From a3a73148aa55547d809fd8ce3be115c08d66e395 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Wed, 3 Dec 2008 01:04:13 +0000 Subject: [PATCH] Fixed bug #46731 (Missing validation for the options parameter of the imap_fetch_overview() function). --- NEWS | 2 ++ ext/imap/php_imap.c | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index e4b12ca336..3a833c8755 100644 --- a/NEWS +++ b/NEWS @@ -42,6 +42,8 @@ PHP NEWS - Fixed check in recode extension to allow builing of recode and mysql extensions when using a recent libmysql. (Johannes) +- Fixed bug #46731 (Missing validation for the options parameter of the + imap_fetch_overview() function). (Ilia) - Fixed bug #46711 (cURL curl_setopt leaks memory in foreach loops). (magicaltux [at] php [dot] net) - Fixed bug #46578 (strip_tags() does not honor end-of-comment when it diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 540de3562a..8668ffb057 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3174,11 +3174,16 @@ PHP_FUNCTION(imap_fetch_overview) return; } + if (flags && !(flags & FT_UID)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "invalid value for the options parameter"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(imap_le_struct, pils *, &streamind, -1, "imap", le_imap); array_init(return_value); - - status = (flags & FT_UID) + + status = (flags & FT_UID) ? mail_uid_sequence(imap_le_struct->imap_stream, sequence) : mail_sequence(imap_le_struct->imap_stream, sequence); -- 2.50.1