Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 6aeee47

Browse files
laruencelaruence
committed
Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code Execution)
1 parent d44fc4a commit 6aeee47

2 files changed

Lines changed: 5 additions & 1 deletion

File tree

NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ PHP NEWS
1212
. Fixed bug #70111 (Segfault when a function uses both an explicit return
1313
type and an explicit cast). (Laruence)
1414

15+
- Standard:
16+
. Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code
17+
Execution). (Laruence)
18+
1519
23 Jul 2015, PHP 7.0.0 Beta 2
1620

1721
- Core:

ext/standard/string.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4055,7 +4055,7 @@ static zend_long php_str_replace_in_subject(zval *search, zval *replace, zval *s
40554055
Z_STRVAL_P(search), Z_STRLEN_P(search),
40564056
Z_STRVAL_P(replace), Z_STRLEN_P(replace), &replace_count));
40574057
} else {
4058-
lc_subject_str = php_string_tolower(Z_STR_P(subject));
4058+
lc_subject_str = php_string_tolower(subject_str);
40594059
ZVAL_STR(result, php_str_to_str_i_ex(subject_str, ZSTR_VAL(lc_subject_str),
40604060
Z_STR_P(search),
40614061
Z_STRVAL_P(replace), Z_STRLEN_P(replace), &replace_count));

0 commit comments

Comments
 (0)