From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 31 Jul 2003 22:29:32 +0000 (+0000)
Subject: Fixed bug #24883 (variables created through register_globals, ignore
X-Git-Tag: BEFORE_ARG_INFO~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0eb76eb2ec0496d320680df84aa3d72a60bba778;p=php

Fixed bug #24883 (variables created through register_globals, ignore
gpc_order and variables_order).
Prevent multiple registration of ENV & SERVER variables when more then one
is specified.
Prevent multiple addition of GET/POST/COOKIE variables when building
_REQUEST.
---

diff --git a/main/php_variables.c b/main/php_variables.c
index 6415c16345..3bc3a2a9ba 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -537,7 +537,7 @@ static zend_bool php_auto_globals_create_request(char *name, uint name_len TSRML
 int php_hash_environment(TSRMLS_D)
 {
 	char *p;
-	unsigned char _gpc_flags[3] = {0, 0, 0};
+	unsigned char _gpc_flags[5] = {0, 0, 0, 0, 0};
 	zend_bool have_variables_order;
 	zval *dummy_track_vars_array = NULL;
 	zend_bool initialized_dummy_track_vars_array=0;
@@ -575,6 +575,9 @@ int php_hash_environment(TSRMLS_D)
 		array_init(PG(http_globals)[TRACK_VARS_ENV]);
 		INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]);
 		php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC);
+		if (PG(register_globals)) {
+			php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC);
+		}
 	}
 
 	for (p=variables_order; p && *p; p++) {
@@ -584,6 +587,9 @@ int php_hash_environment(TSRMLS_D)
 				if (!_gpc_flags[0] && !SG(headers_sent) && SG(request_info).request_method && !strcasecmp(SG(request_info).request_method, "POST")) {
 					sapi_module.treat_data(PARSE_POST, NULL, NULL TSRMLS_CC);	/* POST Data */
 					_gpc_flags[0]=1;
+					if (PG(register_globals)) {
+						php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
+					}
 				}
 				break;
 			case 'c':
@@ -591,6 +597,9 @@ int php_hash_environment(TSRMLS_D)
 				if (!_gpc_flags[1]) {
 					sapi_module.treat_data(PARSE_COOKIE, NULL, NULL TSRMLS_CC);	/* Cookie Data */
 					_gpc_flags[1]=1;
+					if (PG(register_globals)) {
+						php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
+					}
 				}
 				break;
 			case 'g':
@@ -598,36 +607,42 @@ int php_hash_environment(TSRMLS_D)
 				if (!_gpc_flags[2]) {
 					sapi_module.treat_data(PARSE_GET, NULL, NULL TSRMLS_CC);	/* GET Data */
 					_gpc_flags[2]=1;
+					if (PG(register_globals)) {
+						php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
+					}
 				}
 				break;
 			case 'e':
 			case 'E':
-				if (!jit_initialization) {
+				if (!jit_initialization && !_gpc_flags[3]) {
 					if (have_variables_order) {
 						php_auto_globals_create_env("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
+						if (PG(register_globals)) {
+							php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC);
+						}
 					} else {
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unsupported 'e' element (environment) used in gpc_order - use variables_order instead");
 					}
+					_gpc_flags[3]=1;
 				}
 				break;
 			case 's':
 			case 'S':
-				if (!jit_initialization) {
+				if (!jit_initialization && !_gpc_flags[4]) {
 					php_register_server_variables(TSRMLS_C);
+					_gpc_flags[4]=1;
+					if (PG(register_globals)) {
+						php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]) TSRMLS_CC);
+					}
 				}
 				break;
 		}
 	}
 
-	if (!jit_initialization && !have_variables_order) {
+	if (!jit_initialization && !_gpc_flags[4]) {
 		php_register_server_variables(TSRMLS_C);
-	}
-
-	if (PG(register_globals)) {
-		for (i = 0; i < 5; i++) {
-			if (PG(http_globals)[i]) {
-				php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[i]) TSRMLS_CC);
-			}
+		if (PG(register_globals)) {
+			php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]) TSRMLS_CC);
 		}
 	}
 
@@ -704,6 +719,7 @@ static zend_bool php_auto_globals_create_request(char *name, uint name_len TSRML
 {
 	zval *form_variables;
 	char *variables_order;
+	unsigned char _gpc_flags[3] = {0, 0, 0};
 	char *p;
 
 	if (PG(variables_order)) {
@@ -720,15 +736,24 @@ static zend_bool php_auto_globals_create_request(char *name, uint name_len TSRML
 		switch (*p) {
 			case 'g':
 			case 'G':
-				php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
+				if (!_gpc_flags[0]) {
+					php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
+					_gpc_flags[0] = 1;
+				}
 				break;
 			case 'p':
 			case 'P':
-				php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
+				if (!_gpc_flags[1]) {
+					php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
+					_gpc_flags[1] = 1;
+				}
 				break;
 			case 'c':
 			case 'C':
-				php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
+				if (!_gpc_flags[2]) {
+					php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
+					_gpc_flags[2] = 1;
+				}
 				break;
 		}
 	}