PHP -- INI database truncation inside dba_replace() function php4-dba 4.4.9_1 php5-dba 5.2.6_1

A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier.

Maksymilian Arciemowicz from Security Reason reports:

Function dba_replace() are not filtering strings key and value. There is a possibility for the destruction of the file.

http://securityreason.com/achievement_securityalert/58 http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1314 http://www.securityfocus.com/archive/1/498746/30/0/threaded 28-11-2008 TODAY