Skip to content

Instantly share code, notes, and snippets.

@smalyshev

smalyshev/76129.diff Secret

Created March 28, 2018 04:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save smalyshev/1e8e838c45653bb556f68af829d913ee to your computer and use it in GitHub Desktop.
Save smalyshev/1e8e838c45653bb556f68af829d913ee to your computer and use it in GitHub Desktop.
Download ZIP
Raw
76129.diff
commit 4b7328615e1e51ba3ea79293bfd611ef7fa041fd
Author: Stanislav Malyshev <stas@php.net>
Date: Tue Mar 27 21:22:28 2018 -0700
Fix #76129 - remove more potential unfiltered outputs for phar
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 64d7a6c..a6f56ac 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -340,8 +340,7 @@ static void phar_do_403(char *entry, int entry_len TSRMLS_DC) /* {{{ */
sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
sapi_send_headers(TSRMLS_C);
PHPWRITE("<html>\n <head>\n <title>Access Denied</title>\n </head>\n <body>\n <h1>403 - File ", sizeof("<html>\n <head>\n <title>Access Denied</title>\n </head>\n <body>\n <h1>403 - File ") - 1);
- PHPWRITE(entry, entry_len);
- PHPWRITE(" Access Denied</h1>\n </body>\n</html>", sizeof(" Access Denied</h1>\n </body>\n</html>") - 1);
+ PHPWRITE("Access Denied</h1>\n </body>\n</html>", sizeof("Access Denied</h1>\n </body>\n</html>") - 1);
}
/* }}} */
@@ -365,8 +364,7 @@ static void phar_do_404(phar_archive_data *phar, char *fname, int fname_len, cha
sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
sapi_send_headers(TSRMLS_C);
PHPWRITE("<html>\n <head>\n <title>File Not Found</title>\n </head>\n <body>\n <h1>404 - File ", sizeof("<html>\n <head>\n <title>File Not Found</title>\n </head>\n <body>\n <h1>404 - File ") - 1);
- PHPWRITE(entry, entry_len);
- PHPWRITE(" Not Found</h1>\n </body>\n</html>", sizeof(" Not Found</h1>\n </body>\n</html>") - 1);
+ PHPWRITE("Not Found</h1>\n </body>\n</html>", sizeof("Not Found</h1>\n </body>\n</html>") - 1);
}
/* }}} */
diff --git a/ext/phar/tests/cache_list/frontcontroller10.phpt b/ext/phar/tests/cache_list/frontcontroller10.phpt
index 00177d4..5fd9868 100644
--- a/ext/phar/tests/cache_list/frontcontroller10.phpt
+++ b/ext/phar/tests/cache_list/frontcontroller10.phpt
@@ -20,6 +20,6 @@ Status: 403 Access Denied
<title>Access Denied</title>
</head>
<body>
- <h1>403 - File /hi Access Denied</h1>
+ <h1>403 - File Access Denied</h1>
</body>
</html>
diff --git a/ext/phar/tests/cache_list/frontcontroller6.phpt b/ext/phar/tests/cache_list/frontcontroller6.phpt
index 2480be4..a79c958 100644
--- a/ext/phar/tests/cache_list/frontcontroller6.phpt
+++ b/ext/phar/tests/cache_list/frontcontroller6.phpt
@@ -18,6 +18,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /notfound.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/cache_list/frontcontroller8.phpt b/ext/phar/tests/cache_list/frontcontroller8.phpt
index bf9b390..e04f9e5 100644
--- a/ext/phar/tests/cache_list/frontcontroller8.phpt
+++ b/ext/phar/tests/cache_list/frontcontroller8.phpt
@@ -18,6 +18,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /index.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/frontcontroller10.phpt b/ext/phar/tests/frontcontroller10.phpt
index 667d5c2..b3f5e64 100644
--- a/ext/phar/tests/frontcontroller10.phpt
+++ b/ext/phar/tests/frontcontroller10.phpt
@@ -19,6 +19,6 @@ Status: 403 Access Denied
<title>Access Denied</title>
</head>
<body>
- <h1>403 - File /hi Access Denied</h1>
+ <h1>403 - File Access Denied</h1>
</body>
</html>
diff --git a/ext/phar/tests/frontcontroller6.phpt b/ext/phar/tests/frontcontroller6.phpt
index 1a2cc2c..c5dd382 100644
--- a/ext/phar/tests/frontcontroller6.phpt
+++ b/ext/phar/tests/frontcontroller6.phpt
@@ -16,6 +16,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /notfound.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/frontcontroller8.phpt b/ext/phar/tests/frontcontroller8.phpt
index 36e3206..77d33da 100644
--- a/ext/phar/tests/frontcontroller8.phpt
+++ b/ext/phar/tests/frontcontroller8.phpt
@@ -16,6 +16,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /index.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/tar/frontcontroller10.phar.phpt b/ext/phar/tests/tar/frontcontroller10.phar.phpt
index f1fc6e3..23ce6f3 100644
--- a/ext/phar/tests/tar/frontcontroller10.phar.phpt
+++ b/ext/phar/tests/tar/frontcontroller10.phar.phpt
@@ -19,6 +19,6 @@ Status: 403 Access Denied
<title>Access Denied</title>
</head>
<body>
- <h1>403 - File /hi Access Denied</h1>
+ <h1>403 - File Access Denied</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/tar/frontcontroller6.phar.phpt b/ext/phar/tests/tar/frontcontroller6.phar.phpt
index 5375bee..b811f00 100644
--- a/ext/phar/tests/tar/frontcontroller6.phar.phpt
+++ b/ext/phar/tests/tar/frontcontroller6.phar.phpt
@@ -16,6 +16,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /notfound.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/tar/frontcontroller8.phar.phpt b/ext/phar/tests/tar/frontcontroller8.phar.phpt
index 19844cb..a180e20 100644
--- a/ext/phar/tests/tar/frontcontroller8.phar.phpt
+++ b/ext/phar/tests/tar/frontcontroller8.phar.phpt
@@ -16,6 +16,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /index.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/zip/frontcontroller10.phar.phpt b/ext/phar/tests/zip/frontcontroller10.phar.phpt
index 56d16c2..5bbe9e1 100644
--- a/ext/phar/tests/zip/frontcontroller10.phar.phpt
+++ b/ext/phar/tests/zip/frontcontroller10.phar.phpt
@@ -19,6 +19,6 @@ Status: 403 Access Denied
<title>Access Denied</title>
</head>
<body>
- <h1>403 - File /hi Access Denied</h1>
+ <h1>403 - File Access Denied</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/zip/frontcontroller6.phar.phpt b/ext/phar/tests/zip/frontcontroller6.phar.phpt
index 15489f6..63f7c62 100644
--- a/ext/phar/tests/zip/frontcontroller6.phar.phpt
+++ b/ext/phar/tests/zip/frontcontroller6.phar.phpt
@@ -17,6 +17,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /notfound.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
diff --git a/ext/phar/tests/zip/frontcontroller8.phar.phpt b/ext/phar/tests/zip/frontcontroller8.phar.phpt
index 1b0d133..d4c3a3f 100644
--- a/ext/phar/tests/zip/frontcontroller8.phar.phpt
+++ b/ext/phar/tests/zip/frontcontroller8.phar.phpt
@@ -16,6 +16,6 @@ Status: 404 Not Found
<title>File Not Found</title>
</head>
<body>
- <h1>404 - File /index.php Not Found</h1>
+ <h1>404 - File Not Found</h1>
</body>
</html>
\ No newline at end of file
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment