diff options
| -rw-r--r-- | lang/php53/Makefile | 3 | ||||
| -rw-r--r-- | lang/php53/Makefile.common | 4 | ||||
| -rw-r--r-- | lang/php53/PLIST | 3 | ||||
| -rw-r--r-- | lang/php53/distinfo | 14 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ac | 22 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ext_sockets_sockets.c | 18 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ext_standard_crypt__blowfish.c | 160 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ext_standard_string.c | 163 | ||||
| -rw-r--r-- | lang/php53/patches/patch-main_rfc1867.c | 24 |
9 files changed, 14 insertions, 397 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index ea602b488dd..a092c38bbef 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.14 2011/07/08 10:20:10 adam Exp $ +# $NetBSD: Makefile,v 1.15 2011/08/20 13:55:09 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 4 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common index 25e708d7be7..71a3289c4be 100644 --- a/lang/php53/Makefile.common +++ b/lang/php53/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.6 2011/07/08 10:20:10 adam Exp $ +# $NetBSD: Makefile.common,v 1.7 2011/08/20 13:55:09 taca Exp $ # used by lang/php53/Makefile.php # used by lang/php/ext.mk # used by meta-pkgs/php53-extensions/Makefile @@ -39,7 +39,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= pkgsrc-users@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.3.6 +PHP_BASE_VERS= 5.3.7 PHP_EXTENSION_DIR= lib/php/20090630 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR} diff --git a/lang/php53/PLIST b/lang/php53/PLIST index bfc6e2eab7f..dd133925901 100644 --- a/lang/php53/PLIST +++ b/lang/php53/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $ +@comment $NetBSD: PLIST,v 1.2 2011/08/20 13:55:09 taca Exp $ bin/phar bin/phar.phar bin/php @@ -118,6 +118,7 @@ include/php/ext/standard/crc32.h include/php/ext/standard/credits.h include/php/ext/standard/credits_ext.h include/php/ext/standard/credits_sapi.h +include/php/ext/standard/crypt_blowfish.h include/php/ext/standard/crypt_freesec.h include/php/ext/standard/css.h include/php/ext/standard/cyr_convert.h diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 632a1e0f245..7d8a7b79c43 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.17 2011/06/22 09:54:35 taca Exp $ +$NetBSD: distinfo,v 1.18 2011/08/20 13:55:09 taca Exp $ -SHA1 (php-5.3.6/php-5.3.6.tar.bz2) = 0e0b9b4d9117f22080e2204afa9383469eb0dbbd -RMD160 (php-5.3.6/php-5.3.6.tar.bz2) = 619bf96cf24bf6aa0988494186f8914fde94d44d -Size (php-5.3.6/php-5.3.6.tar.bz2) = 10952171 bytes +SHA1 (php-5.3.7/php-5.3.7.tar.bz2) = 811e84b75d41ad997c075e3ebc8470f5c26d03ea +RMD160 (php-5.3.7/php-5.3.7.tar.bz2) = d14c52036f35d79193783b590c0cf131e1cd00c0 +Size (php-5.3.7/php-5.3.7.tar.bz2) = 11144328 bytes SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b -SHA1 (patch-ac) = 07a3d6c9ee4c316033afd8c7db71eb21045a3afd +SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690 SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 SHA1 (patch-af) = 1618b23fd6d090ce5aa929208416028724278bfc @@ -14,7 +14,3 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e -SHA1 (patch-ext_sockets_sockets.c) = 99137af0e3307f1b379e4a4012ebd56978a88a15 -SHA1 (patch-ext_standard_crypt__blowfish.c) = aa1788e5e89bb51a6f9271bb3859386c99859c8c -SHA1 (patch-ext_standard_string.c) = fe16ffedd894a6d580f3c998b9f571f403f4a764 -SHA1 (patch-main_rfc1867.c) = 2f7efd3ebc6eadb377ce308d5d8293bda07bbc42 diff --git a/lang/php53/patches/patch-ac b/lang/php53/patches/patch-ac index 70d74f440fd..0c05512463e 100644 --- a/lang/php53/patches/patch-ac +++ b/lang/php53/patches/patch-ac @@ -1,6 +1,6 @@ -$NetBSD: patch-ac,v 1.3 2011/01/13 13:52:53 wiz Exp $ +$NetBSD: patch-ac,v 1.4 2011/08/20 13:55:09 taca Exp $ ---- ext/gd/config.m4.orig 2009-05-27 08:18:24.000000000 +0000 +--- ext/gd/config.m4.orig 2011-05-12 08:19:37.000000000 +0000 +++ ext/gd/config.m4 @@ -45,18 +45,7 @@ dnl Checks for the configure options dnl @@ -30,22 +30,8 @@ $NetBSD: patch-ac,v 1.3 2011/01/13 13:52:53 wiz Exp $ ]) AC_DEFUN([PHP_GD_JPEG],[ -@@ -97,11 +85,11 @@ AC_DEFUN([PHP_GD_PNG],[ - if test "$PHP_PNG_DIR" != "no"; then - - for i in $PHP_PNG_DIR /usr/local /usr; do -- test -f $i/$PHP_LIBDIR/libpng.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libpng.a && GD_PNG_DIR=$i && break -+ test -f $i/$PHP_LIBDIR/libpng15.$SHLIB_SUFFIX_NAME || test -f $i/$PHP_LIBDIR/libpng15.a && GD_PNG_DIR=$i && break - done - - if test -z "$GD_PNG_DIR"; then -- AC_MSG_ERROR([libpng.(a|so) not found.]) -+ AC_MSG_ERROR([libpng15.(a|so) not found.]) - fi - - if test "$PHP_ZLIB_DIR" = "no"; then -@@ -112,13 +100,13 @@ AC_DEFUN([PHP_GD_PNG],[ - AC_MSG_ERROR([png.h not found.]) +@@ -108,13 +96,13 @@ AC_DEFUN([PHP_GD_PNG],[ + AC_MSG_ERROR([PNG support requires ZLIB. Use --with-zlib-dir=<DIR>]) fi - PHP_CHECK_LIBRARY(png,png_write_image, diff --git a/lang/php53/patches/patch-ext_sockets_sockets.c b/lang/php53/patches/patch-ext_sockets_sockets.c deleted file mode 100644 index 5df4f25324a..00000000000 --- a/lang/php53/patches/patch-ext_sockets_sockets.c +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-ext_sockets_sockets.c,v 1.1 2011/06/15 14:42:03 taca Exp $ - -* Update of r311369 of PHP's repository, fix for CVE-2011-1938. - ---- ext/sockets/sockets.c.orig 2011-01-01 02:19:59.000000000 +0000 -+++ ext/sockets/sockets.c -@@ -1333,6 +1333,11 @@ PHP_FUNCTION(socket_connect) - break; - - case AF_UNIX: -+ if (addr_len >= sizeof(s_un.sun_path)) { -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type); -+ RETURN_FALSE; -+ } -+ - memset(&s_un, 0, sizeof(struct sockaddr_un)); - - s_un.sun_family = AF_UNIX; diff --git a/lang/php53/patches/patch-ext_standard_crypt__blowfish.c b/lang/php53/patches/patch-ext_standard_crypt__blowfish.c deleted file mode 100644 index f8ea74092ea..00000000000 --- a/lang/php53/patches/patch-ext_standard_crypt__blowfish.c +++ /dev/null @@ -1,160 +0,0 @@ -$NetBSD: patch-ext_standard_crypt__blowfish.c,v 1.2 2011/06/22 09:54:35 taca Exp $ - -- Fix potential security problem by char signedness processing: - http://www.openwall.com/lists/oss-security/2011/06/20/2 - - Dereived from revision 1.11 change of http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/crypt_blowfish.c. - ---- ext/standard/crypt_blowfish.c.orig 2010-02-21 23:47:14.000000000 +0000 -+++ ext/standard/crypt_blowfish.c -@@ -7,6 +7,7 @@ - * cracking removed. - * - * Written by Solar Designer <solar at openwall.com> in 1998-2002 and -+ * placed in the public domain. Quick self-test added in 2011 and also - * placed in the public domain. - * - * There's absolutely no warranty. -@@ -51,6 +52,13 @@ - #define __CONST __const - #endif - -+/* -+ * Please keep this