SOURCES (RA-branch_general): php-bug-36017-and-session-chars.patch...

hawk hawk at pld-linux.org
Wed Apr 26 16:04:27 CEST 2006


Author: hawk                         Date: Wed Apr 26 14:04:26 2006 GMT
Module: SOURCES                       Tag: RA-branch_general
---- Log message:
- copy of php4-bug-36017-and-session-chars.patch (for Ra)

---- Files affected:
SOURCES:
   php-bug-36017-and-session-chars.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/php-bug-36017-and-session-chars.patch
diff -u /dev/null SOURCES/php-bug-36017-and-session-chars.patch:1.1.2.1
--- /dev/null	Wed Apr 26 16:04:26 2006
+++ SOURCES/php-bug-36017-and-session-chars.patch	Wed Apr 26 16:04:21 2006
@@ -0,0 +1,145 @@
+diff -urN php-4.4.2/ext/informix/ifx.ec php4-STABLE-200601181735/ext/informix/ifx.ec
+--- php-4.4.2/ext/informix/ifx.ec	2006-01-01 14:46:53.000000000 +0100
++++ php4-STABLE-200601181735/ext/informix/ifx.ec	2006-01-13 16:35:54.000000000 +0100
+@@ -21,7 +21,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id$ */
++/* $Id$ */
+ 
+ /* -------------------------------------------------------------------
+  * if you want a function reference : "grep '^\*\*' ifx.ec" will give
+@@ -3949,6 +3949,7 @@
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create char-resource");
+ 		return -1;
+ 	}
++	memset(Ifx_char, 0, sizeof(IFX_IDRES));
+ 
+ 	Ifx_char->type = TYPE_CHAR;
+ 
+@@ -4233,6 +4234,7 @@
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
+ 		return -1;
+ 	}
++	memset(Ifx_slob, 0, sizeof(IFX_IDRES));
+ 
+ 	errcode = ifx_lo_def_create_spec(&(Ifx_slob->SLOB.createspec));
+ 	if (errcode < 0) {
+@@ -4475,6 +4477,7 @@
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
+ 		return -1;
+ 	}
++	memset(Ifx_slob, 0, sizeof(IFX_IDRES));
+ 	
+ 	Ifx_slob->type = TYPE_SLOB;
+ 	Ifx_slob->SLOB.lofd = -1;
+diff -urN php-4.4.2/ext/session/session.c php4-STABLE-200601181735/ext/session/session.c
+--- php-4.4.2/ext/session/session.c	2006-01-01 14:46:56.000000000 +0100
++++ php4-STABLE-200601181735/ext/session/session.c	2006-01-15 18:34:53.000000000 +0100
+@@ -17,7 +17,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id$ */
++/* $Id$ */
+ 
+ #ifdef HAVE_CONFIG_H
+ #include "config.h"
+@@ -626,6 +626,12 @@
+ 	char *val;
+ 	int vallen;
+ 
++	/* check session name for invalid characters */
++	if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
++		efree(PS(id));
++		PS(id) = NULL;
++	}
++
+ 	if (!PS(mod)) {
+ 		php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session.");
+ 		return;
+diff -urN php-4.4.2/ext/standard/http_fopen_wrapper.c php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c
+--- php-4.4.2/ext/standard/http_fopen_wrapper.c	2006-01-01 14:46:57.000000000 +0100
++++ php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c	2006-01-16 00:37:42.000000000 +0100
+@@ -18,7 +18,7 @@
+    |          Wez Furlong <wez at thebrainroom.com>                          |
+    +----------------------------------------------------------------------+
+  */
+-/* $Id$ */ 
++/* $Id$ */ 
+ 
+ #include "php.h"
+ #include "php_globals.h"
+@@ -339,7 +339,7 @@
+ 		size_t tmp_line_len;
+ 		/* get response header */
+ 
+-		if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len TSRMLS_CC) != NULL) {
++		if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
+ 			zval *http_response;
+ 			int response_code;
+ 
+@@ -394,7 +394,7 @@
+ 
+ 	while (!body && !php_stream_eof(stream)) {
+ 		size_t http_header_line_length;
+-		if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length TSRMLS_CC) && *http_header_line != '\n' && *http_header_line != '\r') {
++		if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
+ 			char *e = http_header_line + http_header_line_length - 1;
+ 			while (*e == '\n' || *e == '\r') {
+ 				e--;
+diff -urN php-4.4.2/NEWS php4-STABLE-200601181735/NEWS
+--- php-4.4.2/NEWS	2006-01-12 18:54:19.000000000 +0100
++++ php4-STABLE-200601181735/NEWS	2006-01-16 00:37:37.000000000 +0100
+@@ -1,5 +1,9 @@
+ PHP 4                                                                      NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
++?? ??? 2006, Version 4.4.3
++- Added a check for special characters in the session name. (Ilia)
++- Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
++
+ 13 Jan 2006, Version 4.4.2
+ - Added missing safe_mode/open_basedir checks into cURL extension. (Ilia)
+ - Backported missing imap_mailcompose() fixes from PHP 5.x. (Ilia)
+diff -urN php-4.4.2/win32/wsyslog.c php4-STABLE-200601181735/win32/wsyslog.c
+--- php-4.4.2/win32/wsyslog.c	2004-07-30 16:37:17.000000000 +0200
++++ php4-STABLE-200601181735/win32/wsyslog.c	2006-01-16 16:36:07.000000000 +0100
+@@ -61,9 +61,14 @@
+ void closelog(void)
+ {
+ 	TSRMLS_FETCH();
+-	DeregisterEventSource(PW32G(log_source));
+-	STR_FREE(PW32G(log_header));
+-	PW32G(log_header) = NULL;
++	if (PW32G(log_source)) {
++		DeregisterEventSource(PW32G(log_source));
++		PW32G(log_source) = NULL;
++	}
++	if (PW32G(log_header)) {
++		STR_FREE(PW32G(log_header));
++		PW32G(log_header) = NULL;
++	}
+ }
+ 
+ /* Emulator for BSD syslog() routine
+diff -urN php-4.4.2/Zend/zend_language_scanner.c php4-STABLE-200601181735/Zend/zend_language_scanner.c
+--- php-4.4.2/Zend/zend_language_scanner.c	2006-01-12 19:24:28.000000000 +0100
++++ php4-STABLE-200601181735/Zend/zend_language_scanner.c	2006-01-18 18:36:27.000000000 +0100
+@@ -4755,7 +4755,6 @@
+ {
+ 	int label_len;
+ 
+-	CG(zend_lineno)++;
+ 	if (yytext[yyleng-2]=='\r') {
+ 		label_len = yyleng-2;
+ 	} else {
+@@ -4776,6 +4775,7 @@
+ 		BEGIN(ST_IN_SCRIPTING);
+ 		return T_END_HEREDOC;
+ 	} else {
++		CG(zend_lineno)++;
+  		zend_copy_value(zendlval, yytext, yyleng);
+ 		zendlval->type = IS_STRING;
+ 		return T_STRING;
+
================================================================


More information about the pld-cvs-commit mailing list