Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
php5
:
5.4.39
>
php-5.4.39
> php5-suhosin-php54.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File php5-suhosin-php54.patch of Package php-5.4.39
diff -x .git -Nur php-suhosin-0.9.33/Changelog suhosin/Changelog --- ext/suhosin/Changelog 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/Changelog 2012-05-21 21:54:03.076420909 +0200 @@ -1,3 +1,11 @@ +2012-02-12 - 0.9.34 + + - Added initial support for PHP 5.4.0 + - Fix include whitelist and blacklist to support shemes with dots in their names + - Fix read after efree() that lets function_exists() malfunction + - Fix build with clang compiler + - Added a request variable drop statistic log message + 2012-01-19 - 0.9.33 - Make clear that suhosin is incompatible to mbstring.encoding_translation=On diff -x .git -Nur php-suhosin-0.9.33/execute.c suhosin/execute.c --- ext/suhosin/execute.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/execute.c 2012-05-21 21:28:34.848342088 +0200 @@ -152,7 +152,7 @@ t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); if (h == NULL) break; - while (t > s && (isalnum(t[-1]) || t[-1]=='_')) { + while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { t--; } @@ -195,7 +195,7 @@ t = h = (h == NULL) ? h2 : ( (h2 == NULL) ? h : ( (h < h2) ? h : h2 ) ); if (h == NULL) break; - while (t > s && (isalnum(t[-1]) || t[-1]=='_')) { + while (t > s && (isalnum(t[-1]) || t[-1]=='_' || t[-1]=='.')) { t--; } @@ -364,6 +364,15 @@ zend_uint orig_code_type; unsigned long *suhosin_flags = NULL; + /* log variable dropping statistics */ + if (SUHOSIN_G(abort_request) && (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0)) { + suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", + SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables), + SUHOSIN_G(att_get_vars)-SUHOSIN_G(cur_get_vars), + SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars), + SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars)); + } + if (SUHOSIN_G(abort_request) && !SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) { char *action = SUHOSIN_G(filter_action); @@ -1022,50 +1031,6 @@ return (0); } -static int suhosin_php_body_write(const char *str, uint str_length TSRMLS_DC) -{ -#define P_META_ROBOTS "<meta name=\"ROBOTS\" content=\"NOINDEX,NOFOLLOW,NOARCHIVE\" />" -#define S_META_ROBOTS "<meta name=\"ROBOTS\" content=\"NOINDEX,FOLLOW,NOARCHIVE\" />" - - SDEBUG("bw: %s", str); - - if ((str_length == sizeof("</head>\n")-1) && (strcmp(str, "</head>\n")==0)) { - SUHOSIN_G(old_php_body_write)(S_META_ROBOTS, sizeof(S_META_ROBOTS)-1 TSRMLS_CC); - OG(php_body_write) = SUHOSIN_G(old_php_body_write); - return SUHOSIN_G(old_php_body_write)(str, str_length TSRMLS_CC); - } else if ((str_length == sizeof(P_META_ROBOTS)-1) && (strcmp(str, P_META_ROBOTS)==0)) { - return str_length; - } - return SUHOSIN_G(old_php_body_write)(str, str_length TSRMLS_CC); -} - -static int ih_phpinfo(IH_HANDLER_PARAMS) -{ - int argc = ZEND_NUM_ARGS(); - long flag; - - if (zend_parse_parameters(argc TSRMLS_CC, "|l", &flag) == FAILURE) { - RETVAL_FALSE; - return (1); - } - - if(!argc) { - flag = PHP_INFO_ALL; - } - - /* Andale! Andale! Yee-Hah! */ - php_start_ob_buffer(NULL, 4096, 0 TSRMLS_CC); - if (!sapi_module.phpinfo_as_text) { - SUHOSIN_G(old_php_body_write) = OG(php_body_write); - OG(php_body_write) = suhosin_php_body_write; - } - php_print_info(flag TSRMLS_CC); - php_end_ob_buffer(1, 0 TSRMLS_CC); - - RETVAL_TRUE; - return (1); -} - static int ih_function_exists(IH_HANDLER_PARAMS) { @@ -1087,11 +1052,11 @@ zend_str_tolower(lcname, func_name_len); #else