enabled. We really don't want incompatible hashes to be -+ * produced. The performance cost of this quick self-test is around 0.6% at -+ * the "$2a$08" setting. -+ */ -+#define BF_SELF_TEST -+ - #ifdef __i386__ - #define BF_ASM 0 - #define BF_SCALE 1 -@@ -63,6 +71,7 @@ - #endif - - typedef unsigned int BF_word; -+typedef signed int BF_word_signed; - - /* Number of Blowfish rounds, this is also hardcoded into a few places */ - #define BF_N 16 -@@ -555,7 +564,8 @@ static void BF_swap(BF_word *x, int coun - } while (ptr < &data.ctx.S[3][0xFF]); - #endif - --static void BF_set_key(__CONST char *key, BF_key expanded, BF_key initial) -+static void BF_set_key(__CONST char *key, BF_key expanded, BF_key initial, -+ int sign_extension_bug) - { - __CONST char *ptr = key; - int i, j; -@@ -565,7 +575,10 @@ static void BF_set_key(__CONST char *key - tmp = 0; - for (j = 0; j < 4; j++) { - tmp <<= 8; -- tmp |= *ptr; -+ if (sign_extension_bug) -+ tmp |= (BF_word_signed)(signed char)*ptr; -+ else -+ tmp |= (unsigned char)*ptr; - - if (!*ptr) ptr = key; else ptr++; - } -@@ -575,8 +588,9 @@ static void BF_set_key(__CONST char *key - } - } - --char *php_crypt_blowfish_rn(__CONST char *key, __CONST char *setting, -- char *output, int size) -+static char *BF_crypt(__CONST char *key, __CONST char *setting, -+ char *output, int size, -+ BF_word min) - { - #if BF_ASM - extern void _BF_body_r(BF_ctx *ctx); -@@ -602,7 +616,7 @@ char *php_crypt_blowfish_rn(__CONST char - - if (setting[0] != '$' || - setting[1] != '2' || -- setting[2] != 'a' || -+ (setting[2] != 'a' && setting[2] != 'x') || - setting[3] != '$' || - setting[4] < '0' || setting[4] > '3' || - setting[5] < '0' || setting[5] > '9' || -@@ -613,7 +627,7 @@ char *php_crypt_blowfish_rn(__CONST char - } - - count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); -- if (count < 16 || BF_decode(data.binary.salt, &setting[7], 16)) { -+ if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) { - clean(data.binary.salt, sizeof(data.binary.salt)); - __set_errno(EINVAL); - return NULL; -@@ -621,7 +635,7 @@ char *php_crypt_blowfish_rn(__CONST char - - BF_swap(data.binary.salt, 4); - -- BF_set_key(key, data.expanded_key, data.ctx.P); -+ BF_set_key(key, data.expanded_key, data.ctx.P, setting[2] == 'x'); - - memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S)); - -@@ -721,14 +735,59 @@ char *php_crypt_blowfish_rn(__CONST char - BF_encode(&output[7 + 22], data.binary.output, 23); - output[7 + 22 + 31] = '\0'; - -+#ifndef BF_SELF_TEST - /* Overwrite the most obvious sensitive data we have on the stack. Note - * that this does not guarantee there's no sensitive data left on the - * stack and/or in registers; I'm not aware of portable code that does. */ - clean(&data, sizeof(data)); -+#endif - - return output; - } - -+char *php_crypt_blowfish_rn(__CONST char *key, __CONST char *setting, -+ char *output, int size) -+{ -+#ifdef BF_SELF_TEST -+ __CONST char *test_key = "8b \xd0\xc1\xd2\xcf\xcc\xd8"; -+ __CONST char *test_2a = -+ "$2a$00$abcdefghijklmnopqrstuui1D709vfamulimlGcq0qq3UvuUasvEa" -+ "\0" -+ "canary"; -+ __CONST char *test_2x = -+ "$2x$00$abcdefghijklmnopqrstuuVUrPmXD6q/nVSSp7pNDhCR9071IfIRe" -+ "\0" -+ "canary"; -+ __CONST char *test_hash, *p; -+ int ok; -+ char buf[7 + 22 + 31 + 1 + 6 + 1]; -+ -+ output = BF_crypt(key, setting, output, size, 16); -+ -+/* Do a quick