From: Ilia Alshanetsky Date: Wed, 3 Dec 2008 01:04:13 +0000 (+0000) Subject: Fixed bug #46731 (Missing validation for the options parameter of the X-Git-Tag: php-5.3.0alpha2~10 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a3a73148aa55547d809fd8ce3be115c08d66e395;p=php Fixed bug #46731 (Missing validation for the options parameter of the imap_fetch_overview() function). --- diff --git a/NEWS b/NEWS index e4b12ca336..3a833c8755 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,8 @@ PHP NEWS - Fixed check in recode extension to allow builing of recode and mysql extensions when using a recent libmysql. (Johannes) +- Fixed bug #46731 (Missing validation for the options parameter of the + imap_fetch_overview() function). (Ilia) - Fixed bug #46711 (cURL curl_setopt leaks memory in foreach loops). (magicaltux [at] php [dot] net) - Fixed bug #46578 (strip_tags() does not honor end-of-comment when it diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 540de3562a..8668ffb057 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3174,11 +3174,16 @@ PHP_FUNCTION(imap_fetch_overview) return; } + if (flags && !(flags & FT_UID)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "invalid value for the options parameter"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(imap_le_struct, pils *, &streamind, -1, "imap", le_imap); array_init(return_value); - - status = (flags & FT_UID) + + status = (flags & FT_UID) ? mail_uid_sequence(imap_le_struct->imap_stream, sequence) : mail_sequence(imap_le_struct->imap_stream, sequence);