Overview

File php7-CVE-2020-7070.patch of Package php7.24162

Index: php-7.2.5/main/php_variables.c
===================================================================
--- php-7.2.5.orig/main/php_variables.c	2020-10-09 10:40:19.268349033 +0200
+++ php-7.2.5/main/php_variables.c	2020-10-09 10:42:34.845137478 +0200
@@ -490,7 +490,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul
 			size_t new_val_len;
 
 			*val++ = '\0';
-			php_url_decode(var, strlen(var));
+			if (arg != PARSE_COOKIE) {
+				php_url_decode(var, strlen(var));
+			}
 			val_len = php_url_decode(val, strlen(val));
 			val = estrndup(val, val_len);
 			if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
@@ -501,7 +503,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul
 			size_t val_len;
 			size_t new_val_len;
 
-			php_url_decode(var, strlen(var));
+			if (arg != PARSE_COOKIE) {
+				php_url_decode(var, strlen(var));
+			}
 			val_len = 0;
 			val = estrndup("", val_len);
 			if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
openSUSE Build Service is sponsored by
Places