ID: 27372
Comment by: alexandre at alapetite dot remove dot net
Reported By: php-bug-NOSPAM-2004 at ryandesign dot com
Status: Verified
Bug Type: *General Issues
Operating System: *
PHP Version: 4CVS, 5CVS (2004-04-07)
New Comment:
Gary Keith has already (2004-10-02) kindly modified his browscap.ini in
order to prevent a specific crash about the Nutch browser. But the
browscap parser should anyway include a security: when one assign a
parent to the same parent in browscap.ini, there is an infinite loop
that should be prevented.
Example in browscap.ini:
[Nutch]
parent=Nutch
Then in a PHP script:
$browser=get_browser('Nutch');
Effect:
Infinite loop that takes 100% CPU forever.
Previous Comments:
------------------------------------------------------------------------
[2004-08-31 21:22:34] [EMAIL PROTECTED]
I posted this on internals but I should probably add it to
the bug report, too...
A patch for this against HEAD is available at
http://bugs.tutorbuddy.com/download.php/browscap.patch.tar.gz
It contains the new parser (which goes into ext/standard)
and updates to the makefiles for *ix and win32. I've
tested the patch on linux and win2k, and I'd like to
commit to HEAD for inclusion in 5.1. Backporting to 5.0
would be nice, too, if possible.
J
------------------------------------------------------------------------
[2004-02-26 18:32:25] php_bug_27372 at garykeith dot com
Hi, Derick.
Since there are so many people still using very early versions of 4.3.x
I know it will be a very long time before everyone upgrades to 5.* and
that means I'll be stuck in the same untenable situation I'm in right
now for a very long time.
Kindly remove the link to my website from your documentation page. It's
not fair to your users to refer them to a browscap.ini file that does
not work in PHP.
~gary.
------------------------------------------------------------------------
[2004-02-26 16:37:33] [EMAIL PROTECTED]
Hey,
there will be no back-port to PHP 4.3, as it involves writing a whole
new parser, which is simply something that should not go into a bug-fix
only branch (and it is also very unlikely that there will be a 4.3.6
anyway).
Now, for PHP 5 that is obviously not a problem and we'll have to write
a new parser for it, which is not an easy task, and that takes time
too. I can't not guarantee in which time frame that happens though.
Derick
------------------------------------------------------------------------
[2004-02-26 16:27:16] php_bug_27372 at garykeith dot com
Sniper, I see you deleted my messages again. And you still have not
replied to the e-mail I sent you days ago. That's why I'm posting this
here instead of via e-mail. It seems to be the only way to reach you.
Ryan and Jay have been hard at work on fixing the problems with
get_browser(). They made use of my 23,000 user agents database and with
a couple of exceptions their mods made get_browser() work perfectly. The
exceptions seem related to the ini parser that get_browser() apparently
shares with other parts of PHP.
Anyway, I have already toned down the anti-PHP rhetoric on my website
because of the hard work these two guys have been doing and was ready
to make some temporary changes to my browscap.ini file to accommodate
PHP.
But first I want some assurance from someone on the PHP team that this
parser issue will be addressed, soon. I'd like to see it worked into
version 5 and then maybe backported to to the 4.3 branch.
Is this something you can help me with? If you'd prefer to contact me
via e-mail and delete this message that's fine with me.
~gary.
------------------------------------------------------------------------
[2004-02-26 15:39:37] php-bug-NOSPAM-2004 at ryandesign dot com
There's also a user agent with "check&get" in its name.
While this does not cause a parser error, PHP fills its
name into the array as "0" instead of its actual name. I
suspect this is also related to the special way ini
files are currently handled, and that it doesn't like
the "&" char in the user agent string, and that this
should be addressed at the same time as the "!" issue.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/27372
--
Edit this bug report at http://bugs.php.net/?id=27372&edit=1
