]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 77d8f41)
MFH: MFH: Fixed bug #31440 ($GLOBALS can be overwritten via GPC when
authorIlia Alshanetsky <iliaa@php.net>
Thu, 17 Feb 2005 04:46:52 +0000 (04:46 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Thu, 17 Feb 2005 04:46:52 +0000 (04:46 +0000)
register_globals is enabled).

NEWS patch | blob | history
main/main.c patch | blob | history

diff --git a/NEWS b/NEWS
index c76dede09b5a3e88e45543eb9319fa32673ee89e..2cc049153b1caed523349cd01bf280f13e8395f0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -33,6 +33,8 @@ PHP 4                                                                      NEWS
   non-existent object ref). (Tony)
 - Fixed bug #31444 (Memory leak in zend_language_scanner.c).
   (hexer at studentcenter dot org)
+- Fixed bug #31440 ($GLOBALS can be overwritten via GPC when 
+  register_globals is enabled). (Ilia)
 - Fixed bug #31413 (curl POSTFIELDS crashes on 64-bit platforms). (Joe)
 - Fixed bug #31396 (compile fails with gd 2.0.33 without freetype). (Jani)
 - Fixed bug #31371 (highlight_file() trims new line after heredoc). (Ilia)
diff --git a/main/main.c b/main/main.c
index a7eac9e5dd0bb7d7af4e576f102a06b2a1b6de69..e8b62669aebfac24fb1c04a9a908e0a7f6992de2 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -1342,6 +1342,7 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
        ulong             num_key;
        HashPosition      pos;
        int               key_type;
+       int               globals_check = (PG(register_globals) && (dest == (&EG(symbol_table))));
 
        zend_hash_internal_pointer_reset_ex(src, &pos);
        while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
@@ -1352,7 +1353,12 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
                                || Z_TYPE_PP(dest_entry) != IS_ARRAY) {
                        (*src_entry)->refcount++;
                        if (key_type == HASH_KEY_IS_STRING) {
-                               zend_hash_update(dest, string_key, strlen(string_key)+1, src_entry, sizeof(zval *), NULL);
+                               /* if register_globals is on and working with main symbol table, prevent overwriting of GLOBALS */
+                               if (!globals_check || string_key_len != sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
+                                       zend_hash_update(dest, string_key, string_key_len, src_entry, sizeof(zval *), NULL);
+                               } else {
+                                       (*src_entry)->refcount--;
+                               }
                        } else {
                                zend_hash_index_update(dest, num_key, src_entry, sizeof(zval *), NULL);
                        }
Unnamed repository; edit this file 'description' to name the repository.