Secure testing commits - Apr 2007 - r5719 - data/patches/MOPB

Author: seanius
Date: 2007-04-23 20:05:36 +0000 (Mon, 23 Apr 2007)
New Revision: 5719

Modified:
   data/patches/MOPB/MOPB-19-php5.diff
Log:
no really, really this time i mean it, a good version of mopb 19

Modified: data/patches/MOPB/MOPB-19-php5.diff
==================================================================---
data/patches/MOPB/MOPB-19-php5.diff	2007-04-23 18:00:14 UTC (rev 5718)
+++ data/patches/MOPB/MOPB-19-php5.diff	2007-04-23 20:05:36 UTC (rev 5719)
@@ -1,6 +1,7 @@
-#
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.11&r2=1.1.2.18&view=patch
---- logical_filters.c	2006/10/17 15:26:14	1.1.2.11
-+++ logical_filters.c	2006/12/26 09:16:24	1.1.2.18
+Index: php5-5.2.0/ext/filter/logical_filters.c
+==================================================================+---
php5-5.2.0.orig/ext/filter/logical_filters.c	2007-04-23 20:22:47.000000000 +0200
++++ php5-5.2.0/ext/filter/logical_filters.c	2007-04-23 20:22:47.000000000 +0200
 @@ -17,21 +17,33 @@
    +----------------------------------------------------------------------+
  */
@@ -917,3 +918,210 @@
  				if (res < 1) {
  					RETURN_VALIDATION_FAILED
  				}
+Index: php5-5.2.0/ext/filter/filter_private.h
+==================================================================+---
php5-5.2.0.orig/ext/filter/filter_private.h	2006-10-17 17:26:14.000000000 +0200
++++ php5-5.2.0/ext/filter/filter_private.h	2007-04-23 20:22:47.000000000 +0200
+@@ -81,27 +81,38 @@
+ 
+ #define FILTER_CALLBACK               0x0400
+ 
+-#define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
+-	while (*p == '' '' || *p == ''\t'' || *p ==
''\r'' || *p == ''\v'') { \
++#define RETURN_VALIDATION_FAILED	\
++	zval_dtor(value);	\
++	if (flags & FILTER_NULL_ON_FAILURE) {	\
++		ZVAL_NULL(value);	\
++	} else {	\
++		ZVAL_FALSE(value);	\
++	}	\
++	return;	\
++
++#define PHP_FILTER_TRIM_DEFAULT(p, len) { \
++	while ((len > 0)  && (*p == '' '' || *p ==
''\t'' || *p == ''\r'' || *p ==
''\v'' || *p == ''\n'')) { \
+ 		p++; \
+ 		len--; \
+ 	} \
+-	start = p; \
+-	end = p + len - 1; \
+-	if (*end == '' '' || *end == ''\t'' || *end
== ''\r'' || *end == ''\v'') { \
+-		unsigned int i; \
+-		for (i = len - 1; i >= 0; i--) { \
+-			if (!(p[i] == '' '' || p[i] == ''\t'' ||
p[i] == ''\r'' || p[i] == ''\v'')) { \
+-				break; \
+-			} \
+-		} \
+-		i++; \
+-		p[i] = ''\0''; \
+-		end = p + i - 1; \
+-		len = (int) (end - p) + 1; \
++	if (len < 1) { \
++		RETURN_VALIDATION_FAILED \
++	} \
++	while (p[len-1] == '' '' || p[len-1] ==
''\t'' || p[len-1] == ''\r'' || p[len-1] ==
''\v'' || p[len-1] == ''\n'') { \
++		len--; \
+ 	} \
+ }
+ 
++#define PHP_FILTER_GET_LONG_OPT(zv, opt) { \
++	if (Z_TYPE_PP(zv) != IS_LONG) {                                              
\
++		zval tmp = **zv;                                                            
\
++		zval_copy_ctor(&tmp);                                                   
\
++		convert_to_long(&tmp);                                                  
\
++		opt = Z_LVAL(tmp);                                                          
\
++	} else {                                                                     
\
++		opt = Z_LVAL_PP(zv);                                                        
\
++	}                                                                            
\
++}
+ 
+ #endif /* FILTER_PRIVATE_H */
+ 
+Index: php5-5.2.0/ext/standard/php_string.h
+==================================================================+---
php5-5.2.0.orig/ext/standard/php_string.h	2007-04-23 20:46:25.000000000 +0200
++++ php5-5.2.0/ext/standard/php_string.h	2007-04-23 20:49:04.000000000 +0200
+@@ -132,6 +132,7 @@
+ 		int needle_len, char *str, int str_len, int *_new_length);
+ PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval
*return_value, int mode TSRMLS_DC);
+ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int
allow_len);
++PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char
*allow, int allow_len, zend_bool allow_tag_spaces);
+ PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int
to_len, zval *result, int case_sensitivity, int *replace_count);
+ PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int
to_len, zval *result);
+ PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC);
+Index: php5-5.2.0/ext/standard/string.c
+==================================================================+---
php5-5.2.0.orig/ext/standard/string.c	2007-04-23 20:25:58.000000000 +0200
++++ php5-5.2.0/ext/standard/string.c	2007-04-23 20:45:31.000000000 +0200
+@@ -1230,11 +1230,11 @@
+ 	}
+ 
+ 	len = cend - comp;
+-	ret = emalloc(len + 1);
+-	memcpy(ret, comp, len);
+-	ret[len] = ''\0'';
+ 
+ 	if (p_ret) {
++		ret = emalloc(len + 1);
++		memcpy(ret, comp, len);
++		ret[len] = ''\0'';
+ 		*p_ret = ret;
+ 	}
+ 	if (p_len) {
+@@ -1876,6 +1876,8 @@
+ 
+ 	if (offset >= 0) {
+ 		if (offset > haystack_len) {
++			efree(needle_dup);
++			efree(haystack_dup);
+ 			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the
length of haystack string");
+ 			RETURN_FALSE;
+ 		}
+@@ -1883,6 +1885,8 @@
+ 		e = haystack_dup + haystack_len - needle_len;
+ 	} else {
+ 		if (-offset > haystack_len) {
++			efree(needle_dup);
++			efree(haystack_dup);
+ 			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Offset is greater than the
length of haystack string");
+ 			RETURN_FALSE;
+ 		}
+@@ -3872,7 +3876,7 @@
+ 	}
+ 	convert_to_string_ex(str);
+ 	buf = estrndup(Z_STRVAL_PP(str), Z_STRLEN_PP(str));
+-	retval_len = php_strip_tags(buf, Z_STRLEN_PP(str), NULL, allowed_tags,
allowed_tags_len);
++	retval_len = php_strip_tags_ex(buf, Z_STRLEN_PP(str), NULL, allowed_tags,
allowed_tags_len, 0);
+ 	RETURN_STRINGL(buf, retval_len, 0);
+ }
+ /* }}} */
+@@ -4026,7 +4030,13 @@
+ int php_tag_find(char *tag, int len, char *set) {
+ 	char c, *n, *t;
+ 	int state=0, done=0;
+-	char *norm = emalloc(len+1);
++	char *norm;
++
++	if (len <= 0) {
++		return 0;
++	}
++	
++	norm = emalloc(len+1);
+ 
+ 	n = norm;
+ 	t = tag;
+@@ -4036,9 +4046,6 @@
+ 	   and turn any <a whatever...> into just <a> and any
</tag>
+ 	   into <tag>
+ 	*/
+-	if (!len) {
+-		return 0;
+-	}
+ 	while (!done) {
+ 		switch (c) {
+ 			case ''<'':
+@@ -4076,6 +4083,11 @@
+ }
+ /* }}} */
+ 
++PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow,
int allow_len)
++{
++	return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0);
++}
++
+ /* {{{ php_strip_tags
+  
+ 	A simple little state-machine to strip out html and php tags 
+@@ -4096,10 +4108,10 @@
+ 	swm: Added ability to strip <?xml tags without assuming it PHP
+ 	code.
+ */
+-PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow,
int allow_len)
++PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char
*allow, int allow_len, zend_bool allow_tag_spaces)
+ {
+ 	char *tbuf, *buf, *p, *tp, *rp, c, lc;
+-	int br, i=0, depth=0;
++	int br, i=0, depth=0, in_q = 0;
+ 	int state = 0;
+ 
+ 	if (stateptr)
+@@ -4124,7 +4136,7 @@
+ 			case ''\0'':
+ 				break;
+ 			case ''<'':
+-				if (isspace(*(p + 1))) {
++				if (isspace(*(p + 1)) && !allow_tag_spaces) {
+ 					goto reg_char;
+ 				}
+ 				if (state == 0) {
+@@ -4133,7 +4145,7 @@
+ 					if (allow) {
+ 						tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+ 						*(tp++) = ''<'';
+-					}
++				 	}
+ 				} else if (state == 1) {
+ 					depth++;
+ 				}
+@@ -4172,7 +4184,11 @@
+ 					depth--;
+ 					break;
+ 				}
+-			
++
++				if (in_q) {
++					break;
++				}
++
+ 				switch (state) {
+ 					case 1: /* HTML/XML */
+ 						lc = ''>'';
+@@ -4228,6 +4244,9 @@
+ 					tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+ 					*(tp++) = c;
+ 				}
++				if (p != buf && *(p-1) != ''\\'') {
++					in_q = !in_q;
++				}
+ 				break;
+ 			
+ 			case ''!'':