From: Antony Dovgal <tony2001@php.net>
Date: Wed, 12 Apr 2006 15:13:57 +0000 (+0000)
Subject: fix #37057 (xmlrpc_decode() may produce arrays with numeric strings which are unacces... 
X-Git-Tag: php-5.1.3RC3~40
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=195271dd23ba6779d0e39d7614327fb4c3bc121f;p=php

fix #37057 (xmlrpc_decode() may produce arrays with numeric strings which are unaccessible)
---

diff --git a/NEWS b/NEWS
index 2a3ebe45c0..cbf459552d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Apr 2006, PHP 5.1.3
+- Fixed bug #37057 (xmlrpc_decode() may produce arrays with numeric strings, 
+  which are unaccessible). (Tony)
 - Fixed bug #37055 (incorrect reference counting for persistent OCI8 
   connections). (Tony)
 - Fixed bug #37053 (html_errors with internal classes produces wrong links). 
diff --git a/ext/xmlrpc/xmlrpc-epi-php.c b/ext/xmlrpc/xmlrpc-epi-php.c
index 871340132c..8b6f963f5d 100644
--- a/ext/xmlrpc/xmlrpc-epi-php.c
+++ b/ext/xmlrpc/xmlrpc-epi-php.c
@@ -300,7 +300,13 @@ static int add_zval(zval* list, const char* id, zval** val)
 {
 	if (list && val) {
 		if (id) {
-			return zend_hash_update(Z_ARRVAL_P(list), (char*) id, strlen(id) + 1, (void *) val, sizeof(zval **), NULL);
+			int id_len = strlen(id);
+			if (!(id_len > 1 && id[0] == '0') && is_numeric_string((char *)id, id_len, NULL, NULL, 0) == IS_LONG) {
+				long index = strtol(id, NULL, 0);
+				return zend_hash_index_update(Z_ARRVAL_P(list), index, (void *) val, sizeof(zval **), NULL);
+			} else {
+				return zend_hash_update(Z_ARRVAL_P(list), (char*) id, strlen(id) + 1, (void *) val, sizeof(zval **), NULL);
+			}
 		} else {
 			return zend_hash_next_index_insert(Z_ARRVAL_P(list), (void *) val, sizeof(zval **), NULL); 
 		}