MFB: Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.

author Ilia Alshanetsky <iliaa@php.net>

Sun, 6 Jan 2008 17:12:44 +0000 (17:12 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Sun, 6 Jan 2008 17:12:44 +0000 (17:12 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Sun, 6 Jan 2008 17:12:44 +0000 (17:12 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Sun, 6 Jan 2008 17:12:44 +0000 (17:12 +0000)
diff --git a/ext/curl/interface.c b/ext/curl/interface.c

index 97bacb35955002679938f8544a6f1f568e56078e..473839eadab17993b91911d5d651d494043eb06f 100644 (file)
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -173,7 +173,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC);
                         php_curl_ret(__ret);                                                                                    \
                 }                                                                                                       \
                                                                                                                         \
-               if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {                               \
+               if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) {                              \
                         php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str);     \
                         php_url_free(tmp_url);                                                                                                                          \
                         php_curl_ret(__ret);                                                                                    \
author	Ilia Alshanetsky <iliaa@php.net>
	Sun, 6 Jan 2008 17:12:44 +0000 (17:12 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Sun, 6 Jan 2008 17:12:44 +0000 (17:12 +0000)