php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #23060 bad logic in php4/pear/PEAR/Dependency.php
Submitted: 2003-04-05 04:45 UTC Modified: 2003-04-14 06:51 UTC
From: jmcastagnetto@php.net Assigned:
Status: Closed Package: PEAR related
PHP Version: 4CVS-2003-04-05 (stable) OS: Red Hat Linux 8.0
Private report: No CVE-ID: None
View Developer Edit
 [2003-04-05 04:45 UTC] jmcastagnetto@php.net 
I think there is a logic problem in php4/pear/PEAR/Dependency.php The 
method "checkPHP()" was checking things incorrectly. According to the 
package.dtd (and the code earlier in the 'Dependency' class), that 
method gets passed the 'version' and 'rel' attributes of the 'dep' element, 
e.g.: 
 
<dep type="php" rel="ge" version="4.3"/>  
 
but for some reason there was a mix up in the logic of the method's 
body. 
 
The "diff -u" output with fixed logic is below: 
 
$ diff -u Dependency.php-orig  Dependency.php 
--- Dependency.php-orig 2003-04-05 02:43:29.000000000 -0800 
+++ Dependency.php      2003-04-05 02:45:11.000000000 -0800 
@@ -199,14 +199,15 @@ 
      */ 
     function checkPHP(&$errmsg, $req, $relation = 'ge') 
     { 
-        if (substr($relation, 0, 2) == 'v.') { 
-            $php_ver = phpversion(); 
-            $operator = substr($relation, 2); 
-            if (!version_compare("$php_ver", "$req", $operator)) { 
-                $errmsg = "PHP version " . $this->signOperator($operator) . 
-                    " $req is required"; 
-                return PEAR_DEPENDENCY_CONFLICT; 
-            } 
+        if (substr($req, 0, 2) == 'v.') { 
+            $req = substr($req,2); 
+        } 
+        $php_ver = phpversion(); 
+        $operator = substr($relation,0,2); 
+        if (!version_compare("$php_ver", "$req", $operator)) { 
+            $errmsg = "PHP version " . $this->signOperator($operator) . 
+                " $req is required"; 
+            return PEAR_DEPENDENCY_CONFLICT; 
         } 
         return false; 
     }

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-05 05:22 UTC] jmcastagnetto@php.net 
Seems like there is also a similar logic problem in checkZend(). Below is 
patch for both: 
 
$ diff -u php4/pear/PEAR/Dependency.php-orig  
php4/pear/PEAR/Dependency.php 
--- php4/pear/PEAR/Dependency.php-orig  2003-04-05 
02:43:29.000000000 -0800 
+++ php4/pear/PEAR/Dependency.php       2003-04-05 
03:20:27.000000000 -0800 
@@ -199,14 +199,15 @@ 
      */ 
     function checkPHP(&$errmsg, $req, $relation = 'ge') 
     { 
-        if (substr($relation, 0, 2) == 'v.') { 
-            $php_ver = phpversion(); 
-            $operator = substr($relation, 2); 
-            if (!version_compare("$php_ver", "$req", $operator)) { 
-                $errmsg = "PHP version " . $this->signOperator($operator) . 
-                    " $req is required"; 
-                return PEAR_DEPENDENCY_CONFLICT; 
-            } 
+        if (substr($req, 0, 2) == 'v.') { 
+            $req = substr($req,2, strlen($req) - 2); 
+        } 
+        $php_ver = phpversion(); 
+        $operator = substr($relation,0,2); 
+        if (!version_compare("$php_ver", "$req", $operator)) { 
+            $errmsg = "PHP version " . $this->signOperator($operator) . 
+                " $req is required"; 
+            return PEAR_DEPENDENCY_CONFLICT; 
         } 
         return false; 
     } 
@@ -271,14 +272,15 @@ 
      */ 
     function checkZend(&$errmsg, $req, $relation = 'ge') 
     { 
-        if (substr($relation, 0, 2) == 'v.') { 
-            $zend_ver = zend_version(); 
-            $operator = substr($relation, 2); 
-            if (!version_compare("$zend_ver", "$req", $operator)) { 
-                $errmsg = "Zend version " . $this->signOperator($operator) . 
-                    " $req is required"; 
-                return PEAR_DEPENDENCY_CONFLICT; 
-            } 
+        if (substr($req, 0, 2) == 'v.') { 
+            $req = substr($req,2, strlen($req) - 2); 
+        } 
+        $zend_ver = zend_version(); 
+        $operator = substr($relation,0,2); 
+        if (!version_compare("$zend_ver", "$req", $operator)) { 
+            $errmsg = "Zend version " . $this->signOperator($operator) . 
+                " $req is required"; 
+            return PEAR_DEPENDENCY_CONFLICT; 
         } 
         return false; 
     }
 [2003-04-14 06:51 UTC] jmcastagnetto@php.net 
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

* Applied patch today
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Nov 02 05:00:01 2025 UTC