zval_copy_ctor(state_val_copy);
state_val_copy->refcount = 0;
- if (PG(register_globals) && PG(track_vars)) {
+ if (PG(register_globals)) {
zend_set_hash_symbol(state_val_copy, name, namelen, 0, 2, PS(http_session_vars)->value.ht, &EG(symbol_table));
} else {
if (PG(register_globals)) {
zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, &EG(symbol_table));
}
- if (PG(track_vars)) {
- zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, PS(http_session_vars)->value.ht);
- }
+ zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, PS(http_session_vars)->value.ht);
}
}
{
HashTable *ht = &EG(symbol_table);
- if (!PG(register_globals) && PG(track_vars))
+ if (!PG(register_globals))
ht = PS(http_session_vars)->value.ht;
return zend_hash_find(ht, name, namelen + 1, (void **)state_var);
{
PLS_FETCH();
- if (PG(track_vars))
- php_session_track_init();
+ php_session_track_init();
if (PS(serializer)->decode(val, vallen PSLS_CC) == FAILURE) {
_php_session_destroy(PSLS_C);
php_error(E_WARNING, "Failed to decode session object. Session has been destroyed.");
char *p;
int send_cookie = 1;
int define_sid = 1;
- zend_bool register_globals;
- zend_bool track_vars;
int module_number = PS(module_number);
int nrand;
int lensess;
lensess = strlen(PS(session_name));
- register_globals = INI_BOOL("register_globals");
- track_vars = INI_BOOL("track_vars");
-
- if (!register_globals && !track_vars) {
- php_error(E_ERROR, "The session module will not work if you have disabled track_vars and register_globals. At least one of them must be enabled.");
- return;
- }
- if (!track_vars && PS(use_cookies))
- php_error(E_NOTICE, "Because track_vars is disabled, the session module will not be able to determine whether the user has sent a cookie. SID will always be defined.");
-
- /*
- * If our only resource is the global symbol_table, then check it.
- * If track_vars are enabled, we prefer these, because they are more
- * reliable, and we always know whether the user has accepted the
- * cookie.
- */
-
- if (register_globals &&
- !track_vars &&
- !PS(id) &&
- zend_hash_find(&EG(symbol_table), PS(session_name),
- lensess + 1, (void **) &ppid) == SUCCESS) {
- PPID2SID;
- send_cookie = 0;
- }
-
/*
- * Now check the track_vars. Cookies are preferred, because initially
+ * Cookies are preferred, because initially
* cookie and get variables will be available.
*/
- if (!PS(id) && track_vars) {
+ if (!PS(id)) {
if (zend_hash_find(&EG(symbol_table), "HTTP_COOKIE_VARS",
sizeof("HTTP_COOKIE_VARS"), (void **) &data) == SUCCESS &&
(*data)->type == IS_ARRAY &&
} else {
convert_to_string_ex(entry);
- if (!PG(track_vars) || strcmp((*entry)->value.str.val, "HTTP_SESSION_VARS") != 0)
+ if (strcmp((*entry)->value.str.val, "HTTP_SESSION_VARS") != 0)
PS_ADD_VARL((*entry)->value.str.val, (*entry)->value.str.len);
}
}
STD_PHP_INI_BOOLEAN("short_open_tag", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, short_tags, zend_compiler_globals, compiler_globals)
STD_PHP_INI_BOOLEAN("sql.safe_mode", "0", PHP_INI_SYSTEM, OnUpdateBool, sql_safe_mode, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("track_errors", "0", PHP_INI_ALL, OnUpdateBool, track_errors, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("track_vars", "1", PHP_INI_ALL, OnUpdateBool, track_vars, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("y2k_compliance", "0", PHP_INI_ALL, OnUpdateBool, y2k_compliance, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("arg_separator", "&", PHP_INI_ALL, OnUpdateStringUnempty, arg_separator, php_core_globals, core_globals)
{
zval *array_ptr=NULL;
- if (PG(track_vars)) {
- ALLOC_ZVAL(array_ptr);
- array_init(array_ptr);
- INIT_PZVAL(array_ptr);
- PG(http_globals).server = array_ptr;
