From 2f1c4064f8fd971166df3099729e74e0ecb5d6bc Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Tue, 30 Oct 2012 11:08:14 +0800 Subject: Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak) Simply change the expect parameter type, the valid of the resource will be checked in using time. --- NEWS | 4 ++++ ext/libxml/libxml.c | 2 +- ext/libxml/tests/004.phpt | 22 +++++++++++----------- ext/libxml/tests/bug63389.phpt | 14 ++++++++++++++ 4 files changed, 30 insertions(+), 12 deletions(-) create mode 100644 ext/libxml/tests/bug63389.phpt diff --git a/NEWS b/NEWS index 18be193762..ba969501ec 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2012, PHP 5.3.19 +- Libxml + . Fixed bug #63389 (Missing context check on libxml_set_streams_context() + causes memleak). (Laruence) + - MySQL: . Fixed compilation failure on mixed 32/64 bit systems. (Andrey) diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c index a17847868a..788736e756 100644 --- a/ext/libxml/libxml.c +++ b/ext/libxml/libxml.c @@ -699,7 +699,7 @@ static PHP_FUNCTION(libxml_set_streams_context) { zval *arg; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z", &arg) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &arg) == FAILURE) { return; } if (LIBXML(stream_context)) { diff --git a/ext/libxml/tests/004.phpt b/ext/libxml/tests/004.phpt index 8bdf593b93..aa87ab7503 100644 --- a/ext/libxml/tests/004.phpt +++ b/ext/libxml/tests/004.phpt @@ -27,26 +27,26 @@ echo "Done\n"; ?> --EXPECTF-- -Warning: stream_context_create(): options should have the form ["wrappername"]["optionname"] = $value in %s004.php on line 10 -NULL +Warning: stream_context_create(): options should have the form ["wrappername"]["optionname"] = $value in %s004.php on line %d -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 -bool(true) +Warning: libxml_set_streams_context() expects parameter 1 to be resource, null given in %s004.php on line %d NULL - -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 bool(true) -NULL -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 -bool(true) +Warning: libxml_set_streams_context() expects parameter 1 to be resource, string given in %s004.php on line %d NULL +bool(true) -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 +Warning: libxml_set_streams_context() expects parameter 1 to be resource, integer given in %s004.php on line %d +NULL bool(true) + +Warning: libxml_set_streams_context() expects parameter 1 to be resource, object given in %s004.php on line %d NULL +bool(true) -Warning: DOMDocument::load(): supplied argument is not a valid Stream-Context resource in %s004.php on line 18 +Warning: libxml_set_streams_context() expects parameter 1 to be resource, array given in %s004.php on line %d +NULL bool(true) NULL bool(true) diff --git a/ext/libxml/tests/bug63389.phpt b/ext/libxml/tests/bug63389.phpt new file mode 100644 index 0000000000..e9498aae08 --- /dev/null +++ b/ext/libxml/tests/bug63389.phpt @@ -0,0 +1,14 @@ +--TEST-- +Bug #63389 (Missing context check on libxml_set_streams_context() causes memleak) +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Warning: libxml_set_streams_context() expects parameter 1 to be resource, string given in %sbug63389.php on line %d +okey -- cgit v1.2.1 From 7ea4f73ad4510088936dc3679e603e2e8569398c Mon Sep 17 00:00:00 2001 From: Will Fitch Date: Thu, 20 Sep 2012 12:32:53 -0400 Subject: Bug #62593 Updated pdo_pgsql driver to convert boolean values to pg native format in emulation mode --- ext/pdo_pgsql/pgsql_statement.