Overview

File php5-CVE-2020-7070.patch of Package php5.16740

Index: php-5.6.40/main/php_variables.c
===================================================================
--- php-5.6.40.orig/main/php_variables.c	2019-01-09 10:54:13.000000000 +0100
+++ php-5.6.40/main/php_variables.c	2020-10-09 10:56:02.757839484 +0200
@@ -472,7 +472,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul
 			unsigned int new_val_len;
 
 			*val++ = '\0';
-			php_url_decode(var, strlen(var));
+			if (arg != PARSE_COOKIE) {
+				php_url_decode(var, strlen(var));
+			}
 			val_len = php_url_decode(val, strlen(val));
 			val = estrndup(val, val_len);
 			if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
@@ -483,7 +485,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul
 			int val_len;
 			unsigned int new_val_len;
 
-			php_url_decode(var, strlen(var));
+			if (arg != PARSE_COOKIE) {
+				php_url_decode(var, strlen(var));
+			}
 			val_len = 0;
 			val = estrndup("", val_len);
 			if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
openSUSE Build Service is sponsored by
Places