Secure testing commits - Apr 2007 - r5716 - data/patches/MOPB

Author: seanius
Date: 2007-04-23 17:52:25 +0000 (Mon, 23 Apr 2007)
New Revision: 5716

Modified:
   data/patches/MOPB/MOPB-19-php5.diff
Log:
let''s try this one

Modified: data/patches/MOPB/MOPB-19-php5.diff
==================================================================---
data/patches/MOPB/MOPB-19-php5.diff	2007-04-23 17:41:51 UTC (rev 5715)
+++ data/patches/MOPB/MOPB-19-php5.diff	2007-04-23 17:52:25 UTC (rev 5716)
@@ -1,6 +1,7 @@
---- logical_filters.c	2006/12/20 19:48:12	1.1.2.17
+#
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.12&r2=1.1.2.18&view=patch
+--- logical_filters.c	2006/12/16 21:48:05	1.1.2.12
 +++ logical_filters.c	2006/12/26 09:16:24	1.1.2.18
-@@ -24,10 +24,14 @@
+@@ -17,18 +17,26 @@
  #include "ext/standard/url.h"
  #include "ext/pcre/php_pcre.h"
  
@@ -12,10 +13,14 @@
  
 +#define LONG_SIGN_MASK (1L << (8*sizeof(long)-1))
 +
- #ifndef INADDR_NONE
- # define INADDR_NONE ((unsigned long int) -1)
- #endif
-@@ -39,8 +43,7 @@
++#ifndef INADDR_NONE
++# define INADDR_NONE ((unsigned long int) -1)
++#endif
++
++
+ /* {{{ FETCH_LONG_OPTION(var_name, option_name) */
+ #define FETCH_LONG_OPTION(var_name, option_name)                              
\
+ 	var_name = 0;                                                                
\
  	var_name##_set = 0;                                                          
\
  	if (option_array) {                                                          
\
  		if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name),
(void **) &option_val) == SUCCESS) { \
@@ -25,7 +30,7 @@
  			var_name##_set = 1;                                                        
\
  		}                                                                           
\
  	}
-@@ -53,10 +56,11 @@
+@@ -48,10 +56,11 @@
  	var_name##_len = 0;                                                          
\
  	if (option_array) {                                                          
\
  		if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name),
(void **) &option_val) == SUCCESS) { \
@@ -41,9 +46,19 @@
  		}                                                                           
\
  	}
  /* }}} */
-@@ -65,14 +69,13 @@
+@@ -59,24 +68,14 @@
+ #define FORMAT_IPV4    4
  #define FORMAT_IPV6    6
  
+-#define RETURN_VALIDATION_FAILED	\
+-	zval_dtor(value);	\
+-	if (flags & FILTER_NULL_ON_FAILURE) {	\
+-		ZVAL_NULL(value);	\
+-	} else {	\
+-		ZVAL_FALSE(value);	\
+-	}	\
+-	return;	\
+-
  static int php_filter_parse_int(const char *str, unsigned int str_len, long
*ret TSRMLS_DC) { /* {{{ */
 -	long ctx_value = 0;
 +	long ctx_value;
@@ -61,7 +76,7 @@
  		case ''-'':
  			sign = -1;
  		case ''+'':
-@@ -82,88 +85,79 @@
+@@ -86,88 +85,79 @@
  	}
  
  	/* must start with 1..9*/
@@ -197,7 +212,7 @@
  }
  /* }}} */
  
-@@ -175,7 +169,7 @@
+@@ -179,7 +169,7 @@
  	int    allow_octal = 0, allow_hex = 0;
  	int	   len, error = 0;
  	long   ctx_value;
@@ -206,7 +221,7 @@
  
  	/* Parse options */
  	FETCH_LONG_OPTION(min_range,    "min_range");
-@@ -200,12 +194,12 @@
+@@ -204,12 +194,12 @@
  	p = Z_STRVAL_P(value);
  	ctx_value = 0;
  
