From fc7fe62e3bef50c6c56e30b9a48227f6a4203523 Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Fri, 9 Aug 2013 11:19:56 +0900
Subject: Update NEWS

---
 NEWS | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/NEWS b/NEWS
index 103abeb092..1b91fc7b3c 100644
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,8 @@ PHP                                                                        NEWS
 - Pgsql:
   . Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
     (Yasuo)
+  . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
+    /pg_delete()/pg_insert()). (Yasuo)
 
 ?? ??? 2013, PHP 5.4.18
 
-- 
cgit v1.2.1


From ac28283beb58b367ef1f842b5ee0d6397eb4b516 Mon Sep 17 00:00:00 2001
From: Michael Wallner <mike@php.net>
Date: Fri, 9 Aug 2013 11:14:04 +0200
Subject: fix bug #65391

Unable to send vary header user-agent when
ob_start('ob_gzhandler') is called
---
 NEWS                         |  4 ++++
 ext/zlib/tests/bug65391.phpt | 28 ++++++++++++++++++++++++++++
 ext/zlib/zlib.c              |  6 +++---
 3 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 ext/zlib/tests/bug65391.phpt

diff --git a/NEWS b/NEWS
index 1b91fc7b3c..76ec38e565 100644
--- a/NEWS
+++ b/NEWS
@@ -36,6 +36,10 @@ PHP                                                                        NEWS
   . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update()
     /pg_delete()/pg_insert()). (Yasuo)
 
+- Zlib:
+  . Fixed bug #65391 (Unable to send vary header user-agent when 
+    ob_start('ob_gzhandler') is called) (Mike)
+
 ?? ??? 2013, PHP 5.4.18
 
 - Core:
diff --git a/ext/zlib/tests/bug65391.phpt b/ext/zlib/tests/bug65391.phpt
new file mode 100644
index 0000000000..3ba5350810
--- /dev/null
+++ b/ext/zlib/tests/bug65391.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called)
+--SKIPIF--
+<?php
+extension_loaded("zlib") or die("skip need zlib");
+?>
+--GET--
+dummy=1
+--FILE--
+<?php
+header("Vary: Cookie");
+ob_start("ob_gzhandler");
+
+// run-tests cannot test for a multiple Vary header
+ob_flush();
+print_r(headers_list());
+
+?>
+Done
+--EXPECTF--
+Array
+(
+    [0] => X-Powered-By: PHP/%s
+    [1] => Vary: Cookie
+    [2] => Vary: Accept-Encoding
+)
+Done
+
diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
index 1a202e344e..1114bc8a65 100644
--- a/ext/zlib/zlib.c
+++ b/ext/zlib/zlib.c
@@ -190,7 +190,7 @@ static int php_zlib_output_handler(void **handler_context, php_output_context *o
 		if ((output_context->op & PHP_OUTPUT_HANDLER_START)
 		&&	(output_context->op != (PHP_OUTPUT_HANDLER_START|PHP_OUTPUT_HANDLER_CLEAN|PHP_OUTPUT_HANDLER_FINAL))
 		) {
-			sapi_add_header_ex(ZEND_STRL("Vary: Accept-Encoding"), 1, 1 TSRMLS_CC);
+			sapi_add_header_ex(ZEND_STRL("Vary: Accept-Encoding"), 1, 0 TSRMLS_CC);
 		}
 		return FAILURE;
 	}
@@ -220,7 +220,7 @@ static int php_zlib_output_handler(void **handler_context, php_output_context *o
 						deflateEnd(&ctx->Z);
 						return FAILURE;
 				}
-				sapi_add_header_ex(ZEND_STRL("Vary: Accept-Encoding"), 1, 1 TSRMLS_CC);
+				sapi_add_header_ex(ZEND_STRL("Vary: Accept-Encoding"), 1, 0 TSRMLS_CC);
 				php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_IMMUTABLE, NULL TSRMLS_CC);
 			}
 		}
@@ -478,7 +478,7 @@ static PHP_FUNCTION(ob_gzhandler)
 				sapi_add_header_ex(ZEND_STRL("Content-Encoding: deflate"), 1, 1 TSRMLS_CC);
 				break;
 		}
-		sapi_add_header_ex(ZEND_STRL("Vary: Accept-Encoding"), 1, 1 TSRMLS_CC);
+		sapi_add_header_ex(ZEND_STRL("Vary: Accept-Encoding"), 1, 0 TSRMLS_CC);
 	}
 
 	if (!ZLIBG(ob_gzhandler)) {
-- 
cgit v1.2.1