mirror of
https://github.com/php/php-src.git
synced 2026-04-17 13:01:02 +02:00
bb057498f7
The DateTimeZone constructors are not binary safe. They're parsing the timezone as string, but discard the length when calling timezone_initialize(). This patch adds a tz_len parameter and a respective check to timezone_initialize().
18 lines
603 B
PHP
18 lines
603 B
PHP
--TEST--
|
|
Bug #70277 (new DateTimeZone($foo) is ignoring text after null byte)
|
|
--FILE--
|
|
<?php
|
|
$timezone = "Europe/Zurich\0Foo";
|
|
var_dump(timezone_open($timezone));
|
|
var_dump(new DateTimeZone($timezone));
|
|
?>
|
|
--EXPECTF--
|
|
Warning: timezone_open(): Timezone must not contain null bytes in %sbug70277.php on line %d
|
|
bool(false)
|
|
|
|
Fatal error: Uncaught exception 'Exception' with message 'DateTimeZone::__construct(): Timezone must not contain null bytes' in %sbug70277.php:%d
|
|
Stack trace:
|
|
#0 %sbug70277.php(%d): DateTimeZone->__construct('Europe/Zurich\x00F...')
|
|
#1 {main}
|
|
thrown in %sbug70277.php on line %d
|