From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 9 Mar 2007 01:42:20 +0000 (+0000)
Subject: Fixed a possible super-global overwrite inside import_request_variables().
X-Git-Tag: php-5.2.2RC1~184
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0fa1427c6ec7f39fe3f7bf50804e5bcf12d189d8;p=php

Fixed a possible super-global overwrite inside import_request_variables().

# Reported by Stefano Di Paola
---

diff --git a/ext/standard/basic_functions.c b/ext/standard/basic_functions.c
index fbaa8a23d0..82ea865c79 100644
--- a/ext/standard/basic_functions.c
+++ b/ext/standard/basic_functions.c
@@ -6245,6 +6245,19 @@ static int copy_request_variable(void *pDest, int num_args, va_list args, zend_h
 		} else if (!strcmp(hash_key->arKey, "GLOBALS")) {
 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted GLOBALS variable overwrite.");
 			return 0; 
+		} else if (*hash_key->arKey == '_' && 
+				(
+					!strcmp(hash_key->arKey, "_GET") || 
+					!strcmp(hash_key->arKey, "_POST") || 
+					!strcmp(hash_key->arKey, "_COOKIE") || 
+					!strcmp(hash_key->arKey, "_ENV") || 
+					!strcmp(hash_key->arKey, "_SERVER") || 
+					!strcmp(hash_key->arKey, "_FILES") || 
+					!strcmp(hash_key->arKey, "_REQUEST")
+				)
+			) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted super-global (%s) variable overwrite.", hash_key->arKey);
+			return 0; 	
 		}
 	}