[Secure-testing-commits] r5716 - data/patches/MOPB
Sean Finney
seanius at alioth.debian.org
Mon Apr 23 17:52:25 UTC 2007
Author: seanius
Date: 2007-04-23 17:52:25 +0000 (Mon, 23 Apr 2007)
New Revision: 5716
Modified:
data/patches/MOPB/MOPB-19-php5.diff
Log:
let's try this one
Modified: data/patches/MOPB/MOPB-19-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-19-php5.diff 2007-04-23 17:41:51 UTC (rev 5715)
+++ data/patches/MOPB/MOPB-19-php5.diff 2007-04-23 17:52:25 UTC (rev 5716)
@@ -1,6 +1,7 @@
---- logical_filters.c 2006/12/20 19:48:12 1.1.2.17
+# http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.12&r2=1.1.2.18&view=patch
+--- logical_filters.c 2006/12/16 21:48:05 1.1.2.12
+++ logical_filters.c 2006/12/26 09:16:24 1.1.2.18
-@@ -24,10 +24,14 @@
+@@ -17,18 +17,26 @@
#include "ext/standard/url.h"
#include "ext/pcre/php_pcre.h"
@@ -12,10 +13,14 @@
+#define LONG_SIGN_MASK (1L << (8*sizeof(long)-1))
+
- #ifndef INADDR_NONE
- # define INADDR_NONE ((unsigned long int) -1)
- #endif
-@@ -39,8 +43,7 @@
++#ifndef INADDR_NONE
++# define INADDR_NONE ((unsigned long int) -1)
++#endif
++
++
+ /* {{{ FETCH_LONG_OPTION(var_name, option_name) */
+ #define FETCH_LONG_OPTION(var_name, option_name) \
+ var_name = 0; \
var_name##_set = 0; \
if (option_array) { \
if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \
@@ -25,7 +30,7 @@
var_name##_set = 1; \
} \
}
-@@ -53,10 +56,11 @@
+@@ -48,10 +56,11 @@
var_name##_len = 0; \
if (option_array) { \
if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \
@@ -41,9 +46,19 @@
} \
}
/* }}} */
-@@ -65,14 +69,13 @@
+@@ -59,24 +68,14 @@
+ #define FORMAT_IPV4 4
#define FORMAT_IPV6 6
+-#define RETURN_VALIDATION_FAILED \
+- zval_dtor(value); \
+- if (flags & FILTER_NULL_ON_FAILURE) { \
+- ZVAL_NULL(value); \
+- } else { \
+- ZVAL_FALSE(value); \
+- } \
+- return; \
+-
static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
- long ctx_value = 0;
+ long ctx_value;
@@ -61,7 +76,7 @@
case '-':
sign = -1;
case '+':
-@@ -82,88 +85,79 @@
+@@ -86,88 +85,79 @@
}
/* must start with 1..9*/
@@ -197,7 +212,7 @@
}
/* }}} */
-@@ -175,7 +169,7 @@
+@@ -179,7 +169,7 @@
int allow_octal = 0, allow_hex = 0;
int len, error = 0;
long ctx_value;
@@ -206,7 +221,7 @@
/* Parse options */
FETCH_LONG_OPTION(min_range, "min_range");
-@@ -200,12 +194,12 @@
+@@ -204,12 +194,12 @@
p = Z_STRVAL_P(value);
ctx_value = 0;
@@ -222,7 +237,7 @@
if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) {
error = 1;
}
-@@ -213,7 +207,7 @@
+@@ -217,7 +207,7 @@
if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) {
error = 1;
}
@@ -231,7 +246,7 @@
error = 1;
}
} else {
-@@ -236,34 +230,65 @@
+@@ -240,34 +230,65 @@
void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
char *str = Z_STRVAL_P(value);
@@ -318,7 +333,7 @@
}
}
/* }}} */
-@@ -271,169 +296,102 @@
+@@ -275,168 +296,102 @@
void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
int len;
@@ -338,14 +353,14 @@
- long options_flag;
- int options_flag_set;
-+ long lval;
-+ double dval;
-
+-
- int sign = 1;
-
- double ret_val = 0;
- double factor;
--
++ long lval;
++ double dval;
+
- int exp_value = 0, exp_multiply = 1;
+ int first, n;
@@ -356,11 +371,8 @@
- }
-
str = Z_STRVAL_P(value);
+- start = str;
-- PHP_FILTER_TRIM_DEFAULT(str, len, end);
--
-- start = str;
--
- if (len == 1) {
- if (*str >= '0' && *str <= '9') {
- ret_val = (double)*str - '0';
@@ -390,6 +402,8 @@
- dec_sep = *default_decimal;
- }
-
+- PHP_FILTER_TRIM_DEFAULT(str, len, end);
+-
- if (*str == '-') {
- sign = -1;
- str++;
@@ -398,8 +412,8 @@
- sign = 1;
- str++;
- start = str;
-- }
--
+ }
+
- ret_val = 0.0;
-
- while (*str == '0') {
@@ -436,9 +450,9 @@
- }
- if (!(*str)) {
- goto stateT;
- }
+- }
- str++;
-
+-
-stateDot:
- factor = 0.1;
- while (*str) {
@@ -556,8 +570,46 @@
}
/* }}} */
-@@ -533,179 +491,95 @@
+@@ -480,6 +435,13 @@
+ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
+ {
+ php_url *url;
++ int old_len = Z_STRLEN_P(value);
++
++ php_filter_url(value, flags, option_array, charset TSRMLS_CC);
++
++ if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) {
++ RETURN_VALIDATION_FAILED
++ }
+ /* Use parse_url - if it returns false, we return NULL */
+ url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
+@@ -489,10 +451,10 @@
+ }
+
+ if (
+- ((flags & FILTER_FLAG_SCHEME_REQUIRED) && url->scheme == NULL) ||
+- ((flags & FILTER_FLAG_HOST_REQUIRED) && url->host == NULL) ||
+- ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) ||
+- ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
++ url->scheme == NULL ||
++ /* some schemas allow the host to be empty */
++ (url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
++ ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
+ ) {
+ php_url_free(url);
+ RETURN_VALIDATION_FAILED
+@@ -504,7 +466,7 @@
+ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
+ {
+ /* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
+- const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\v\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
++ const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
+
+ pcre *re = NULL;
+ pcre_extra *pcre_extra = NULL;
+@@ -529,179 +491,95 @@
+
static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */
{
- unsigned long int i = inet_addr(str);
@@ -668,7 +720,7 @@
- }
- ipv4++;
-
-- if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm)) {
+- if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm TSRMLS_CC)) {
+ if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) {
return 0;
}
@@ -796,7 +848,7 @@
}
/* }}} */
-@@ -770,7 +644,7 @@
+@@ -766,7 +644,7 @@
case FORMAT_IPV6:
{
int res = 0;
More information about the Secure-testing-commits
mailing list