument(&mysqlnd_registered_plugins, apply_func, argument TSRMLS_CC); + /* Note: We want to be thread-safe (read-only), so we can use neither +* zend_hash_apply_with_argument nor zend_hash_internal_pointer_reset and +* friends +*/ + Bucket *p; + + p = mysqlnd_registered_plugins.pListHead; + while (p != NULL) { + int result = apply_func(p->pData, argument TSRMLS_CC); + + if (result & ZEND_HASH_APPLY_REMOVE) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "mysqlnd_plugin_apply_with_argument must not remove table entries"); + } + p = p->pListNext; + if (result & ZEND_HASH_APPLY_STOP) { + break; + } + } } /* }}} */ diff --git a/ext/mysqlnd/php_mysqlnd.c b/ext/mysqlnd/php_mysqlnd.c index 1022285..20fcc5e 100644 --- a/ext/mysqlnd/php_mysqlnd.c +++ b/ext/mysqlnd/php_mysqlnd.c @@ -135,16 +135,22 @@ mysqlnd_minfo_dump_loaded_plugins(void *pDest, void * buf TSRMLS_DC) /* }}} */ /* {{{ mysqlnd_minfo_dump_api_plugins */ -static int -mysqlnd_minfo_dump_api_plugins(void * pDest, void * buf TSRMLS_DC) +static void +mysqlnd_minfo_dump_api_plugins(smart_str * buffer TSRMLS_DC) { - smart_str * buffer = (smart_str *) buf; - MYSQLND_REVERSE_API * ext = *(MYSQLND_REVERSE_API **) pDest; - if (buffer->len) { - smart_str_appendc(buffer, ','); + HashTable *ht = mysqlnd_reverse_api_get_api_list(TSRMLS_C); + Bucket *p; + + p = ht->pListHead; + while(p != NULL) { + MYSQLND_REVERSE_API * ext = *(MYSQLND_REVERSE_API **) p->pData; + if (buffer->len) { + smart_str_appendc(buffer, ','); + } + smart_str_appends(buffer, ext->module->name); + + p = p->pListNext; } - smart_str_appends(buffer, ext->module->name); - return ZEND_HASH_APPLY_KEEP; } /* }}} */ @@ -189,7 +195,7 @@ PHP_MINFO_FUNCTION(mysqlnd) php_info_print_table_row(2, "Loaded plugins", tmp_str.c); smart_str_free(&tmp_str); - zend_hash_apply_with_argument(mysqlnd_reverse_api_get_api_list(TSRMLS_C), mysqlnd_minfo_dump_api_plugins, &tmp_str TSRMLS_CC); + mysqlnd_minfo_dump_api_plugins(&tmp_str TSRMLS_CC); smart_str_0(&tmp_str); php_info_print_table_row(2, "API Extensions", tmp_str.c); smart_str_free(&tmp_str); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: Fix folding marks: ext/mysqlnd/mysqlnd_plugin.c
Commit:fb3b6bcf8384c375ddffce85d5e652ec609ccf7a Author:Johannes Schlüter Tue, 8 May 2012 15:18:33 +0200 Parents: 340091469a2838ee633764279d988e830f40acde Branches: PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb3b6bcf8384c375ddffce85d5e652ec609ccf7a Log: Fix folding marks Changed paths: M ext/mysqlnd/mysqlnd_plugin.c Diff: diff --git a/ext/mysqlnd/mysqlnd_plugin.c b/ext/mysqlnd/mysqlnd_plugin.c index b295ad7..457596f 100644 --- a/ext/mysqlnd/mysqlnd_plugin.c +++ b/ext/mysqlnd/mysqlnd_plugin.c @@ -65,7 +65,7 @@ static struct st_mysqlnd_typeii_plugin_example mysqlnd_example_plugin = }; -/* {{{ mysqlnd_plugin_subsystem_init */ +/* {{{ mysqlnd_example_plugin_end */ static enum_func_status mysqlnd_example_plugin_end(void * p TSRMLS_DC) { @@ -78,7 +78,7 @@ enum_func_status mysqlnd_example_plugin_end(void * p TSRMLS_DC) /* }}} */ -/* {{{ mysqlnd_plugin_subsystem_init */ +/* {{{ mysqlnd_example_plugin_register */ void mysqlnd_example_plugin_register(TSRMLS_D) { @@ -104,7 +104,7 @@ mysqlnd_plugin_subsystem_init(TSRMLS_D) /* }}} */ -/* {{{ mysqlnd_plugin_subsystem_init */ +/* {{{ mysqlnd_plugin_end_apply_func */ int mysqlnd_plugin_end_apply_func(void *pDest TSRMLS_DC) { @@ -136,7 +136,7 @@ PHPAPI unsigned int mysqlnd_plugin_register() /* }}} */ -/* {{{ mysqlnd_plugin_register */ +/* {{{ mysqlnd_plugin_register_ex */ PHPAPI unsigned int mysqlnd_plugin_register_ex(struct st_mysqlnd_plugin_header * plugin TSRMLS_DC) { if (plugin) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: This will be PHP 5.3.14: NEWS configure.in main/php_version.h
