Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:32503
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 11212 invoked by uid 1010); 29 Sep 2007 20:16:07 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 11197 invoked from network); 29 Sep 2007 20:16:07 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 29 Sep 2007 20:16:07 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.146.177 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.146.177 wa-out-1112.google.com  
Received: from [209.85.146.177] ([209.85.146.177:49187] helo=wa-out-1112.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CD/0C-24983-682BEF64 for <internals@lists.php.net>; Sat, 29 Sep 2007 16:16:07 -0400
Received: by wa-out-1112.google.com with SMTP id l24so4245553waf
        for <internals@lists.php.net>; Sat, 29 Sep 2007 13:16:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        bh=iiD+KcClQfi4PQ4+0cxDJucb55A3HKgk5MDGb0hKLIA=;
        b=Fdk6i6YfGgMFZcdPgd1M8KmMlyBNUNz+8tCkYmd1AD2NZTV6tRzWJO89BbM13M0IsUcpXsgasF13iJbN1lxTocYn5yoFSPZHKHTOkvAGTZmAPm92oCjpPVIUy3NOzYxr1BICcpmxvjbyBe5oSYtlRAphKsC8J2mAP/lwhw621OQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=a+t0zUWSspRFWvLpNpYHv8DXQdP//IeQyUzGjhXgPXAqZMqycE473w1vc+Xvmjyuwv7zzAlt7NRaDrgD3EKu2GvPMlr9PrnyBtkBzshS4PWazqu6U8YCUly/mAwYF42/xnZY16E4nlXki2ADI3njGySc0PiUkk+NJiDx+wv24PA=
Received: by 10.115.58.1 with SMTP id l1mr1329326wak.1191096963088;
        Sat, 29 Sep 2007 13:16:03 -0700 (PDT)
Received: by 10.140.136.3 with HTTP; Sat, 29 Sep 2007 13:16:03 -0700 (PDT)
Message-ID: <fe05d1540709291316g26882e1du6345782bedcab6c6@mail.gmail.com>
Date: Sat, 29 Sep 2007 22:16:03 +0200
To: Arnaud.lb <arnaud.lb@gmail.com>
Cc: "PHP Internals List" <internals@lists.php.net>
In-Reply-To: <200709291654.26242.arnaud.lb@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <200709291654.26242.arnaud.lb@gmail.com>
Subject: Re: [PHP-DEV] [PATCH] Bug#42718 (FILTER_UNSAFE_RAW not applied when configured as default filter, even with flags)
From: pierre.php@gmail.com (Pierre)

Hi Arnaud,

I replied in the bug report, please check it again :)

Thanks for your feedbacks,
--Pierre

On 9/29/07, Arnaud.lb <arnaud.lb@gmail.com> wrote:
> Hi,
>
> Here is a patch to fix bug #42718:
>
> http://bugs.php.net/?id=42718&edit=1
>
> The "unsafe_raw" filter is not applied when configured as default
> filter.
>
> I found that the php_sapi_filter() internal function in
> ext/filter/filter.c intentionally bypass this filter:
>
> if (!(IF_G(default_filter) == FILTER_UNSAFE_RAW)){
>  (apply default filter)
> } else [...]
>
> The unsafe_raw filter does nothing by default, but it
> can "optionally strip or encode special characters", and it is the
> only filter which is able to do that without doing any other
> filtering.
>
> I suggest to not bypass the unsafe_raw filter when default_filter_flags is
> different than 0 (bug42718.patch attached).
>
> I also wrote a testcase for this bug: bug42718.phpt.
>
> And an other testcase (052.phpt) to check if the patch does not modify the
> behavior of the php_sapi_filter() function:
>
> - Apply filter, only if filter will do something (unsafe_raw with no
> flags do nothing)
> - Else, fallback to magic_quotes_gpc if enabled
>
> Regards
>
> --TEST--
> Bug #42718 (unsafe_raw filter not applied when configured as default filter)
> --SKIPIF--
> <?php if (!extension_loaded("filter")) die("skip"); ?>
> --INI--
> magic_quotes_gpc=0
> filter.default=unsafe_raw
> filter.default_flags=4
> --GET--
> a=1%00
> --FILE--
> <?php
> echo ini_get('filter.default') . "\n";
> echo ini_get('filter.default_flags') . "\n";
> echo addcslashes($_GET['a'],"\0") . "\n";
> ?>
> --EXPECT--
> unsafe_raw
> 4
> 1
>
> --TEST--
> fallback to magic_quotes when no filter is to be applied
> --SKIPIF--
> <?php if (!extension_loaded("filter")) die("skip"); ?>
> --INI--
> magic_quotes_gpc=1
> filter.default=unsafe_raw
> filter.default_flags=
> --GET--
> a=1%00
> --FILE--
> <?php
> echo ini_get('filter.default') . "\n";
> echo ini_get('filter.default_flags') . "\n";
> echo addcslashes($_GET['a'],"\0") . "\n";
> ?>
> --EXPECT--
> unsafe_raw
>
> 1\0
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>