[Pkg-php-commits] r1161 - php5/branches/etch/debian/patches

Tue Sep 30 06:51:23 UTC 2008

Author: seanius
Date: 2008-09-30 06:51:23 +0000 (Tue, 30 Sep 2008)
New Revision: 1161

Modified:
   php5/branches/etch/debian/patches/141-CVE-2008-3660.patch
Log:
fix new patch to apply somewhat cleanly.


Modified: php5/branches/etch/debian/patches/141-CVE-2008-3660.patch
===================================================================

--- php5/branches/etch/debian/patches/141-CVE-2008-3660.patch	2008-09-30 06:34:17 UTC (rev 1160)
+++ php5/branches/etch/debian/patches/141-CVE-2008-3660.patch	2008-09-30 06:51:23 UTC (rev 1161)
@@ -41,35 +41,13 @@
  
    initializes request_info structure
 @@ -1061,9 +1094,7 @@ static void init_request_info(TSRMLS_D)
- 				if (pt) {
- 					efree(pt);
- 				}
--				/* some server configurations allow '..' to slip through in the
--				   translated path.   We'll just refuse to handle such a path. */
--				if (script_path_translated && !strstr(script_path_translated, "..")) {
-+				if (is_valid_path(script_path_translated)) {
- 					SG(request_info).path_translated = estrdup(script_path_translated);
- 				}
- 			} else {
-@@ -1094,9 +1125,7 @@ static void init_request_info(TSRMLS_D)
- 				} else {
- 					SG(request_info).request_uri = env_script_name;
- 				}
--				/* some server configurations allow '..' to slip through in the
--				   translated path.   We'll just refuse to handle such a path. */
--				if (script_path_translated && !strstr(script_path_translated, "..")) {
-+				if (is_valid_path(script_path_translated)) {
- 					SG(request_info).path_translated = estrdup(script_path_translated);
- 				}
- 				free(real_path);
-@@ -1114,9 +1143,7 @@ static void init_request_info(TSRMLS_D)
- 				script_path_translated = env_path_translated;
- 			}
- #endif
--			/* some server configurations allow '..' to slip through in the
--			   translated path.   We'll just refuse to handle such a path. */
--			if (script_path_translated && !strstr(script_path_translated, "..")) {
-+			if (is_valid_path(script_path_translated)) {
- 				SG(request_info).path_translated = estrdup(script_path_translated);
- 			}
- #if ENABLE_PATHINFO_CHECK
+ 		SG(request_info).request_method = sapi_cgibin_getenv("REQUEST_METHOD", sizeof("REQUEST_METHOD")-1 TSRMLS_CC);
+ 		/* FIXME - Work out proto_num here */
+ 		SG(request_info).query_string = sapi_cgibin_getenv("QUERY_STRING", sizeof("QUERY_STRING")-1 TSRMLS_CC);
+-		/* some server configurations allow '..' to slip through in the
+-		   translated path.   We'll just refuse to handle such a path. */
+-		if (script_path_translated && !strstr(script_path_translated, "..")) {
++		if (is_valid_path(script_path_translated)) {
+ 			SG(request_info).path_translated = estrdup(script_path_translated);
+ 		}
+ 		SG(request_info).content_type = (content_type ? content_type : "" );


