Comment 5 for bug 1663281

Revision history for this message
Jan Kellermann (jan-kellermann) wrote :

After php-common-update from 2017.08-04 this affects ubuntu 14.04 with php5.5, too.

Circumvention:

In place of: 'ssh2.sftp://' . $sftp . '/...'
write: 'ssh2.sftp://' . intval($sftp) . '/...'

see:
https://bugs.php.net/bug.php?id=69981
https://bugs.php.net/bug.php?id=73597

I suggest this problem occurs due the backport of parse_url()-Bug in php5-common https://bugs.php.net/bug.php?id=73192 and CVE-2016-10397