if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &lcname, &func_name_len) == FAILURE) { - return; + return (1); } /* Ignore leading "\" */ - if (lcname[0] == '\\') { + if (func_name_len > 0 && lcname[0] == '\\') { lcname = &lcname[1]; func_name_len--; } @@ -1100,8 +1065,6 @@ retval = (zend_hash_find(EG(function_table), lcname, func_name_len+1, (void **)&func) == SUCCESS); - efree(lcname); - /* * A bit of a hack, but not a bad one: we see if the handler of the function * is actually one that displays "function is disabled" message. @@ -1134,6 +1097,8 @@ } } + efree(lcname); + RETVAL_BOOL(retval); return (1); } @@ -1344,7 +1309,7 @@ suhosin_SHA256Init(&context); suhosin_SHA256Update(&context, (void *) seedbuf, sizeof(php_uint32) * 8); - suhosin_SHA256Final(seedbuf, &context); + suhosin_SHA256Final((void *)seedbuf, &context); } /* }}} */ @@ -1501,7 +1466,7 @@ { #ifdef PHP_ATLEAST_5_3 if (zend_parse_parameters_none() == FAILURE) { - return; + return(0); } #else int argc = ZEND_NUM_ARGS(); @@ -1518,7 +1483,6 @@ { "preg_replace", ih_preg_replace, NULL, NULL, NULL }, { "mail", ih_mail, NULL, NULL, NULL }, { "symlink", ih_symlink, NULL, NULL, NULL }, - { "phpinfo", ih_phpinfo, NULL, NULL, NULL }, { "srand", ih_srand, NULL, NULL, NULL }, { "mt_srand", ih_mt_srand, NULL, NULL, NULL }, @@ -1606,7 +1570,11 @@ } #ifdef ZEND_ENGINE_2 +# if PHP_VERSION_ID < 50400 return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.u.var)).var.ptr; +# else + return_value = (*(temp_variable *)((char *) execute_data_ptr->Ts + execute_data_ptr->opline->result.var)).var.ptr; +# endif #else return_value = execute_data_ptr->Ts[execute_data_ptr->opline->result.u.var].var.ptr; #endif diff -x .git -Nur php-suhosin-0.9.33/ex_imp.c suhosin/ex_imp.c --- ext/suhosin//ex_imp.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/ex_imp.c 2012-05-21 21:28:34.844342088 +0200 @@ -727,14 +727,13 @@ /* {{{ suhosin_ex_imp_functions[] */ -function_entry suhosin_ex_imp_functions[] = { +zend_function_entry suhosin_ex_imp_functions[] = { PHP_NAMED_FE(extract, PHP_FN(suhosin_extract), suhosin_arginfo_extract) PHP_NAMED_FE(import_request_variables, PHP_FN(suhosin_import_request_variables), suhosin_arginfo_import_request_variables) {NULL, NULL, NULL} }; /* }}} */ - void suhosin_hook_ex_imp() { TSRMLS_FETCH(); diff -x .git -Nur php-suhosin-0.9.33/ifilter.c suhosin/ifilter.c --- ext/suhosin/ifilter.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/ifilter.c 2012-05-21 21:28:34.848342088 +0200 @@ -146,7 +146,7 @@ if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && Z_TYPE_PP(tzval) == IS_STRING) { - s = t = Z_STRVAL_PP(tzval); + s = t = (unsigned char *)Z_STRVAL_PP(tzval); for (; *t; t++) { if (suhosin_is_dangerous_char[*t]) { *t = '?'; @@ -168,7 +168,7 @@ if (zend_hash_find(arr, key, klen, (void **) &tzval) == SUCCESS && Z_TYPE_PP(tzval) == IS_STRING) { - temp = Z_STRVAL_PP(tzval); + temp = (unsigned char *)Z_STRVAL_PP(tzval); t = temp; for (t = temp; *t; t++) { @@ -195,7 +195,8 @@ } *n = 0; - Z_STRVAL_PP(tzval) = newv; + /* XXX: we leak memory here, but only for the duration of the request */ + Z_STRVAL_PP(tzval) = (char *)newv; Z_STRLEN_PP(tzval) = n-newv; } } @@ -325,16 +326,22 @@ /* Drop this variable if the limit was reached */ switch (arg) { case PARSE_GET: + SUHOSIN_G(att_get_vars)++; + SUHOSIN_G(att_request_variables)++; if (SUHOSIN_G(no_more_get_variables)) { return 0; } break; case PARSE_POST: + SUHOSIN_G(att_post_vars)++; + SUHOSIN_G(att_request_variables)++; if (SUHOSIN_G(no_more_post_variables)) { return 0; } break; case PARSE_COOKIE: + SUHOSIN_G(att_cookie_vars)++; + SUHOSIN_G(att_request_variables)++; if (SUHOSIN_G(no_more_cookie_variables)) { return 0; } @@ -350,7 +357,7 @@ switch (arg) { case PARSE_GET: if (SUHOSIN_G(max_get_vars) && SUHOSIN_G(max_get_vars) <= SUHOSIN_G(cur_get_vars)) { - suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s'", var); + suhosin_log(S_VARS, "configured GET variable limit exceeded - dropped variable '%s' - all further GET variables are dropped", var); if (!SUHOSIN_G(simulation)) { SUHOSIN_G(no_more_get_variables) = 1; return 0; @@ -359,7 +366,7 @@ break; case PARSE_COOKIE: if (SUHOSIN_G(max_cookie_vars) && SUHOSIN_G(max_cookie_vars) <= SUHOSIN_G(cur_cookie_vars)) { - suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s'", var); + suhosin_log(S_VARS, "configured COOKIE variable limit exceeded - dropped variable '%s' - all further COOKIE variables are dropped", var); if (!SUHOSIN_G(simulation)) { SUHOSIN_G(no_more_cookie_variables) = 1; return 0; @@ -368,7 +375,7 @@ break; case PARSE_POST: if (SUHOSIN_G(max_post_vars) && SUHOSIN_G(max_post_vars) <= SUHOSIN_G(cur_post_vars)) { - suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s'", var); + suhosin_log(S_VARS, "configured POST variable limit exceeded - dropped variable '%s' - all further POST variables are dropped", var); if (!SUHOSIN_G(simulation)) { SUHOSIN_G(no_more_post_variables) = 1; return 0; diff -x .git -Nur php-suhosin-0.9.33/log.c suhosin/log.c --- ext/suhosin/log.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/log.c 2012-05-21 21:28:34.848342088 +0200 @@ -36,6 +36,12 @@ #include <sys/socket.h> #endif +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#elif defined(PHP_WIN32) +#include "win32/time.h" +#endif + #if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) #undef AF_UNIX #endif @@ -261,7 +267,11 @@ /* SAPI Logging activated? */ SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SUHOSIN_G(log_syslog), SUHOSIN_G(log_sapi), SUHOSIN_G(log_script), SUHOSIN_G(log_phpscript)); if (((SUHOSIN_G(log_sapi)|S_INTERNAL) & loglevel)!=0) { +#if PHP_VERSION_ID < 50400 sapi_module.log_message(buf); +#else + sapi_module.log_message(buf TSRMLS_CC); +#endif } /*log_script:*/ @@ -317,7 +327,9 @@ zval *result = NULL; long orig_execution_depth = SUHOSIN_G(execution_depth); +#if PHP_VERSION_ID < 50400 zend_bool orig_safe_mode = PG(safe_mode); +#endif char *orig_basedir = PG(open_basedir); char *phpscript = SUHOSIN_G(log_phpscriptname); @@ -354,14 +366,18 @@ SUHOSIN_G(execution_depth) = 0; if (SUHOSIN_G(log_phpscript_is_safe)) { +#if PHP_VERSION_ID < 50400 PG(safe_mode) = 0; +#endif PG(open_basedir) = NULL; } zend_execute(new_op_array TSRMLS_CC); SUHOSIN_G(execution_depth) = orig_execution_depth; +#if PHP_VERSION_ID < 50400 PG(safe_mode) = orig_safe_mode; +#endif PG(open_basedir) = orig_basedir; #ifdef ZEND_ENGINE_2 diff -x .git -Nur php-suhosin-0.9.33/php_suhosin.h suhosin/php_suhosin.h --- ext/suhosin//php_suhosin.h 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/php_suhosin.h 2012-03-18 16:46:46.946834768 +0100 @@ -22,7 +22,7 @@ #ifndef PHP_SUHOSIN_H #define PHP_SUHOSIN_H -#define SUHOSIN_EXT_VERSION "0.9.33" +#define SUHOSIN_EXT_VERSION "0.9.34-dev" /*#define SUHOSIN_DEBUG*/ #define SUHOSIN_LOG "/tmp/suhosin_log.txt" @@ -102,6 +102,7 @@ /* request variables */ long max_request_variables; long cur_request_variables; + long att_request_variables; long max_varname_length; long max_totalname_length; long max_value_length; @@ -112,6 +113,7 @@ /* cookie variables */ long max_cookie_vars; long cur_cookie_vars; + long att_cookie_vars; long max_cookie_name_length; long max_cookie_totalname_length; long max_cookie_value_length; @@ -122,6 +124,7 @@ /* get variables */ long max_get_vars; long cur_get_vars; + long att_get_vars; long max_get_name_length; long max_get_totalname_length; long