meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

Subject: Patch fix-urldecode for HTTP related Bug #79699

---
 main/php_variables.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/main/php_variables.c b/main/php_variables.c
index 1a40c2a1..cbdc7cf1 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
 		}
 
 		val = estrndup(val, val_len);
-		php_url_decode(var, strlen(var));
+		if (arg != PARSE_COOKIE) {
+			php_url_decode(var, strlen(var));
+		}
 		if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
 			php_register_variable_safe(var, val, new_val_len, &array);
 		}
-- 
2.25.1