From 0731f54d35ba54a60a3011964e38339893b181e7 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Tue, 12 Dec 2000 10:47:47 +0000 Subject: [PATCH] Fix #7987: POST/GET: string with \0(%00) values not parsed correctly --- main/php_variables.c | 23 +++++++++++++++-------- main/php_variables.h | 2 ++ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/main/php_variables.c b/main/php_variables.c index 08a201e874..e4c64f973e 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -29,12 +29,17 @@ #include "zend_globals.h" -PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) +PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) { + php_register_variable_safe(var, strval, strlen(strval), track_vars_array ELS_CC PLS_CC); +} + +/* binary-safe version */ +PHPAPI void php_register_variable_safe(char *var, char *strval, int str_len, zval *track_vars_array ELS_DC PLS_DC) { zval new_entry; /* Prepare value */ - new_entry.value.str.len = strlen(strval); + new_entry.value.str.len = str_len; if (PG(magic_quotes_gpc)) { new_entry.value.str.val = php_addslashes(strval, new_entry.value.str.len, &new_entry.value.str.len, 0); } else { @@ -198,11 +203,12 @@ SAPI_POST_HANDLER_FUNC(php_std_post_handler) while (var) { val = strchr(var, '='); if (val) { /* have a value */ + int val_len; + *val++ = '\0'; - /* FIXME: XXX: not binary safe, discards returned length */ php_url_decode(var, strlen(var)); - php_url_decode(val, strlen(val)); - php_register_variable(var, val, array_ptr ELS_CC PLS_CC); + val_len = php_url_decode(val, strlen(val)); + php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC); } var = php_strtok_r(NULL, "&", &strtok_buf); } @@ -282,11 +288,12 @@ void php_treat_data(int arg, char *str, zval* destArray ELS_DC PLS_DC SLS_DC) while (var) { val = strchr(var, '='); if (val) { /* have a value */ + int val_len; + *val++ = '\0'; - /* FIXME: XXX: not binary safe, discards returned length */ php_url_decode(var, strlen(var)); - php_url_decode(val, strlen(val)); - php_register_variable(var, val, array_ptr ELS_CC PLS_CC); + val_len = php_url_decode(val, strlen(val)); + php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC); } if (arg == PARSE_COOKIE) { var = php_strtok_r(NULL, ";", &strtok_buf); diff --git a/main/php_variables.h b/main/php_variables.h index bd0a98810a..40c63206a2 100644 --- a/main/php_variables.h +++ b/main/php_variables.h @@ -33,6 +33,8 @@ void php_treat_data(int arg, char *str, zval* destArray ELS_DC PLS_DC SLS_DC); PHPAPI void php_import_environment_variables(zval *array_ptr ELS_DC PLS_DC); PHPAPI void php_register_variable(char *var, char *val, pval *track_vars_array ELS_DC PLS_DC); +/* binary-safe version */ +PHPAPI void php_register_variable_safe(char *var, char *val, int val_len, pval *track_vars_array ELS_DC PLS_DC); PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_array ELS_DC PLS_DC); -- 2.40.0