From efdd39207cdc98c5d77144f40d9a21ce2ec8d6e6 Mon Sep 17 00:00:00 2001 From: Zeev Suraski Date: Mon, 4 Sep 2000 22:26:01 +0000 Subject: [PATCH] Protect arrays as well. --- main/rfc1867.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/main/rfc1867.c b/main/rfc1867.c index 183b1a8b86..37fe2c7db0 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -47,38 +47,38 @@ static zend_bool is_protected_variable(char *varname PLS_DC) } -static void safe_php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) +static void safe_php_register_variable(char *var, char *strval, zval *track_vars_array, zend_bool override_protection ELS_DC PLS_DC) { - if (!is_protected_variable(var PLS_CC)) { + if (override_protection || !is_protected_variable(var PLS_CC)) { php_register_variable(var, strval, track_vars_array ELS_CC PLS_CC); } } -static void safe_php_register_variable_ex(char *var, zval *val, pval *track_vars_array ELS_DC PLS_DC) +static void safe_php_register_variable_ex(char *var, zval *val, pval *track_vars_array, zend_bool override_protection ELS_DC PLS_DC) { - if (!is_protected_variable(var PLS_CC)) { + if (override_protection || !is_protected_variable(var PLS_CC)) { php_register_variable_ex(var, val, track_vars_array ELS_CC PLS_CC); } } -static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files ELS_DC PLS_DC) +static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection ELS_DC PLS_DC) { int register_globals = PG(register_globals); PG(register_globals) = 0; - safe_php_register_variable(strvar, val, http_post_files ELS_CC PLS_CC); + safe_php_register_variable(strvar, val, http_post_files, override_protection ELS_CC PLS_CC); PG(register_globals) = register_globals; } -static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files ELS_DC PLS_DC) +static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection ELS_DC PLS_DC) { int register_globals = PG(register_globals); PG(register_globals) = 0; - safe_php_register_variable_ex(var, val, http_post_files ELS_CC PLS_CC); + safe_php_register_variable_ex(var, val, http_post_files, override_protection ELS_CC PLS_CC); PG(register_globals) = register_globals; } @@ -207,9 +207,9 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) } s = strrchr(filenamebuf, '\\'); if (s && s > filenamebuf) { - safe_php_register_variable(lbuf, s+1, NULL ELS_CC PLS_CC); + safe_php_register_variable(lbuf, s+1, NULL, 0 ELS_CC PLS_CC); } else { - safe_php_register_variable(lbuf, filenamebuf, NULL ELS_CC PLS_CC); + safe_php_register_variable(lbuf, filenamebuf, NULL, 0 ELS_CC PLS_CC); } /* Add $foo[name] */ @@ -219,9 +219,9 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) sprintf(lbuf, "%s[name]", namebuf); } if (s && s > filenamebuf) { - register_http_post_files_variable(lbuf, s+1, http_post_files ELS_CC PLS_CC); + register_http_post_files_variable(lbuf, s+1, http_post_files, 0 ELS_CC PLS_CC); } else { - register_http_post_files_variable(lbuf, filenamebuf, http_post_files ELS_CC PLS_CC); + register_http_post_files_variable(lbuf, filenamebuf, http_post_files, 0 ELS_CC PLS_CC); } state = 3; @@ -251,7 +251,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) } else { sprintf(lbuf, "%s_type", namebuf); } - safe_php_register_variable(lbuf, s, NULL ELS_CC PLS_CC); + safe_php_register_variable(lbuf, s, NULL, 0 ELS_CC PLS_CC); /* Add $foo[type] */ if (is_arr_upload) { @@ -259,7 +259,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) } else { sprintf(lbuf, "%s[type]", namebuf); } - register_http_post_files_variable(lbuf, s, http_post_files ELS_CC PLS_CC); + register_http_post_files_variable(lbuf, s, http_post_files, 0 ELS_CC PLS_CC); if(*s != '\0') { *(loc2 - 1) = '\n'; } @@ -284,7 +284,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) /* Check to make sure we are not overwriting special file * upload variables */ - safe_php_register_variable(namebuf, ptr, array_ptr ELS_CC PLS_CC); + safe_php_register_variable(namebuf, ptr, array_ptr, 0 ELS_CC PLS_CC); /* And a little kludge to pick out special MAX_FILE_SIZE */ itype = php_check_ident_type(namebuf); @@ -348,8 +348,8 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) php_error(E_WARNING, "Only %d bytes were written, expected to write %ld", bytes, loc - ptr - 4); } } - safe_php_register_variable(namebuf, fn, NULL ELS_CC PLS_CC); add_protected_variable(namebuf PLS_CC); + safe_php_register_variable(namebuf, fn, NULL, 1 ELS_CC PLS_CC); /* Add $foo[tmp_name] */ if(is_arr_upload) { @@ -357,8 +357,8 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) } else { sprintf(lbuf, "%s[tmp_name]", namebuf); } - register_http_post_files_variable(lbuf, fn, http_post_files ELS_CC PLS_CC); add_protected_variable(lbuf PLS_CC); + register_http_post_files_variable(lbuf, fn, http_post_files, 1 ELS_CC PLS_CC); { zval file_size; @@ -371,7 +371,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) } else { sprintf(lbuf, "%s_size", namebuf); } - safe_php_register_variable_ex(lbuf, &file_size, NULL ELS_CC PLS_CC); + safe_php_register_variable_ex(lbuf, &file_size, NULL, 0 ELS_CC PLS_CC); /* Add $foo[size] */ if(is_arr_upload) { @@ -379,7 +379,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) } else { sprintf(lbuf, "%s[size]", namebuf); } - register_http_post_files_variable_ex(lbuf, &file_size, http_post_files ELS_CC PLS_CC); + register_http_post_files_variable_ex(lbuf, &file_size, http_post_files, 0 ELS_CC PLS_CC); } state = 0; rem -= (loc - ptr); -- 2.40.0