max_get_value_length; @@ -132,6 +135,7 @@ /* post variables */ long max_post_vars; long cur_post_vars; + long att_post_vars; long max_post_name_length; long max_post_totalname_length; long max_post_value_length; @@ -308,7 +312,7 @@ char *suhosin_cookie_decryptor(TSRMLS_D); char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC); void suhosin_hook_post_handlers(TSRMLS_D); -void suhosin_unhook_post_handlers(); +void suhosin_unhook_post_handlers(TSRMLS_D); void suhosin_hook_register_server_variables(); void suhosin_hook_header_handler(); void suhosin_unhook_header_handler(); diff -x .git -Nur php-suhosin-0.9.33/post_handler.c suhosin/post_handler.c --- ext/suhosin/post_handler.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/post_handler.c 2012-03-18 16:46:46.946834768 +0100 @@ -148,10 +148,10 @@ /* we need to tell suhosin patch that there is a new valid destructor */ /* therefore we have create HashTable that has this destructor */ - zend_hash_init(&tempht, 0, NULL, suhosin_post_handler_modification, 0); + zend_hash_init(&tempht, 0, NULL, (dtor_func_t)suhosin_post_handler_modification, 0); zend_hash_destroy(&tempht); /* And now we can overwrite the destructor for post entries */ - SG(known_post_content_types).pDestructor = suhosin_post_handler_modification; + SG(known_post_content_types).pDestructor = (dtor_func_t)suhosin_post_handler_modification; /* we have to stop mbstring from replacing our post handler */ if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) { @@ -162,7 +162,7 @@ ini_entry->on_modify = suhosin_OnUpdate_mbstring_encoding_translation; } -void suhosin_unhook_post_handlers() +void suhosin_unhook_post_handlers(TSRMLS_D) { zend_ini_entry *ini_entry; diff -x .git -Nur php-suhosin-0.9.33/rfc1867.c suhosin/rfc1867.c --- ext/suhosin/rfc1867.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/rfc1867.c 2012-05-21 21:28:34.848342088 +0200 @@ -244,21 +244,29 @@ static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) { +#if PHP_VERSION_ID < 50400 int register_globals = PG(register_globals); PG(register_globals) = 0; +#endif safe_php_register_variable(strvar, val, http_post_files, override_protection TSRMLS_CC); +#if PHP_VERSION_ID < 50400 PG(register_globals) = register_globals; +#endif } static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) { +#if PHP_VERSION_ID < 50400 int register_globals = PG(register_globals); PG(register_globals) = 0; +#endif safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC); +#if PHP_VERSION_ID < 50400 PG(register_globals) = register_globals; +#endif } /* diff -x .git -Nur php-suhosin-0.9.33/session.c suhosin/session.c --- ext/suhosin//session.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/session.c 2012-05-21 21:28:34.848342088 +0200 @@ -233,9 +233,94 @@ zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ } php_ps_globals_53; +#if PHP_VERSION_ID >= 50400 +typedef struct _php_session_rfc1867_progress_54 { + + size_t sname_len; + zval sid; + smart_str key; + + long update_step; + long next_update; + double next_update_time; + zend_bool cancel_upload; + zend_bool apply_trans_sid; + size_t content_length; + + zval *data; /* the array exported to session data */ + zval *post_bytes_processed; /* data["bytes_processed"] */ + zval *files; /* data["files"] array */ + zval *current_file; /* array of currently uploading file */ + zval *current_file_bytes_processed; +} php_session_rfc1867_progress_54; + +typedef struct _php_ps_globals_54 { + char *save_path; + char *session_name; + char *id; + char *extern_referer_chk; + char *entropy_file; + char *cache_limiter; + long entropy_length; + long cookie_lifetime; + char *cookie_path; + char *cookie_domain; + zend_bool cookie_secure; + zend_bool cookie_httponly; + ps_module *mod; + ps_module *default_mod; + void *mod_data; + php_session_status session_status; + long gc_probability; + long gc_divisor; + long gc_maxlifetime; + int module_number; + long cache_expire; + union { + zval *names[6]; + struct { + zval *ps_open; + zval *ps_close; + zval *ps_read; + zval *ps_write; + zval *ps_destroy; + zval *ps_gc; + } name; + } mod_user_names; + int mod_user_implemented; + int mod_user_is_open; + const struct ps_serializer_struct *serializer; + zval *http_session_vars; + zend_bool auto_start; + zend_bool use_cookies; + zend_bool use_only_cookies; + zend_bool use_trans_sid; /* contains the INI value of whether to use trans-sid */ + zend_bool apply_trans_sid; /* whether or not to enable trans-sid for the current request */ + + long hash_func; +#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) + php_hash_ops *hash_ops; +#endif + long hash_bits_per_character; + int send_cookie; + int define_sid; + zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ + + php_session_rfc1867_progress_54 *rfc1867_progress; + zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ + zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ + smart_str rfc1867_prefix; /* session.upload_progress.prefix */ + smart_str rfc1867_name; /* session.upload_progress.name */ + long rfc1867_freq; /* session.upload_progress.freq */ + double rfc1867_min_freq; /* session.upload_progress.min_freq */ +} php_ps_globals_54; +#endif + #ifdef ZTS static ts_rsrc_id session_globals_id = 0; -# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) +# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) +# define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_54 *, v) +# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_53 *, v) # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2) # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_52 *, v) @@ -247,7 +332,9 @@ UNSUPPORTED PHP VERSION # endif #else -# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) +# if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) +static php_ps_globals_54 *session_globals = NULL; +# elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 3) static php_ps_globals_53 *session_globals = NULL; # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 2) static php_ps_globals_52 *session_globals = NULL; @@ -294,6 +381,7 @@ if (SESSION_G(http_session_vars) && SESSION_G(http_session_vars)->type == IS_ARRAY) { ret = zend_hash_find(Z_ARRVAL_P(SESSION_G(http_session_vars)), name, namelen + 1, (void **) state_var); +#if PHP_VERSION_ID < 50400 /* If register_globals is enabled, and * if there is an entry for the slot in $_SESSION, and * if that entry is still set to NULL, and @@ -307,6 +395,7 @@ *state_var = tmp; } } +#endif } return ret; } @@ -426,7 +515,7 @@ } /* store ip value */ - suhosin_get_ipv4(crypted+4 TSRMLS_CC); + suhosin_get_ipv4((char *)crypted+4 TSRMLS_CC); /* store check value */ crypted[8] = check & 0xff; @@ -544,7 +633,7 @@ if (check_ra > 4) { check_ra = 4; } - suhosin_get_ipv4(&buf TSRMLS_CC); + suhosin_get_ipv4(&buf[0] TSRMLS_CC); if (memcmp(buf, decrypted+4, check_ra) != 0) { goto error_out; } diff -x .git -Nur php-suhosin-0.9.33/sha256.c suhosin/sha256.c --- ext/suhosin/sha256.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/sha256.c 2012-05-21 21:28:34.848342088 +0200 @@ -86,9 +86,11 @@ return; } +#if PHP_VERSION_ID < 50400 if (PG(safe_mode) && (!php_checkuid(arg, NULL, CHECKUID_CHECK_FILE_AND_DIR))) { RETURN_FALSE; } +#endif if (php_check_open_basedir(arg TSRMLS_CC)) { RETURN_FALSE; @@ -392,7 +394,7 @@ /* {{{ suhosin_sha256_functions[] */ -static function_entry suhosin_sha256_functions[] = { +static zend_function_entry suhosin_sha256_functions[] = { PHP_NAMED_FE(sha256, PHP_FN(suhosin_sha256), NULL) PHP_NAMED_FE(sha256_file, PHP_FN(suhosin_sha256_file), NULL) {NULL, NULL, NULL} diff -x .git -Nur php-suhosin-0.9.33/suhosin.c suhosin/suhosin.c --- ext/suhosin/suhosin.