PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
10 Mar 2011, PHP 5.3.6RC3
-- Core:
- . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
- (tomas dot brastavicius at quantum dot lt, Pierrick)
-
- Shmop extension:
. Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)
+++ /dev/null
---TEST--
-Bug #54180 (parse_url() incorrectly parses path when ? in fragment)
---FILE--
-<?php
-
-var_dump(parse_url("http://example.com/path/script.html?t=1#fragment?data"));
-var_dump(parse_url("http://example.com/path/script.html#fragment?data"));
-
-?>
---EXPECTF--
-array(5) {
- ["scheme"]=>
- string(4) "http"
- ["host"]=>
- string(11) "example.com"
- ["path"]=>
- string(17) "/path/script.html"
- ["query"]=>
- string(3) "t=1"
- ["fragment"]=>
- string(13) "fragment?data"
-}
-array(4) {
- ["scheme"]=>
- string(4) "http"
- ["host"]=>
- string(11) "example.com"
- ["path"]=>
- string(17) "/path/script.html"
- ["fragment"]=>
- string(13) "fragment?data"
-}
pp = strchr(s, '#');
if (pp && pp < p) {
- if (pp - s) {
- ret->path = estrndup(s, (pp-s));
- php_replace_controlchars_ex(ret->path, (pp - s));
- }
p = pp;
goto label_parse;
}
projects / php / commitdiff