php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46731 Imap FT_UID handling problem
Submitted: 2008-12-02 16:04 UTC Modified: 2008-12-05 16:06 UTC
From: zoe dot slattery at googlemail dot com Assigned: zoe (profile)
Status: Closed Package: Scripting Engine problem
PHP Version: 5.3CVS-2008-12-02 (snap) OS: Linux
Private report: No CVE-ID: None
 [2008-12-02 16:04 UTC] zoe dot slattery at googlemail dot com
Description:
------------
In imap_fetch_overview() the FT_UID parameter is treated as a bitmap. This means that giving it completely invalid parameters for FT_UID does not cause an error.

Suggested fix to imap_fetch_overview() is here: http://pastebin.com/m750e3ed2



Reproduce code:
---------------
To run this you would need the imap_include.inc file that is in ~ext/imap/tests.

http://pastebin.com/m4da53733


Expected result:
----------------
From this code I'd expect two successful fetches followed by two failures.


Actual result:
--------------
Four successful fetches, PHP_INT_MAX and PHP_INT_MAX-1 are interpreted as 1 and 0 respectively.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-12-03 01:04 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2008-12-03 15:16 UTC] zoe dot slattery at googlemail dot com
Ilia - thanks but your fix doesn't fix it :-).

Your fix will pass any number as long as it ends in a 1, and warn on any non-zero number that ends in a zero.

The fix I suggested will warn about any number that isn't either 0 or 1 (FT_UID). These are the only valid values.
 [2008-12-05 16:06 UTC] zoe dot slattery at googlemail dot com
Fixed in PHP5.2, PHP5.3 and PHP6
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 09:01:30 2024 UTC