clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code Execution)

Browse Source
This commit is contained in:
Xinchen Hui 2015-07-27 11:17:05 +08:00
parent d44fc4a073
commit 6aeee47b2c
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -12,6 +12,10 @@ PHP NEWS
. Fixed bug #70111 (Segfault when a function uses both an explicit return
type and an explicit cast). (Laruence)
- Standard:
. Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code
Execution). (Laruence)
23 Jul 2015, PHP 7.0.0 Beta 2
- Core:

2
ext/standard/string.c
View File

@ -4055,7 +4055,7 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
Z_STRVAL_P(search), Z_STRLEN_P(search),
Z_STRVAL_P(replace), Z_STRLEN_P(replace), &replace_count));
} else {
lc_subject_str = php_string_tolower(Z_STR_P(subject));
lc_subject_str = php_string_tolower(subject_str);
ZVAL_STR(result, php_str_to_str_i_ex(subject_str, ZSTR_VAL(lc_subject_str),
Z_STR_P(search),
Z_STRVAL_P(replace), Z_STRLEN_P(replace), &replace_count));