diff options
| author | Xinchen Hui <laruence@php.net> | 2012-11-07 17:05:24 +0800 |
|---|---|---|
| committer | Xinchen Hui <laruence@php.net> | 2012-11-07 17:05:24 +0800 |
| commit | 7fcbe4d5467300a0acee78330a0cdc9d1cbf05ad (patch) | |
| tree | a120eaa65e30ded8d56104b5cd26c5b3babefc95 | |
| parent | 0ee5d18f91d731636f3ba39c7487e2a8cf04fa36 (diff) | |
| download | php-git-7fcbe4d5467300a0acee78330a0cdc9d1cbf05ad.tar.gz | |
Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On)
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/mbstring/mb_gpc.c | 6 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug63447_001.phpt | 20 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug63447_002.phpt | 20 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug63447_003.phpt | 34 |
5 files changed, 84 insertions, 0 deletions
@@ -12,6 +12,10 @@ PHP NEWS . Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak). (Laruence) +- Mbstring: + . Fixed bug #63447 (max_input_vars doesn't filter variables when + mbstring.encoding_translation = On). (Laruence) + - MySQL: . Fixed compilation failure on mixed 32/64 bit systems. (Andrey) diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c index dd60302d03..b35ece31de 100644 --- a/ext/mbstring/mb_gpc.c +++ b/ext/mbstring/mb_gpc.c @@ -262,6 +262,12 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const php_mb_encoding_handler_ n++; var = php_strtok_r(NULL, info->separator, &strtok_buf); } + + if (n > (PG(max_input_vars) * 2)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + goto out; + } + num = n; /* make sure to process initilized vars only */ /* initialize converter */ diff --git a/ext/mbstring/tests/bug63447_001.phpt b/ext/mbstring/tests/bug63447_001.phpt new file mode 100644 index 0000000000..51302994db --- /dev/null +++ b/ext/mbstring/tests/bug63447_001.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +?> +--INI-- +max_input_nesting_level=10 +max_input_vars=5 +mbstring.encoding_translation=1 +--POST-- +a=1&b=2&c=3&d=4&e=5&f=6 +--FILE-- +<?php +var_dump($_POST); +?> +--EXPECT-- +Warning: Unknown: Input variables exceeded 5. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 +array(0) { +} diff --git a/ext/mbstring/tests/bug63447_002.phpt b/ext/mbstring/tests/bug63447_002.phpt new file mode 100644 index 0000000000..e51089b794 --- /dev/null +++ b/ext/mbstring/tests/bug63447_002.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +?> +--INI-- +max_input_nesting_level=10 +max_input_vars=4 +mbstring.encoding_translation=1 +--POST-- +a=1&b=2&c=3&d=4&e=5 +--FILE-- +<?php +var_dump($_POST); +?> +--EXPECT-- +Warning: Unknown: Input variables exceeded 4. To increase the limit change max_input_vars in php.ini. in Unknown on line 0 +array(0) { +} diff --git a/ext/mbstring/tests/bug63447_003.phpt b/ext/mbstring/tests/bug63447_003.phpt new file mode 100644 index 0000000000..a4a7e14851 --- /dev/null +++ b/ext/mbstring/tests/bug63447_003.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On) +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +?> +--INI-- +max_input_nesting_level=5 +max_input_vars=100 +mbstring.encoding_translation=1 +--POST-- +a=1&b[][][]=2&c[][][][][][]=7 +--FILE-- +<?php +print_r($_POST); +?> +--EXPECT-- +Array +( + [a] => 1 + [b] => Array + ( + [0] => Array + ( + [0] => Array + ( + [0] => 2 + ) + + ) + + ) + +) |