PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? Aug 2005, PHP 5.1 Release Candidate 2
+- Fixed possible GLOBALS variable override when register_globals are ON.
+ (Ilia, Stefan)
+- Fixed possible register_globals toggle via parse_str(). (Ilia, Stefan)
- Changed SQLite extension to be a shared module in Windows distribution.
(Edin)
- Changed "instanceof" and "catch" operators, is_a() and is_subclass_of()
zval *sarg;
char *res = NULL;
int argCount;
- int old_rg;
argCount = ZEND_NUM_ARGS();
if (argCount < 1 || argCount > 2 || zend_get_parameters_ex(argCount, &arg, &arrayArg) == FAILURE) {
res = estrndup(Z_STRVAL_P(sarg), Z_STRLEN_P(sarg));
}
- old_rg = PG(register_globals);
if (argCount == 1) {
- PG(register_globals) = 1;
- sapi_module.treat_data(PARSE_STRING, res, NULL TSRMLS_CC);
+ zval tmp;
+ Z_ARRVAL(tmp) = EG(active_symbol_table);
+
+ sapi_module.treat_data(PARSE_STRING, res, &tmp TSRMLS_CC);
} else {
- PG(register_globals) = 0;
/* Clear out the array that was passed in. */
zval_dtor(*arrayArg);
array_init(*arrayArg);
sapi_module.treat_data(PARSE_STRING, res, *arrayArg TSRMLS_CC);
}
- PG(register_globals) = old_rg;
}
/* }}} */
RETURN_FALSE;
}
+ if (offset < 0) {
+ offset = s1_len + offset;
+ }
+
cmp_len = (uint) (len ? len : MAX(s2_len, (s1_len - offset)));
if (!cs) {
zval_dtor(val);
return;
}
+
+ /* GLOBALS hijack attempt, reject parameter */
+ if (symtable1 == EG(active_symbol_table) && !strcmp("GLOBALS", var)) {
+ zval_dtor(val);
+ return;
+ }
+
/* ensure that we don't have spaces or dots in the variable name (not binary safe) */
for (p=var; *p; p++) {
switch (*p) {