- rel 8; see cvs log php-openssl-huge-hack.patch for details

[packages/php4.git] / php4-bug-36017-and-session-chars.patch

diff -urN php-4.4.2/ext/informix/ifx.ec php4-STABLE-200601181735/ext/informix/ifx.ec
--- php-4.4.2/ext/informix/ifx.ec       2006-01-01 14:46:53.000000000 +0100
+++ php4-STABLE-200601181735/ext/informix/ifx.ec        2006-01-13 16:35:54.000000000 +0100
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id$ */
+/* $Id$ */
 
 /* -------------------------------------------------------------------
  * if you want a function reference : "grep '^\*\*' ifx.ec" will give
@@ -3949,6 +3949,7 @@
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create char-resource");
                return -1;
        }
+       memset(Ifx_char, 0, sizeof(IFX_IDRES));
 
        Ifx_char->type = TYPE_CHAR;
 
@@ -4233,6 +4234,7 @@
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
                return -1;
        }
+       memset(Ifx_slob, 0, sizeof(IFX_IDRES));
 
        errcode = ifx_lo_def_create_spec(&(Ifx_slob->SLOB.createspec));
        if (errcode < 0) {
@@ -4475,6 +4477,7 @@
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Can't create slob-resource");
                return -1;
        }
+       memset(Ifx_slob, 0, sizeof(IFX_IDRES));
        
        Ifx_slob->type = TYPE_SLOB;
        Ifx_slob->SLOB.lofd = -1;
diff -urN php-4.4.2/ext/session/session.c php4-STABLE-200601181735/ext/session/session.c
--- php-4.4.2/ext/session/session.c     2006-01-01 14:46:56.000000000 +0100
+++ php4-STABLE-200601181735/ext/session/session.c      2006-01-15 18:34:53.000000000 +0100
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id$ */
+/* $Id$ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -626,6 +626,12 @@
        char *val;
        int vallen;
 
+       /* check session name for invalid characters */
+       if (PS(id) && strpbrk(PS(id), "\r\n\t <>'\"\\")) {
+               efree(PS(id));
+               PS(id) = NULL;
+       }
+
        if (!PS(mod)) {
                php_error_docref(NULL TSRMLS_CC, E_ERROR, "No storage module chosen - failed to initialize session.");
                return;
diff -urN php-4.4.2/ext/standard/http_fopen_wrapper.c php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c
--- php-4.4.2/ext/standard/http_fopen_wrapper.c 2006-01-01 14:46:57.000000000 +0100
+++ php4-STABLE-200601181735/ext/standard/http_fopen_wrapper.c  2006-01-16 00:37:42.000000000 +0100
@@ -18,7 +18,7 @@
    |          Wez Furlong <wez@thebrainroom.com>                          |
    +----------------------------------------------------------------------+
  */
-/* $Id$ */ 
+/* $Id$ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -339,7 +339,7 @@
                size_t tmp_line_len;
                /* get response header */
 
-               if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len TSRMLS_CC) != NULL) {
+               if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
                        zval *http_response;
                        int response_code;
 
@@ -394,7 +394,7 @@
 
        while (!body && !php_stream_eof(stream)) {
                size_t http_header_line_length;
-               if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length TSRMLS_CC) && *http_header_line != '\n' && *http_header_line != '\r') {
+               if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
                        char *e = http_header_line + http_header_line_length - 1;
                        while (*e == '\n' || *e == '\r') {
                                e--;
diff -urN php-4.4.2/NEWS php4-STABLE-200601181735/NEWS
--- php-4.4.2/NEWS      2006-01-12 18:54:19.000000000 +0100
+++ php4-STABLE-200601181735/NEWS       2006-01-16 00:37:37.000000000 +0100
@@ -1,5 +1,9 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? ??? 2006, Version 4.4.3
+- Added a check for special characters in the session name. (Ilia)
+- Fixed bug #36017 (fopen() crashes PHP when opening a URL). (Tony)
+
 13 Jan 2006, Version 4.4.2
 - Added missing safe_mode/open_basedir checks into cURL extension. (Ilia)
 - Backported missing imap_mailcompose() fixes from PHP 5.x. (Ilia)
diff -urN php-4.4.2/win32/wsyslog.c php4-STABLE-200601181735/win32/wsyslog.c
--- php-4.4.2/win32/wsyslog.c   2004-07-30 16:37:17.000000000 +0200
+++ php4-STABLE-200601181735/win32/wsyslog.c    2006-01-16 16:36:07.000000000 +0100
@@ -61,9 +61,14 @@
 void closelog(void)
 {
        TSRMLS_FETCH();
-       DeregisterEventSource(PW32G(log_source));
-       STR_FREE(PW32G(log_header));
-       PW32G(log_header) = NULL;
+       if (PW32G(log_source)) {
+               DeregisterEventSource(PW32G(log_source));
+               PW32G(log_source) = NULL;
+       }
+       if (PW32G(log_header)) {
+               STR_FREE(PW32G(log_header));
+               PW32G(log_header) = NULL;
+       }
 }
 
 /* Emulator for BSD syslog() routine
diff -urN php-4.4.2/Zend/zend_language_scanner.c php4-STABLE-200601181735/Zend/zend_language_scanner.c
--- php-4.4.2/Zend/zend_language_scanner.c      2006-01-12 19:24:28.000000000 +0100
+++ php4-STABLE-200601181735/Zend/zend_language_scanner.c       2006-01-18 18:36:27.000000000 +0100
@@ -4755,7 +4755,6 @@
 {
        int label_len;
 
-       CG(zend_lineno)++;
        if (yytext[yyleng-2]=='\r') {
                label_len = yyleng-2;
        } else {
@@ -4776,6 +4775,7 @@
                BEGIN(ST_IN_SCRIPTING);
                return T_END_HEREDOC;
        } else {
+               CG(zend_lineno)++;
                zend_copy_value(zendlval, yytext, yyleng);
                zendlval->type = IS_STRING;
                return T_STRING;