Commit:e120a0c7f30953774d3ff2ac1a14b2ab623a047c Author:Johannes Schlüter Tue, 8 May 2012 11:28:15 +0200 Parents: 000e84aa88ce16deabbf61e7086fc8db63ca88aa Branches: PHP-5.3 PHP-5.4 master Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e120a0c7f30953774d3ff2ac1a14b2ab623a047c Log: This will be PHP 5.3.14 Changed paths: M NEWS M configure.in M main/php_version.h Diff: diff --git a/NEWS b/NEWS index c2b10e5..c354b39 100644 --- a/NEWS +++ b/NEWS @@ -40,13 +40,19 @@ PHP NEWS . Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set). (Reeze) -(merge after 5.3.11 release) +08 May 2012, PHP 5.3.13 +- CGI + . Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311. +(Stas) + +03 May 2012, PHP 5.3.12 +- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus) + +26 Apr 2012, PHP 5.3.11 - Core: - . Fixed bug #61605 (header_remove() does not remove all headers). -(Laruence) - . Fixed bug #61541 (Segfault when using ob_* in output_callback). -(reeze@gmail.com) + . Fixed bug #61650 (ini parser crashes when using ${} ini variables +(without apache2)). (Laruence) . Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes). (Laruence) . Fixed bug #61165 (Segfault - strip_tags()). (Laruence) @@ -93,14 +99,17 @@ PHP NEWS . Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones) - Fileinfo + . Upgraded libmagic to 5.11 (Pierre, Anatoliy) + . Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a +directory descriptor under windows. (Anatoliy) + . Fixed bug #61566 failure caused by the posix lseek and read versions +under windows in cdf_read(). (Anatoliy) . Fixed bug #61173 (Unable to detect error from finfo constructor). (Gustavo) - Firebird Database extension (ibase): . Fixed bug #60802 (ibase_trans() gives segfault when passing params). - Libxml: - . Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). -(Laruence) . Fixed bug #61367 (open_basedir bypass using libxml RSHUTDOWN). (Tim Starling) @@ -123,6 +132,10 @@ PHP NEWS - PDO_Sqlite extension: . Add createCollation support. (Damien) +- pgsql: + . Fixed bug #60718 (Compile problem with libpq (PostgreSQL 7.3 or less). +(Yasuo Ohgaki) + - Phar: . Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikic) diff --git a/configure.in b/configure.in index b257cbb..35356d0 100644 --- a/configure.in +++ b/configure.in @@ -41,7 +41,7 @@ AC_CONFIG_HEADER(main/php_config.h) PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 -PHP_RELEASE_VERSION=13 +PHP_RELEASE_VERSION=14 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 358c6c0..0b523d7 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 -#define PHP_RELEASE_VERSION 13 +#define PHP_RELEASE_VERSION 14 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.3.13-dev" -#define PHP_VERSION_ID 50313 +#define PHP_VERSION "5.3.14-dev" +#define PHP_VERSION_ID 50314 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: improve fix for CVE-2012-1823 (cherry picked from commit fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4): sapi/cgi/cgi_main.c
