From: Uwe Schindler Date: Wed, 2 Jul 2003 13:37:39 +0000 (+0000) Subject: Prevent user from making nested PHP requests with virtual() X-Git-Tag: php-4.3.3RC2~183 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=62ef1e2857ce987b69984dd9aed91776b92c175d;p=php Prevent user from making nested PHP requests with virtual() --- diff --git a/sapi/nsapi/nsapi.c b/sapi/nsapi/nsapi.c index b34c042c1d..480b9b08f4 100644 --- a/sapi/nsapi/nsapi.c +++ b/sapi/nsapi/nsapi.c @@ -203,7 +203,7 @@ zend_module_entry nsapi_module_entry = { NULL, NULL, PHP_MINFO(nsapi), - "$Id$", + "$Revision$", STANDARD_MODULE_PROPERTIES }; /* }}} */ @@ -827,6 +827,15 @@ int NSAPI_PUBLIC php4_execute(pblock *pb, Session *sn, Request *rq) TSRMLS_FETCH(); + /* check if this uri was included in an other PHP script with virtual() + by looking for a request context in the current thread */ + if (SG(server_context)) { + /* send 500 internal server error */ + log_error(LOG_WARN, "php4_execute", sn, rq, "Cannot make nesting PHP requests with virtual()"); + protocol_status(sn, rq, 500, NULL); + return REQ_ABORTED; + } + request_context = (nsapi_request_context *)MALLOC(sizeof(nsapi_request_context)); request_context->pb = pb; request_context->sn = sn; @@ -874,6 +883,7 @@ int NSAPI_PUBLIC php4_execute(pblock *pb, Session *sn, Request *rq) nsapi_free((void*)(SG(request_info).content_type)); FREE(request_context); + SG(server_context) = NULL; return retval; }