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c index c35ee33c7f..e5c7032632 100644 --- a/ext/pdo_pgsql/pgsql_statement.c +++ b/ext/pdo_pgsql/pgsql_statement.c @@ -362,8 +362,19 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data * } break; } + } else { +#endif + if (param->is_param) { + /* We need to manually convert to a pg native boolean value */ + if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL) { + SEPARATE_ZVAL_IF_NOT_REF(¶m->parameter); + param->param_type = PDO_PARAM_STR; + ZVAL_STRINGL(param->parameter, Z_BVAL_P(param->parameter) ? "t" : "f", 1, 1); + } + } +#if HAVE_PQPREPARE } -#endif +#endif return 1; } -- cgit v1.2.1 From f0835c002d473a50d13d0fd7366224ffbd1431ab Mon Sep 17 00:00:00 2001 From: Will Fitch Date: Mon, 24 Sep 2012 13:31:20 -0400 Subject: Bug #62593 Added test for change --- ext/pdo_pgsql/tests/bug62593.phpt | 44 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 ext/pdo_pgsql/tests/bug62593.phpt diff --git a/ext/pdo_pgsql/tests/bug62593.phpt b/ext/pdo_pgsql/tests/bug62593.phpt new file mode 100644 index 0000000000..3caf30814a --- /dev/null +++ b/ext/pdo_pgsql/tests/bug62593.phpt @@ -0,0 +1,44 @@ +--TEST-- +PDO PgSQL Bug #62593 (Emulate prepares behave strangely with PARAM_BOOL) +--SKIPIF-- + +--FILE-- +setAttribute(PDO::ATTR_EMULATE_PREPARES, true); +$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT); +$errors = array(); + +$query = $db->prepare('SELECT :foo IS FALSE as val_is_false'); +$query->bindValue(':foo', true, PDO::PARAM_BOOL); +$query->execute(); +$errors[] = $query->errorInfo(); + +$query->bindValue(':foo', 0, PDO::PARAM_BOOL); +$query->execute(); +$errors[] = $query->errorInfo(); + +$query->bindValue(':foo', false, PDO::PARAM_BOOL); +$query->execute(); +$errors[] = $query->errorInfo(); + +$expect = 'No errors found'; + +foreach ($errors as $error) +{ + if (strpos('Invalid text representation', $error[2]) !== false) + { + $expect = 'Invalid boolean found'; + } +} +echo $expect; +?> +--EXPECTF-- + +No errors found -- cgit v1.2.1 From 646c0e57387664f56dcf0a3aaa3e8305e887000d Mon Sep 17 00:00:00 2001 From: Will Fitch Date: Tue, 25 Sep 2012 15:18:12 -0400 Subject: Bug #62593 Updated to always treat zval by value --- ext/pdo_pgsql/pgsql_statement.c | 2 +- ext/pdo_pgsql/tests/bug62593.phpt | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c index e5c7032632..b9df24a09f 100644 --- a/ext/pdo_pgsql/pgsql_statement.c +++ b/ext/pdo_pgsql/pgsql_statement.c @@ -367,7 +367,7 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data * if (param->is_param) { /* We need to manually convert to a pg native boolean value */ if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL) { - SEPARATE_ZVAL_IF_NOT_REF(¶m->parameter); + SEPARATE_ZVAL(¶m->parameter); param->param_type = PDO_PARAM_STR; ZVAL_STRINGL(param->parameter, Z_BVAL_P(param->parameter) ? "t" : "f", 1, 1); } diff --git a/ext/pdo_pgsql/tests/bug62593.phpt b/ext/pdo_pgsql/tests/bug62593.phpt index 3caf30814a..9ad5ff7a0a 100644 --- a/ext/pdo_pgsql/tests/bug62593.phpt +++ b/ext/pdo_pgsql/tests/bug62593.phpt @@ -15,18 +15,22 @@ $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT); $errors = array(); +$value = true; $query = $db->prepare('SELECT :foo IS FALSE as val_is_false'); -$query->bindValue(':foo', true, PDO::PARAM_BOOL); +$query->bindValue(':foo', $value, PDO::PARAM_BOOL); $query->execute(); $errors[] = $query->errorInfo(); +var_dump($value); $query->bindValue(':foo', 0, PDO::PARAM_BOOL); $query->execute(); $errors[] = $query->errorInfo(); -$query->bindValue(':foo', false, PDO::PARAM_BOOL); +$value = false; +$query->bindParam(':foo', $value, PDO::PARAM_BOOL); $query->execute(); $errors[] = $query->errorInfo(); +var_dump($value); $expect = 'No errors found'; @@ -40,5 +44,6 @@ foreach ($errors as $error) echo $expect; ?