From: Ilia Alshanetsky <iliaa@php.net>
Date: Fri, 3 Nov 2006 13:51:48 +0000 (+0000)
Subject: MFH:
X-Git-Tag: php-5.2.1RC1~369
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6123f110210808aa2557d93e5de32cfbc32ec419;p=php

MFH:
	Added filter support for $_SERVER in cgi/apache2 sapis
	Make sure PHP_SELF is filtered in Apache 1 sapi
---

diff --git a/sapi/apache/mod_php5.c b/sapi/apache/mod_php5.c
index 719a193232..101c449240 100644
--- a/sapi/apache/mod_php5.c
+++ b/sapi/apache/mod_php5.c
@@ -246,10 +246,11 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
 	table_entry *elts = (table_entry *) arr->elts;
 	zval **path_translated;
 	HashTable *symbol_table;
+	int new_val_len;
 
 	for (i = 0; i < arr->nelts; i++) {
 		char *val;
-		int val_len, new_val_len;
+		int val_len;
 
 		if (elts[i].val) {
 			val = elts[i].val;
@@ -277,7 +278,9 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
 		php_register_variable("PATH_TRANSLATED", Z_STRVAL_PP(path_translated), track_vars_array TSRMLS_CC);
 	}
 
-	php_register_variable("PHP_SELF", ((request_rec *) SG(server_context))->uri, track_vars_array TSRMLS_CC);
+	if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &((request_rec *) SG(server_context))->uri, strlen(((request_rec *) SG(server_context))->uri), &new_val_len TSRMLS_CC)) {
+		php_register_variable("PHP_SELF", ((request_rec *) SG(server_context))->uri, track_vars_array TSRMLS_CC);
+	}
 }
 /* }}} */
 
diff --git a/sapi/apache2filter/sapi_apache2.c b/sapi/apache2filter/sapi_apache2.c
index 453a8e51b9..e28adf762d 100644
--- a/sapi/apache2filter/sapi_apache2.c
+++ b/sapi/apache2filter/sapi_apache2.c
@@ -212,11 +212,18 @@ php_apache_sapi_register_variables(zval *track_vars_array TSRMLS_DC)
 	char *key, *val;
 	
 	APR_ARRAY_FOREACH_OPEN(arr, key, val)
-		if (!val) val = "";
-		php_register_variable(key, val, track_vars_array TSRMLS_CC);
+		if (!val) {
+			val = "";
+		}
+		if (sapi_module.input_filter(PARSE_SERVER, key, &val, strlen(val), &new_val_len TSRMLS_CC)) {
+			php_register_variable_safe(key, val, new_val_len, track_vars_array TSRMLS_CC);
+		}
 	APR_ARRAY_FOREACH_CLOSE()
 		
 	php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array TSRMLS_CC);
+	if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+		php_register_variable_safe("PHP_SELF", ctx->r->uri, new_val_len, track_vars_array TSRMLS_CC);
+	}
 }
 
 static void
diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c
index f3612bf137..e7789cf863 100644
--- a/sapi/apache2handler/sapi_apache2.c
+++ b/sapi/apache2handler/sapi_apache2.c
@@ -232,13 +232,20 @@ php_apache_sapi_register_variables(zval *track_vars_array TSRMLS_DC)
 	php_struct *ctx = SG(server_context);
 	const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env);
 	char *key, *val;
+	int new_val_len;
 
 	APR_ARRAY_FOREACH_OPEN(arr, key, val)
-		if (!val) val = "";
-		php_register_variable(key, val, track_vars_array TSRMLS_CC);
+		if (!val) {
+			val = "";
+		}
+		if (sapi_module.input_filter(PARSE_SERVER, key, &val, strlen(val), &new_val_len TSRMLS_CC)) {
+			php_register_variable_safe(key, val, new_val_len, track_vars_array TSRMLS_CC);
+		}
 	APR_ARRAY_FOREACH_CLOSE()
 
-	php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array TSRMLS_CC);
+	if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+		php_register_variable_safe("PHP_SELF", ctx->r->uri, new_val_len, track_vars_array TSRMLS_CC);
+	}
 }
 
 static void
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 45b6262fe9..54216568e1 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -490,7 +490,10 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
 		     zend_hash_get_current_key_ex(&request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
 		     zend_hash_get_current_data_ex(&request->env, (void **) &val, &pos) == SUCCESS;
 		     zend_hash_move_forward_ex(&request->env, &pos)) {
-			php_register_variable(var, *val, array_ptr TSRMLS_CC);
+			int new_val_len;
+			if (sapi_module.input_filter(PARSE_SERVER, var.s, val, strlen(*val), &new_val_len TSRMLS_CC)) {
+				php_register_variable_safe(var.s, *val, new_val_len, array_ptr TSRMLS_CC);
+			}
 		}
 		PG(magic_quotes_gpc) = magic_quotes_gpc;
 	}
@@ -499,12 +502,16 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
 
 static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
 {
+	int new_val_len;
+	char *val = SG(request_info).request_uri ? SG(request_info).request_uri : "";
 	/* In CGI mode, we consider the environment to be a part of the server
 	 * variables
 	 */
 	php_import_environment_variables(track_vars_array TSRMLS_CC);
 	/* Build the special-case PHP_SELF variable for the CGI version */
-	php_register_variable("PHP_SELF", (SG(request_info).request_uri ? SG(request_info).request_uri : ""), track_vars_array TSRMLS_CC);
+	if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val, strlen(val), &new_val_len TSRMLS_CC)) {
+		php_register_variable_safe("PHP_SELF", val, new_val_len, track_vars_array TSRMLS_CC);
+	}
 }
 
 static void sapi_cgi_log_message(char *message)