Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
5.5.38
>
php-5.5.38
> php5-suhosin-php55.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php5-suhosin-php55.patch of Package php-5.5.38
https://github.com/NewEraCracker/suhosin-patches/blob/master/patches/ext/suhosin.diff diff -uNr ext/suhosin/ex_imp.c ext/suhosin/ex_imp.c --- ext/suhosin/ex_imp.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/ex_imp.c Sat Apr 6 16:14:59 2013 @@ -727,7 +727,7 @@ /* {{{ suhosin_ex_imp_functions[] */ -function_entry suhosin_ex_imp_functions[] = { +zend_function_entry suhosin_ex_imp_functions[] = { PHP_NAMED_FE(extract, PHP_FN(suhosin_extract), suhosin_arginfo_extract) PHP_NAMED_FE(import_request_variables, PHP_FN(suhosin_import_request_variables), suhosin_arginfo_import_request_variables) {NULL, NULL, NULL} diff -uNr ext/suhosin/execute.c ext/suhosin/execute.c --- ext/suhosin/execute.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/execute.c Sat Apr 6 16:14:59 2013 @@ -35,21 +35,27 @@ #include "zend_compile.h" #include "zend_llist.h" #include "SAPI.h" +#include "main/php_version.h" #include "sha256.h" - +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) +#define IH_EXECUTE_INTERNAL_PARAMS zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC +#define IH_EXECUTE_INTERNAL_PARAM_PASSTHRU execute_data_ptr, return_value_used TSRMLS_CC static void (*old_execute)(zend_op_array *op_array TSRMLS_DC); static void suhosin_execute(zend_op_array *op_array TSRMLS_DC); static void (*old_execute_ZO)(zend_op_array *op_array, long dummy TSRMLS_DC); static void suhosin_execute_ZO(zend_op_array *op_array, long dummy TSRMLS_DC); static void *(*zo_set_oe_ex)(void *ptr) = NULL; +#else +#define IH_EXECUTE_INTERNAL_PARAMS zend_execute_data *execute_data_ptr, zend_fcall_info *fci, int return_value_used TSRMLS_DC +#define IH_EXECUTE_INTERNAL_PARAM_PASSTHRU execute_data_ptr, fci, return_value_used TSRMLS_CC +static void (*old_execute_ex)(zend_execute_data *execute_data_ptr TSRMLS_DC); +static void suhosin_execute_ex(zend_execute_data *execute_data_ptr TSRMLS_DC); +#endif -/*STATIC zend_op_array* (*old_compile_file)(zend_file_handle* file_handle, int type TSRMLS_DC); - STATIC zend_op_array* suhosin_compile_file(zend_file_handle*, int TSRMLS_DC);*/ - -static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC); -static void (*old_execute_internal)(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC); +static void (*old_execute_internal)(IH_EXECUTE_INTERNAL_PARAMS); +static void suhosin_execute_internal(IH_EXECUTE_INTERNAL_PARAMS); extern zend_extension suhosin_zend_extension_entry; @@ -152,7 +158,7 @@ t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); if (h == NULL) break; - while (t > s && (isalnum(t[-1]) || t[-1]=='_')) { + while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { t--; } @@ -195,7 +201,7 @@ t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); if (h == NULL) break; - while (t > s && (isalnum(t[-1]) || t[-1]=='_')) { + while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { t--; } @@ -353,10 +359,16 @@ return SUHOSIN_CODE_TYPE_UNKNOWN; } -/* {{{ void suhosin_execute_ex(zend_op_array *op_array TSRMLS_DC) +/* {{{ void suhosin_execute_ex * This function provides a hook for execution */ +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRMLS_DC) { +#else +static void suhosin_execute_ex(zend_execute_data *execute_data_ptr TSRMLS_DC) +{ + zend_op_array *op_array = execute_data_ptr->op_array; +#endif zend_op_array *new_op_array; int op_array_type, len; char *fn; @@ -579,17 +591,22 @@ } continue_execution: +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) if (zo) { old_execute_ZO (op_array, dummy TSRMLS_CC); } else { old_execute (op_array TSRMLS_CC); } +#else + old_execute_ex(execute_data_ptr TSRMLS_CC); +#endif /* nothing to do */ SUHOSIN_G(in_code_type) = orig_code_type; SUHOSIN_G(execution_depth)--; } /* }}} */ +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) /* {{{ void suhosin_execute(zend_op_array *op_array TSRMLS_DC) * This function provides a hook for execution */ static void suhosin_execute(zend_op_array *op_array TSRMLS_DC) @@ -604,11 +621,22 @@ suhosin_execute_ex(op_array, 1, dummy TSRMLS_CC); } /* }}} */ +#endif - +#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) +#define IH_HANDLER_PARAMS_REST int ht, zval *return_value, zval **return_value_ptr, zval *this_ptr, int return_value_used TSRMLS_DC +#define IH_HANDLER_PARAMS internal_function_handler *ih, IH_HANDLER_PARAMS_REST +#define IH_HANDLER_PARAM_PASSTHRU ih, ht, *return_value_ptr, \ + (execute_data_ptr->function_state.function->common.fn_flags & ZEND_ACC_RETURN_REFERENCE)?return_value_ptr:NULL, \ + execute_data_ptr->object, return_value_used TSRMLS_CC +#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) +#define IH_HANDLER_PARAM_FCI_PASSTHRU ih, fci->param_count, *fci->retval_ptr_ptr, fci->retval_ptr_ptr, fci->object_ptr, 1 TSRMLS_CC +#endif +#else #define IH_HANDLER_PARAMS_REST zend_execute_data *execute_data_ptr, int return_value_used, int ht, zval *return_value TSRMLS_DC #define IH_HANDLER_PARAMS internal_function_handler *ih, IH_HANDLER_PARAMS_REST #define IH_HANDLER_PARAM_PASSTHRU ih, execute_data_ptr, return_value_used, ht, return_value TSRMLS_CC +#endif HashTable ihandler_table; @@ -626,12 +654,20 @@ { zval **regex, **replace, - **subject, - **limit; + **subject; +#ifndef PHP_ATLEAST_5_3 + zval **limit; if (ZEND_NUM_ARGS() < 3 || zend_get_parameters_ex(3, ®ex, &replace, &subject, &limit) == FAILURE) { return (0); } +#else + long limit = -1; + zval **zcount = NULL; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ZZZ|lZ", ®ex, &replace, &subject, &limit, &zcount) == FAILURE) { + return (1); + } +#endif if (Z_TYPE_PP(regex) == IS_ARRAY) { zval **regex_entry; @@ -1022,6 +1058,7 @@ return (0); } +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) static int suhosin_php_body_write(const char *str, uint str_length TSRMLS_DC) { #define P_META_ROBOTS "<meta name=\"ROBOTS\" content=\"NOINDEX,NOFOLLOW,NOARCHIVE\" />" @@ -1065,6 +1102,7 @@ RETVAL_TRUE; return (1); } +#endif static int ih_function_exists(IH_HANDLER_PARAMS) @@ -1072,35 +1110,34 @@ #ifndef PHP_ATLEAST_5_3 zval **function_name; #endif + char *name; + int name_len; zend_function *func; char *lcname; zend_bool retval; - int func_name_len; #ifndef PHP_ATLEAST_5_3 if (ZEND_NUM_ARGS()!=1 || zend_get_parameters_ex(1, &function_name)==FAILURE) { ZEND_WRONG_PARAM_COUNT_WITH_RETVAL(1); } convert_to_string_ex(function_name); - func_name_len = Z_STRLEN_PP(function_name); - lcname = estrndup(Z_STRVAL_PP(function_name), func_name_len); - zend_str_tolower(lcname, func_name_len); + name = Z_STRVAL_PP(function_name); + name_len = Z_STRLEN_PP(function_name); #else - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &lcname, &func_name_len) == FAILURE) { - return; + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &name, &name_len) == FAILURE) { + return (1); } +#endif + lcname = zend_str_tolower_dup(name, name_len); /* Ignore leading "\" */ - if (lcname[0] == '\\') { - lcname = &lcname[1]; - func_name_len--; + name = lcname; + if (name_len > 0 && lcname[0] == '\\') { + name = &lcname[1]; + name_len--; } - lcname = zend_str_tolower_dup(lcname, func_name_len); -#endif - retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS); - - efree(lcname); + retval = (zend_hash_find(EG(function_table), name, name_len+1, (void **)&func) == SUCCESS); /* * A bit of a hack, but not a bad one: we see if the handler of the function @@ -1114,26 +1151,28 @@ /* Now check if function is forbidden by Suhosin */ if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { if (SUHOSIN_G(eval_whitelist) != NULL) { - if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), lcname, func_name_len+1)) { + if (!zend_hash_exists(SUHOSIN_G(eval_whitelist), name, name_len+1)) { retval = 0; } } else if (SUHOSIN_G(eval_blacklist) != NULL) { - if (zend_hash_exists(SUHOSIN_G(eval_blacklist), lcname, func_name_len+1)) { + if (zend_hash_exists(SUHOSIN_G(eval_blacklist), name, name_len+1)) { retval = 0; } } } if (SUHOSIN_G(func_whitelist) != NULL) { - if (!zend_hash_exists(SUHOSIN_G(func_whitelist), lcname, func_name_len+1)) { + if (!zend_hash_exists(SUHOSIN_G(func_whitelist), name, name_len+1)) { retval = 0; } } else if (SUHOSIN_G(func_blacklist) != NULL) { - if (zend_hash_exists(SUHOSIN_G(func_blacklist), lcname, func_name_len+1)) { + if (zend_hash_exists(SUHOSIN_G(func_blacklist), name, name_len+1)) { retval = 0; } } + efree(lcname); + RETVAL_BOOL(retval); return (1); } @@ -1344,7 +1383,7 @@ suhosin_SHA256Init(&context); suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 8); - suhosin_SHA256Final(seedbuf, &context); + suhosin_SHA256Final((void *)seedbuf, &context); } /* }}} */ @@ -1501,7 +1540,7 @@ { #ifdef PHP_ATLEAST_5_3 if (zend_parse_parameters_none() == FAILURE) { - return; + return (1); } #else int argc = ZEND_NUM_ARGS(); @@ -1518,7 +1557,10 @@ { "preg_replace", ih_preg_replace, NULL, NULL, NULL }, { "mail", ih_mail, NULL, NULL, NULL }, { "symlink", ih_symlink, NULL, NULL, NULL }, + +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 4) { "phpinfo", ih_phpinfo, NULL, NULL, NULL }, +#endif { "srand", ih_srand, NULL, NULL, NULL }, { "mt_srand", ih_mt_srand, NULL, NULL, NULL }, @@ -1575,13 +1617,19 @@ #define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C)); #define FUNCTION_SIMULATE_WARNING() zend_error(E_WARNING, "SIMULATION - %s() has been disabled for security reasons", get_active_function_name(TSRMLS_C)); -/* {{{ void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC) +/* {{{ void suhosin_execute_internal * This function provides a hook for internal execution */ -static void suhosin_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC) +static void suhosin_execute_internal(IH_EXECUTE_INTERNAL_PARAMS) { char *lcname; int function_name_strlen, free_lcname = 0; + +#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) + zval **return_value_ptr; +#else zval *return_value; +#endif + zend_class_entry *ce = NULL; int ht; internal_function_handler *ih; @@ -1605,13 +1653,6 @@ zend_str_tolower(lcname, function_name_strlen); } -#ifdef ZEND_ENGINE_2 - return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr; -#else - return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr; -#endif - ht = execute_data_ptr->opline->extended_value; - SDEBUG("function: %s", lcname); if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { @@ -1663,14 +1704,30 @@ void *handler = ((zend_internal_function *) execute_data_ptr->function_state.function)->handler; if (handler != ZEND_FN(display_disabled_function)) { +#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) + if(fci != NULL) { + retval = ih->handler(IH_HANDLER_PARAM_FCI_PASSTHRU); + } else { + return_value_ptr = &EX_TMP_VAR(execute_data_ptr, execute_data_ptr->opline->result.var)->var.ptr; +#elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 4) + return_value_ptr = &(*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr; +#elif (PHP_MAJOR_VERSION == 5) + return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr; +#else + return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr; +#endif + ht = execute_data_ptr->opline->extended_value; retval = ih->handler(IH_HANDLER_PARAM_PASSTHRU); +#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) + } +#endif } if (retval == 0) { - old_execute_internal(execute_data_ptr, return_value_used TSRMLS_CC); + old_execute_internal(IH_EXECUTE_INTERNAL_PARAM_PASSTHRU); } } else { - old_execute_internal(execute_data_ptr, return_value_used TSRMLS_CC); + old_execute_internal(IH_EXECUTE_INTERNAL_PARAM_PASSTHRU); } if (free_lcname == 1) { efree(lcname); @@ -1686,6 +1743,7 @@ /* }}} */ +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) /* {{{ int function_lookup(zend_extension *extension) */ static int function_lookup(zend_extension *extension) @@ -1703,6 +1761,7 @@ return 0; } /* }}} */ +#endif /* {{{ void suhosin_hook_execute() @@ -1711,6 +1770,7 @@ { internal_function_handler *ih; +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) old_execute = zend_execute; zend_execute = suhosin_execute; @@ -1727,6 +1787,10 @@ if (zo_set_oe_ex != NULL) { old_execute_ZO = zo_set_oe_ex(suhosin_execute_ZO); } +#else + old_execute_ex = zend_execute_ex; + zend_execute_ex = suhosin_execute_ex; +#endif old_execute_internal = zend_execute_internal; if (old_execute_internal == NULL) { @@ -1761,11 +1825,15 @@ */ void suhosin_unhook_execute() { +#if PHP_MAJOR_VERSION < 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5) if (zo_set_oe_ex) { zo_set_oe_ex(old_execute_ZO); } zend_execute = old_execute; +#else + zend_execute_ex = old_execute_ex; +#endif /* zend_compile_file = old_compile_file; */ diff -uNr ext/suhosin/ifilter.c ext/suhosin/ifilter.c --- ext/suhosin/ifilter.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/ifilter.c Sat Apr 6 16:14:59 2013 @@ -146,7 +146,7 @@ if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && Z_TYPE_PP(tzval) == IS_STRING) { - s = t = Z_STRVAL_PP(tzval); + s = t = (unsigned char *)Z_STRVAL_PP(tzval); for (; *t; t++) { if (suhosin_is_dangerous_char[*t]) { *t = '?'; @@ -168,7 +168,7 @@ if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && Z_TYPE_PP(tzval) == IS_STRING) { - temp = Z_STRVAL_PP(tzval); + temp = (unsigned char *)Z_STRVAL_PP(tzval); t = temp; for (t = temp; *t; t++) { @@ -195,7 +195,7 @@ } *n = 0; - Z_STRVAL_PP(tzval) = newv; + Z_STRVAL_PP(tzval) = (char *)newv; Z_STRLEN_PP(tzval) = n-newv; } } diff -uNr ext/suhosin/log.c ext/suhosin/log.c --- ext/suhosin/log.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/log.c Sat Apr 6 16:14:59 2013 @@ -31,11 +31,18 @@ #include "SAPI.h" #include "ext/standard/datetime.h" #include "ext/standard/flock_compat.h" +#include "main/php_version.h" #ifdef HAVE_SYS_SOCKET_H #include <sys/socket.h> #endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#elif defined(PHP_WIN32) +#include "win32/time.h" +#endif + #if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) #undef AF_UNIX #endif @@ -261,7 +268,11 @@ /* SAPI Logging activated? */ SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script), SUHOSIN_G(log_phpscript)); if (((SUHOSIN_G(log_sapi)|S_INTERNAL) & loglevel)!