php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #23060 bad logic in php4/pear/PEAR/Dependency.php
Submitted: 2003-04-05 04:45 UTC Modified: 2003-04-14 06:51 UTC
From: jmcastagnetto@php.net Assigned:
Status: Closed Package: PEAR related
PHP Version: 4CVS-2003-04-05 (stable) OS: Red Hat Linux 8.0
Private report: No CVE-ID: None
 [2003-04-05 04:45 UTC] jmcastagnetto@php.net
I think there is a logic problem in php4/pear/PEAR/Dependency.php The 
method "checkPHP()" was checking things incorrectly. According to the 
package.dtd (and the code earlier in the 'Dependency' class), that 
method gets passed the 'version' and 'rel' attributes of the 'dep' element, 
e.g.: 
 
<dep type="php" rel="ge" version="4.3"/>  
 
but for some reason there was a mix up in the logic of the method's 
body. 
 
The "diff -u" output with fixed logic is below: 
 
$ diff -u Dependency.php-orig  Dependency.php 
--- Dependency.php-orig 2003-04-05 02:43:29.000000000 -0800 
+++ Dependency.php      2003-04-05 02:45:11.000000000 -0800 
@@ -199,14 +199,15 @@ 
      */ 
     function checkPHP(&$errmsg, $req, $relation = 'ge') 
     { 
-        if (substr($relation, 0, 2) == 'v.') { 
-            $php_ver = phpversion(); 
-            $operator = substr($relation, 2); 
-            if (!version_compare("$php_ver", "$req", $operator)) { 
-                $errmsg = "PHP version " . $this->signOperator($operator) . 
-                    " $req is required"; 
-                return PEAR_DEPENDENCY_CONFLICT; 
-            } 
+        if (substr($req, 0, 2) == 'v.') { 
+            $req = substr($req,2); 
+        } 
+        $php_ver = phpversion(); 
+        $operator = substr($relation,0,2); 
+        if (!version_compare("$php_ver", "$req", $operator)) { 
+            $errmsg = "PHP version " . $this->signOperator($operator) . 
+                " $req is required"; 
+            return PEAR_DEPENDENCY_CONFLICT; 
         } 
         return false; 
     } 
 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-04-05 05:22 UTC] jmcastagnetto@php.net
Seems like there is also a similar logic problem in checkZend(). Below is 
patch for both: 
 
$ diff -u php4/pear/PEAR/Dependency.php-orig  
php4/pear/PEAR/Dependency.php 
--- php4/pear/PEAR/Dependency.php-orig  2003-04-05 
02:43:29.000000000 -0800 
+++ php4/pear/PEAR/Dependency.php       2003-04-05 
03:20:27.000000000 -0800 
@@ -199,14 +199,15 @@ 
      */ 
     function checkPHP(&$errmsg, $req, $relation = 'ge') 
     { 
-        if (substr($relation, 0, 2) == 'v.') { 
-            $php_ver = phpversion(); 
-            $operator = substr($relation, 2); 
-            if (!version_compare("$php_ver", "$req", $operator)) { 
-                $errmsg = "PHP version " . $this->signOperator($operator) . 
-                    " $req is required"; 
-                return PEAR_DEPENDENCY_CONFLICT; 
-            } 
+        if (substr($req, 0, 2) == 'v.') { 
+            $req = substr($req,2, strlen($req) - 2); 
+        } 
+        $php_ver = phpversion(); 
+        $operator = substr($relation,0,2); 
+        if (!version_compare("$php_ver", "$req", $operator)) { 
+            $errmsg = "PHP version " . $this->signOperator($operator) . 
+                " $req is required"; 
+            return PEAR_DEPENDENCY_CONFLICT; 
         } 
         return false; 
     } 
@@ -271,14 +272,15 @@ 
      */ 
     function checkZend(&$errmsg, $req, $relation = 'ge') 
     { 
-        if (substr($relation, 0, 2) == 'v.') { 
-            $zend_ver = zend_version(); 
-            $operator = substr($relation, 2); 
-            if (!version_compare("$zend_ver", "$req", $operator)) { 
-                $errmsg = "Zend version " . $this->signOperator($operator) . 
-                    " $req is required"; 
-                return PEAR_DEPENDENCY_CONFLICT; 
-            } 
+        if (substr($req, 0, 2) == 'v.') { 
+            $req = substr($req,2, strlen($req) - 2); 
+        } 
+        $zend_ver = zend_version(); 
+        $operator = substr($relation,0,2); 
+        if (!version_compare("$zend_ver", "$req", $operator)) { 
+            $errmsg = "Zend version " . $this->signOperator($operator) . 
+                " $req is required"; 
+            return PEAR_DEPENDENCY_CONFLICT; 
         } 
         return false; 
     } 
 
 [2003-04-14 06:51 UTC] jmcastagnetto@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.

* Applied patch today 
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Oct 28 21:03:36 2021 UTC