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/suhosin.c 2012-05-21 21:28:34.848342088 +0200 @@ -189,9 +189,12 @@ static void suhosin_shutdown(zend_extension *extension) { + TSRMLS_FETCH(); + suhosin_unhook_execute(); suhosin_unhook_header_handler(); - suhosin_unhook_post_handlers(); + suhosin_unhook_post_handlers(TSRMLS_C); + /* suhosin_unhook_session(); - enabling this causes compability problems */ if (ze != NULL) { ze->startup = orig_module_startup; @@ -646,12 +649,16 @@ array_init(gpc_element); zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { +#if PHP_VERSION_ID < 50400 if (PG(magic_quotes_gpc) && (index != var)) { /* no need to addslashes() the index if it's the main variable name */ escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); } else { +#endif escaped_index = index; +#if PHP_VERSION_ID < 50400 } +#endif if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { MAKE_STD_ZVAL(gpc_element); @@ -683,11 +690,15 @@ if (!index) { zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { +#if PHP_VERSION_ID < 50400 if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); } else { +#endif escaped_index = index; +#if PHP_VERSION_ID < 50400 } +#endif /* * According to rfc2965, more specific paths are listed above the less specific ones. * If we encounter a duplicate cookie name, we should skip it, since it is not possible @@ -714,11 +725,15 @@ /* Prepare value */ Z_STRLEN(new_entry) = str_len; +#if PHP_VERSION_ID < 50400 if (PG(magic_quotes_gpc)) { Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC); } else { +#endif Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry)); +#if PHP_VERSION_ID < 50400 } +#endif Z_TYPE(new_entry) = IS_STRING; suhosin_register_cookie_variable(var, &new_entry, track_vars_array TSRMLS_CC); @@ -1153,6 +1168,10 @@ SUHOSIN_G(cur_cookie_vars) = 0; SUHOSIN_G(cur_get_vars) = 0; SUHOSIN_G(cur_post_vars) = 0; + SUHOSIN_G(att_request_variables) = 0; + SUHOSIN_G(att_cookie_vars) = 0; + SUHOSIN_G(att_get_vars) = 0; + SUHOSIN_G(att_post_vars) = 0; SUHOSIN_G(num_uploads) = 0; SUHOSIN_G(no_more_variables) = 0; diff -x .git -Nur php-suhosin-0.9.33/tests/executor/negative_memory_limit.phpt suhosin/tests/executor/negative_memory_limit.phpt --- ext/suhosin/tests/executor/negative_memory_limit.phpt 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/tests/executor/negative_memory_limit.phpt 2012-05-21 21:28:34.848342088 +0200 @@ -13,6 +13,6 @@ ini_set("memory_limit", "-200000"); echo ini_get("memory_limit"), "\n"; ?> --EXPECTF-- -ALERT - script tried to increase memory_limit to %d bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file '%s', line 2) +ALERT - script tried to disable memory_limit by setting it to a negative value -%d bytes which is not allowed (attacker 'REMOTE_ADDR not set', file '%s', line 2) 16M diff -x .git -Nur php-suhosin-0.9.33/treat_data.c suhosin/treat_data.c --- ext/suhosin/treat_data.c 2012-01-19 16:49:18.000000000 +0100 +++ ext/suhosin/treat_data.c 2012-05-21 21:28:34.848342088 +0200 @@ -194,7 +194,13 @@ void suhosin_hook_treat_data() { +#if PHP_VERSION_ID < 50400 sapi_register_treat_data(suhosin_treat_data); +#else + TSRMLS_FETCH(); + + sapi_register_treat_data(suhosin_treat_data TSRMLS_CC); +#endif #ifdef ZEND_ENGINE_2 if (old_input_filter == NULL) { old_input_filter = sapi_module.input_filter;