[Pkg-php-commits] r1161 - php5/branches/etch/debian/patches
Sean Finney
seanius at alioth.debian.org
Tue Sep 30 06:51:23 UTC 2008
Author: seanius
Date: 2008-09-30 06:51:23 +0000 (Tue, 30 Sep 2008)
New Revision: 1161
Modified:
php5/branches/etch/debian/patches/141-CVE-2008-3660.patch
Log:
fix new patch to apply somewhat cleanly.
Modified: php5/branches/etch/debian/patches/141-CVE-2008-3660.patch
===================================================================
--- php5/branches/etch/debian/patches/141-CVE-2008-3660.patch 2008-09-30 06:34:17 UTC (rev 1160)
+++ php5/branches/etch/debian/patches/141-CVE-2008-3660.patch 2008-09-30 06:51:23 UTC (rev 1161)
@@ -41,35 +41,13 @@
initializes request_info structure
@@ -1061,9 +1094,7 @@ static void init_request_info(TSRMLS_D)
- if (pt) {
- efree(pt);
- }
-- /* some server configurations allow '..' to slip through in the
-- translated path. We'll just refuse to handle such a path. */
-- if (script_path_translated && !strstr(script_path_translated, "..")) {
-+ if (is_valid_path(script_path_translated)) {
- SG(request_info).path_translated = estrdup(script_path_translated);
- }
- } else {
-@@ -1094,9 +1125,7 @@ static void init_request_info(TSRMLS_D)
- } else {
- SG(request_info).request_uri = env_script_name;
- }
-- /* some server configurations allow '..' to slip through in the
-- translated path. We'll just refuse to handle such a path. */
-- if (script_path_translated && !strstr(script_path_translated, "..")) {
-+ if (is_valid_path(script_path_translated)) {
- SG(request_info).path_translated = estrdup(script_path_translated);
- }
- free(real_path);
-@@ -1114,9 +1143,7 @@ static void init_request_info(TSRMLS_D)
- script_path_translated = env_path_translated;
- }
- #endif
-- /* some server configurations allow '..' to slip through in the
-- translated path. We'll just refuse to handle such a path. */
-- if (script_path_translated && !strstr(script_path_translated, "..")) {
-+ if (is_valid_path(script_path_translated)) {
- SG(request_info).path_translated = estrdup(script_path_translated);
- }
- #if ENABLE_PATHINFO_CHECK
+ SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD", sizeof("REQUEST_METHOD")-1 TSRMLS_CC);
+ /* FIXME - Work out proto_num here */
+ SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC);
+- /* some server configurations allow '..' to slip through in the
+- translated path. We'll just refuse to handle such a path. */
+- if (script_path_translated && !strstr(script_path_translated, "..")) {
++ if (is_valid_path(script_path_translated)) {
+ SG(request_info).path_translated = estrdup(script_path_translated);
+ }
+ SG(request_info).content_type = (content_type ? content_type : "" );
More information about the Pkg-php-commits
mailing list