=0) { +#if PHP_VERSION_ID < 50400 sapi_module.log_message(buf); +#else + sapi_module.log_message(buf TSRMLS_CC); +#endif } /*log_script:*/ @@ -317,7 +328,9 @@ zval *result = NULL; long orig_execution_depth = SUHOSIN_G(execution_depth); +#if PHP_VERSION_ID < 50400 zend_bool orig_safe_mode = PG(safe_mode); +#endif char *orig_basedir = PG(open_basedir); char *phpscript = SUHOSIN_G(log_phpscriptname); @@ -354,14 +367,18 @@ SUHOSIN_G(execution_depth) = 0; if (SUHOSIN_G(log_phpscript_is_safe)) { +#if PHP_VERSION_ID < 50400 PG(safe_mode) = 0; +#endif PG(open_basedir) = NULL; } zend_execute(new_op_array TSRMLS_CC); SUHOSIN_G(execution_depth) = orig_execution_depth; +#if PHP_VERSION_ID < 50400 PG(safe_mode) = orig_safe_mode; +#endif PG(open_basedir) = orig_basedir; #ifdef ZEND_ENGINE_2 diff -uNr ext/suhosin/php_suhosin.h ext/suhosin/php_suhosin.h --- ext/suhosin/php_suhosin.h Thu Jan 19 15:49:18 2012 +++ ext/suhosin/php_suhosin.h Sat Apr 6 16:14:59 2013 @@ -186,6 +186,7 @@ int (*old_php_body_write)(const char *str, unsigned int str_length TSRMLS_DC); /* session */ + void *old_s_module; void *s_module; int (*old_s_read)(void **mod_data, const char *key, char **val, int *vallen TSRMLS_DC); int (*old_s_write)(void **mod_data, const char *key, const char *val, const int vallen TSRMLS_DC); @@ -308,7 +309,7 @@ char *suhosin_cookie_decryptor(TSRMLS_D); char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC); void suhosin_hook_post_handlers(TSRMLS_D); -void suhosin_unhook_post_handlers(); +void suhosin_unhook_post_handlers(TSRMLS_D); void suhosin_hook_register_server_variables(); void suhosin_hook_header_handler(); void suhosin_unhook_header_handler(); diff -uNr ext/suhosin/post_handler.c ext/suhosin/post_handler.c --- ext/suhosin/post_handler.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/post_handler.c Sat Apr 6 16:14:59 2013 @@ -148,10 +148,10 @@ /* we need to tell suhosin patch that there is a new valid destructor */ /* therefore we have create HashTable that has this destructor */ - zend_hash_init(&tempht, 0, NULL, suhosin_post_handler_modification, 0); + zend_hash_init(&tempht, 0, NULL, (dtor_func_t)suhosin_post_handler_modification, 0); zend_hash_destroy(&tempht); /* And now we can overwrite the destructor for post entries */ - SG(known_post_content_types).pDestructor = suhosin_post_handler_modification; + SG(known_post_content_types).pDestructor = (dtor_func_t)suhosin_post_handler_modification; /* we have to stop mbstring from replacing our post handler */ if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) { @@ -162,7 +162,7 @@ ini_entry->on_modify = suhosin_OnUpdate_mbstring_encoding_translation; } -void suhosin_unhook_post_handlers() +void suhosin_unhook_post_handlers(TSRMLS_D) { zend_ini_entry *ini_entry; @@ -186,5 +186,3 @@ * vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */ - - diff -uNr ext/suhosin/rfc1867.c ext/suhosin/rfc1867.c --- ext/suhosin/rfc1867.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/rfc1867.c Sat Apr 6 16:14:59 2013 @@ -35,6 +35,7 @@ #include "suhosin_rfc1867.h" #include "php_ini.h" #include "ext/standard/php_string.h" +#include "main/php_version.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -244,21 +245,29 @@ static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) { +#if PHP_VERSION_ID < 50400 int register_globals = PG(register_globals); PG(register_globals) = 0; +#endif safe_php_register_variable(strvar, val, http_post_files, override_protection TSRMLS_CC); +#if PHP_VERSION_ID < 50400 PG(register_globals) = register_globals; +#endif } static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) { +#if PHP_VERSION_ID < 50400 int register_globals = PG(register_globals); PG(register_globals) = 0; +#endif safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC); +#if PHP_VERSION_ID < 50400 PG(register_globals) = register_globals; +#endif } /* @@ -1224,7 +1233,7 @@ if ((tmp = strrchr(filename, '/')) > s) { s = tmp; } -#ifdef PHP_WIN32 +#if defined(PHP_WIN32) && (PHP_VERSION_ID < 50400) if (PG(magic_quotes_gpc)) { s = s ? s : filename; tmp = strrchr(s, '\''); diff -uNr ext/suhosin/session.c ext/suhosin/session.c --- ext/suhosin/session.