> --EXPECTF-- - +bool(true) +bool(false) No errors found -- cgit v1.2.1 From d922e801ee0c7aafefd34ec7e5132981c4928918 Mon Sep 17 00:00:00 2001 From: Will Fitch Date: Tue, 25 Sep 2012 15:22:24 -0400 Subject: Bug #62593 Updated test to verify bindParam doesn't change original value --- ext/pdo_pgsql/tests/bug62593.phpt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/pdo_pgsql/tests/bug62593.phpt b/ext/pdo_pgsql/tests/bug62593.phpt index 9ad5ff7a0a..e3ebf46ed5 100644 --- a/ext/pdo_pgsql/tests/bug62593.phpt +++ b/ext/pdo_pgsql/tests/bug62593.phpt @@ -26,8 +26,10 @@ $query->bindValue(':foo', 0, PDO::PARAM_BOOL); $query->execute(); $errors[] = $query->errorInfo(); -$value = false; +// Verify bindParam maintains reference and only passes when execute is called +$value = true; $query->bindParam(':foo', $value, PDO::PARAM_BOOL); +$value = false; $query->execute(); $errors[] = $query->errorInfo(); var_dump($value); -- cgit v1.2.1 From d864063a183653ce16a4345e5143f6e912c176fe Mon Sep 17 00:00:00 2001 From: Will Fitch Date: Wed, 26 Sep 2012 12:00:17 -0400 Subject: Bug #62593 Updated to account for INOUT parameters --- ext/pdo_pgsql/pgsql_statement.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c index b9df24a09f..1dc0d58e97 100644 --- a/ext/pdo_pgsql/pgsql_statement.c +++ b/ext/pdo_pgsql/pgsql_statement.c @@ -366,7 +366,8 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data * #endif if (param->is_param) { /* We need to manually convert to a pg native boolean value */ - if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL) { + if (PDO_PARAM_TYPE(param->param_type) == PDO_PARAM_BOOL && + ((param->param_type & PDO_PARAM_INPUT_OUTPUT) != PDO_PARAM_INPUT_OUTPUT)) { SEPARATE_ZVAL(¶m->parameter); param->param_type = PDO_PARAM_STR; ZVAL_STRINGL(param->parameter, Z_BVAL_P(param->parameter) ? "t" : "f", 1, 1); -- cgit v1.2.1 From b3cd64afef4d7c35d8551d34858f98a6286db975 Mon Sep 17 00:00:00 2001 From: David Soria Parra Date: Tue, 30 Oct 2012 15:26:39 +0100 Subject: NEWS for bug #62593 --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index ba969501ec..89921e85ed 100644 --- a/NEWS +++ b/NEWS @@ -22,6 +22,10 @@ PHP NEWS . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). (Martin Osvald, Remi) +- PDO_pgsql: + . Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL). + (Will Fitch) + - Streams: . Fixed bug #63240 (stream_get_line() return contains delimiter string). (Tjerk, Gustavo) -- cgit v1.2.1 From a17559d4224eea0148ad67de9bb1cca22cbef7f6 Mon Sep 17 00:00:00 2001 From: Andrey Hristov Date: Wed, 31 Oct 2012 18:26:09 +0100 Subject: read 1 instead of 2 bytes. The next 2 bytes are 2 and thus not a problem --- ext/mysqlnd/mysqlnd_wireprotocol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c index 1318c37a73..ec0ff496f4 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.c +++ b/ext/mysqlnd/mysqlnd_wireprotocol.c @@ -982,7 +982,7 @@ php_mysqlnd_rset_field_read(void *_packet, MYSQLND *conn TSRMLS_DC) p += 2; BAIL_IF_NO_MORE_DATA; - meta->decimals = uint2korr(p); + meta->decimals = uint1korr(p); p += 1; BAIL_IF_NO_MORE_DATA; -- cgit v1.2.1 From a2e4404bc8155e6b6d9deefa22a172857d4b5e08 Mon Sep 17 00:00:00 2001 From: Anatoliy Belsky Date: Wed, 31 