diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/imap/php_imap.c | 9 |
2 files changed, 9 insertions, 2 deletions
@@ -42,6 +42,8 @@ PHP NEWS - Fixed check in recode extension to allow builing of recode and mysql extensions when using a recent libmysql. (Johannes) +- Fixed bug #46731 (Missing validation for the options parameter of the + imap_fetch_overview() function). (Ilia) - Fixed bug #46711 (cURL curl_setopt leaks memory in foreach loops). (magicaltux [at] php [dot] net) - Fixed bug #46578 (strip_tags() does not honor end-of-comment when it diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 540de3562a..8668ffb057 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3174,11 +3174,16 @@ PHP_FUNCTION(imap_fetch_overview) return; } + if (flags && !(flags & FT_UID)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "invalid value for the options parameter"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(imap_le_struct, pils *, &streamind, -1, "imap", le_imap); array_init(return_value); - - status = (flags & FT_UID) + + status = (flags & FT_UID) ? mail_uid_sequence(imap_le_struct->imap_stream, sequence) : mail_sequence(imap_le_struct->imap_stream, sequence); |