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/session.c Sat Apr 6 16:14:59 2013 @@ -33,6 +33,7 @@ #include "ext/standard/php_smart_str.h" #include "ext/standard/php_var.h" #include "sha256.h" +#include "main/php_version.h" #include <fcntl.h> @@ -233,9 +234,94 @@ zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ } php_ps_globals_53; +#if PHP_VERSION_ID >= 50400 +typedef struct _php_session_rfc1867_progress_54 { + + size_t sname_len; + zval sid; + smart_str key; + + long update_step; + long next_update; + double next_update_time; + zend_bool cancel_upload; + zend_bool apply_trans_sid; + size_t content_length; + + zval *data; /* the array exported to session data */ + zval *post_bytes_processed; /* data["bytes_processed"] */ + zval *files; /* data["files"] array */ + zval *current_file; /* array of currently uploading file */ + zval *current_file_bytes_processed; +} php_session_rfc1867_progress_54; + +typedef struct _php_ps_globals_54 { + char *save_path; + char *session_name; + char *id; + char *extern_referer_chk; + char *entropy_file; + char *cache_limiter; + long entropy_length; + long cookie_lifetime; + char *cookie_path; + char *cookie_domain; + zend_bool cookie_secure; + zend_bool cookie_httponly; + ps_module *mod; + ps_module *default_mod; + void *mod_data; + php_session_status session_status; + long gc_probability; + long gc_divisor; + long gc_maxlifetime; + int module_number; + long cache_expire; + union { + zval *names[6]; + struct { + zval *ps_open; + zval *ps_close; + zval *ps_read; + zval *ps_write; + zval *ps_destroy; + zval *ps_gc; + } name; + } mod_user_names; + int mod_user_implemented; + int mod_user_is_open; + const struct ps_serializer_struct *serializer; + zval *http_session_vars; + zend_bool auto_start; + zend_bool use_cookies; + zend_bool use_only_cookies; + zend_bool use_trans_sid; /* contains the INI value of whether to use trans-sid */ + zend_bool apply_trans_sid; /* whether or not to enable trans-sid for the current request */ + + long hash_func; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + php_hash_ops *hash_ops; +#endif + long hash_bits_per_character; + int send_cookie; + int define_sid; + zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ + + php_session_rfc1867_progress_54 *rfc1867_progress; + zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ + zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ + smart_str rfc1867_prefix; /* session.upload_progress.prefix */ + smart_str rfc1867_name; /* session.upload_progress.name */ + long rfc1867_freq; /* session.upload_progress.freq */ + double rfc1867_min_freq; /* session.upload_progress.min_freq */ +} php_ps_globals_54; +#endif + #ifdef ZTS static ts_rsrc_id session_globals_id = 0; -# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) +# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) +# define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_54 *, v) +# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_53 *, v) # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2) # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_52 *, v) @@ -247,7 +333,9 @@ UNSUPPORTED