MFH: Fixed bug #29226 (ctype_* functions missing validation of numeric

string representations).

diff --git a/NEWS b/NEWS
index 2f9b960a032acce5e7bda90cd4281a82a1b80724..504bf363801a50eead78466c33dd0d8f6453cadb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP 4                                                                      NEWS
 - Updated PCRE to provide better error handling in certain cases. (Andrei)
 - NSAPI: added "bucket" parameter to list of non-php.ini-keys of php4_execute
   for doing performance stats without warnings in server-log. (Uwe Schindler)
+- Fixed bug #29226 (ctype_* functions missing validation of numeric string 
+  representations). (Ilia)
 - Fixed bug #29116 (Zend constant warning uses memory after free). (Marcus,
   jdolecek at NetBSD dot org)
 - Fixed bug #29114 (Potential double free in php_stat). (Sara)

diff --git a/ext/ctype/ctype.c b/ext/ctype/ctype.c
index f755d7e33fb3e065f811db50862acf629111ded2..0291979010e8b3d2fd3863c19f7ca97cba44ae1f 100644 (file)
--- a/ext/ctype/ctype.c
+++ b/ext/ctype/ctype.c
@@ -97,7 +97,11 @@ PHP_MINFO_FUNCTION(ctype)
                return; \
        switch (Z_TYPE_P(c)) { \
        case IS_LONG: \
-               RETURN_BOOL(iswhat(Z_LVAL_P(c))); \
+               if (Z_LVAL_P(c) < 255 && Z_LVAL_P(c) > -127) {  \
+                       RETURN_BOOL(iswhat(Z_LVAL_P(c))); \
+               }       \
+               SEPARATE_ZVAL(&c);      \
+               convert_to_string(c);   \
        case IS_STRING: \
                { \
                        char *p; \