Fixed a possible super-global overwrite inside import_request_variables().

# Reported by Stefano Di Paola

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index fbaa8a23d07e000fdd3e0371dfed1f59a5f9a818..82ea865c798b93c5629c7de8b0cfa36838b5bfad 100644 (file)
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -6245,6 +6245,19 @@ static int copy_request_variable(void *pDest, int num_args, va_list args, zend_h
                } else if (!strcmp(hash_key->arKey, "GLOBALS")) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted GLOBALS variable overwrite.");
                        return 0; 
+               } else if (*hash_key->arKey == '_' && 
+                               (
+                                       !strcmp(hash_key->arKey, "_GET") || 
+                                       !strcmp(hash_key->arKey, "_POST") || 
+                                       !strcmp(hash_key->arKey, "_COOKIE") || 
+                                       !strcmp(hash_key->arKey, "_ENV") || 
+                                       !strcmp(hash_key->arKey, "_SERVER") || 
+                                       !strcmp(hash_key->arKey, "_FILES") || 
+                                       !strcmp(hash_key->arKey, "_REQUEST")
+                               )
+                       ) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted super-global (%s) variable overwrite.", hash_key->arKey);
+                       return 0;       
                }
        }