Patch bug70081 for SOAP related Bug #70081
Patch version 2015-07-26 23:45 UTC
Return to Bug #70081 |
Download this patch
Patch Revisions:
Developer: stas@php.net
commit c96d08b27226193dd51f2b50e84272235c6aaa69
Author: Stanislav Malyshev <stas@php.net>
Date: Sun Jul 26 16:44:18 2015 -0700
Fix bug #70081: check types for SOAP variables
diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index 8c5082c..8dc6e45 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -759,18 +759,21 @@ try_again:
zend_hash_internal_pointer_reset(Z_ARRVAL_PP(cookies));
smart_str_append_const(&soap_headers, "Cookie: ");
for (i = 0; i < n; i++) {
+ ulong numindx;
+ int res = zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, &numindx, FALSE);
zend_hash_get_current_data(Z_ARRVAL_PP(cookies), (void **)&data);
- zend_hash_get_current_key(Z_ARRVAL_PP(cookies), &key, NULL, FALSE);
- if (Z_TYPE_PP(data) == IS_ARRAY) {
+ if (res == HASH_KEY_IS_STRING && Z_TYPE_PP(data) == IS_ARRAY) {
zval** value;
if (zend_hash_index_find(Z_ARRVAL_PP(data), 0, (void**)&value) == SUCCESS &&
Z_TYPE_PP(value) == IS_STRING) {
zval **tmp;
if ((zend_hash_index_find(Z_ARRVAL_PP(data), 1, (void**)&tmp) == FAILURE ||
+ Z_TYPE_PP(tmp) != IS_STRING ||
strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_PP(tmp),Z_STRLEN_PP(tmp)) == 0) &&
(zend_hash_index_find(Z_ARRVAL_PP(data), 2, (void**)&tmp) == FAILURE ||
+ Z_TYPE_PP(tmp) != IS_STRING ||
in_domain(phpurl->host,Z_STRVAL_PP(tmp))) &&
(use_ssl || zend_hash_index_find(Z_ARRVAL_PP(data), 3, (void**)&tmp) == FAILURE)) {
smart_str_appendl(&soap_headers, key, strlen(key));
|
Copyright © 2001-2024 The PHP Group