mirror of
https://github.com/php/php-src.git
synced 2024-09-23 02:47:26 +00:00
improve fix for CVE-2012-1823
This commit is contained in:
parent
2068419ae5
commit
000e84aa88
@ -1561,10 +1561,15 @@ int main(int argc, char *argv[])
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(query_string = getenv("QUERY_STRING")) {
|
if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
|
||||||
|
/* we've got query string that has no = - apache CGI will pass it to command line */
|
||||||
|
unsigned char *p;
|
||||||
decoded_query_string = strdup(query_string);
|
decoded_query_string = strdup(query_string);
|
||||||
php_url_decode(decoded_query_string, strlen(decoded_query_string));
|
php_url_decode(decoded_query_string, strlen(decoded_query_string));
|
||||||
if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {
|
for (p = decoded_query_string; *p && *p <= ' '; p++) {
|
||||||
|
/* skip all leading spaces */
|
||||||
|
}
|
||||||
|
if(*p == '-') {
|
||||||
skip_getopt = 1;
|
skip_getopt = 1;
|
||||||
}
|
}
|
||||||
free(decoded_query_string);
|
free(decoded_query_string);
|
||||||
@ -1819,7 +1824,7 @@ consult the installation file that came with this distribution, or visit \n\
|
|||||||
}
|
}
|
||||||
|
|
||||||
zend_first_try {
|
zend_first_try {
|
||||||
while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
|
while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'T':
|
case 'T':
|
||||||
benchmark = 1;
|
benchmark = 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user