File php-5.3.5-CVE-2012-0831.patch of Package php5
http://svn.php.net/viewvc?view=revision&revision=323016
Index: main/php_variables.c
===================================================================
--- main/php_variables.c.orig
+++ main/php_variables.c
@@ -452,7 +452,10 @@ void _php_import_environment_variables(z
/* turn off magic_quotes while importing environment variables */
int magic_quotes_gpc = PG(magic_quotes_gpc);
- PG(magic_quotes_gpc) = 0;
+
+ if (PG(magic_quotes_gpc)) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
for (env = environ; env != NULL && *env != NULL; env++) {
p = strchr(*env, '=');
@@ -595,7 +598,9 @@ static inline void php_register_server_v
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
}
PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
- PG(magic_quotes_gpc) = 0;
+ if (PG(magic_quotes_gpc)) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
/* Server variables */
if (sapi_module.register_server_variables) {
Index: sapi/cgi/cgi_main.c
===================================================================
--- sapi/cgi/cgi_main.c.orig
+++ sapi/cgi/cgi_main.c
@@ -624,7 +624,9 @@ void cgi_php_import_environment_variable
int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
/* turn off magic_quotes while importing environment variables */
- PG(magic_quotes_gpc) = 0;
+ if (PG(magic_quotes_gpc)) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
zend_hash_get_current_key_ex(request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
zend_hash_get_current_data_ex(request->env, (void **) &val, &pos) == SUCCESS;
Index: sapi/fpm/fpm/fpm_main.c
===================================================================
--- sapi/fpm/fpm/fpm_main.c.orig
+++ sapi/fpm/fpm/fpm_main.c
@@ -641,7 +641,9 @@ void cgi_php_import_environment_variable
int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
/* turn off magic_quotes while importing environment variables */
- PG(magic_quotes_gpc) = 0;
+ if (PG(magic_quotes_gpc)) {
+ zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
+ }
for (zend_hash_internal_pointer_reset_ex(request->env, &pos);
zend_hash_get_current_key_ex(request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
zend_hash_get_current_data_ex(request->env, (void **) &val, &pos) == SUCCESS;