1. Fix the strip_tags () function, you can correct the character "/ 0" correctly 2. Enhance the stability when using Memory_Limit starts 3. Use the Emalloc () function instead of alloca () functions make better stack protection 4 Add SAFE_MODE loss checks in FTOK and ITPC. 5. Fixed a bug # 28963: Fixed an address assignment routine description in the IMAP extension: in the file ext / iMap / php_imap.c 3685 line: if ((len = _php_imap_address_size (addresstmp))) {tmpstr = (charr *) Malloc (len); // String end value / 0 is aborted ((len = _php_imap_address_size (addresstmp))) {tmpstr = (char *) malloc (len 1); // Correctly due to C string At the end of the end, this bug causes the contents of the buffer overflow-variable addresstmp to be overwritten, resulting in an incorrect value of 'str' to pass to add_property_string_ex, generating a paragraph error.
Generate code: -------------- This code is not easy to generate, but this error can be seen very clearly.
Actual results: --------------- (LADEBUG) Where> 0 0x3ff800d67d0 in strlen (...) in /usr/shlib/libc.so#1 0x300000c54a0 in add_property_string_ex (arg = 0x140289b18 , key = 0x30040218160 = "personal", key_len = 9, str = 0x403130303530334c = (null), duplicate = 1) "zend_API.c": 980 # 2 0x3000010feb0 in _php_imap_parse_address (addresslist = 0x1402bf2c0, fulladdress = 0x11ffe6a60, paddress = 0x14020e118) "php_imap.c": 3642 # 3 0x300001103a8 in _php_make_header_object (myzvalue = 0x140245918, en = 0x1402d0c40) "php_imap.c": 3674 # 4 0x30000101758 in zif_imap_headerinfo (ht = 2, return_value = 0x140245918, this_ptr = 0x0, return_value_used = 1) "php_imap.c": 1639 # 5 0x300000afa60 in Execute (op_ARRAY = 0x1401ccc18) "./ Zend_execute.c": 1598 # 6 0x300038094C8
6. Fixed bug # 28632: Blocking the "Open_BASedir Limit" bug directly by using MySQL's Load Data Local command. Description: Import files using the 'Load Data Local Infile' is implemented via the MySQL client library, so you can import any files that can be imported in any web server process, and ignore the Open_BASedir option. This problem has been reported a year ago, you can try to solve: http://cvs.php.net/diff.php/php-src/ext/mysql/php_mysql.c? R1 = 1.174.2.13 & r2 = 1.174.2.14 & ty = h / * disable local infile option for open_basedir * / if (Strlen (pg (open_basedir)) {client_flags ^ = client_local_files;} Because you use xor operation, if the user puts the option '128' as mysql_connect () Of the fifth parameter and open Open_BASEDIR limit, Load Data Local is prohibited. Use option '0', allow Load Data Local, so we are set by default to allow. It seems not just a xor, may be client_flags & = (32767 ^ client_local_files); or other similar situations. Generate code --------------- $ link = mysql_connect ('Host', 'User', 'Password', False, 0); $ db_selected = mysql_select_db ('Database', $ LINK );
$ Result = mysql_query ("Load Data Local Infile 'DataFile.txt' Into Table Test"); if (! $ results) {Die ('invalid query:'. MySQL_ERROR ());}
mysql_close ($ link);
?>
Expected Result: ---------------- (there is an error: invalid query: The command used by the current mysql version is not the case, but: query is successful. ............... Real results: -------------- Data from File is inserated to 'Test' Table. (The data in the file has been Insert 'Test' Table)
