diff options
| author | Ferenc Kovacs <tyrael@php.net> | 2015-06-10 10:49:51 +0200 |
|---|---|---|
| committer | Ferenc Kovacs <tyrael@php.net> | 2015-06-10 10:49:51 +0200 |
| commit | dbf30365aa15b9044d75b8f77db570bf8fdf2726 (patch) | |
| tree | e0b4481c39b2852b91037b38fa0ee5ec3776b52b /ext/dom | |
| parent | 9cb8cb47975b044bbaafd2d12287ff52cdd3b0e9 (diff) | |
| parent | 5ff259ebb72c1f5cef45c235ca1a85b8e1523835 (diff) | |
| download | php-git-php-7.0.0alpha1.tar.gz | |
Merge remote-tracking branch 'origin/master' into PHP-7.0.0php-7.0.0alpha1
* origin/master:
add missing NEWS entries
add missing NEWS entries
Fixed bug #69646 (OS command injection vulnerability in escapeshellarg)
add NEWS
Fixed bug #68776
fix test
update NEWS
fix typo
Fix bug #69646 OS command injection vulnerability in escapeshellarg
Fix #69719 - more checks for nulls in paths
fix test description
Fixed Buf #68812 Unchecked return value.
Diffstat (limited to 'ext/dom')
| -rw-r--r-- | ext/dom/document.c | 26 | ||||
| -rw-r--r-- | ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt | 4 |
2 files changed, 21 insertions, 9 deletions
diff --git a/ext/dom/document.c b/ext/dom/document.c index d435b1c281..3e4e298654 100644 --- a/ext/dom/document.c +++ b/ext/dom/document.c @@ -1562,7 +1562,7 @@ PHP_FUNCTION(dom_document_save) char *file; zend_long options = 0; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os|l", &id, dom_document_class_entry, &file, &file_len, &options) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op|l", &id, dom_document_class_entry, &file, &file_len, &options) == FAILURE) { return; } @@ -1793,7 +1793,7 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type int is_valid; char resolved_path[MAXPATHLEN + 1]; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op|l", &id, dom_document_class_entry, &source, &source_len, &flags) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os|l", &id, dom_document_class_entry, &source, &source_len, &flags) == FAILURE) { return; } @@ -1806,7 +1806,11 @@ static void _dom_document_schema_validate(INTERNAL_FUNCTION_PARAMETERS, int type switch (type) { case DOM_LOAD_FILE: - valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN ); + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); + RETURN_FALSE; + } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); if (!valid_file) { php_error_docref(NULL, E_WARNING, "Invalid Schema file source"); RETURN_FALSE; @@ -1889,7 +1893,7 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ int is_valid; char resolved_path[MAXPATHLEN + 1]; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os", &id, dom_document_class_entry, &source, &source_len) == FAILURE) { return; } @@ -1902,7 +1906,11 @@ static void _dom_document_relaxNG_validate(INTERNAL_FUNCTION_PARAMETERS, int typ switch (type) { case DOM_LOAD_FILE: - valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN ); + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source"); + RETURN_FALSE; + } + valid_file = _dom_get_valid_file_path(source, resolved_path, MAXPATHLEN TSRMLS_CC); if (!valid_file) { php_error_docref(NULL, E_WARNING, "Invalid RelaxNG file source"); RETURN_FALSE; @@ -1983,7 +1991,7 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ id = getThis(); - if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &source, &source_len, &options) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &source, &source_len, &options) == FAILURE) { return; } @@ -1993,6 +2001,10 @@ static void dom_load_html(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{ */ } if (mode == DOM_LOAD_FILE) { + if (CHECK_NULL_PATH(source, source_len)) { + php_error_docref(NULL, E_WARNING, "Invalid file source"); + RETURN_FALSE; + } ctxt = htmlCreateFileParserCtxt(source, NULL); } else { source_len = xmlStrlen((xmlChar *) source); @@ -2082,7 +2094,7 @@ PHP_FUNCTION(dom_document_save_html_file) char *file; const char *encoding; - if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Os", &id, dom_document_class_entry, &file, &file_len) == FAILURE) { + if (zend_parse_method_parameters(ZEND_NUM_ARGS(), getThis(), "Op", &id, dom_document_class_entry, &file, &file_len) == FAILURE) { return; } diff --git a/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt b/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt index 75004e2a74..e0d0923642 100644 --- a/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt +++ b/ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt @@ -15,9 +15,9 @@ $result = $doc->loadHTMLFile(""); assert('$result === false'); $doc = new DOMDocument(); $result = $doc->loadHTMLFile("text.html\0something"); -assert('$result === null'); +assert('$result === false'); ?> --EXPECTF-- %r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile(): Empty string supplied as input %s -%r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile() expects parameter 1 to be a valid path, string given %s +%r(PHP ){0,1}%rWarning: DOMDocument::loadHTMLFile(): Invalid file source %s |