MFH: Prevent SESSION/GLOBALS overload via session decoding

diff --git a/ext/session/session.c b/ext/session/session.c
index ac6b91b3f93d1fc036fb662f6d13ff54defe0f45..26b8fb3244d6f8d15e439caa2595ca05a40b6979 100644 (file)
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -284,6 +284,10 @@ void php_add_session_var(char *name, size_t namelen TSRMLS_DC)
                zend_hash_find(&EG(symbol_table), name, namelen + 1, 
                                (void *) &sym_global);
                                
+               if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == PS(http_session_vars)) {
+                       return;
+               }
+
                if (sym_global == NULL && sym_track == NULL) {
                        zval *empty_var;
 
@@ -313,7 +317,10 @@ void php_set_session_var(char *name, size_t namelen, zval *state_val, php_unseri
        if (PG(register_globals)) {
                zval **old_symbol;
                if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)&old_symbol) == SUCCESS) { 
-                       
+                       if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == PS(http_session_vars)) {
+                               return;
+                       }
+
                        /* 
                         * A global symbol with the same name exists already. That
                         * symbol might have been created by other means (e.g. $_GET).