self-test. This also happens to overwrite BF_crypt()'s data. */ -+ test_hash = (setting[2] == 'x') ? test_2x : test_2a; -+ memcpy(buf, test_hash, sizeof(buf)); -+ memset(buf, -1, sizeof(buf) - (6 + 1)); /* keep "canary" only */ -+ p = BF_crypt(test_key, test_hash, buf, sizeof(buf) - 6, 1); -+ -+ ok = (p == buf && !memcmp(p, test_hash, sizeof(buf))); -+ -+/* This could reveal what hash type we were using last. Unfortunately, we -+ * can't reliably clean the test_hash pointer. */ -+ clean(&buf, sizeof(buf)); -+ -+ if (ok) -+ return output; -+ -+/* Should not happen */ -+ __set_errno(EINVAL); /* pretend we don't support this hash type */ -+ return NULL; -+#else -+#warning Self-test is disabled, please enable -+ return BF_crypt(key, setting, output, size, 16); -+#endif -+} -+ - char *php_crypt_gensalt_blowfish_rn(unsigned long count, - __CONST char *input, int size, char *output, int output_size) - { diff --git a/lang/php53/patches/patch-ext_standard_string.c b/lang/php53/patches/patch-ext_standard_string.c deleted file mode 100644 index 369d95e9058..00000000000 --- a/lang/php53/patches/patch-ext_standard_string.c +++ /dev/null @@ -1,163 +0,0 @@ -$NetBSD: patch-ext_standard_string.c,v 1.1 2011/05/16 13:08:45 taca Exp $ - -* Update to r310401 of PHP's repository, including fix for CVE-2011-1148. - ---- ext/standard/string.c.orig 2011-01-01 02:19:59.000000000 +0000 -+++ ext/standard/string.c -@@ -2352,20 +2352,35 @@ PHP_FUNCTION(substr_replace) - - zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str); - while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) { -- convert_to_string_ex(tmp_str); -+ zval *orig_str; -+ zval dummy; -+ if(Z_TYPE_PP(tmp_str) != IS_STRING) { -+ dummy = **tmp_str; -+ orig_str = &dummy; -+ zval_copy_ctor(orig_str); -+ convert_to_string(orig_str); -+ } else { -+ orig_str = *tmp_str; -+ } - - if (Z_TYPE_PP(from) == IS_ARRAY) { - if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) { -- convert_to_long_ex(tmp_from); -+ if(Z_TYPE_PP(tmp_from) != IS_LONG) { -+ zval dummy = **tmp_from; -+ zval_copy_ctor(&dummy); -+ convert_to_long(&dummy); -+ f = Z_LVAL(dummy); -+ } else { -+ f = Z_LVAL_PP(tmp_from); -+ } - -- f = Z_LVAL_PP(tmp_from); - if (f < 0) { -- f = Z_STRLEN_PP(tmp_str) + f; -+ f = Z_STRLEN_P(orig_str) + f; - if (f < 0) { - f = 0; - } -- } else if (f > Z_STRLEN_PP(tmp_str)) { -- f = Z_STRLEN_PP(tmp_str); -+ } else if (f > Z_STRLEN_P(orig_str)) { -+ f = Z_STRLEN_P(orig_str); - } - zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from); - } else { -@@ -2374,72 +2389,92 @@ PHP_FUNCTION(substr_replace) - } else { - f = Z_LVAL_PP(from); - if (f < 0) { -- f = Z_STRLEN_PP(tmp_str) + f; -+ f = Z_STRLEN_P(orig_str) + f; - if (f < 0) { - f = 0; - } -- } else if (f > Z_STRLEN_PP(tmp_str)) { -- f = Z_STRLEN_PP(tmp_str); -+ } else if (f > Z_STRLEN_P(orig_str)) { -+ f = Z_STRLEN_P(orig_str); - } - } - - if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) { - if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) { -- convert_to_long_ex(tmp_len); -- -- l = Z_LVAL_PP(tmp_len); -+ if(Z_TYPE_PP(tmp_len) != IS_LONG) { -+ zval dummy = **tmp_len; -+ zval_copy_ctor(&dummy); -+ convert_to_long(&dummy); -+ l = Z_LVAL(dummy); -+ } else { -+ l = Z_LVAL_PP(tmp_len); -+ } - zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len); - } else { -- l = Z_STRLEN_PP(tmp_str); -+ l = Z_STRLEN_P(orig_str); - } - } else if (argc > 3) { - l = Z_LVAL_PP(len); - } else { -- l = Z_STRLEN_PP(tmp_str); -+ l = Z_STRLEN_P(orig_str); - } - - if (l < 0) { -- l = (Z_STRLEN_PP(tmp_str) - f) + l; -+ l = (Z_STRLEN_P(orig_str) - f) + l; - if (l < 0) { - l = 0; - } - } - -- if ((f + l) > Z_STRLEN_PP(tmp_str)) { -- l = Z_STRLEN_PP(tmp_str) - f; -+ if ((f + l) > Z_STRLEN_P(orig_str)) { -+ l = Z_STRLEN_P(orig_str) - f; - } - -- result_len = Z_STRLEN_PP(tmp_str) - l; -+ result_len = Z_STRLEN_P(orig_str) - l; - - if (Z_TYPE_PP(repl) == IS_ARRAY) { - if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) { -- convert_to_string_ex(tmp_repl); -- result_len += Z_STRLEN_PP(tmp_repl); -+ zval *repl_str; -+ zval zrepl; -+ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { -+ zrepl = **tmp_repl; -+ repl_str = &zrepl; -+ zval_copy_ctor(repl_str); -+ convert_to_string(repl_str); -+ } else { -+ repl_str = *tmp_repl; -+ } -+ -+ result_len += Z_STRLEN_P(repl_str); - zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl); - result = emalloc(result_len + 1); - -- memcpy(result, Z_STRVAL_PP(tmp_str), f); -- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl)); -- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); -+ memcpy(result, Z_STRVAL_P(orig_str), f); -+ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str)); -+ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); -+ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { -+ zval_dtor(repl_str); -+ } - } else { - result = emalloc(result_len + 1); - -- memcpy(result, Z_STRVAL_PP(tmp_str), f); -- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); -+ memcpy(result, Z_STRVAL_P(orig_str), f); -+ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); - } - } else { - result_len += Z_STRLEN_PP(repl); - - result = emalloc(result_len + 1); - -- memcpy(result, Z_STRVAL_PP(tmp_str), f); -+ memcpy(result, Z_STRVAL_P(orig_str), f); - memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl)); -- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); -+ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); - } - - result[result_len] = '\0'; - add_next_index_stringl(return_value, result, result_len, 0); -- -+ if(Z_TYPE_PP(tmp_str) != IS_STRING) { -+ zval_dtor(orig_str); -+ } - zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str); - } /*while*/ - } /* if */ diff --git a/lang/php53/patches/patch-main_rfc1867.c b/lang/php53/patches/patch-main_rfc1867.c deleted file mode 100644 index 4d0e54edc84..00000000000 --- a/lang/php53/patches/patch-main_rfc1867.c +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-main_rfc1867.c,v 1.1 2011/06/15 14:42:03 taca Exp $ - -* Update of r312103 of PHP's repository, fix filename-injection vulnerability. - ---- main/rfc1867.c.orig 2011-01-19 13:09:05.000000000 +0000 -+++ main/rfc1867.c -@@ -1223,7 +1223,7 @@ filedone: - #endif - - if (!is_anonymous) { -- if (s && s > filename) { -+ if (s && s >= filename) { - safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); - } else { - safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC); -@@ -1236,7 +1236,7 @@ filedone: - } else { - snprintf(lbuf, llen, "%s[name]", param); - } -- if (s && s > filename) { -+ if (s && s >= filename) { - register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); - } else { - register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); |