pastebin - collaborative debugging tool
kpaste.net RSS


Suhosin 0.9.33 for PHP 5.4
Posted by Anonymous on Thu 13th Feb 2014 09:54
raw | new post
modification of post by Anonymous (view diff)

  1. --- a/execute.c
  2. +++ b/execute.c
  3. @@ -35,6 +35,7 @@
  4.  #include "zend_compile.h"
  5.  #include "zend_llist.h"
  6.  #include "SAPI.h"
  7. +#include "main/php_version.h"
  8.  
  9.  #include "sha256.h"
  10.  
  11. @@ -1031,7 +1032,9 @@
  12.  
  13.         if ((str_length == sizeof("</head>\n")-1) && (strcmp(str, "</head>\n")==0)) {
  14.                 SUHOSIN_G(old_php_body_write)(S_META_ROBOTS, sizeof(S_META_ROBOTS)-1 TSRMLS_CC);
  15. +#if PHP_VERSION_ID < 50400
  16.                 OG(php_body_write) = SUHOSIN_G(old_php_body_write);
  17. +#endif
  18.                 return SUHOSIN_G(old_php_body_write)(str, str_length TSRMLS_CC);
  19.         } else if ((str_length == sizeof(P_META_ROBOTS)-1) && (strcmp(str, P_META_ROBOTS)==0)) {
  20.                 return str_length;
  21. @@ -1054,6 +1057,7 @@
  22.         }
  23.  
  24.         /* Andale!  Andale!  Yee-Hah! */
  25. +#if PHP_VERSION_ID < 50400
  26.         php_start_ob_buffer(NULL, 4096, 0 TSRMLS_CC);
  27.         if (!sapi_module.phpinfo_as_text) {
  28.                 SUHOSIN_G(old_php_body_write) = OG(php_body_write);
  29. @@ -1061,6 +1065,11 @@
  30.         }
  31.         php_print_info(flag TSRMLS_CC);
  32.         php_end_ob_buffer(1, 0 TSRMLS_CC);
  33. +#else
  34. +       php_output_start_default(TSRMLS_CC);
  35. +       php_print_info(flag TSRMLS_CC);
  36. +       php_output_end();
  37. +#endif
  38.  
  39.         RETVAL_TRUE;
  40.         return (1);
  41. @@ -1133,7 +1142,6 @@
  42.                     retval = 0;
  43.                 }
  44.         }
  45. -
  46.         RETVAL_BOOL(retval);
  47.         return (1);
  48.  }
  49. @@ -1523,7 +1531,9 @@
  50.         { "srand", ih_srand, NULL, NULL, NULL },
  51.         { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
  52.         { "rand", ih_rand, NULL, NULL, NULL },
  53. +#if PHP_VERSION_ID < 50400 // Disabled due to segfault
  54.         { "mt_rand", ih_mt_rand, NULL, NULL, NULL },
  55. +#endif
  56.         { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
  57.         { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
  58.        
  59. @@ -1538,7 +1548,9 @@
  60.      { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
  61.      { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
  62.      
  63. +#if PHP_VERSION_ID < 50400 // Disabled due to segfault
  64.      { "function_exists", ih_function_exists, NULL, NULL, NULL },
  65. +#endif
  66.        
  67.      { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
  68.      { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
  69. @@ -1606,8 +1618,14 @@
  70.         }
  71.        
  72.  #ifdef ZEND_ENGINE_2  
  73. +
  74. +#if PHP_VERSION_ID < 50400
  75.         return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr;
  76.  #else
  77. +       return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->extended_value)).var.ptr;
  78. +#endif
  79. +
  80. +#else
  81.          return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr;
  82.  #endif
  83.         ht = execute_data_ptr->opline->extended_value;
  84. --- a/rfc1867.c
  85. +++ b/rfc1867.c
  86. @@ -35,6 +35,7 @@
  87.  #include "suhosin_rfc1867.h"
  88.  #include "php_ini.h"
  89.  #include "ext/standard/php_string.h"
  90. +#include "main/php_version.h"
  91.  
  92.  #define DEBUG_FILE_UPLOAD ZEND_DEBUG
  93.  
  94. @@ -244,21 +245,29 @@
  95.  
  96.  static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
  97.  {
  98. +#if PHP_VERSION_ID < 50400
  99.         int register_globals = PG(register_globals);
  100.  
  101.         PG(register_globals) = 0;
  102. +#endif
  103.         safe_php_register_variable(strvar, val, http_post_files, override_protection TSRMLS_CC);
  104. +#if PHP_VERSION_ID < 50400
  105.         PG(register_globals) = register_globals;
  106. +#endif
  107.  }
  108.  
  109.  
  110.  static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
  111.  {
  112. +#if PHP_VERSION_ID < 50400
  113.         int register_globals = PG(register_globals);
  114.  
  115.         PG(register_globals) = 0;
  116. +#endif
  117.         safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
  118. +#if PHP_VERSION_ID < 50400
  119.         PG(register_globals) = register_globals;
  120. +#endif
  121.  }
  122.  
  123.  /*
  124. --- a/session.c
  125. +++ b/session.c
  126. @@ -33,6 +33,7 @@
  127.  #include "ext/standard/php_smart_str.h"
  128.  #include "ext/standard/php_var.h"
  129.  #include "sha256.h"
  130. +#include "main/php_version.h"
  131.  
  132.  #include <fcntl.h>
  133.  
  134. @@ -294,6 +295,7 @@
  135.      if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) {
  136.          ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var);
  137.  
  138. +#if PHP_VERSION_ID < 50400
  139.          /* If register_globals is enabled, and
  140.           * if there is an entry for the slot in $_SESSION, and
  141.           * if that entry is still set to NULL, and
  142. @@ -307,6 +309,7 @@
  143.                  *state_var = tmp;
  144.              }
  145.          }
  146. +#endif
  147.      }
  148.      return ret;
  149.  }
  150. --- a/log.c
  151. +++ b/log.c
  152. @@ -31,6 +31,7 @@
  153.  #include "SAPI.h"
  154.  #include "ext/standard/datetime.h"
