Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831) #12

Merged
merged 1 commit into from

3 participants

@oerdnj

Hi,

this is fix for broken code as mentioned in #61043 and it is taking really too long to merge this very simple fix.

Trying git pull request now :)

O.

@cjbj

Is there a test for this?

@oerdnj

Updated pull request commit range to include tests/basic/magic_quotes_gpc.phpt which includes:

--TEST--
Bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
--INI--
magic_quotes_gpc=On
--FILE--
<?php
var_dump(ini_get("magic_quotes_gpc"));
?>
--EXPECT--
string(1) "1"

@dsp
Owner

I think the desired integration branch is PHP-5.3? Shouldnt be a problem anyway. We just have to make to not merge this into master, but instead into PHP-5.3

@oerdnj

Yup, PHP-5.3 it is. My bad. Or github bad, I am not sure I was given an option to chose the branch to merge to.

@dsp dsp merged commit d1fd543 into php:master
@dstogov dstogov referenced this pull request from a commit
@dstogov dstogov Added GC checks and improvements 276080e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
13 main/php_variables.c
@@ -450,7 +450,7 @@ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
/* turn off magic_quotes while importing environment variables */
int magic_quotes_gpc = PG(magic_quotes_gpc);
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
@@ -471,7 +471,10 @@ void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
if (t != buf && t != NULL) {
efree(t);
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
@@ -595,7 +598,7 @@ static inline void php_register_server_variables(TSRMLS_D)
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
}
PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
@@ -622,7 +625,9 @@ static inline void php_register_server_variables(TSRMLS_D)
php_register_variable_ex("REQUEST_TIME", &new_entry, array_ptr TSRMLS_CC);
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
/* }}} */
View
6 sapi/cgi/cgi_main.c
@@ -624,7 +624,7 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
/* turn off magic_quotes while importing environment variables */
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
@@ -638,7 +638,9 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
}
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
}
View
6 sapi/fpm/fpm/fpm_main.c
@@ -595,7 +595,7 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
/* turn off magic_quotes while importing environment variables */
- if (PG(magic_quotes_gpc)) {
+ if (magic_quotes_gpc) {
zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
}
for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
@@ -609,7 +609,9 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC);
}
}
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
}
static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
View
10 tests/basic/magic_quotes_gpc.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
+--INI--
+magic_quotes_gpc=On
+--FILE--
+<?php
+var_dump(ini_get("magic_quotes_gpc"));
+?>
+--EXPECT--
+string(1) "1"
Something went wrong with that request. Please try again.