]> git.pld-linux.org Git - packages/php.git/blobdiff - php-CVE-2006-0996.patch
projects / packages / php.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- merged from php4.spec and adjusted for Ra
[packages/php.git] / php-CVE-2006-0996.patch
diff --git a/php-CVE-2006-0996.patch b/php-CVE-2006-0996.patch
index 5a721dac2e79ac03375e2ecf2da62b2bbcb2f708..23030f9deaafb8822f6f418604f9074fae839cf0 100644 (file)
--- a/php-CVE-2006-0996.patch
+++ b/php-CVE-2006-0996.patch
@@ -3,21 +3,23 @@ and 4.4.2 allows remote attackers to inject arbitrary web script or HTML
 via long array variables, including (1) a large number of dimensions or
 (2) long values, which prevents HTML tags from being removed.
 
-Patch pulled from cvs.php.net
+Patch based on php-CVE-2006-0996.patch + gcc 2.95 compilation fix from PHP CVS
 
---- php-5.1.2/ext/standard/info.c      2006/01/01 12:50:15     1.249.2.7
-+++ php-5.1.2/ext/standard/info.c      2006/03/30 19:58:18     1.249.2.9
-@@ -58,6 +58,21 @@
+--- php-4.4.2/ext/standard/info.c      2006-04-19 18:55:10.405669500 +0200
++++ php-4.4.2/ext/standard/info.c      2006-04-19 18:57:39.610994250 +0200
+@@ -58,6 +58,23 @@
  
  PHPAPI extern char *php_ini_opened_path;
  PHPAPI extern char *php_ini_scanned_files;
 +      
 +static int php_info_write_wrapper(const char *str, uint str_length)
 +{
++      int new_len, written;
++      char *elem_esc;
++
 +      TSRMLS_FETCH();
 +
-+      int new_len, written;
-+      char *elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
++      elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
 +
 +      written = php_body_write(elem_esc, new_len TSRMLS_CC);
 +
@@ -29,36 +31,30 @@ Patch pulled from cvs.php.net
  
  /* {{{ _display_module_info
   */
-@@ -135,30 +150,13 @@
+@@ -133,23 +148,12 @@
                                PUTS(" => ");
                        }
                        if (Z_TYPE_PP(tmp) == IS_ARRAY) {
 -                              zval *tmp3;
--
 -                              MAKE_STD_ZVAL(tmp3);
--
                                if (!sapi_module.phpinfo_as_text) {
                                        PUTS("<pre>");
 -                              }
 -                              php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
--                              
--                              zend_print_zval_r(*tmp, 0 TSRMLS_CC);
--                              
+-                              zend_print_zval_r(*tmp, 0);
 -                              php_ob_get_buffer(tmp3 TSRMLS_CC);
 -                              php_end_ob_buffer(0, 0 TSRMLS_CC);
 -                              
+-                              elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+-                              PUTS(elem_esc);
+-                              efree(elem_esc);
+-                              zval_ptr_dtor(&tmp3);
+-
 -                              if (!sapi_module.phpinfo_as_text) {
--                                      elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
--                                      PUTS(elem_esc);
--                                      efree(elem_esc);
 +                                      zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
                                        PUTS("</pre>");
-                               } else {
--                                      PUTS(Z_STRVAL_P(tmp3));
-+                                      zend_print_zval_r(*tmp, 0 TSRMLS_CC);
++                              } else {
++                                      zend_print_zval_r(*tmp, 0);
                                }
--                              zval_ptr_dtor(&tmp3);
--
                        } else if (Z_TYPE_PP(tmp) != IS_STRING) {
                                tmp2 = **tmp;
-                               zval_copy_ctor(&tmp2);
PHP: Hypertext Preprocessor
This page took 0.038282 seconds and 4 git commands to generate.