From: Ilia Alshanetsky Date: Tue, 14 Oct 2003 03:48:09 +0000 (+0000) Subject: MFH: Fixed bug #25836 (last key of multi-dimensional array passed via GPC X-Git-Tag: php-4.3.4RC2~22 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f335d5447e976b0ef4df784a488586fd2fe2a4d9;p=php MFH: Fixed bug #25836 (last key of multi-dimensional array passed via GPC not being escaped when magic_quotes_gpc is on). --- diff --git a/NEWS b/NEWS index aab8bbbc6e..6093cd5bab 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,8 @@ PHP 4 NEWS ?? Oct 2003, Version 4.3.4RC2 - Fixed multibyte regex engine to properly handle ".*" pattern under POSIX compatible mode. (K.Kosako , Moriyoshi) +- Fixed bug #25836 (last key of multi-dimensional array passed via GPC not + being escaped when magic_quotes_gpc is on). (Ilia) - Fixed bug #25814 (Make flock() return correct value when 3rd argument is used). (Ilia) - Fixed bug #25800 (parse_url() could not parse urls with empty port). (Ilia) diff --git a/main/php_variables.c b/main/php_variables.c index eadb11568e..58bf2f5583 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -178,7 +178,13 @@ plain_var: if (!index) { zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } else { - zend_hash_update(symtable1, index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (PG(magic_quotes_gpc) && (index!=var)) { + char *escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); + zend_hash_update(symtable1, escaped_index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + efree(escaped_index); + } else { + zend_hash_update(symtable1, index, index_len+1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } } break; }