pastebin - collaborative debugging tool
kpaste.net RSS


Suhosin 0.9.33 for PHP 5.4
Posted by Anonymous on Mon 9th Apr 2012 13:49
raw | new post
view followups (newest first): Suhosin 0.9.33 for PHP 5.4 by Anonymous
modification of post by Anonymous (view diff)

  1. --- a/execute.c
  2. +++ b/execute.c
  3. @@ -35,6 +35,7 @@
  4.  #include "zend_compile.h"
  5.  #include "zend_llist.h"
  6.  #include "SAPI.h"
  7. +#include "main/php_version.h"
  8.  
  9.  #include "sha256.h"
  10.  
  11. @@ -1031,7 +1032,9 @@
  12.  
  13.         if ((str_length == sizeof("</head>\n")-1) && (strcmp(str, "</head>\n")==0)) {
  14.                 SUHOSIN_G(old_php_body_write)(S_META_ROBOTS, sizeof(S_META_ROBOTS)-1 TSRMLS_CC);
  15. +#if PHP_VERSION_ID < 50400
  16.                 OG(php_body_write) = SUHOSIN_G(old_php_body_write);
  17. +#endif
  18.                 return SUHOSIN_G(old_php_body_write)(str, str_length TSRMLS_CC);
  19.         } else if ((str_length == sizeof(P_META_ROBOTS)-1) && (strcmp(str, P_META_ROBOTS)==0)) {
  20.                 return str_length;
  21. @@ -1054,6 +1057,7 @@
  22.         }
  23.  
  24.         /* Andale!  Andale!  Yee-Hah! */
  25. +#if PHP_VERSION_ID < 50400
  26.         php_start_ob_buffer(NULL, 4096, 0 TSRMLS_CC);
  27.         if (!sapi_module.phpinfo_as_text) {
  28.                 SUHOSIN_G(old_php_body_write) = OG(php_body_write);
  29. @@ -1061,6 +1065,11 @@
  30.         }
  31.         php_print_info(flag TSRMLS_CC);
  32.         php_end_ob_buffer(1, 0 TSRMLS_CC);
  33. +#else
  34. +       php_output_start_default(TSRMLS_CC);
  35. +       php_print_info(flag TSRMLS_CC);
  36. +       php_output_end();
  37. +#endif
  38.  
  39.         RETVAL_TRUE;
  40.         return (1);
  41. @@ -1133,7 +1142,6 @@
  42.                     retval = 0;
  43.                 }
  44.         }
  45. -
  46.         RETVAL_BOOL(retval);
  47.         return (1);
  48.  }
  49. @@ -1538,7 +1546,9 @@
  50.      { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
  51.      { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
  52.      
  53. +#if PHP_VERSION_ID < 50400 // Disabled due to segfault
  54.      { "function_exists", ih_function_exists, NULL, NULL, NULL },
  55. +#endif
  56.        
  57.      { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
  58.      { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
  59. @@ -1606,8 +1616,14 @@
  60.         }
  61.        
  62.  #ifdef ZEND_ENGINE_2  
  63. +
  64. +#if PHP_VERSION_ID < 50400
  65.         return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr;
  66.  #else
  67. +       return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->extended_value)).var.ptr;
  68. +#endif
  69. +
  70. +#else
  71.          return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr;
  72.  #endif
  73.         ht = execute_data_ptr->opline->extended_value;
  74. --- a/rfc1867.c
  75. +++ b/rfc1867.c
  76. @@ -35,6 +35,7 @@
  77.  #include "suhosin_rfc1867.h"
  78.  #include "php_ini.h"
  79.  #include "ext/standard/php_string.h"
  80. +#include "main/php_version.h"
  81.  
  82.  #define DEBUG_FILE_UPLOAD ZEND_DEBUG
  83.  
  84. @@ -244,21 +245,29 @@
  85.  
  86.  static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
  87.  {
  88. +#if PHP_VERSION_ID < 50400
  89.         int register_globals = PG(register_globals);
  90.  
  91.         PG(register_globals) = 0;
  92. +#endif
  93.         safe_php_register_variable(strvar, val, http_post_files, override_protection TSRMLS_CC);
  94. +#if PHP_VERSION_ID < 50400
  95.         PG(register_globals) = register_globals;
  96. +#endif
  97.  }
  98.  
  99.  
  100.  static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
  101.  {
  102. +#if PHP_VERSION_ID < 50400
  103.         int register_globals = PG(register_globals);
  104.  
  105.         PG(register_globals) = 0;
  106. +#endif
  107.         safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
  108. +#if PHP_VERSION_ID < 50400
  109.         PG(register_globals) = register_globals;
  110. +#endif
  111.  }
  112.  
  113.  /*
  114. --- a/session.c
  115. +++ b/session.c
  116. @@ -33,6 +33,7 @@
  117.  #include "ext/standard/php_smart_str.h"
  118.  #include "ext/standard/php_var.h"
  119.  #include "sha256.h"
  120. +#include "main/php_version.h"
  121.  
  122.  #include <fcntl.h>
  123.  
  124. @@ -294,6 +295,7 @@
  125.      if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
  126.          ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var);
  127.  
  128. +#if PHP_VERSION_ID < 50400
  129.          /* If register_globals is enabled, and
  130.           * if there is an entry for the slot in $_SESSION, and
  131.           * if that entry is still set to NULL, and
  132. @@ -307,6 +309,7 @@
  133.                  *state_var = tmp;
  134.              }
  135.          }
  136. +#endif
  137.      }
  138.      return ret;
  139.  }
  140. --- a/log.c
  141. +++ b/log.c
  142. @@ -31,6 +31,7 @@
  143.  #include "SAPI.h"
  144.  #include "ext/standard/datetime.h"
  145.  #include "ext/standard/flock_compat.h"
  146. +#include "main/php_version.h"
  147.  
  148.  #ifdef HAVE_SYS_SOCKET_H
  149.  #include <sys/socket.h>
  150. @@ -317,7 +318,9 @@
  151.                 zval *result = NULL;
