Sophie: php-3:5.2.4-3.5mdv2008.0 src

php-5.2.4-3.5mdv2008.0.src.rpm

#
# Description: fix safe_mode restriction bypass via unrestricted variable settings.
# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508021
# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u
# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u
#
diff -Nur php5-5.2.6/ext/standard/basic_functions.c php5-5.2.6.new/ext/standard/basic_functions.c
--- php5-5.2.6/ext/standard/basic_functions.c	2009-01-26 09:18:56.000000000 -0500
+++ php5-5.2.6.new/ext/standard/basic_functions.c	2009-01-26 09:19:08.000000000 -0500
@@ -3919,6 +3919,8 @@
 	memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
 #endif
 	BG(incomplete_class) = incomplete_class_entry;
+	BG(page_uid) = -1;
+	BG(page_gid) = -1;
 }
 
 
@@ -4221,6 +4223,8 @@
 
 	PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
 	
+	BG(page_uid) = -1;
+	BG(page_gid) = -1;
 	return SUCCESS;
 }
 
diff -Nur php5-5.2.6/sapi/apache/mod_php5.c php5-5.2.6.new/sapi/apache/mod_php5.c
--- php5-5.2.6/sapi/apache/mod_php5.c	2009-01-26 09:18:56.000000000 -0500
+++ php5-5.2.6.new/sapi/apache/mod_php5.c	2009-01-26 09:19:47.000000000 -0500
@@ -597,6 +597,8 @@
 		return OK;
 	}
 
+	SG(server_context) = r;
+
 	zend_first_try {
 
 		/* Make sure file exists */
@@ -654,8 +656,6 @@
 		/* Init timeout */
 		hard_timeout("send", r);
 
-		SG(server_context) = r;
-		
 		php_save_umask();
 		add_common_vars(r);
 		add_cgi_vars(r);