mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Merge branch 'PHP-7.0' into PHP-7.1
This commit is contained in:
commit
be836ea4fb
4
NEWS
4
NEWS
@ -74,6 +74,10 @@ PHP NEWS
|
||||
. Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
|
||||
non-existent directories). (vhuk)
|
||||
|
||||
- Wddx:
|
||||
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
|
||||
wddx_serialize_value()). (Taoguang Chen)
|
||||
|
||||
- XMLRPC:
|
||||
. Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
|
||||
array elements). (Laruence)
|
||||
|
13
ext/wddx/tests/bug72142.phpt
Normal file
13
ext/wddx/tests/bug72142.phpt
Normal file
@ -0,0 +1,13 @@
|
||||
--TEST--
|
||||
Bug #72142: WDDX Packet Injection Vulnerability in wddx_serialize_value()
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
$wddx = wddx_serialize_value('', '</comment></header><data><struct><var name="php_class_name"><string>stdClass</string></var></struct></data></wddxPacket>');
|
||||
var_dump($wddx);
|
||||
var_dump(wddx_deserialize($wddx));
|
||||
|
||||
?>
|
||||
--EXPECT--
|
||||
string(301) "<wddxPacket version='1.0'><header><comment></comment></header><data><struct><var name="php_class_name"><string>stdClass</string></var></struct></data></wddxPacket></comment></header><data><string></string></data></wddxPacket>"
|
||||
string(0) ""
|
@ -360,11 +360,18 @@ void php_wddx_packet_start(wddx_packet *packet, char *comment, size_t comment_le
|
||||
{
|
||||
php_wddx_add_chunk_static(packet, WDDX_PACKET_S);
|
||||
if (comment) {
|
||||
char *escaped;
|
||||
size_t escaped_len;
|
||||
escaped = php_escape_html_entities(
|
||||
comment, comment_len, &escaped_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
|
||||
|
||||
php_wddx_add_chunk_static(packet, WDDX_HEADER_S);
|
||||
php_wddx_add_chunk_static(packet, WDDX_COMMENT_S);
|
||||
php_wddx_add_chunk_ex(packet, comment, comment_len);
|
||||
php_wddx_add_chunk_ex(packet, escaped, escaped_len);
|
||||
php_wddx_add_chunk_static(packet, WDDX_COMMENT_E);
|
||||
php_wddx_add_chunk_static(packet, WDDX_HEADER_E);
|
||||
|
||||
str_efree(escaped);
|
||||
} else {
|
||||
php_wddx_add_chunk_static(packet, WDDX_HEADER);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user