]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f96b2b)
Fix bug #80584: 0x and 0X are considered valid hex numbers by filter_var()
authorGeorge Peter Banyard <girgias@php.net>
Mon, 4 Jan 2021 14:24:53 +0000 (15:24 +0100)
committerGeorge Peter Banyard <girgias@php.net>
Mon, 4 Jan 2021 17:07:47 +0000 (18:07 +0100)
Closes GH-6573

NEWS patch | blob | history
ext/filter/logical_filters.c patch | blob | history
ext/filter/tests/bug80584.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 57572a1417d6c1a5b8b8172802fd09bb6b1b3948..e356a0331ad2faeae0b950cad7d9a5eee15d5c4d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,10 @@ PHP                                                                        NEWS
   . Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode
     stub). (Nikita)
 
+- Filter:
+  . Fixed bug #80584 (0x and 0X are considered valid hex numbers by
+    filter_var()). (girgias)
+
 - MySQLi:
   . Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to
     interpret bit columns). (Nikita)
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index a9fcc01d019726cd735b5430402a2a9663bed712..392156b5391cea1e94c3409c26ed17bad3420892 100644 (file)
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -233,6 +233,9 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
                p++; len--;
                if (allow_hex && (*p == 'x' || *p == 'X')) {
                        p++; len--;
+                       if (len == 0) {
+                               RETURN_VALIDATION_FAILED
+                       }
                        if (php_filter_parse_hex(p, len, &ctx_value) < 0) {
                                error = 1;
                        }
diff --git a/ext/filter/tests/bug80584.phpt b/ext/filter/tests/bug80584.phpt
new file mode 100644 (file)
index 0000000..ede6a4b
--- /dev/null
+++ b/ext/filter/tests/bug80584.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #80584: "0x" and "0X" are considered valid hex numbers by filter_var()
+--SKIPIF--
+<?php
+if (!extension_loaded('filter')) die('skip filter extension not available');
+?>
+--FILE--
+<?php
+var_dump(filter_var('0x', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+var_dump(filter_var('0X', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+var_dump(filter_var('', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+var_dump(filter_var('0', FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_HEX));
+?>
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)
+int(0)
Unnamed repository; edit this file 'description' to name the repository.