From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 2 Aug 2005 17:01:05 +0000 (+0000)
Subject: Fixed bug #33958 (duplicate cookies and magic_quotes=off may cause a crash)
X-Git-Tag: RELEASE_2_0_0~45
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=990f7043d9ea32b3e7f3a28e3308f07fa2c7e459;p=php

Fixed bug #33958 (duplicate cookies and magic_quotes=off may cause a crash)
---

diff --git a/NEWS b/NEWS
index 2ef0b0791e..ee1efb3408 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,8 @@ PHP                                                                        NEWS
 ?? ??? 2005, PHP 5.1
 - Fixed bug #33967 (misuse of Exception constructor doesn't display errorfile).
   (Jani)
+- Fixed bug #33958 (duplicate cookies and magic_quotes=off may cause a crash).
+  (Ilia)
 - Fixed bug #33917 (number_format() output with > 1 char separators). (Jani)
 - Fixed bug #33904 (input array keys being escaped when magic quotes is off). 
   (Ilia)
diff --git a/main/php_variables.c b/main/php_variables.c
index 31f80674e1..3d686d0bc6 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -198,7 +198,9 @@ plain_var:
 				 */
 				if (PG(http_globals)[TRACK_VARS_COOKIE] && symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) && 
 					zend_symtable_find(symtable1, escaped_index, index_len+1, (void **) &tmp) != FAILURE) {
-					efree(escaped_index);
+					if (PG(magic_quotes_gpc)) { 
+						efree(escaped_index);
+					}
 					break;
 				}
 				zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);