diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/filter/filter.c | 2 | ||||
| -rw-r--r-- | ext/filter/tests/bug39763.phpt | 15 |
3 files changed, 18 insertions, 1 deletions
@@ -50,6 +50,8 @@ PHP NEWS - Fixed wrong signature initialization in imagepng (Takeshi Abe) - Added optimization for imageline with horizontal and vertial lines (Pierre) - Fixed bug #39775 ("Indirect modification ..." message is not shown). (Dmitry) +- Fixed bug #39763 (magic quotes are applied twice by ext/filter in + parse_str()). (Ilia) - Fixed bug #39754 (Some POSIX extension functions not thread safe). (Ilia, wharmby at uk dot ibm dot com) - Fixed bug #39724 (Broken build due to spl/filter usage of pcre extension). diff --git a/ext/filter/filter.c b/ext/filter/filter.c index 1b87db2e2d..b2107aaa00 100644 --- a/ext/filter/filter.c +++ b/ext/filter/filter.c @@ -397,7 +397,7 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int Z_STRVAL(new_var) = estrndup(*val, val_len); INIT_PZVAL(tmp_new_var); php_zval_filter(&tmp_new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL/*charset*/, 0 TSRMLS_CC); - } else if (PG(magic_quotes_gpc)) { + } else if (PG(magic_quotes_gpc) && !retval) { /* for PARSE_STRING php_register_variable_safe() will do the addslashes() */ Z_STRVAL(new_var) = php_addslashes(*val, Z_STRLEN(new_var), &Z_STRLEN(new_var), 0 TSRMLS_CC); } else { Z_STRVAL(new_var) = estrndup(*val, val_len); diff --git a/ext/filter/tests/bug39763.phpt b/ext/filter/tests/bug39763.phpt new file mode 100644 index 0000000000..e09afd7d5b --- /dev/null +++ b/ext/filter/tests/bug39763.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #39763 filter applies magic_quotes twice in parse_str() +--INI-- +magic_quotes_gpc=1 +--FILE-- +<?php +$arr = array(); +parse_str("val=%22probably+a+bug%22", $arr); +echo $arr['val'] . "\n"; +parse_str("val=%22probably+a+bug%22"); +echo $val . "\n"; +?> +--EXPECT-- +\"probably a bug\" +\"probably a bug\" |