PHP VERSION # endif #else -# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) +# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) +static php_ps_globals_54 *session_globals = NULL; +# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) static php_ps_globals_53 *session_globals = NULL; # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2) static php_ps_globals_52 *session_globals = NULL; @@ -294,6 +382,7 @@ if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var); +#if PHP_VERSION_ID < 50400 /* If register_globals is enabled, and * if there is an entry for the slot in $_SESSION, and * if that entry is still set to NULL, and @@ -307,6 +396,7 @@ *state_var = tmp; } } +#endif } return ret; } @@ -426,7 +516,7 @@ } /* store ip value */ - suhosin_get_ipv4(crypted+4 TSRMLS_CC); + suhosin_get_ipv4((char *)crypted+4 TSRMLS_CC); /* store check value */ crypted[8] = check & 0xff; @@ -544,7 +634,7 @@ if (check_ra > 4) { check_ra = 4; } - suhosin_get_ipv4(&buf TSRMLS_CC); + suhosin_get_ipv4(&buf[0] TSRMLS_CC); if (memcmp(buf, decrypted+4, check_ra) != 0) { goto error_out; } @@ -639,7 +729,12 @@ }*/ /* protect dumb session handlers */ - if (key == NULL || !key[0] || *mod_data == NULL) { + if (key == NULL || !key[0] || + (*mod_data == NULL +#if PHP_VERSION_ID >= 50400 + && !SESSION_G(mod_user_implemented) +#endif + )) { regenerate: SDEBUG("regenerating key is %s", key); KEY = SESSION_G(id) = SESSION_G(mod)->s_create_sid(&SESSION_G(mod_data), NULL TSRMLS_CC); @@ -688,7 +783,12 @@ char *v = (char *)val; /* protect dumb session handlers */ - if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) { + if (key == NULL || !key[0] || val == NULL || strlen(key) > SUHOSIN_G(session_max_id_length) || + (*mod_data == NULL +#if PHP_VERSION_ID >= 50400 + && !SESSION_G(mod_user_implemented) +#endif + )) { r = FAILURE; goto return_write; } @@ -731,7 +831,12 @@ int r; /* protect dumb session handlers */ - if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || *mod_data == NULL) { + if (key == NULL || !key[0] || strlen(key) > SUHOSIN_G(session_max_id_length) || + (*mod_data == NULL +#if PHP_VERSION_ID >= 50400 + && !SESSION_G(mod_user_implemented) +#endif + )) { return FAILURE; } @@ -763,15 +868,25 @@ SUHOSIN_G(old_s_destroy) = mod->s_destroy; mod->s_destroy = suhosin_hook_s_destroy; + SUHOSIN_G(old_s_module) = old_mod; SESSION_G(mod) = mod; } +static void suhosin_unhook_session_module(TSRMLS_D) +{ + ps_module *old_mod = SUHOSIN_G(old_s_module); + + if (old_mod != NULL) { + SESSION_G(mod) = old_mod; + } +} + static PHP_INI_MH(suhosin_OnUpdateSaveHandler) { int r; + suhosin_unhook_session_module(TSRMLS_C); r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); - suhosin_hook_session_module(TSRMLS_C); return r; @@ -869,7 +984,7 @@ /* increase session identifier entropy */ if (SESSION_G(entropy_length) == 0 || SESSION_G(entropy_file) == NULL) { - +#ifndef PHP_WIN32 /* ensure that /dev/urandom exists */ int fd = VCWD_OPEN("/dev/urandom", O_RDONLY); if (fd >= 0) { @@ -877,6 +992,7 @@ SESSION_G(entropy_length) = 16; SESSION_G(entropy_file) = pestrdup("/dev/urandom", 1); } +#endif } } diff -uNr ext/suhosin/sha256.c ext/suhosin/sha256.c --- ext/suhosin/sha256.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/sha256.c Sat Apr 6 16:14:59 2013 @@ -86,9 +86,11 @@ return; } +#if PHP_VERSION_ID < 50400 if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { RETURN_FALSE; } +#endif if (php_check_open_basedir(arg TSRMLS_CC)) { RETURN_FALSE; @@ -392,7 +394,7 @@ /* {{{ suhosin_sha256_functions[] */ -static function_entry suhosin_sha256_functions[] = { +static zend_function_entry suhosin_sha256_functions[] = { PHP_NAMED_FE(sha256, PHP_FN(suhosin_sha256), NULL) PHP_NAMED_FE(sha256_file, PHP_FN(suhosin_sha256_file), NULL) {NULL, NULL, NULL} diff -uNr ext/suhosin/suhosin.c ext/suhosin/suhosin.c --- ext/suhosin/suhosin.