Skip to content

Loading…

Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831) #12

Merged
merged 1 commit into from

3 participants

@oerdnj

Hi,

this is fix for broken code as mentioned in #61043 and it is taking really too long to merge this very simple fix.

Trying git pull request now :)

O.

@cjbj

Is there a test for this?

@oerdnj

Updated pull request commit range to include tests/basic/magic_quotes_gpc.phpt which includes:

--TEST--
Bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
--INI--
magic_quotes_gpc=On
--FILE--
<?php
var_dump(ini_get("magic_quotes_gpc"));
?>
--EXPECT--
string(1) "1"

@dsp
php.net member

I think the desired integration branch is PHP-5.3? Shouldnt be a problem anyway. We just have to make to not merge this into master, but instead into PHP-5.3

@oerdnj

Yup, PHP-5.3 it is. My bad. Or github bad, I am not sure I was given an option to chose the branch to merge to.

@dsp dsp merged commit d1fd543 into php:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Showing with 27 additions and 8 deletions.
  1. +9 −4 main/php_variables.c
  2. +4 −2 sapi/cgi/cgi_main.c
  3. +4 −2 sapi/fpm/fpm/fpm_main.c
  4. +10 −0 tests/basic/magic_quotes_gpc.phpt
View
13 main/php_variables.c
@@ -450,7 +450,7 @@ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
/* turn off magic_quotes while importing environment variables */
int magic_quotes_gpc = PG(magic_quotes_gpc);
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
@@ -471,7 +471,10 @@ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
if (t != buf && t != NULL) {
efree(t);
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
@@ -595,7 +598,7 @@ static inline void php_register_server_variables(TSRMLS_D)
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
}
PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
@@ -622,7 +625,9 @@ static inline void php_register_server_variables(TSRMLS_D)
php_register_variable_ex("REQUEST_TIME", &new_entry, array_ptr TSRMLS_CC);
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
/* }}} */
View
6 sapi/cgi/cgi_main.c
@@ -624,7 +624,7 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
/* turn off magic_quotes while importing environment variables */
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
@@ -638,7 +638,9 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
}
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
}
View
6 sapi/fpm/fpm/fpm_main.c
@@ -595,7 +595,7 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
/* turn off magic_quotes while importing environment variables */
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
@@ -609,7 +609,9 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
}
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
View
10 tests/basic/magic_quotes_gpc.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
+--INI--
+magic_quotes_gpc=On
+--FILE--
+<?php
+var_dump(ini_get("magic_quotes_gpc"));
+?>
+--EXPECT--
+string(1) "1"
Something went wrong with that request. Please try again.