]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4490673)
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
authorIlia Alshanetsky <iliaa@php.net>
Sun, 6 Jan 2008 17:12:29 +0000 (17:12 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Sun, 6 Jan 2008 17:12:29 +0000 (17:12 +0000)
NEWS patch | blob | history
ext/curl/interface.c patch | blob | history

diff --git a/NEWS b/NEWS
index 403b62902a354ceb61ced6f7f6233f6091d27f40..46fab777f158217d953cb3d103ba84d8f65e32e3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2008, PHP 5.2.6
 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
+- Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
+  (Ilia)
 
 - Fixed bug #43663 (Extending PDO class with a __call() function doesn't work). 
   (David Soria Parra)
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 5f7de2bcc7397411916dd015ea0c78530d0b611b..f832d5bbd5593e6a4adf78f60f98b1f2b844c42e 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -173,7 +173,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
                        php_curl_ret(__ret);                                                                                    \
                }                                                                                                       \
                                                                                                                        \
-               if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {                               \
+               if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {                              \
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str);     \
                        php_url_free(tmp_url);                                                                                                                          \
                        php_curl_ret(__ret);                                                                                    \
Unnamed repository; edit this file 'description' to name the repository.