File php7-CVE-2020-7070.patch of Package php7.23210
Index: php-7.4.6/main/php_variables.c
===================================================================
--- php-7.4.6.orig/main/php_variables.c 2020-10-09 10:18:38.836809981 +0200
+++ php-7.4.6/main/php_variables.c 2020-10-09 10:19:30.105107183 +0200
@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul
}
val = estrndup(val, val_len);
- php_url_decode(var, strlen(var));
+ if (arg != PARSE_COOKIE) {
+ php_url_decode(var, strlen(var));
+ }
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
php_register_variable_safe(var, val, new_val_len, &array);
}