- }
+ ALLOC_ZVAL(array_ptr);
+ array_init(array_ptr);
+ INIT_PZVAL(array_ptr);
+ PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
/* Server variables */
if (sapi_module.register_server_variables) {
char *p;
unsigned char _gpc_flags[3] = {0,0,0};
zend_bool have_variables_order;
-
- PG(http_globals).post = PG(http_globals).get = PG(http_globals).cookie = PG(http_globals).server = PG(http_globals).environment = PG(http_globals).post_files = NULL;
+ zval *dummy_track_vars_array;
+ zend_bool initialized_dummy_track_vars_array=0;
+ int i;
+ char *track_vars_names[] = {
+ "HTTP_POST_VARS",
+ "HTTP_GET_VARS",
+ "HTTP_COOKIE_VARS",
+ "HTTP_SERVER_VARS",
+ "HTTP_ENV_VARS",
+ "HTTP_POST_FILES",
+ NULL
+ };
+ int track_vars_names_length[] = {
+ sizeof("HTTP_POST_VARS"),
+ sizeof("HTTP_GET_VARS"),
+ sizeof("HTTP_COOKIE_VARS"),
+ sizeof("HTTP_SERVER_VARS"),
+ sizeof("HTTP_ENV_VARS"),
+ sizeof("HTTP_POST_FILES")
+ };
+
+
+ for (i=0; i<6; i++) {
+ PG(http_globals)[i] = NULL;
+ }
if (PG(variables_order)) {
p = PG(variables_order);
php_register_server_variables(ELS_C SLS_CC PLS_CC);
}
- if (PG(http_globals).post) {
- zend_hash_update(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), &PG(http_globals).post, sizeof(zval *), NULL);
- }
- if (PG(http_globals).get) {
- zend_hash_update(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), &PG(http_globals).get, sizeof(zval *), NULL);
- }
- if (PG(http_globals).cookie) {
- zend_hash_update(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), &PG(http_globals).cookie, sizeof(zval *), NULL);
- }
- if (PG(http_globals).server) {
- zend_hash_update(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), &PG(http_globals).server, sizeof(zval *), NULL);
- }
- if (PG(http_globals).environment) {
- zend_hash_update(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), &PG(http_globals).environment, sizeof(zval *), NULL);
- }
- if (PG(http_globals).post_files) {
- zend_hash_update(&EG(symbol_table), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), &PG(http_globals).post_files, sizeof(zval *),NULL);
+ for (i=0; i<6; i++) {
+ if (!PG(http_globals)[i] && !initialized_dummy_track_vars_array) {
+ ALLOC_ZVAL(dummy_track_vars_array);
+ array_init(dummy_track_vars_array);
+ INIT_PZVAL(dummy_track_vars_array);
+ initialized_dummy_track_vars_array = 1;
+ } else {
+ dummy_track_vars_array->refcount++;
+ PG(http_globals)[i] = dummy_track_vars_array;
+ }
+ zend_hash_update(&EG(symbol_table), track_vars_names[i], track_vars_names_length[i], &PG(http_globals)[i], sizeof(zval *), NULL);
}
-
return SUCCESS;
}
pval *arr, *argc, *tmp;
int count = 0;
char *ss, *space;
-
- if (!PG(register_globals) && !PG(track_vars))
- return;
ALLOC_ZVAL(arr);
array_init(arr);
zend_hash_add(&EG(symbol_table), "argc", sizeof("argc"), &argc, sizeof(zval *), NULL);
}
- if (PG(track_vars)) {
- if (PG(register_globals)) {
- arr->refcount++;
- argc->refcount++;
- }
- zend_hash_update(track_vars_array->value.ht, "argv", sizeof("argv"), &arr, sizeof(pval *), NULL);
- zend_hash_update(track_vars_array->value.ht, "argc", sizeof("argc"), &argc, sizeof(pval *), NULL);
+ if (PG(register_globals)) {
+ arr->refcount++;
+ argc->refcount++;
}
-
+ zend_hash_update(track_vars_array->value.ht, "argv", sizeof("argv"), &arr, sizeof(pval *), NULL);
+ zend_hash_update(track_vars_array->value.ht, "argc", sizeof("argc"), &argc, sizeof(pval *), NULL);
}
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
+#else
+int inet_aton(const char *, struct in_addr *);
#endif
+#include "php_network.h"
+
#ifdef PHP_WIN32
#undef AF_UNIX
#endif
* port, returns the created socket on success, else returns -1.
* timeout gives timeout in seconds, 0 means blocking mode.
