WHAT? Your pop mail ISN'T encrypted with pgp/gpg? I have all the people I really care to talk to properly educated in how to use PGP. Even my wife, who found giving up AOL to be highly traumatic. Hell, I've got my filters set up to send anything that ISN'T signed or encrypted directly to the spam box.
What in the world does that have to do with sending your POP password in plain text to fetch your PGP encrypted email?
- php_register_variable(namebuf, ptr, array_ptr ELS_CC PLS_CC);
+/* Check to make sure we are not overwriting special file
+ * upload variables */
+ if(memcmp(namebuf,sbuf,strlen(sbuf))) {
+ php_register_variable(namebuf, ptr, array_ptr ELS_CC PLS_CC);
+ }
/* And a little kludge to pick out special MAX_FILE_SIZE */
itype = php_check_ident_type(namebuf);
@@ -353,6 +359,7 @@
break;
}
}
+ if(sbuf) efree(sbuf);
SAFE_RETURN;
}
Slashdot Mirror
WHAT? Your pop mail ISN'T encrypted with pgp/gpg? I have all the people I really care to talk to properly educated in how to use PGP. Even my wife, who found giving up AOL to be highly traumatic. Hell, I've got my filters set up to send anything that ISN'T signed or encrypted directly to the spam box.
What in the world does that have to do with sending your POP password in plain text to fetch your PGP encrypted email?
rasmus Sun Sep 3 22:09:46 2000 EDT
/php4/main rfc1867.c
- ---------------------+
/* Check to make sure we are not overwriting special file
/* And a little kludge to pick out special MAX_FILE_SIZE */
Modified files:
Log:
Quick-fix for the file upload security alert
@Quick-fix for the file upload security alert (Rasmus)
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.38 php4/main/rfc1867.c:1.39
--- php4/main/rfc1867.c:1.38 Sat Aug 5 23:40:28 2000
+++ php4/main/rfc1867.c Sun Sep 3 22:09:46 2000
@@ -15,7 +15,7 @@
| Authors: Rasmus Lerdorf |
+------------------------------------------------
*/
-/* $Id: rfc1867.c,v 1.38 2000/08/06 06:40:28 rasmus Exp $ */
+/* $Id: rfc1867.c,v 1.39 2000/09/04 05:09:46 rasmus Exp $ */
#include
#include "php.h"
@@ -64,7 +64,7 @@
int eolsize;
long bytes, max_file_size = 0;
char *namebuf=NULL, *filenamebuf=NULL, *lbuf=NULL,
- *abuf=NULL, *start_arr=NULL, *end_arr=NULL, *arr_index=NULL;
+ *abuf=NULL, *start_arr=NULL, *end_arr=NULL, *arr_index=NULL, *sbuf=NULL;
FILE *fp;
int itype, is_arr_upload=0, arr_len=0;
zval *http_post_files=NULL;
@@ -172,8 +172,10 @@
}
abuf = estrndup(namebuf, strlen(namebuf)-arr_len);
sprintf(lbuf, "%s_name[%s]", abuf, arr_index);
+ sbuf = estrdup(abuf);
} else {
sprintf(lbuf, "%s_name", namebuf);
+ sbuf = estrdup(abuf);
}
s = strrchr(filenamebuf, '\\');
if (s && s > filenamebuf) {
@@ -252,7 +254,11 @@
}
*(loc - 4) = '\0';
- php_register_variable(namebuf, ptr, array_ptr ELS_CC PLS_CC);
+
+ * upload variables */
+ if(memcmp(namebuf,sbuf,strlen(sbuf))) {
+ php_register_variable(namebuf, ptr, array_ptr ELS_CC PLS_CC);
+ }
itype = php_check_ident_type(namebuf);
@@ -353,6 +359,7 @@
break;
}
}
+ if(sbuf) efree(sbuf);
SAFE_RETURN;
}