From 4df7ab403c3cb168047ce5bb14fbaf19e078b1fa Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Wed, 10 May 2006 21:19:32 +0000
Subject: [PATCH] Add input_filter hook call in getenv()

---
 NEWS                   |  1 +
 main/SAPI.c            | 13 +++++++++----
 sapi/apache/mod_php5.c |  6 +++++-
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index da0080abb7..3dbb1c3861 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2006, PHP 5.2.0
+- Added support for getenv() input filtering. (Rasmus)
 - Removed ze1 compatibility mode. (Marcus)
 - Added support for constructors in interfaces to force constructor signature
   checks in implementations. (Marcus)
diff --git a/main/SAPI.c b/main/SAPI.c
index 1eb457a42c..5bd12b13e9 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -25,6 +25,7 @@
 
 #include "php.h"
 #include "SAPI.h"
+#include "php_variables.h"
 #include "php_ini.h"
 #include "ext/standard/php_string.h"
 #include "ext/standard/pageinfo.h"
@@ -914,11 +915,15 @@ SAPI_API struct stat *sapi_get_stat(TSRMLS_D)
 
 SAPI_API char *sapi_getenv(char *name, size_t name_len TSRMLS_DC)
 {
-	if (sapi_module.getenv) {
-		return sapi_module.getenv(name, name_len TSRMLS_CC);
+	if (sapi_module.getenv) { 
+		char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC);
+		if(tmp) value = estrdup(tmp); 
+		else return NULL;
+		sapi_module.input_filter(PARSE_ENV, name, &value, strlen(value), NULL TSRMLS_CC);
+		return value;
 	} else {
-		return NULL;
-	}
+		return NULL; 
+	}   
 }
 
 SAPI_API int sapi_get_fd(int *fd TSRMLS_DC)
diff --git a/sapi/apache/mod_php5.c b/sapi/apache/mod_php5.c
index be82e13369..04f9da4d86 100644
--- a/sapi/apache/mod_php5.c
+++ b/sapi/apache/mod_php5.c
@@ -254,13 +254,17 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
 
 	for (i = 0; i < arr->nelts; i++) {
 		char *val;
+		int val_len, new_val_len;
 
 		if (elts[i].val) {
 			val = elts[i].val;
 		} else {
 			val = "";
 		}
-		php_register_variable(elts[i].key, val, track_vars_array  TSRMLS_CC);
+		val_len = strlen(val);
+		if (sapi_module.input_filter(PARSE_SERVER, elts[i].key, &val, val_len, &new_val_len TSRMLS_CC)) {
+			php_register_variable_safe(elts[i].key, val, new_val_len, track_vars_array TSRMLS_CC);
+		}
 	}
 
 	/* If PATH_TRANSLATED doesn't exist, copy it from SCRIPT_FILENAME */
-- 
2.50.1