diff options
author | George Peter Banyard <girgias@php.net> | 2021-01-04 15:24:53 +0100 |
---|---|---|
committer | George Peter Banyard <girgias@php.net> | 2021-01-04 18:07:47 +0100 |
commit | 764b7bf1088af940f9de7aca13da8de56a63aa3f (patch) | |
tree | d66532950a696d6ff0b6809b0c461688571cc9ed | |
parent | 9f96b2bdc8f9109c53ac6121fb3adca517afd133 (diff) | |
download | php-git-764b7bf1088af940f9de7aca13da8de56a63aa3f.tar.gz |
Fix bug #80584: 0x and 0X are considered valid hex numbers by filter_var()
Closes GH-6573
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | ext/filter/logical_filters.c | 3 | ||||
-rw-r--r-- | ext/filter/tests/bug80584.phpt | 18 |
3 files changed, 25 insertions, 0 deletions
@@ -14,6 +14,10 @@ PHP NEWS . Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode stub). (Nikita) +- Filter: + . Fixed bug #80584 (0x and 0X are considered valid hex numbers by + filter_var()). (girgias) + - MySQLi: . Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns). (Nikita) diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index a9fcc01d01..392156b539 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -233,6 +233,9 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ p++; len--; if (allow_hex && (*p == 'x' || *p == 'X')) { p++; len--; + if (len == 0) { + RETURN_VALIDATION_FAILED + } if (php_filter_parse_hex(p, len, &ctx_value) < 0) { error = 1; } diff --git a/ext/filter/tests/bug80584.phpt b/ext/filter/tests/bug80584.phpt new file mode 100644 index 0000000000..ede6a4bcdc --- /dev/null +++ b/ext/filter/tests/bug80584.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug #80584: "0x" and "0X" are considered valid hex numbers by filter_var() +--SKIPIF-- +<?php +if (!extension_loaded('filter')) die('skip filter extension not available'); +?> +--FILE-- +<?php +var_dump(filter_var('0x', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); +var_dump(filter_var('0X', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); +var_dump(filter_var('', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); +var_dump(filter_var('0', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX)); +?> +--EXPECT-- +bool(false) +bool(false) +bool(false) +int(0) |