*/
-int php_hostconnect(char *host, int port, int socktype, int timeout)
+int php_hostconnect(char *host, unsigned short port, int socktype, int timeout)
{
int s;
struct sockaddr **sal, **psal;
extern ZEND_API struct _php_core_globals core_globals;
#endif
-typedef struct _php_http_globals {
- zval *post;
- zval *get;
- zval *cookie;
- zval *server;
- zval *environment;
- zval *post_files;
-} php_http_globals;
+
+#define TRACK_VARS_POST 1
+#define TRACK_VARS_GET 2
+#define TRACK_VARS_COOKIE 3
+#define TRACK_VARS_SERVER 4
+#define TRACK_VARS_ENV 5
+#define TRACK_VARS_FILES 6
struct _php_tick_function_entry;
zend_llist tick_functions;
- php_http_globals http_globals;
+ zval *http_globals[6];
zend_bool expose_php;
- zend_bool track_vars;
zend_bool register_globals;
zend_bool register_argc_argv;
*/
/* $Id$ */
-int php_hostconnect(char *host, int port, int socktype, int timeout);
+#ifndef _PHP_NETWORK_H
+#define _PHP_NETWORK_H
+
+int php_hostconnect(char *host, unsigned short port, int socktype, int timeout);
+
+#endif /* _PHP_NETWORK_H */
/*
* Local variables:
zend_bool free_index;
HashTable *symtable1=NULL;
HashTable *symtable2=NULL;
-
+
if (PG(register_globals)) {
symtable1 = EG(active_symbol_table);
}
}
}
if (!symtable1) {
- /* we don't need track_vars, and we're not setting GPC globals either. */
+ /* Nothing to do */
zval_dtor(val);
return;
}
case PARSE_POST:
case PARSE_GET:
case PARSE_COOKIE:
- if (PG(track_vars)) {
- ALLOC_ZVAL(array_ptr);
- array_init(array_ptr);
- INIT_PZVAL(array_ptr);
- switch (arg) {
- case PARSE_POST:
- PG(http_globals).post = array_ptr;
- break;
- case PARSE_GET:
- PG(http_globals).get = array_ptr;
- break;
- case PARSE_COOKIE:
- PG(http_globals).cookie = array_ptr;
- break;
- }
- } else {
- array_ptr=NULL;
+ ALLOC_ZVAL(array_ptr);
+ array_init(array_ptr);
+ INIT_PZVAL(array_ptr);
+ switch (arg) {
+ case PARSE_POST:
+ PG(http_globals)[TRACK_VARS_POST] = array_ptr;
+ break;
+ case PARSE_GET:
+ PG(http_globals)[TRACK_VARS_GET] = array_ptr;
+ break;
+ case PARSE_COOKIE:
+ PG(http_globals)[TRACK_VARS_COOKIE] = array_ptr;
+ break;
}
break;
default:
char **env, *p, *t;
zval *array_ptr=NULL;
- if (PG(track_vars)) {
- ALLOC_ZVAL(array_ptr);
- array_init(array_ptr);
- INIT_PZVAL(array_ptr);
- PG(http_globals).environment = array_ptr;
- }
+ ALLOC_ZVAL(array_ptr);
+ array_init(array_ptr);
+ INIT_PZVAL(array_ptr);
+ PG(http_globals)[TRACK_VARS_ENV] = array_ptr;
for (env = environ; env != NULL && *env != NULL; env++) {
p = strchr(*env, '=');
zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0);
- if (PG(track_vars)) {
- ALLOC_ZVAL(http_post_files);
- array_init(http_post_files);
- INIT_PZVAL(http_post_files);
- PG(http_globals).post_files = http_post_files;
- }
+ ALLOC_ZVAL(http_post_files);
+ array_init(http_post_files);
+ INIT_PZVAL(http_post_files);
+ PG(http_globals)[TRACK_VARS_POST] = http_post_files;
ptr = buf;
rem = cnt;
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
+; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
variables_order = "EGPCS" ; This directive describes the order in which PHP registers
; GET, POST, Cookie, Environment and Built-in variables (G, P,
; C, E & S respectively, often referred to as EGPCS or GPC).
; most sense when coupled with track_vars - in which case you can
; access all of the GPC variables through the $HTTP_*_VARS[],
; variables.
+ ; You should do your best to write your scripts so that they do
+ ; not require register_globals to be on; Using form variables
+ ; as globals can easily lead to possible security problems, if
+ ; the code is not very well thought of.
register_argc_argv = On ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
; increased performance
-track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of
- ; ENV, POST, GET, COOKIE or SERVER.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
register_argc_argv = Off ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
- ; increased performance
-track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of
- ; ENV, POST, GET, COOKIE or SERVER.
+ ; increased performance (you should try not to use it anyway,
+ ; for less likelihood of security bugs in your code).
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
register_argc_argv = Off ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
- ; increased performance
-track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of
- ; ENV, POST, GET, COOKIE or SERVER.
+ ; increased performance (you should try not to use it anyway,
+ ; for less likelihood of security bugs in your code).
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
# End Source File\r
# Begin Source File\r
\r
+SOURCE=..\main\network.c\r
+# End Source File\r
+# Begin Source File\r
+\r
SOURCE=..\main\php_content_types.c\r
# End Source File\r
# Begin Source File\r
projects / php / commitdiff