PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
10 Mar 2011, PHP 5.3.6RC3
+- Core:
+ . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment).
+ (tomas dot brastavicius at quantum dot lt, Pierrick)
+
- Shmop extension:
. Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe)
Reported by Jose Carlos Norte <jose at eyeos dot org> (CVE-2011-1092)
--- /dev/null
+--TEST--
+Bug #54180 (parse_url() incorrectly parses path when ? in fragment)
+--FILE--
+<?php
+
+var_dump(parse_url("http://example.com/path/script.html?t=1#fragment?data"));
+var_dump(parse_url("http://example.com/path/script.html#fragment?data"));
+
+?>
+--EXPECTF--
+array(5) {
+ ["scheme"]=>
+ string(4) "http"
+ ["host"]=>
+ string(11) "example.com"
+ ["path"]=>
+ string(17) "/path/script.html"
+ ["query"]=>
+ string(3) "t=1"
+ ["fragment"]=>
+ string(13) "fragment?data"
+}
+array(4) {
+ ["scheme"]=>
+ string(4) "http"
+ ["host"]=>
+ string(11) "example.com"
+ ["path"]=>
+ string(17) "/path/script.html"
+ ["fragment"]=>
+ string(13) "fragment?data"
+}
pp = strchr(s, '#');
if (pp && pp < p) {
+ if (pp - s) {
+ ret->path = estrndup(s, (pp-s));
+ php_replace_controlchars_ex(ret->path, (pp - s));
+ }
p = pp;
goto label_parse;
}
projects / php / commitdiff