Commit:46d9cc3de9f2def8ab84d0b83cc89b6f85d7506a Author:Stanislav Malyshev Mon, 7 May 2012 12:08:36 -0700 Committer: Johannes Schlüter Tue, 8 May 2012 11:15:23 +0200 Parents: 03cb63bc1da6344f65a075f25721d29b59670cfe Branches: PHP-5.3.13 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=46d9cc3de9f2def8ab84d0b83cc89b6f85d7506a Log: improve fix for CVE-2012-1823 (cherry picked from commit fc3ba0552fd5c2d7b5870f3e2fec0a9a2d2996f4) Changed paths: M sapi/cgi/cgi_main.c Diff: diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index bb37aba..62ccbf2 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -1560,10 +1560,15 @@ int main(int argc, char *argv[]) } } - if(query_string = getenv("QUERY_STRING")) { + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) { + for (p = decoded_query_string; *p && *p <= ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -1818,7 +1823,7 @@ consult the installation file that came with this distribution, or visit \n\ } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] com php-src: PHP 5.3.13: NEWS configure.in main/php_version.h
Commit:e9354b53665e2d313f07d48ce3d227cc61a068dc Author:Johannes Schlüter Tue, 8 May 2012 11:22:27 +0200 Parents: 46d9cc3de9f2def8ab84d0b83cc89b6f85d7506a Branches: PHP-5.3.13 Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e9354b53665e2d313f07d48ce3d227cc61a068dc Log: PHP 5.3.13 Changed paths: M NEWS M configure.in M main/php_version.h Diff: diff --git a/NEWS b/NEWS index 6d95962..124054e 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,11 @@ PHPNEWS ||| -03 Mar 2012, PHP 5.3.12 +08 May 2012, PHP 5.3.13 +- CGI + . Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311. +(Stas) + +03 May 2012, PHP 5.3.12 - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus) 26 Apr 2012, PHP 5.3.11 diff --git a/configure.in b/configure.in index e9cf322..f8241e6 100644 --- a/configure.in +++ b/configure.in @@ -41,7 +41,7 @@ AC_CONFIG_HEADER(main/php_config.h) PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 -PHP_RELEASE_VERSION=12 +PHP_RELEASE_VERSION=13 PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 1 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index 5103b1c..f4753a2 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -4,5 +4,5 @@ #define PHP_MINOR_VERSION 3 #define PHP_RELEASE_VERSION 12 #define PHP_EXTRA_VERSION "" -#define PHP_VERSION "5.3.12" -#define PHP_VERSION_ID 50312 +#define PHP_VERSION "5.3.13" +#define PHP_VERSION_ID 50313 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] tag php-src: create tag php-5.3.13
Tag php-5.3.13 in php-src.git was created Tag: ce915805eb49518a83d8ce04eeca5f89e32a616c Tagger: Johannes Schlüter Tue May 8 11:22:55 2012 +0200 Log: PHP 5.3.13 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (SunOS) iQEcBAABAgAGBQJPqOX4AAoJEH3sTmn8nIPXsCwIAMacmignMUwFQeRAPZDIgVNp 5lpUEm99Q5WJI0SphOFKw6CD7g32p/fXbkSZClK7huPCRa9xYo3DPBjxPyQn0UC0 yPPKp+7mn+kn/pZTGJwWDGW4socqJV7/WLL+RSJ+WJml/82m+XGMbef1BydQPRZr Vgv2H45gvxqAzuuIvl/GyCpH+wHlKD0v7FLXcvvusQTkPC6HDrUME/ILlqCvl0od cp2fXqS2zf5N4lWnoZbqUtw3bOrTgdQmhpWdJw936bjK1dKg5J2rhM0F1pafxmTd /ku/+5/1v86LHQWPcJTSr1UMrzY1FcyQkp526Z79rdwbxqW2CTekXM7yvoBeA0w= =mgA1 -END PGP SIGNATURE- Link: http://git.php.net/?p=php-src.git;a=tag;h=ce915805eb49518a83d8ce04eeca5f89e32a616c Target: e9354b53665e2d313f07d48ce3d227cc61a068dc Author: Johannes Schlüter Tue, 8 May 2012 11:22:27 +0200 Parents: 46d9cc3de9f2def8ab84d0b83cc89b6f85d7506a Target link: http://git.php.net/?p=php-src.git;a=commitdiff;h=e9354b53665e2d313f07d48ce3d227cc61a068dc Target log: PHP 5.3.13 Changed paths: M NEWS M configure.in M main/php_version.h -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php