php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #61043 Regression in magic_quotes_gpc fix (CVE-2012-0831)
Submitted: 2012-02-10 12:43 UTC Modified: 2012-03-21 21:18 UTC
Votes:4
Avg. Score:4.2 ± 0.8
Reproduced:3 of 3 (100.0%)
Same Version:2 (66.7%)
Same OS:2 (66.7%)
From: ondrej@php.net Assigned: johannes (profile)
Status: Closed Package: Variables related
PHP Version: 5.3SVN-2012-02-10 (SVN) OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ondrej@php.net
New email:
PHP Version: OS:

 

 [2012-02-10 12:43 UTC] ondrej@php.net 
Description:
------------
Description available here:

https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115


Basically the attached patch does replace the second location of 
PG(magic_quotes_gpc) with the zend_alter_ini_entry_ex:


-       PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+       if (magic_quotes_gpc) {
+               zend_alter_ini_entry_ex("magic_quotes_gpc", 
sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 
TSRMLS_CC);
+       }

I could be wrong, since my knowledge of PHP internals is lim(knowledge) = 0, but 
this seems to follow the logic of first change.

Patches

magic_quotes_gpc-regression (last revision 2012-02-10 12:44 UTC by ondrej@php.net)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-02-10 12:44 UTC] ondrej@php.net 
The following patch has been added/updated:

Patch Name: magic_quotes_gpc-regression
Revision:   1328877857
URL:        https://bugs.php.net/patch-display.php?bug=61043&patch=magic_quotes_gpc-regression&revision=1328877857
 [2012-02-10 13:19 UTC] ondrej@php.net 
I can confirm that the attached patch fixes the reported problem:

root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(1) "1"
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini 
magic_quotes_gpc = On
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(1) "1"
root@howl:/tmp# emacs php.ini 
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini 
magic_quotes_gpc = Off
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php  -c /tmp/php.ini -
r 'var_dump(ini_get("magic_quotes_gpc"));'
string(0) ""
 [2012-02-13 18:37 UTC] sbeattie@php.net 
Ondřej's patch is the patch we went with in Ubuntu. I verified in our testing that it did address the issue.
 [2012-03-05 22:46 UTC] pajoye@php.net 
Johannes, can you check this please?
 [2012-03-05 22:46 UTC] pajoye@php.net
-Status: Open +Status: Critical -Assigned To: +Assigned To: johannes
 [2012-03-08 13:17 UTC] johannes@php.net
-Status: Critical +Status: Feedback
 [2012-03-08 13:17 UTC] johannes@php.net 
I think this was fixed in r323016. Please verify.
 [2012-03-09 08:23 UTC] ondrej@php.net 
Nope, r323016 is the commit which broke it.

Please look at the patch and look at the broken code before jumping to 
conclusions.
 [2012-03-09 13:09 UTC] ondrej@php.net
-Status: Feedback +Status: Critical
 [2012-03-21 21:13 UTC] cataphract@php.net 
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2d2995f343629b80649fb09ce37e7e0750d2af4a
Log: Fixed bug #61043: Regression in magic_quotes_gpc fix (CVE-2012-0831)
 [2012-03-21 21:13 UTC] ondrej@sury.org@php.net 
Automatic comment on behalf of ondrej@sury.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1
Log: Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
 [2012-03-21 21:18 UTC] cataphract@php.net
-Status: Critical +Status: Closed
 [2012-03-21 21:18 UTC] cataphract@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

I took the liberty of committing it.
 [2012-03-21 21:32 UTC] cataphract@php.net 
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src.git;a=commit;h=2d2995f343629b80649fb09ce37e7e0750d2af4a
Log: Fixed bug #61043: Regression in magic_quotes_gpc fix (CVE-2012-0831)
 [2012-03-21 21:32 UTC] ondrej@sury.org@php.net 
Automatic comment on behalf of ondrej@sury.org
Revision: http://git.php.net/?p=php-src.git;a=commit;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1
Log: Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
 [2014-10-07 23:28 UTC] stas@php.net 
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2d2995f343629b80649fb09ce37e7e0750d2af4a
Log: Fixed bug #61043: Regression in magic_quotes_gpc fix (CVE-2012-0831)
 [2014-10-07 23:28 UTC] stas@php.net 
Automatic comment on behalf of ondrej@sury.org
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1
Log: Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
 [2014-10-07 23:39 UTC] stas@php.net 
Automatic comment on behalf of cataphract
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=2d2995f343629b80649fb09ce37e7e0750d2af4a
Log: Fixed bug #61043: Regression in magic_quotes_gpc fix (CVE-2012-0831)
 [2014-10-07 23:39 UTC] stas@php.net 
Automatic comment on behalf of ondrej@sury.org
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1
Log: Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 22 15:01:32 2024 UTC