From: Christoph M. Becker Date: Thu, 23 Jul 2020 09:10:11 +0000 (+0200) Subject: Fix #78236: convert error on receiving variables when duplicate [ X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fc4d462e947828fdbeac6020ac8f34704a218834;p=php Fix #78236: convert error on receiving variables when duplicate [ When an input variable name contains a non matched open bracket, we not only have to replace that with an underscore, but also all following forbidden characters. --- diff --git a/NEWS b/NEWS index 167350640a..a17f4c0919 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.0.0beta1 +- Core: + . Fixed bug #78236 (convert error on receiving variables when duplicate [). + (cmb) + - JIT: . Fixed bug #79864 (JIT segfault in Symfony OptionsResolver). (Dmitry) diff --git a/main/php_variables.c b/main/php_variables.c index dc33e54920..7b753f0cdf 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -178,8 +178,14 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac } else { ip = strchr(ip, ']'); if (!ip) { - /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ + /* not an index; un-terminate the var name */ *(index_s - 1) = '_'; + /* PHP variables cannot contain ' ', '.', '[' in their names, so we replace the characters with a '_' */ + for (p = index_s; *p; p++) { + if (*p == ' ' || *p == '.' || *p == '[') { + *p = '_'; + } + } index_len = 0; if (index) { diff --git a/tests/basic/bug78236.phpt b/tests/basic/bug78236.phpt new file mode 100644 index 0000000000..9b56b1388c --- /dev/null +++ b/tests/basic/bug78236.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #78236 (convert error on receiving variables when duplicate [) +--POST-- +id[name=1&id[[name=a&id[na me.=3 +--FILE-- + +--EXPECT-- +array(3) { + ["id_name"]=> + string(1) "1" + ["id__name"]=> + string(1) "a" + ["id_na_me_"]=> + string(1) "3" +}