In netuse.lists.bugtraq you write: > Right... Your patch seems to work only with php-3.0.12. > I attach modified version for php-3.0.13. Actually, my patch is against the current CVS of PHP and the diff I posted was being generated directly from the CVS. Get yourself a copy of current PHP directly from the CVS and all is well. >@@ -601,6 +602,11 @@ > snprintf(buf,sizeof(buf),"%s/%s",php3_ini.safe_mode_exec_dir,arg1->value.str.val); > } > fp = popen(buf,p); >+ >+ tmp = _php3_escapeshellcmd(buf); >+ fp = popen(tmp,p); >+ efree(tmp); /* temporary copy, no longer necessary */ >+ Your patch does popen twice and the first popen() is unescaped. This is broken and should not be used. Again, please use the CVS to get a properly patched version of PHP or wait for the bugfix release of PHP which will be out RSN. Kristian
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:26:45 PDT