From: Ilia Alshanetsky <iliaa@php.net>
Date: Sun, 18 Mar 2007 16:36:13 +0000 (+0000)
Subject: Fixed MOPB-26-2007 mb_parse_str() can be used to activate register_globals
X-Git-Tag: php-5.2.2RC1~130
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=89939e13d693aac8045beb0913aef33204de500c;p=php

Fixed MOPB-26-2007 mb_parse_str() can be used to activate register_globals

# Discovered by Stefan Esser
---

diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c
index ae37d2ad34..1eb7f63ac0 100644
--- a/ext/mbstring/mb_gpc.c
+++ b/ext/mbstring/mb_gpc.c
@@ -208,9 +208,8 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
 	/* register_globals stuff
 	 * XXX: this feature is going to be deprecated? */
 
-	if (info->force_register_globals) {
-		prev_rg_state = PG(register_globals);
-		PG(register_globals) = 1;
+	if (info->force_register_globals && !(prev_rg_state = PG(register_globals))) {
+		zend_alter_ini_entry("register_globals", sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
 	}
 
 	if (!res || *res == '\0') {
@@ -343,8 +342,8 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_
 
 out:
 	/* register_global stuff */
-	if (info->force_register_globals) {
-		PG(register_globals) = prev_rg_state;
+	if (info->force_register_globals && !prev_rg_state) {
+		zend_alter_ini_entry("register_globals", sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR, PHP_INI_STAGE_RUNTIME);
 	}
 
 	if (convd != NULL) {