From: Antony Dovgal <tony2001@php.net>
Date: Tue, 13 Feb 2007 15:55:45 +0000 (+0000)
Subject: fix #40455 (proc_open() uses wrong commandline when safe_mode_exec_dir is set)
X-Git-Tag: php-5.2.2RC1~411
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dc9e17faf3ca0a2d357913ee48266c9120225fcf;p=php

fix #40455 (proc_open() uses wrong commandline when safe_mode_exec_dir is set)
---

diff --git a/NEWS b/NEWS
index 9e0832829b..d84df83fb1 100644
--- a/NEWS
+++ b/NEWS
@@ -5,9 +5,13 @@ PHP                                                                        NEWS
 - Upgraded PCRE to version 7.0 (Nuno)
 - Add --ri switch to CLI which allows to check extension information. (Marcus)
 - Added tidyNode::getParent() method (John, Nuno)
+- Fixed bug #40455 (proc_open() uses wrong commandline when safe_mode_exec_dir 
+  is set). (Tony)
 - Fixed bug #40432 (strip_tags() fails with greater than in attribute). (Ilia)
 - Fixed bug #40431 (dynamic properties may cause crash in ReflectionProperty 
   methods). (Tony)
+- Fixed bug #40451 (addAttribute() may crash when used with non-existent child 
+  node). (Tony)
 - Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre)
 - Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony)
 - Fixed bug #40109 (iptcembed fails on non-jfif jpegs). (Tony)
diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c
index 73ecf1bd82..49755ef868 100644
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -276,7 +276,7 @@ static int php_make_safe_mode_command(char *cmd, char **safecmd, int is_persiste
 
 	sep = zend_memrchr(arg0, PHP_DIR_SEPARATOR, larg0);
 
-	spprintf(safecmd, 0, "%s%c%s%s", PG(safe_mode_exec_dir), (sep ? *sep : '/'), (sep ? "" : arg0), (space ? cmd + larg0 : ""));
+	spprintf(safecmd, 0, "%s%s%s%s", PG(safe_mode_exec_dir), (sep ? sep : "/"), (sep ? "" : arg0), (space ? cmd + larg0 : ""));
 
 	efree(arg0);
 	arg0 = php_escape_shell_cmd(*safecmd);