diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2008-01-06 17:12:29 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2008-01-06 17:12:29 +0000 |
| commit | 0b25a9fb8c64a59f9dc23bcdc2f9fce26f7583fc (patch) | |
| tree | 87876d8cd48df320275e75bb52de445959004817 | |
| parent | 4490673e0e3884374a12735f53785c96b81f20d5 (diff) | |
| download | php-git-0b25a9fb8c64a59f9dc23bcdc2f9fce26f7583fc.tar.gz | |
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/curl/interface.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -2,6 +2,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2008, PHP 5.2.6 - Fixed weired behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson) +- Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. + (Ilia) - Fixed bug #43663 (Extending PDO class with a __call() function doesn't work). (David Soria Parra) diff --git a/ext/curl/interface.c b/ext/curl/interface.c index 5f7de2bcc7..f832d5bbd5 100644 --- a/ext/curl/interface.c +++ b/ext/curl/interface.c @@ -173,7 +173,7 @@ static void _php_curl_close(zend_rsrc_list_entry *rsrc TSRMLS_DC); php_curl_ret(__ret); \ } \ \ - if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ + if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \ php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters", str); \ php_url_free(tmp_url); \ php_curl_ret(__ret); \ |