diff options
author | Nikita Popov <nikic@php.net> | 2016-07-30 16:07:54 +0200 |
---|---|---|
committer | Nikita Popov <nikic@php.net> | 2016-07-30 16:07:54 +0200 |
commit | 029f8e87772f27efdee48719b266e99b0a102543 (patch) | |
tree | 3b57c8b1fa8d6f35bcecec68e95fbcb8a8f5296c | |
parent | 1f67b4c24d780c1b9018bd34b538de59e3ed2d89 (diff) | |
download | php-git-029f8e87772f27efdee48719b266e99b0a102543.tar.gz |
Fix incorrect merge
Forgot to amend the merge fixes...
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/wddx/wddx.c | 10 |
2 files changed, 7 insertions, 6 deletions
@@ -133,6 +133,9 @@ PHP NEWS - Wddx: . Fixed bug #72564 (boolean always deserialized as "true") (Remi) + . Fixed bug #72142 (WDDX Packet Injection Vulnerability in + wddx_serialize_value()). (Taoguang Chen) + - Zip: . Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd). diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c index ed96a0d4a4..d28cb7a0ac 100644 --- a/ext/wddx/wddx.c +++ b/ext/wddx/wddx.c @@ -360,18 +360,16 @@ void php_wddx_packet_start(wddx_packet *packet, char *comment, size_t comment_le { php_wddx_add_chunk_static(packet, WDDX_PACKET_S); if (comment) { - char *escaped; - size_t escaped_len; - escaped = php_escape_html_entities( - comment, comment_len, &escaped_len, 0, ENT_QUOTES, NULL TSRMLS_CC); + zend_string *escaped = php_escape_html_entities( + comment, comment_len, 0, ENT_QUOTES, NULL); php_wddx_add_chunk_static(packet, WDDX_HEADER_S); php_wddx_add_chunk_static(packet, WDDX_COMMENT_S); - php_wddx_add_chunk_ex(packet, escaped, escaped_len); + php_wddx_add_chunk_ex(packet, ZSTR_VAL(escaped), ZSTR_LEN(escaped)); php_wddx_add_chunk_static(packet, WDDX_COMMENT_E); php_wddx_add_chunk_static(packet, WDDX_HEADER_E); - str_efree(escaped); + zend_string_release(escaped); } else { php_wddx_add_chunk_static(packet, WDDX_HEADER); } |