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/suhosin.c Sat Apr 6 16:14:59 2013 @@ -32,8 +32,12 @@ #include "zend_llist.h" #include "zend_operators.h" #include "SAPI.h" + +#if PHP_VERSION_ID < 50500 #include "php_logos.h" #include "suhosin_logo.h" +#endif + #include "ext/standard/php_string.h" #include "ext/standard/url.h" #include "ext/standard/base64.h" @@ -189,9 +193,11 @@ static void suhosin_shutdown(zend_extension *extension) { + TSRMLS_FETCH(); + suhosin_unhook_execute(); suhosin_unhook_header_handler(); - suhosin_unhook_post_handlers(); + suhosin_unhook_post_handlers(TSRMLS_C); if (ze != NULL) { ze->startup = orig_module_startup; @@ -646,12 +652,16 @@ array_init(gpc_element); zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { +#if PHP_VERSION_ID < 50400 if (PG(magic_quotes_gpc) && (index != var)) { /* no need to addslashes() the index if it's the main variable name */ escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); } else { +#endif escaped_index = index; +#if PHP_VERSION_ID < 50400 } +#endif if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { MAKE_STD_ZVAL(gpc_element); @@ -683,11 +693,15 @@ if (!index) { zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { +#if PHP_VERSION_ID < 50400 if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); } else { +#endif escaped_index = index; +#if PHP_VERSION_ID < 50400 } +#endif /* * According to rfc2965, more specific paths are listed above the less specific ones. * If we encounter a duplicate cookie name, we should skip it, since it is not possible @@ -714,11 +728,15 @@ /* Prepare value */ Z_STRLEN(new_entry) = str_len; +#if PHP_VERSION_ID < 50400 if (PG(magic_quotes_gpc)) { Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC); } else { +#endif Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry)); +#if PHP_VERSION_ID < 50400 } +#endif Z_TYPE(new_entry) = IS_STRING; suhosin_register_cookie_variable(var, &new_entry, track_vars_array TSRMLS_CC); @@ -1100,8 +1118,10 @@ suhosin_hook_sha256(); suhosin_hook_ex_imp(); +#if PHP_VERSION_ID < 50500 /* register the logo for phpinfo */ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo, sizeof(suhosin_logo)); +#endif #if PHP_MAJOR_VERSION < 5 php_error_docref(NULL TSRMLS_CC, E_ERROR, "Suhosin Extension is not designed to run with PHP 4 and below. Erroring Out."); @@ -1191,6 +1211,8 @@ PHP_MINFO_FUNCTION(suhosin) { php_info_print_box_start(0); + +#if PHP_VERSION_ID < 50500 if (!sapi_module.phpinfo_as_text) { if (PG(expose_php)) { PUTS("<a href=\"http://www.suhosin.org/\"><img border=\"0\" src=\""); @@ -1227,6 +1249,7 @@ PUTS("\" alt=\"Suhosin logo\" /></a>\n"); } while(0); } +#endif PUTS("This server is protected with the Suhosin Extension " SUHOSIN_EXT_VERSION); PUTS(!sapi_module.phpinfo_as_text?"<br /><br />":"\n\n"); if (sapi_module.phpinfo_as_text) { diff -uNr ext/suhosin/treat_data.c ext/suhosin/treat_data.c --- ext/suhosin/treat_data.c Thu Jan 19 15:49:18 2012 +++ ext/suhosin/treat_data.c Sat Apr 6 16:14:59 2013 @@ -194,7 +194,12 @@ void suhosin_hook_treat_data() { +#if PHP_VERSION_ID < 50400 sapi_register_treat_data(suhosin_treat_data); +#else + TSRMLS_FETCH(); + sapi_register_treat_data(suhosin_treat_data TSRMLS_CC); +#endif #ifdef ZEND_ENGINE_2 if (old_input_filter == NULL) { old_input_filter = sapi_module.input_filter;