Oct 2012 22:41:03 +0100 Subject: Fixed bug #63241 PHP fails to open Windows deduplicated files. Fix by (daniel dot stelter-gliese at innogames dot de). No test is supplied because the issue addresses the new feature of the Windows Server 2012 and would need a very specific filesystem setup. --- NEWS | 4 ++++ TSRM/tsrm_virtual_cwd.c | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/NEWS b/NEWS index 89921e85ed..9b870113ac 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2012, PHP 5.3.19 +- Core + . Fixed bug #63241 PHP fails to open Windows deduplicated files. + (daniel dot stelter-gliese at innogames dot de) + - Libxml . Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak). (Laruence) diff --git a/TSRM/tsrm_virtual_cwd.c b/TSRM/tsrm_virtual_cwd.c index e734406837..d4ee223288 100644 --- a/TSRM/tsrm_virtual_cwd.c +++ b/TSRM/tsrm_virtual_cwd.c @@ -40,6 +40,10 @@ # define IO_REPARSE_TAG_SYMLINK 0xA000000C # endif +# ifndef IO_REPARSE_TAG_DEDUP +# define IO_REPARSE_TAG_DEDUP 0x80000013 +# endif + # ifndef VOLUME_NAME_NT # define VOLUME_NAME_NT 0x2 # endif @@ -958,6 +962,11 @@ static int tsrm_realpath_r(char *path, int start, int len, int *ll, time_t *t, i return -1; }; substitutename[substitutename_len] = 0; + } + else if (pbuffer->ReparseTag == IO_REPARSE_TAG_DEDUP) { + isabsolute = 1; + memcpy(substitutename, path, len + 1); + substitutename_len = len; } else { tsrm_free_alloca(pbuffer, use_heap_large); return -1; -- cgit v1.2.1 From 3fe3029ecb9f121eb6f535970d5cd18ecc8373a6 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Fri, 2 Nov 2012 18:52:12 +0800 Subject: Fixed bug #62444 (Handle leak in is_readable on windows). --- NEWS | 4 +++- TSRM/tsrm_win32.c | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 9b870113ac..2e1f13bd5e 100644 --- a/NEWS +++ b/NEWS @@ -3,8 +3,10 @@ PHP NEWS ?? ??? 2012, PHP 5.3.19 - Core - . Fixed bug #63241 PHP fails to open Windows deduplicated files. + . Fixed bug #63241 (PHP fails to open Windows deduplicated files). (daniel dot stelter-gliese at innogames dot de) + . Fixed bug #62444 (Handle leak in is_readable on windows). + (krazyest at seznam dot cz) - Libxml . Fixed bug #63389 (Missing context check on libxml_set_streams_context() diff --git a/TSRM/tsrm_win32.c b/TSRM/tsrm_win32.c index 9e029f60af..03327683cb 100644 --- a/TSRM/tsrm_win32.c +++ b/TSRM/tsrm_win32.c @@ -193,7 +193,7 @@ Finished: TSRM_API int tsrm_win32_access(const char *pathname, int mode) { time_t t; - HANDLE thread_token; + HANDLE thread_token = NULL; PSID token_sid; SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION; GENERIC_MAPPING gen_map = { FILE_GENERIC_READ, FILE_GENERIC_WRITE, FILE_GENERIC_EXECUTE, FILE_ALL_ACCESS }; @@ -365,6 +365,9 @@ Finished_Impersonate: } Finished: + if(thread_token != NULL) { + CloseHandle(thread_token); + } if(real_path != NULL) { free(real_path); real_path = NULL; -- cgit v1.2.1 From f8c280d85a3fc5b02e9b19f4e23ddac233abf1e4 Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Mon, 5 Nov 2012 20:56:19 -0800 Subject: These need to be volatile in order to prevent leaking after the longjmp in the error handler --- ext/gd/libgd/gd_png.