Prevent user from making nested PHP requests with virtual()

author Uwe Schindler <thetaphi@php.net>

Wed, 2 Jul 2003 13:37:39 +0000 (13:37 +0000)

committer Uwe Schindler <thetaphi@php.net>

Wed, 2 Jul 2003 13:37:39 +0000 (13:37 +0000)
author Uwe Schindler <thetaphi@php.net>
Wed, 2 Jul 2003 13:37:39 +0000 (13:37 +0000)
committer Uwe Schindler <thetaphi@php.net>
Wed, 2 Jul 2003 13:37:39 +0000 (13:37 +0000)
diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c

index b34c042c1d4fabae0662d264fb7e949c91f3ab51..480b9b08f42fd5c56c0d9ba24e98a9c8261d92d9 100644 (file)
--- a/sapi/nsapi/nsapi.c
+++ b/sapi/nsapi/nsapi.c
@@ -203,7 +203,7 @@ zend_module_entry nsapi_module_entry = {
         NULL,
         NULL,
         PHP_MINFO(nsapi),
-       "$Id$",
+       "$Revision$",
         STANDARD_MODULE_PROPERTIES
  };
  /* }}} */
@@ -827,6 +827,15 @@ int NSAPI_PUBLIC php4_execute(pblock *pb, Session *sn, Request *rq)
  
         TSRMLS_FETCH();
  
+       /* check if this uri was included in an other PHP script with virtual()
+          by looking for a request context in the current thread */
+       if (SG(server_context)) {
+               /* send 500 internal server error */
+               log_error(LOG_WARN, "php4_execute", sn, rq, "Cannot make nesting PHP requests with virtual()");
+               protocol_status(sn, rq, 500, NULL);
+               return REQ_ABORTED;
+       }
+
         request_context = (nsapi_request_context *)MALLOC(sizeof(nsapi_request_context));
         request_context->pb = pb;
         request_context->sn = sn;
@@ -874,6 +883,7 @@ int NSAPI_PUBLIC php4_execute(pblock *pb, Session *sn, Request *rq)
         nsapi_free((void*)(SG(request_info).content_type));
  
         FREE(request_context);
+       SG(server_context) = NULL;
  
         return retval;
  }
author	Uwe Schindler <thetaphi@php.net>
	Wed, 2 Jul 2003 13:37:39 +0000 (13:37 +0000)
committer	Uwe Schindler <thetaphi@php.net>
	Wed, 2 Jul 2003 13:37:39 +0000 (13:37 +0000)