Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.4
php5.512
php-5.3.5-CVE-2012-1823-impr.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-5.3.5-CVE-2012-1823-impr.patch of Package php5.512
http://git.php.net/?p=php-src.git;a=commitdiff;h=000e84aa88ce16deabbf61e7086fc8db63ca88aa Index: sapi/cgi/cgi_main.c =================================================================== --- sapi/cgi/cgi_main.c.orig +++ sapi/cgi/cgi_main.c @@ -1555,10 +1555,15 @@ int main(int argc, char *argv[]) } } - if(query_string = getenv("QUERY_STRING")) { + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { + /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); - if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { + for (p = decoded_query_string; *p && *p <= ' '; p++) { + /* skip all leading spaces */ + } + if(*p == '-') { skip_getopt = 1; } free(decoded_query_string); @@ -1813,7 +1818,7 @@ consult the installation file that came } zend_first_try { - while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) { switch (c) { case 'T': benchmark = 1;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor