fix #37057 (xmlrpc_decode() may produce arrays with numeric strings which are unacces...

diff --git a/NEWS b/NEWS
index 2a3ebe45c0b93b22ab6e0fad5a70a9c220154b18..cbf459552d24e26f026041696af19c4bd10b6e49 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Apr 2006, PHP 5.1.3
+- Fixed bug #37057 (xmlrpc_decode() may produce arrays with numeric strings, 
+  which are unaccessible). (Tony)
 - Fixed bug #37055 (incorrect reference counting for persistent OCI8 
   connections). (Tony)
 - Fixed bug #37053 (html_errors with internal classes produces wrong links). 

diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
index 871340132cea67e142cbd5fd42dd07a6ae2d8a70..8b6f963f5d7574a45100fe62dea682a574ccd583 100644 (file)
--- a/ext/xmlrpc/xmlrpc-epi-php.c
+++ b/ext/xmlrpc/xmlrpc-epi-php.c
@@ -300,7 +300,13 @@ static int add_zval(zval* list, const char* id, zval** val)
 {
        if (list && val) {
                if (id) {
-                       return zend_hash_update(Z_ARRVAL_P(list), (char*) id, strlen(id) + 1, (void *) val, sizeof(zval **), NULL);
+                       int id_len = strlen(id);
+                       if (!(id_len > 1 && id[0] == '0') && is_numeric_string((char *)id, id_len, NULL, NULL, 0) == IS_LONG) {
+                               long index = strtol(id, NULL, 0);
+                               return zend_hash_index_update(Z_ARRVAL_P(list), index, (void *) val, sizeof(zval **), NULL);
+                       } else {
+                               return zend_hash_update(Z_ARRVAL_P(list), (char*) id, strlen(id) + 1, (void *) val, sizeof(zval **), NULL);
+                       }
                } else {
                        return zend_hash_next_index_insert(Z_ARRVAL_P(list), (void *) val, sizeof(zval **), NULL); 
                }