Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'PHP-5.4'

* PHP-5.4:
  improve fix for CVE-2012-1823
  Fix for CVE-2012-1823
  • Loading branch information...
commit 857fc1b473f5d27ed5ea6aa78420498dbb71c6b6 2 parents 2c505ec + 36587ff
@smalyshev smalyshev authored
Showing with 8 additions and 3 deletions.
  1. +8 −3 sapi/cgi/cgi_main.c
View
11 sapi/cgi/cgi_main.c
@@ -1806,10 +1806,15 @@ int main(int argc, char *argv[])
}
}
- if(query_string = getenv("QUERY_STRING")) {
+ if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
+ /* we've got query string that has no = - apache CGI will pass it to command line */
+ unsigned char *p;
decoded_query_string = strdup(query_string);
php_url_decode(decoded_query_string, strlen(decoded_query_string));
- if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {
+ for (p = decoded_query_string; *p && *p <= ' '; p++) {
+ /* skip all leading spaces */
+ }
+ if(*p == '-') {
skip_getopt = 1;
}
free(decoded_query_string);
@@ -2073,7 +2078,7 @@ consult the installation file that came with this distribution, or visit \n\
}
zend_first_try {
- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
+ while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
switch (c) {
case 'T':
benchmark = 1;
Please sign in to comment.
Something went wrong with that request. Please try again.