From 9b8f16966e3109bdc5b2440c23bc27b3fd54c692 Mon Sep 17 00:00:00 2001 From: Michael Wallner Date: Wed, 9 Jul 2014 20:15:08 +0200 Subject: [PATCH] do not consider slashes escape-worthy! --- php_http_params.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php_http_params.c b/php_http_params.c index f8e6e88..1757ec9 100644 --- a/php_http_params.c +++ b/php_http_params.c @@ -71,7 +71,7 @@ static inline void prepare_escaped(zval *zv TSRMLS_DC) Z_STRVAL_P(zv) = php_addcslashes(Z_STRVAL_P(zv), Z_STRLEN_P(zv), &Z_STRLEN_P(zv), 1, ZEND_STRL("\0..\37\173\\\"") TSRMLS_CC); - if (len != Z_STRLEN_P(zv) || strpbrk(Z_STRVAL_P(zv), "()<>@,;:\"/[]?={} ")) { + if (len != Z_STRLEN_P(zv) || strpbrk(Z_STRVAL_P(zv), "()<>@,;:\"[]?={} ")) { zval tmp = *zv; int len = Z_STRLEN_P(zv) + 2; char *str = emalloc(len + 1); -- 2.30.2