@@ -222,7 +237,7 @@
  			if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) {
  				error = 1;
  			}
-@@ -213,7 +207,7 @@
+@@ -217,7 +207,7 @@
  			if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) {
  				error = 1;
  			}
@@ -231,7 +246,7 @@
  			error = 1;
  		}
  	} else {
-@@ -236,34 +230,65 @@
+@@ -240,34 +230,65 @@
  void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
  {
  	char *str = Z_STRVAL_P(value);
@@ -318,7 +333,7 @@
  	}
  }
  /* }}} */
-@@ -271,169 +296,102 @@
+@@ -275,168 +296,102 @@
  void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
  {
  	int len;
@@ -338,14 +353,14 @@
  
 -	long options_flag;
 -	int options_flag_set;
-+	long lval;
-+	double dval;
- 
+-
 -	int sign = 1;
 -
 -	double ret_val = 0;
 -	double factor;
--
++	long lval;
++	double dval;
+ 
 -	int exp_value = 0, exp_multiply = 1;
 +	int first, n;
  
@@ -356,11 +371,8 @@
 -	}
 -
  	str = Z_STRVAL_P(value);
+-	start = str;
  
--	PHP_FILTER_TRIM_DEFAULT(str, len, end);
--
--	start = str;
--
 -	if (len == 1) {
 -		if (*str >= ''0'' && *str <=
''9'') {
 -			ret_val = (double)*str - ''0'';
@@ -390,6 +402,8 @@
 -		dec_sep = *default_decimal;
 -	}
 -
+-	PHP_FILTER_TRIM_DEFAULT(str, len, end);
+-
 -	if (*str == ''-'') {
 -		sign = -1;
 -		str++;
@@ -398,8 +412,8 @@
 -		sign = 1;
 -		str++;
 -		start = str;
--	}
--
+ 	}
+ 
 -	ret_val = 0.0;
 -
 -	while (*str == ''0'') {
@@ -436,9 +450,9 @@
 -	}
 -	if (!(*str)) {
 -		goto stateT;
- 	}
+-	}
 -	str++;
- 
+-
 -stateDot:
 -	factor = 0.1;
 -	while (*str) {
@@ -556,8 +570,46 @@
  }
  /* }}} */
  
-@@ -533,179 +491,95 @@
+@@ -480,6 +435,13 @@
+ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
+ {
+ 	php_url *url;
++	int old_len = Z_STRLEN_P(value);
++	
++	php_filter_url(value, flags, option_array, charset TSRMLS_CC);
++
++	if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) {
++		RETURN_VALIDATION_FAILED
++	}
  
+ 	/* Use parse_url - if it returns false, we return NULL */
+ 	url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
+@@ -489,10 +451,10 @@
+ 	}
+ 
+ 	if (
+-		((flags & FILTER_FLAG_SCHEME_REQUIRED) && url->scheme ==
NULL) ||
+-		((flags & FILTER_FLAG_HOST_REQUIRED) && url->host == NULL) ||
+-		((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) ||
+-		((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
++		url->scheme == NULL || 
++		/* some schemas allow the host to be empty */
++		(url->host == NULL && (strcmp(url->scheme, "mailto")
&& strcmp(url->scheme, "news") &&
strcmp(url->scheme, "file"))) ||
++		((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) ||
((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
+ 	) {
+ 		php_url_free(url);
+ 		RETURN_VALIDATION_FAILED
+@@ -504,7 +466,7 @@
+ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
+ {
+ 	/* From
http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
+-	const char regexp[] =
"/^((\\\"[^\\\"\\f\\n\\r\\t\\v\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\''\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\''\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
++	const char regexp[] =
"/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\''\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\''\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
+ 
+ 	pcre       *re = NULL;
+ 	pcre_extra *pcre_extra = NULL;
+@@ -529,179 +491,95 @@
+ 
  static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{
*/
  {
 -	unsigned long int i = inet_addr(str);
@@ -668,7 +720,7 @@
 -		}
 -		ipv4++;
 -
--		if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm)) {
+-		if (!_php_filter_validate_ipv4(ipv4, (str + str_len - ipv4), ip4elm
TSRMLS_CC)) {
 +		if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) {
  			return 0;
  		}
@@ -796,7 +848,7 @@
  }
  /* }}} */
  
-@@ -770,7 +644,7 @@
+@@ -766,7 +644,7 @@
  		case FORMAT_IPV6:
  			{
  				int res = 0;