@- The various $HTTP_*_VARS[] are now protected, and cannot be manipulated by

@  user input (Zeev)
This patch is untested!  I'll only have time to test it thoroughly in a couple of hours...

diff --git a/main/main.c b/main/main.c
index 981b2adcede06a43131b02c732997cbf81fa1270..31433062bcda338a549b8d77fac50755eb3d8a6b 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -918,7 +918,7 @@ static inline void php_register_server_variables(ELS_D SLS_DC PLS_DC)
                ALLOC_ZVAL(array_ptr);
                array_init(array_ptr);
                INIT_PZVAL(array_ptr);
-               zend_hash_add_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), array_ptr, sizeof(pval *),NULL);
+               PG(http_globals).server = array_ptr;
        }
 
        /* Server variables */
@@ -956,6 +956,8 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC)
                php_import_environment_variables(ELS_C PLS_CC);
        }
 
+       PG(http_globals).post = PG(http_globals).get = PG(http_globals).cookie = PG(http_globals).server = PG(http_globals).environment = NULL;
+
        while(*p) {
                switch(*p++) {
                        case 'p':
@@ -996,6 +998,22 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC)
                }
        }
 
+       if (PG(http_globals).post) {
+               zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), PG(http_globals).post, sizeof(zval *), NULL);
+       }
+       if (PG(http_globals).get) {
+               zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), PG(http_globals).get, sizeof(zval *), NULL);
+       }
+       if (PG(http_globals).cookie) {
+               zend_hash_add_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), PG(http_globals).cookie, sizeof(zval *), NULL);
+       }
+       if (PG(http_globals).server) {
+               zend_hash_add_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), PG(http_globals).server, sizeof(zval *), NULL);
+       }
+       if (PG(http_globals).environment) {
+               zend_hash_add_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), PG(http_globals).environment, sizeof(zval *), NULL);
+       }
+
 
        if (!have_variables_order) {
                php_register_server_variables(ELS_C SLS_CC PLS_CC);

diff --git a/main/php_globals.h b/main/php_globals.h
index 9c3ee0429432e3a8f329570d9d1855252bbba6a8..1a1a6db70774a23689af488631f7c64c946e73fc 100644 (file)
--- a/main/php_globals.h
+++ b/main/php_globals.h
@@ -42,6 +42,14 @@ extern PHPAPI int core_globals_id;
 extern ZEND_API struct _php_core_globals core_globals;
 #endif
 
+typedef struct _php_http_globals {
+       zval *post;
+       zval *get;
+       zval *cookie;
+       zval *server;
+       zval *environment;
+} php_http_globals;
+
 struct _php_tick_function_entry;
 
 struct _php_core_globals {
@@ -100,6 +108,8 @@ struct _php_core_globals {
        unsigned char header_is_being_sent;
 
        zend_llist tick_functions;
+
+       php_http_globals http_globals;
 };
 
 

diff --git a/main/php_variables.c b/main/php_variables.c
index 1897610d6c7fd6186659834f28cca3af7423697f..84c487d01f9b2515b73e79c43604dbef90483340 100644 (file)
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -226,16 +226,15 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC)
                                INIT_PZVAL(array_ptr);
                                switch (arg) {
                                        case PARSE_POST:
-                                               zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), array_ptr, sizeof(pval *),NULL);
+                                               PG(http_globals).post = array_ptr;
                                                break;
                                        case PARSE_GET:
-                                               zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), array_ptr, sizeof(pval *),NULL);
+                                               PG(http_globals).get = array_ptr;
                                                break;
                                        case PARSE_COOKIE:
-                                               zend_hash_add_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), array_ptr, sizeof(pval *),NULL);
+                                               PG(http_globals).cookie = array_ptr;
                                                break;
                                }
-                               array_ptr->refcount++;  /* If someone overwrites us, array_ptr must stay valid */
                        } else {
                                array_ptr=NULL;
                        }
@@ -247,9 +246,6 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC)
 
        if (arg==PARSE_POST) {
                sapi_handle_post(array_ptr SLS_CC);
-               if (array_ptr) {
-                       zval_ptr_dtor(&array_ptr);
-               }
                return;
        }
 
@@ -275,9 +271,6 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC)
        }
 
        if (!res) {
-               if (array_ptr) {
-                       zval_ptr_dtor(&array_ptr);
-               }
                return;
        }
 
@@ -307,9 +300,6 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC)
        if (free_buffer) {
                efree(res);
        }
-       if (array_ptr) {
-               zval_ptr_dtor(&array_ptr);
-       }
 }
 
 
@@ -323,7 +313,7 @@ void php_import_environment_variables(ELS_D PLS_DC)
                ALLOC_ZVAL(array_ptr);
                array_init(array_ptr);
                INIT_PZVAL(array_ptr);
-               zend_hash_add_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), array_ptr, sizeof(pval *),NULL);
+               PG(http_globals).environment = array_ptr;
        }
 
        for (env = environ; env != NULL && *env != NULL; env++) {