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ext/gd/libgd/gd_png.c b/ext/gd/libgd/gd_png.c index 49f7cb0777..bdbb7ee7d3 100644 --- a/ext/gd/libgd/gd_png.c +++ b/ext/gd/libgd/gd_png.c @@ -127,8 +127,8 @@ gdImagePtr gdImageCreateFromPngCtx (gdIOCtx * infile) png_color_16p trans_gray_rgb; png_color_16p trans_color_rgb; png_bytep trans; - png_bytep image_data = NULL; - png_bytepp row_pointers = NULL; + volatile png_bytep image_data = NULL; + volatile png_bytepp row_pointers = NULL; gdImagePtr im = NULL; int i, j, *open = NULL; volatile int transparent = -1; -- cgit v1.2.1 From 0ee5d18f91d731636f3ba39c7487e2a8cf04fa36 Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Mon, 5 Nov 2012 21:06:18 -0800 Subject: News entry for png memleak fix --- NEWS | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS b/NEWS index 2e1f13bd5e..83274c20f2 100644 --- a/NEWS +++ b/NEWS @@ -1395,6 +1395,7 @@ PHP NEWS - GD extension: . Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) + . Fixed potential memory leak on a png error (Rasmus, Paul Saab) - GMP extension: . Fixed bug #52906 (gmp_mod returns negative result when non-negative is -- cgit v1.2.1 From 7fcbe4d5467300a0acee78330a0cdc9d1cbf05ad Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Wed, 7 Nov 2012 17:05:24 +0800 Subject: Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) --- NEWS | 4 ++++ ext/mbstring/mb_gpc.c | 6 ++++++ ext/mbstring/tests/bug63447_001.phpt | 20 ++++++++++++++++++++ ext/mbstring/tests/bug63447_002.phpt | 20 ++++++++++++++++++++ ext/mbstring/tests/bug63447_003.phpt | 34 ++++++++++++++++++++++++++++++++++ 5 files changed, 84 insertions(+) create mode 100644 ext/mbstring/tests/bug63447_001.phpt create mode 100644 ext/mbstring/tests/bug63447_002.phpt create mode 100644 ext/mbstring/tests/bug63447_003.phpt diff --git a/NEWS b/NEWS index 83274c20f2..d03a2da4f9 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,10 @@ PHP NEWS . Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak). (Laruence) +- Mbstring: + . Fixed bug #63447 (max_input_vars doesn't filter variables when + mbstring.encoding_translation = On). (Laruence) + - MySQL: . Fixed compilation failure on mixed 32/64 bit systems. (Andrey) diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c index dd60302d03..b35ece31de 100644 --- a/ext/mbstring/mb_gpc.c +++ b/ext/mbstring/mb_gpc.c @@ -262,6 +262,12 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_ n++; var = php_strtok_r(NULL, info->separator, &strtok_buf); } + + if (n > (PG(max_input_vars) * 2)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + goto out; + } + num = n; /* make sure to process initilized vars only */ /* initialize converter */ diff --git a/ext/mbstring/tests/bug63447_001.phpt b/ext/mbstring/tests/bug63447_001.phpt new file mode 100644 index 0000000000..51302994db --- /dev/null +++ b/ext/mbstring/tests/bug63447_001.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- + +--INI-- +max_input_nesting_level=10 +max_input_vars=5 +mbstring.encoding_translation=1 +--POST-- +a=1&b=2&c=3&d=4&e=5&f=6 +--FILE-- + +--EXPECT-- +Warning: Unknown: Input variables exceeded 5. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 +array(0) { +} diff --git a/ext/mbstring/tests/bug63447_002.phpt b/ext/mbstring/tests/bug63447_002.phpt new file mode 100644 index 0000000000..e51089b794 --- /dev/null +++ b/ext/mbstring/tests/bug63447_002.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- + +--INI-- +max_input_nesting_level=10 +max_input_vars=4 +mbstring.encoding_translation=1 +--POST-- +a=1&b=2&c=3&d=4&e=5 +--FILE-- + +--EXPECT-- +Warning: Unknown: Input variables exceeded 4. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 +array(0) { +} diff --git a/ext/mbstring/tests/bug63447_003.phpt b/ext/mbstring/tests/bug63447_003.phpt new file mode 100644 index 0000000000..a4a7e14851 --- /dev/null +++ b/ext/mbstring/tests/bug63447_003.