- path with null entries

author Pierre Joye <pajoye@php.net>

Thu, 18 Nov 2010 17:09:27 +0000 (17:09 +0000)

committer Pierre Joye <pajoye@php.net>

Thu, 18 Nov 2010 17:09:27 +0000 (17:09 +0000)
author Pierre Joye <pajoye@php.net>
Thu, 18 Nov 2010 17:09:27 +0000 (17:09 +0000)
committer Pierre Joye <pajoye@php.net>
Thu, 18 Nov 2010 17:09:27 +0000 (17:09 +0000)
diff --git a/NEWS b/NEWS

index a4aed4135d5aaf83f1a608ea2b9c2bfd563c24ba..025c880ed72ee0dfd4d3392689486fd535add835 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,7 @@
  - Added a 3rd parameter to get_html_translation_table. It now takes a charset
    hint, like htmlentities et al. (Gustavo)
  
+- Path with NULL in them (foo\obar.txt) are now considered as invalid. (Rasmus)
  - Fixed a possible double free in imap extension (Identified by Mateusz 
    Kocielski). (CVE-2010-4150). (Ilia)
  - Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
diff --git a/UPGRADING b/UPGRADING

index 23e64f2885257f9967ac11c852e9cec4d6e2935d..b1c0870aaf78f22bd1eb4dd0898e4f1c2e7c88c9 100755 (executable)
--- a/UPGRADING
+++ b/UPGRADING
@@ -40,6 +40,9 @@ UPGRADE NOTES - PHP 5.3
  2. Changes made to existing functions
  =====================================
  
+- Paths containing NULL (like /some/path\0foo.txt) are now considered invalid. 
+  See http://news.php.net/php.internals/50191
+
  - The HTTP stream wrapper now considers all status codes from 200 to 399 to be
    successful.
author	Pierre Joye <pajoye@php.net>
	Thu, 18 Nov 2010 17:09:27 +0000 (17:09 +0000)
committer	Pierre Joye <pajoye@php.net>
	Thu, 18 Nov 2010 17:09:27 +0000 (17:09 +0000)