[Secure-testing-commits] r5719 - data/patches/MOPB
Sean Finney
seanius at alioth.debian.org
Mon Apr 23 20:05:36 UTC 2007
Author: seanius
Date: 2007-04-23 20:05:36 +0000 (Mon, 23 Apr 2007)
New Revision: 5719
Modified:
data/patches/MOPB/MOPB-19-php5.diff
Log:
no really, really this time i mean it, a good version of mopb 19
Modified: data/patches/MOPB/MOPB-19-php5.diff
===================================================================
--- data/patches/MOPB/MOPB-19-php5.diff 2007-04-23 18:00:14 UTC (rev 5718)
+++ data/patches/MOPB/MOPB-19-php5.diff 2007-04-23 20:05:36 UTC (rev 5719)
@@ -1,6 +1,7 @@
-# http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.11&r2=1.1.2.18&view=patch
---- logical_filters.c 2006/10/17 15:26:14 1.1.2.11
-+++ logical_filters.c 2006/12/26 09:16:24 1.1.2.18
+Index: php5-5.2.0/ext/filter/logical_filters.c
+===================================================================
+--- php5-5.2.0.orig/ext/filter/logical_filters.c 2007-04-23 20:22:47.000000000 +0200
++++ php5-5.2.0/ext/filter/logical_filters.c 2007-04-23 20:22:47.000000000 +0200
@@ -17,21 +17,33 @@
+----------------------------------------------------------------------+
*/
@@ -917,3 +918,210 @@
if (res < 1) {
RETURN_VALIDATION_FAILED
}
+Index: php5-5.2.0/ext/filter/filter_private.h
+===================================================================
+--- php5-5.2.0.orig/ext/filter/filter_private.h 2006-10-17 17:26:14.000000000 +0200
++++ php5-5.2.0/ext/filter/filter_private.h 2007-04-23 20:22:47.000000000 +0200
+@@ -81,27 +81,38 @@
+
+ #define FILTER_CALLBACK 0x0400
+
+-#define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
+- while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \
++#define RETURN_VALIDATION_FAILED \
++ zval_dtor(value); \
++ if (flags & FILTER_NULL_ON_FAILURE) { \
++ ZVAL_NULL(value); \
++ } else { \
++ ZVAL_FALSE(value); \
++ } \
++ return; \
++
++#define PHP_FILTER_TRIM_DEFAULT(p, len) { \
++ while ((len > 0) && (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p == '\n')) { \
+ p++; \
+ len--; \
+ } \
+- start = p; \
+- end = p + len - 1; \
+- if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \
+- unsigned int i; \
+- for (i = len - 1; i >= 0; i--) { \
+- if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' || p[i] == '\v')) { \
+- break; \
+- } \
+- } \
+- i++; \
+- p[i] = '\0'; \
+- end = p + i - 1; \
+- len = (int) (end - p) + 1; \
++ if (len < 1) { \
++ RETURN_VALIDATION_FAILED \
++ } \
++ while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \
++ len--; \
+ } \
+ }
+
++#define PHP_FILTER_GET_LONG_OPT(zv, opt) { \
++ if (Z_TYPE_PP(zv) != IS_LONG) { \
++ zval tmp = **zv; \
++ zval_copy_ctor(&tmp); \
++ convert_to_long(&tmp); \
++ opt = Z_LVAL(tmp); \
++ } else { \
++ opt = Z_LVAL_PP(zv); \
++ } \
++}
+
+ #endif /* FILTER_PRIVATE_H */
+
+Index: php5-5.2.0/ext/standard/php_string.h
+===================================================================
+--- php5-5.2.0.orig/ext/standard/php_string.h 2007-04-23 20:46:25.000000000 +0200
++++ php5-5.2.0/ext/standard/php_string.h 2007-04-23 20:49:04.000000000 +0200
+@@ -132,6 +132,7 @@
+ int needle_len, char *str, int str_len, int *_new_length);
+ PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval *return_value, int mode TSRMLS_DC);
+ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len);
++PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces);
+ PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_len, zval *result, int case_sensitivity, int *replace_count);
+ PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int to_len, zval *result);
+ PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC);
+Index: php5-5.2.0/ext/standard/string.c
+===================================================================
+--- php5-5.2.0.orig/ext/standard/string.c 2007-04-23 20:25:58.000000000 +0200
++++ php5-5.2.0/ext/standard/string.c 2007-04-23 20:45:31.000000000 +0200
+@@ -1230,11 +1230,11 @@
+ }
+
+ len = cend - comp;
+- ret = emalloc(len + 1);
+- memcpy(ret, comp, len);
+- ret[len] = '\0';
+
+ if (p_ret) {
++ ret = emalloc(len + 1);
++ memcpy(ret, comp, len);
++ ret[len] = '\0';
+ *p_ret = ret;
+ }
+ if (p_len) {
+@@ -1876,6 +1876,8 @@
+
+ if (offset >= 0) {
+ if (offset > haystack_len) {
++ efree(needle_dup);
++ efree(haystack_dup);
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the length of haystack string");
+ RETURN_FALSE;
+ }
+@@ -1883,6 +1885,8 @@
+ e = haystack_dup + haystack_len - needle_len;
+ } else {
+ if (-offset > haystack_len) {
++ efree(needle_dup);
++ efree(haystack_dup);
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the length of haystack string");
+ RETURN_FALSE;
+ }
+@@ -3872,7 +3876,7 @@
+ }
+ convert_to_string_ex(str);
+ buf = estrndup(Z_STRVAL_PP(str), Z_STRLEN_PP(str));
+- retval_len = php_strip_tags(buf, Z_STRLEN_PP(str), NULL, allowed_tags, allowed_tags_len);
++ retval_len = php_strip_tags_ex(buf, Z_STRLEN_PP(str), NULL, allowed_tags, allowed_tags_len, 0);
+ RETURN_STRINGL(buf, retval_len, 0);
+ }
+ /* }}} */
+@@ -4026,7 +4030,13 @@
+ int php_tag_find(char *tag, int len, char *set) {
+ char c, *n, *t;
+ int state=0, done=0;
+- char *norm = emalloc(len+1);
++ char *norm;
++
++ if (len <= 0) {
++ return 0;
++ }
++
++ norm = emalloc(len+1);
+
+ n = norm;
+ t = tag;
+@@ -4036,9 +4046,6 @@
+ and turn any <a whatever...> into just <a> and any </tag>
+ into <tag>
+ */
+- if (!len) {
+- return 0;
+- }
+ while (!done) {
+ switch (c) {
+ case '<':
+@@ -4076,6 +4083,11 @@
+ }
+ /* }}} */
+
++PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
++{
++ return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0);
++}
++
+ /* {{{ php_strip_tags
+
+ A simple little state-machine to strip out html and php tags
+@@ -4096,10 +4108,10 @@
+ swm: Added ability to strip <?xml tags without assuming it PHP
+ code.
+ */
+-PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
++PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces)
+ {
+ char *tbuf, *buf, *p, *tp, *rp, c, lc;
+- int br, i=0, depth=0;
++ int br, i=0, depth=0, in_q = 0;
+ int state = 0;
+
+ if (stateptr)
+@@ -4124,7 +4136,7 @@
+ case '\0':
+ break;
+ case '<':
+- if (isspace(*(p + 1))) {
++ if (isspace(*(p + 1)) && !allow_tag_spaces) {
+ goto reg_char;
+ }
+ if (state == 0) {
+@@ -4133,7 +4145,7 @@
+ if (allow) {
+ tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+ *(tp++) = '<';
+- }
++ }
+ } else if (state == 1) {
+ depth++;
+ }
+@@ -4172,7 +4184,11 @@
+ depth--;
+ break;
+ }
+-
++
++ if (in_q) {
++ break;
++ }
++
+ switch (state) {
+ case 1: /* HTML/XML */
+ lc = '>';
+@@ -4228,6 +4244,9 @@
+ tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+ *(tp++) = c;
+ }
++ if (p != buf && *(p-1) != '\\') {
++ in_q = !in_q;
++ }
+ break;
+
+ case '!':
More information about the Secure-testing-commits
mailing list