  152.                
  153.                 long orig_execution_depth = SUHOSIN_G(execution_depth);
  154. +#if PHP_VERSION_ID < 50400
  155.                 zend_bool orig_safe_mode = PG(safe_mode);
  156. +#endif
  157.                 char *orig_basedir = PG(open_basedir);
  158.                
  159.                 char *phpscript = SUHOSIN_G(log_phpscriptname);
  160. @@ -354,14 +357,18 @@
  161.                                
  162.                                 SUHOSIN_G(execution_depth) = 0;
  163.                                 if (SUHOSIN_G(log_phpscript_is_safe)) {
  164. +#if PHP_VERSION_ID < 50400
  165.                                         PG(safe_mode) = 0;
  166. +#endif
  167.                                         PG(open_basedir) = NULL;
  168.                                 }
  169.                                
  170.                                 zend_execute(new_op_array TSRMLS_CC);
  171.                                
  172.                                 SUHOSIN_G(execution_depth) = orig_execution_depth;
  173. +#if PHP_VERSION_ID < 50400
  174.                                 PG(safe_mode) = orig_safe_mode;
  175. +#endif
  176.                                 PG(open_basedir) = orig_basedir;
  177.                                
  178.  #ifdef ZEND_ENGINE_2
  179. --- a/sha256.c
  180. +++ b/sha256.c
  181. @@ -86,9 +86,11 @@
  182.                 return;
  183.         }
  184.  
  185. +#if PHP_VERSION_ID < 50400
  186.         if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
  187.                 RETURN_FALSE;
  188.         }
  189. +#endif
  190.  
  191.         if (php_check_open_basedir(arg TSRMLS_CC)) {
  192.                 RETURN_FALSE;
  193. @@ -392,7 +394,7 @@
  194.  
  195.  /* {{{ suhosin_sha256_functions[]
  196.   */
  197. -static function_entry suhosin_sha256_functions[] = {
  198. +static zend_function_entry suhosin_sha256_functions[] = {
  199.         PHP_NAMED_FE(sha256, PHP_FN(suhosin_sha256), NULL)
  200.         PHP_NAMED_FE(sha256_file, PHP_FN(suhosin_sha256_file), NULL)
  201.         {NULL, NULL, NULL}
  202. --- a/suhosin.c
  203. +++ b/suhosin.c
  204. @@ -646,12 +646,16 @@
  205.                                 array_init(gpc_element);
  206.                                 zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
  207.                         } else {
  208. +#if PHP_VERSION_ID < 50400
  209.                                 if (PG(magic_quotes_gpc) && (index != var)) {
  210.                                         /* no need to addslashes() the index if it's the main variable name */
  211.                                         escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
  212.                                 } else {
  213. +#endif
  214.                                         escaped_index = index;
  215. +#if PHP_VERSION_ID < 50400
  216.                                 }
  217. +#endif
  218.                                 if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
  219.                                         || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
  220.                                         MAKE_STD_ZVAL(gpc_element);
  221. @@ -683,11 +687,15 @@
  222.                 if (!index) {
  223.                         zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
  224.                 } else {
  225. +#if PHP_VERSION_ID < 50400
  226.                         if (PG(magic_quotes_gpc)) {
  227.                                 escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
  228.                         } else {
  229. +#endif
  230.                                 escaped_index = index;
  231. +#if PHP_VERSION_ID < 50400
  232.                         }
  233. +#endif
  234.                         /*
  235.                          * According to rfc2965, more specific paths are listed above the less specific ones.
  236.                          * If we encounter a duplicate cookie name, we should skip it, since it is not possible
  237. @@ -714,11 +722,15 @@
  238.        
  239.         /* Prepare value */
  240.         Z_STRLEN(new_entry) = str_len;
  241. +#if PHP_VERSION_ID < 50400
  242.         if (PG(magic_quotes_gpc)) {
  243.                 Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC);
  244.         } else {
  245. +#endif
  246.                 Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
  247. +#if PHP_VERSION_ID < 50400
  248.         }
  249. +#endif
  250.         Z_TYPE(new_entry) = IS_STRING;
  251.  
  252.         suhosin_register_cookie_variable(var, &new_entry, track_vars_array TSRMLS_CC);
  253. --- a/ex_imp.c
  254. +++ b/ex_imp.c
  255. @@ -727,7 +727,7 @@
  256.  
  257.  /* {{{ suhosin_ex_imp_functions[]
  258.   */
  259. -function_entry suhosin_ex_imp_functions[] = {
  260. +zend_function_entry suhosin_ex_imp_functions[] = {
  261.         PHP_NAMED_FE(extract, PHP_FN(suhosin_extract), suhosin_arginfo_extract)
  262.         PHP_NAMED_FE(import_request_variables, PHP_FN(suhosin_import_request_variables), suhosin_arginfo_import_request_variables)
  263.         {NULL, NULL, NULL}

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}





All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at