Author: seanius
Date: 2007-04-22 16:47:04 +0000 (Sun, 22 Apr 2007)
New Revision: 5701
Added:
data/patches/MOPB/MOPB-26-php4.diff
Log:
a php4 fix for mopb 26 was found, though i couldnot get the exploit to work we
should take it
Added: data/patches/MOPB/MOPB-26-php4.diff
==================================================================---
data/patches/MOPB/MOPB-26-php4.diff 2007-04-22 15:07:50 UTC (rev 5700)
+++ data/patches/MOPB/MOPB-26-php4.diff 2007-04-22 16:47:04 UTC (rev 5701)
@@ -0,0 +1,36 @@
+--- mbstring.c 2006/12/21 17:28:57 1.142.2.47.2.19
++++ mbstring.c 2007/03/18 17:19:30 1.142.2.47.2.20
+@@ -17,7 +17,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: mbstring.c,v 1.142.2.47.2.19 2006/12/21 17:28:57 masugata Exp $ */
++/* $Id: mbstring.c,v 1.142.2.47.2.20 2007/03/18 17:19:30 iliaa Exp $ */
+
+ /*
+ * PHP4 Multibyte String module "mbstring"
+@@ -1954,9 +1954,9 @@
+ string.no_encoding = from_encoding;
+ old_rg = PG(register_globals);
+ if (argc == 1) {
+- PG(register_globals) = 1;
++ zend_alter_ini_entry("register_globals",
sizeof("register_globals"), "1", sizeof("1")-1,
PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
+ } else {
+- PG(register_globals) = 0;
++ zend_alter_ini_entry("register_globals",
sizeof("register_globals"), "0", sizeof("0")-1,
PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
+ }
+ n = 0;
+ while (n < num) {
+@@ -1985,7 +1985,11 @@
+ mbfl_string_clear(&resvar);
+ mbfl_string_clear(&resval);
+ }
+- PG(register_globals) = old_rg;
++ if (old_rg) {
++ zend_alter_ini_entry("register_globals",
sizeof("register_globals"), "1", sizeof("1")-1,
PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
++ } else {
++ zend_alter_ini_entry("register_globals",
sizeof("register_globals"), "0", sizeof("0")-1,
PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
++ }
+
+ if (convd != NULL) {
+ MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);