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- + +--INI-- +max_input_nesting_level=5 +max_input_vars=100 +mbstring.encoding_translation=1 +--POST-- +a=1&b[][][]=2&c[][][][][][]=7 +--FILE-- + +--EXPECT-- +Array +( + [a] => 1 + [b] => Array + ( + [0] => Array + ( + [0] => Array + ( + [0] => 2 + ) + + ) + + ) + +) -- cgit v1.2.1 From 417b1b238fe79aa6a70aa71b4bb473d88a0d097f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Schl=C3=BCter?= Date: Thu, 8 Nov 2012 00:01:43 +0100 Subject: This will be PHP 5.3.20 --- NEWS | 7 +++++++ configure.in | 2 +- main/php_version.h | 6 +++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index d03a2da4f9..5981ec4bfd 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,14 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +?? ??? 2ß12, PHP 5.3.20 + ?? ??? 2012, PHP 5.3.19 +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +ADD NEWS ONLY ABOVE IN 5.3.20 SECTION +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +RM will merge 5.3.19 entries when merging to release branch + - Core . Fixed bug #63241 (PHP fails to open Windows deduplicated files). (daniel dot stelter-gliese at innogames dot de) diff --git a/configure.in b/configure.in index 050f8d40f1..66900b455c 100644 --- a/configure.in +++ b/configure.in @@ -41,7 +41,7 @@ AC_CONFIG_HEADER(main/php_config.h) PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=3 -PHP_RELEASE_VERSION=19 +PHP_RELEASE_VERSION=20 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index e4ba15eba9..331f30a051 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 3 -#define PHP_RELEASE_VERSION 19 +#define PHP_RELEASE_VERSION 20 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.3.19-dev" -#define PHP_VERSION_ID 50319 +#define PHP_VERSION "5.3.20-dev" +#define PHP_VERSION_ID 50320 -- cgit v1.2.1 From 44a6fe84113c152fbd24ec3be6d75ef72c4fbd0f Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Fri, 9 Nov 2012 21:22:27 -0200 Subject: - Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created) --- config.guess | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.guess b/config.guess index f32079abda..d407b8cde6 100644 --- a/config.guess +++ b/config.guess @@ -532,7 +532,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[456]) + *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 -- cgit v1.2.1 From 065862a750a4c7b20d580b4e32a9df62b00b90a0 Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Fri, 9 Nov 2012 21:28:30 -0200 Subject: - BFN --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 5981ec4bfd..26b179db30 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2ß12, PHP 5.3.20 +- Core: + . Fixed bug #63451 (config.guess file does not have AIX 7 defined, + shared objects are not created). (kemcline at au1 dot ibm dot com) + ?? ??? 2012, PHP 5.3.19 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -- cgit v1.2.1 From bb60122c2fe49985b35026ecc48ff6cf550fbac1 Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Sun, 11 Nov 2012 22:37:04 +0400 Subject: fix invalid read when trimming empty string --- ext/filter/filter_private.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h index daa688b4ac..6c26d98075 100644 --- a/ext/filter/filter_private.h +++ b/ext/filter/filter_private.h @@ -107,8 +107,10 @@ if (len < 1) { \ RETURN_VALIDATION_FAILED \ } \ - while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \ - len--; \ + if (len > 0) { \ + while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \ + len--; \ + } \ } \ } -- cgit v1.2.1