From 9266227402f50e1ad9953952b68a5ff3a25806b0 Mon Sep 17 00:00:00 2001 From: Julien Pauli Date: Wed, 3 Sep 2014 10:18:51 +0200 Subject: 5.5.18 now --- NEWS | 6 +++++- configure.in | 2 +- main/php_version.h | 6 +++--- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 3b7a382038..de02064a47 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ??? 2014, PHP 5.5.17 +?? ??? 2014, PHP 5.5.18 + + + +11 Sep 2014, PHP 5.5.17 - Core: . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre) diff --git a/configure.in b/configure.in index a6eb3a5faf..dff05e54b4 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=5 -PHP_RELEASE_VERSION=17 +PHP_RELEASE_VERSION=18 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index ec355c3387..e7478d5ce6 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 5 -#define PHP_RELEASE_VERSION 17 +#define PHP_RELEASE_VERSION 18 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.5.17-dev" -#define PHP_VERSION_ID 50517 +#define PHP_VERSION "5.5.18-dev" +#define PHP_VERSION_ID 50518 -- cgit v1.2.1 From bba16dde5ded45802543712bb3b9fe6e93b10751 Mon Sep 17 00:00:00 2001 From: George Wang Date: Wed, 3 Sep 2014 11:24:45 -0400 Subject: Update LSAPI to 6.7, added support for 'filter_input'. Fixed a crash in CLI mode. --- sapi/litespeed/lsapi_main.c | 68 +++++++++++++++++++++++++++++++++++++++++---- sapi/litespeed/lsapilib.c | 6 +++- 2 files changed, 67 insertions(+), 7 deletions(-) diff --git a/sapi/litespeed/lsapi_main.c b/sapi/litespeed/lsapi_main.c index 3413a423ac..cb7c66b44a 100644 --- a/sapi/litespeed/lsapi_main.c +++ b/sapi/litespeed/lsapi_main.c @@ -195,15 +195,22 @@ static char *sapi_lsapi_getenv( char * name, size_t name_len TSRMLS_DC ) /* }}} */ -/* + + static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen, void * arg ) { - php_register_variable_safe((char *)pKey, (char *)pValue, valLen, (zval *)arg TSRMLS_CC); - return 1; + int filter_arg = (arg == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER; + char * new_val = (char *) pValue; + unsigned int new_val_len; + + if (sapi_module.input_filter(filter_arg, (char *)pKey, &new_val, valLen, &new_val_len TSRMLS_CC)) { + php_register_variable_safe((char *)pKey, new_val, new_val_len, (zval *)arg ); + } + return 1; } -*/ +/* static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen, void * arg ) { @@ -222,6 +229,55 @@ static int add_variable( const char * pKey, int keyLen, const char * pValue, int #endif return 1; } +*/ + +static void litespeed_php_import_environment_variables(zval *array_ptr TSRMLS_DC) +{ + char buf[128]; + char **env, *p, *t = buf; + size_t alloc_size = sizeof(buf); + unsigned long nlen; /* ptrdiff_t is not portable */ + + if (PG(http_globals)[TRACK_VARS_ENV] && + array_ptr != PG(http_globals)[TRACK_VARS_ENV] && + Z_TYPE_P(PG(http_globals)[TRACK_VARS_ENV]) == IS_ARRAY && + zend_hash_num_elements(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV])) > 0 + ) { + zval_dtor(array_ptr); + *array_ptr = *PG(http_globals)[TRACK_VARS_ENV]; + INIT_PZVAL(array_ptr); + zval_copy_ctor(array_ptr); + return; + } else if (PG(http_globals)[TRACK_VARS_SERVER] && + array_ptr != PG(http_globals)[TRACK_VARS_SERVER] && + Z_TYPE_P(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY && + zend_hash_num_elements(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER])) > 0 + ) { + zval_dtor(array_ptr); + *array_ptr = *PG(http_globals)[TRACK_VARS_SERVER]; + INIT_PZVAL(array_ptr); + zval_copy_ctor(array_ptr); + return; + } + + for (env = environ; env != NULL && *env != NULL; env++) { + p = strchr(*env, '='); + if (!p) { /* malformed entry? */ + continue; + } + nlen = p - *env; + if (nlen >= alloc_size) { + alloc_size = nlen + 64; + t = (t == buf ? emalloc(alloc_size): erealloc(t, alloc_size)); + } + memcpy(t, *env, nlen); + t[nlen] = '\0'; + add_variable(t, nlen, p + 1, strlen( p + 1 ), array_ptr TSRMLS_CC); + } + if (t != buf && t != NULL) { + efree(t); + } +} #if ((PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) || PHP_MAJOR_VERSION < 5) @@ -268,7 +324,7 @@ static void sapi_lsapi_register_variables(zval *track_vars_array TSRMLS_DC) add_variable_magic_quote("PHP_SELF", 8, php_self, strlen( php_self ), track_vars_array ); } #endif - php_import_environment_variables(track_vars_array TSRMLS_CC); + litespeed_php_import_environment_variables(track_vars_array TSRMLS_CC); } else { php_import_environment_variables(track_vars_array TSRMLS_CC); @@ -370,7 +426,7 @@ static void sapi_lsapi_log_message(char *message TSRMLS_DC) static sapi_module_struct lsapi_sapi_module = { "litespeed", - "LiteSpeed V6.6", + "LiteSpeed V6.7", php_lsapi_startup, /* startup */ php_module_shutdown_wrapper, /* shutdown */ diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 786a3bd20b..aac823fc1c 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1912,9 +1912,13 @@ int LSAPI_ForeachOrgHeader_r( LSAPI_Request * pReq, int ret; int count = 0; struct _headerInfo headers[512]; + if ( !pReq || !fn ) return -1; - + + if ( !pReq->m_pHeaderIndex ) + return 0; + for( i = 0; i < H_TRANSFER_ENCODING; ++i ) { if ( pReq->m_pHeaderIndex->m_headerOff[i] ) -- cgit v1.2.1 From bc44eb61728951ffe789be91ea0142a4120afc50 Mon Sep 17 00:00:00 2001 From: Adam Harvey Date: Mon, 8 Sep 2014 19:25:14 +0000 Subject: Fix bug #67972 (SessionHandler Invalid memory read create_sid()). SessionHandler::create_sid() didn't check if PS(default_mod) was initialised before attempting to call its create_sid() handler. --- NEWS | 3 ++- ext/session/mod_user_class.c | 2 ++ ext/session/tests/bug67972.phpt | 10 ++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 ext/session/tests/bug67972.phpt diff --git a/NEWS b/NEWS index de02064a47..f0a4379e2a 100644 --- a/NEWS +++ b/NEWS @@ -2,7 +2,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2014, PHP 5.5.18 - +- Session: + . Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) 11 Sep 2014, PHP 5.5.17 diff --git a/ext/session/mod_user_class.c b/ext/session/mod_user_class.c index 3b6687741e..119a536fb2 100644 --- a/ext/session/mod_user_class.c +++ b/ext/session/mod_user_class.c @@ -148,6 +148,8 @@ PHP_METHOD(SessionHandler, create_sid) { char *id; + PS_SANITY_CHECK; + if (zend_parse_parameters_none() == FAILURE) { return; } diff --git a/ext/session/tests/bug67972.phpt b/ext/session/tests/bug67972.phpt new file mode 100644 index 0000000000..63ed3a95b8 --- /dev/null +++ b/ext/session/tests/bug67972.phpt @@ -0,0 +1,10 @@ +--TEST-- +Bug #67972: SessionHandler Invalid memory read create_sid() +--SKIPIF-- + +--FILE-- +create_sid(); +--EXPECTF-- +Fatal error: SessionHandler::create_sid(): Cannot call default session handler in %s on line %d -- cgit v1.2.1