Sophie

Sophie

distrib > * > 2008.0 > x86_64 > by-pkgid > fb1832787a7adf918aad2d840f64675b > files > 2

php-5.2.4-3.5mdv2008.0.src.rpm

#
# Description: fix arbitrary file write by placing a "php_value error_log"
#              entry in a .htaccess file.
# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?hideattic=0&r1=1.19.2.7.2.14&r2=1.19.2.7.2.15
# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?hideattic=0&r1=1.7.2.1.2.5&r2=1.7.2.1.2.6
#
diff -Nur php5-5.2.6/sapi/apache/mod_php5.c php5-5.2.6.new/sapi/apache/mod_php5.c
--- php5-5.2.6/sapi/apache/mod_php5.c	2009-01-26 09:57:46.000000000 -0500
+++ php5-5.2.6.new/sapi/apache/mod_php5.c	2009-01-26 09:57:52.000000000 -0500
@@ -729,11 +729,11 @@
 		return 1; /* does not exist in dest, copy from source */
 	}
 
-	if (new_per_dir_entry->type==PHP_INI_SYSTEM
-		&& orig_per_dir_entry->type!=PHP_INI_SYSTEM) {
-		return 1;
-	} else {
+	if (orig_per_dir_entry->type==PHP_INI_SYSTEM
+		&& new_per_dir_entry->type!=PHP_INI_SYSTEM) {
 		return 0;
+	} else {
+		return 1;
 	}
 }
 /* }}} */
@@ -770,9 +770,9 @@
 
 	/* need a copy of addv to merge */
 	new = php_create_dir(p, "php_merge_dir");
-	zend_hash_copy(new, (HashTable *) addv, (copy_ctor_func_t) copy_per_dir_entry, NULL, sizeof(php_per_dir_entry));
+	zend_hash_copy(new, (HashTable *) basev, (copy_ctor_func_t) copy_per_dir_entry, NULL, sizeof(php_per_dir_entry));
 
-	zend_hash_merge_ex(new, (HashTable *) basev, (copy_ctor_func_t) copy_per_dir_entry, sizeof(php_per_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL);
+	zend_hash_merge_ex(new, (HashTable *) addv, (copy_ctor_func_t) copy_per_dir_entry, sizeof(php_per_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL);
 	return new;
 }
 /* }}} */
diff -Nur php5-5.2.6/sapi/apache2handler/apache_config.c php5-5.2.6.new/sapi/apache2handler/apache_config.c
--- php5-5.2.6/sapi/apache2handler/apache_config.c	2007-12-31 02:20:15.000000000 -0500
+++ php5-5.2.6.new/sapi/apache2handler/apache_config.c	2009-01-26 09:57:55.000000000 -0500
@@ -117,6 +117,23 @@
 	return NULL;
 }
 
+static zend_bool should_overwrite_per_dir_entry(HashTable *target_ht, php_dir_entry *new_per_dir_entry, zend_hash_key *hash_key, void *pData)
+{
+	php_dir_entry *orig_per_dir_entry;
+
+	if (zend_hash_find(target_ht, hash_key->arKey, hash_key->nKeyLength, (void **) &orig_per_dir_entry)==FAILURE) {
+		return 1; /* does not exist in dest, copy from source */
+	}
+
+	if (new_per_dir_entry->status >= orig_per_dir_entry->status) {
+		/* use new entry */
+		phpapdebug((stderr, "ADDING/OVERWRITING %s (%d vs. %d)\n", hash_key->arKey, new_per_dir_entry->status, orig_per_dir_entry->status));
+		return 1;
+	} else {
+		return 0;
+	}
+}
+
 
 void *merge_php_config(apr_pool_t *p, void *base_conf, void *new_conf)
 {
@@ -128,9 +145,12 @@
 	ulong num_index;
 
 	n = create_php_config(p, "merge_php_config");
-	zend_hash_copy(&n->config, &e->config, NULL, NULL, sizeof(php_dir_entry));
-
+	/* copy old config */
+	zend_hash_copy(&n->config, &d->config, NULL, NULL, sizeof(php_dir_entry));
+	/* merge new config */
 	phpapdebug((stderr, "Merge dir (%p)+(%p)=(%p)\n", base_conf, new_conf, n));
+	zend_hash_merge_ex(&n->config, &e->config, NULL, sizeof(php_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL);
+#if STAS_0
 	for (zend_hash_internal_pointer_reset(&d->config);
 			zend_hash_get_current_key_ex(&d->config, &str, &str_len, 
 				&num_index, 0, NULL) == HASH_KEY_IS_STRING;
@@ -140,10 +160,10 @@
 		if (zend_hash_find(&n->config, str, str_len, (void **) &pe) == SUCCESS) {
 			if (pe->status >= data->status) continue;
 		}
-		zend_hash_update(&n->config, str, str_len, data, sizeof(*data), NULL);
 		phpapdebug((stderr, "ADDING/OVERWRITING %s (%d vs. %d)\n", str, data->status, pe?pe->status:-1));
+		zend_hash_update(&n->config, str, str_len, data, sizeof(*data), NULL);
 	}
-
+#endif
 	return n;
 }

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional