From 8acd3e381866271f880dcad46e581092495c9443 Mon Sep 17 00:00:00 2001
From: Zeev Suraski <zeev@php.net>
Date: Sun, 9 Jan 2000 18:32:13 +0000
Subject: [PATCH] @- Fixed a possible crash in phpinfo() (Zeev) phpinfo() now
 ensures that HTTP_*_VARS[] are actually arrays before it tries to access
 them...

---
 ext/standard/info.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ext/standard/info.c b/ext/standard/info.c
index 16b2a6cdad..62150924b2 100644
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -191,7 +191,8 @@ PHPAPI void php_print_info(int flag)
 		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) {
 			php_info_print_table_row(2, "PHP_AUTH_PW", (*data)->value.str.val);
 		}
-		if (zend_hash_find(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), (void **) &data) != FAILURE) {
+		if (zend_hash_find(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), (void **) &data)!=FAILURE
+			&& ((*data)->type==IS_ARRAY)) {
 			zend_hash_internal_pointer_reset((*data)->value.ht);
 			while (zend_hash_get_current_data((*data)->value.ht, (void **) &tmp) == SUCCESS) {
 				zval tmp2, *value_ptr;
@@ -229,7 +230,8 @@ PHPAPI void php_print_info(int flag)
 				}
 			}
 		}
-		if (zend_hash_find(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), (void **) &data) != FAILURE) {
+		if (zend_hash_find(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), (void **) &data)!=FAILURE
+			&& ((*data)->type==IS_ARRAY)) {
 			zend_hash_internal_pointer_reset((*data)->value.ht);
 			while (zend_hash_get_current_data((*data)->value.ht, (void **) &tmp) == SUCCESS) {
 				convert_to_string(*tmp);
@@ -249,7 +251,8 @@ PHPAPI void php_print_info(int flag)
 				zend_hash_move_forward((*data)->value.ht);
 			}
 		}
-		if (zend_hash_find(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), (void **) &data) != FAILURE) {
+		if (zend_hash_find(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), (void **) &data)!=FAILURE
+			&& ((*data)->type==IS_ARRAY)) {
 			zend_hash_internal_pointer_reset((*data)->value.ht);
 			while (zend_hash_get_current_data((*data)->value.ht, (void **) &tmp) == SUCCESS) {
 				convert_to_string(*tmp);
-- 
2.40.0