- Fixed ext/filter Email Validation Vulnerability (MOPB-24 by Stefan Esser)
(Ilia)
- Fixed altering $this via argument named "this". (Dmitry)
+- Fixed PHP CLI to use the php.ini from the binary location. (Hannes)
- Fixed bug #41287 (Namespace functions don't allow xmlns defintion to be
optional). (Rob)
- Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled
#else
if (sapi_module.executable_location) {
binary_location = (char *)emalloc(PATH_MAX);
- if (!realpath(sapi_module.executable_location, binary_location)) {
+ if (!strchr(sapi_module.executable_location, '/')) {
+ char *path;
+ int found = 0;
+
+ if ((path = getenv("PATH")) != NULL) {
+ char *search_dir, search_path[MAXPATHLEN];
+
+ while ((search_dir = strsep(&path, ":")) != NULL) {
+ snprintf(search_path, MAXPATHLEN, "%s/%s", search_dir, sapi_module.executable_location);
+ if (VCWD_REALPATH(search_path, binary_location) && !VCWD_ACCESS(binary_location, X_OK)) {
+ found = 1;
+ break;
+ }
+ }
+ }
+ if (!found) {
+ efree(binary_location);
+ binary_location = NULL;
+ }
+ } else if (!VCWD_REALPATH(sapi_module.executable_location, binary_location) || VCWD_ACCESS(binary_location, X_OK)) {
efree(binary_location);
binary_location = NULL;
}
projects / php / commitdiff