  155.  #include "ext/standard/flock_compat.h"
  156. +#include "main/php_version.h"
  157.  
  158.  #ifdef HAVE_SYS_SOCKET_H
  159.  #include <sys/socket.h>
  160. @@ -317,7 +318,9 @@
  161.                 zval *result = NULL;
  162.                
  163.                 long orig_execution_depth = SUHOSIN_G(execution_depth);
  164. +#if PHP_VERSION_ID < 50400
  165.                 zend_bool orig_safe_mode = PG(safe_mode);
  166. +#endif
  167.                 char *orig_basedir = PG(open_basedir);
  168.                
  169.                 char *phpscript = SUHOSIN_G(log_phpscriptname);
  170. @@ -354,14 +357,18 @@
  171.                                
  172.                                 SUHOSIN_G(execution_depth) = 0;
  173.                                 if (SUHOSIN_G(log_phpscript_is_safe)) {
  174. +#if PHP_VERSION_ID < 50400
  175.                                         PG(safe_mode) = 0;
  176. +#endif
  177.                                         PG(open_basedir) = NULL;
  178.                                 }
  179.                                
  180.                                 zend_execute(new_op_array TSRMLS_CC);
  181.                                
  182.                                 SUHOSIN_G(execution_depth) = orig_execution_depth;
  183. +#if PHP_VERSION_ID < 50400
  184.                                 PG(safe_mode) = orig_safe_mode;
  185. +#endif
  186.                                 PG(open_basedir) = orig_basedir;
  187.                                
  188.  #ifdef ZEND_ENGINE_2
  189. --- a/sha256.c
  190. +++ b/sha256.c
  191. @@ -86,9 +86,11 @@
  192.                 return;
  193.         }
  194.  
  195. +#if PHP_VERSION_ID < 50400
  196.         if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) {
  197.                 RETURN_FALSE;
  198.         }
  199. +#endif
  200.  
  201.         if (php_check_open_basedir(arg TSRMLS_CC)) {
  202.                 RETURN_FALSE;
  203. @@ -392,7 +394,7 @@
  204.  
  205.  /* {{{ suhosin_sha256_functions[]
  206.   */
  207. -static function_entry suhosin_sha256_functions[] = {
  208. +static zend_function_entry suhosin_sha256_functions[] = {
  209.         PHP_NAMED_FE(sha256, PHP_FN(suhosin_sha256), NULL)
  210.         PHP_NAMED_FE(sha256_file, PHP_FN(suhosin_sha256_file), NULL)
  211.         {NULL, NULL, NULL}
  212. --- a/suhosin.c
  213. +++ b/suhosin.c
  214. @@ -646,12 +646,16 @@
  215.                                 array_init(gpc_element);
  216.                                 zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
  217.                         } else {
  218. +#if PHP_VERSION_ID < 50400
  219.                                 if (PG(magic_quotes_gpc) && (index != var)) {
  220.                                         /* no need to addslashes() the index if it's the main variable name */
  221.                                         escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
  222.                                 } else {
  223. +#endif
  224.                                         escaped_index = index;
  225. +#if PHP_VERSION_ID < 50400
  226.                                 }
  227. +#endif
  228.                                 if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
  229.                                         || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
  230.                                         MAKE_STD_ZVAL(gpc_element);
  231. @@ -683,11 +687,15 @@
  232.                 if (!index) {
  233.                         zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
  234.                 } else {
  235. +#if PHP_VERSION_ID < 50400
  236.                         if (PG(magic_quotes_gpc)) {
  237.                                 escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
  238.                         } else {
  239. +#endif
  240.                                 escaped_index = index;
  241. +#if PHP_VERSION_ID < 50400
  242.                         }
  243. +#endif
  244.                         /*
  245.                          * According to rfc2965, more specific paths are listed above the less specific ones.
  246.                          * If we encounter a duplicate cookie name, we should skip it, since it is not possible
  247. @@ -714,11 +722,15 @@
  248.        
  249.         /* Prepare value */
  250.         Z_STRLEN(new_entry) = str_len;
  251. +#if PHP_VERSION_ID < 50400
  252.         if (PG(magic_quotes_gpc)) {
  253.                 Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC);
  254.         } else {
  255. +#endif
  256.                 Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
  257. +#if PHP_VERSION_ID < 50400
  258.         }
  259. +#endif
  260.         Z_TYPE(new_entry) = IS_STRING;
  261.  
  262.         suhosin_register_cookie_variable(var, &new_entry, track_vars_array TSRMLS_CC);
  263. --- a/ex_imp.c
  264. +++ b/ex_imp.c
  265. @@ -727,7 +727,7 @@
  266.  
  267.  /* {{{ suhosin_ex_imp_functions[]
  268.   */
  269. -function_entry suhosin_ex_imp_functions[] = {
  270. +zend_function_entry suhosin_ex_imp_functions[] = {
  271.         PHP_NAMED_FE(extract, PHP_FN(suhosin_extract), suhosin_arginfo_extract)
  272.         PHP_NAMED_FE(import_request_variables, PHP_FN(suhosin_import_request_variables), suhosin_arginfo_import_request_variables)
  273.         {NULL, NULL, NULL}

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}




All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at