diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-23 11:10:11 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-23 15:48:09 +0200 |
commit | fc4d462e947828fdbeac6020ac8f34704a218834 (patch) | |
tree | 106f1c5e9bbde38a468bd3689e8c8d8626714165 | |
parent | 4293dd5d344dd7277fc3af5aa6c0da5ea327f3b6 (diff) | |
download | php-git-fc4d462e947828fdbeac6020ac8f34704a218834.tar.gz |
Fix #78236: convert error on receiving variables when duplicate [
When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, but also all following
forbidden characters.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | main/php_variables.c | 8 | ||||
-rw-r--r-- | tests/basic/bug78236.phpt | 17 |
3 files changed, 28 insertions, 1 deletions
@@ -2,6 +2,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.0.0beta1 +- Core: + . Fixed bug #78236 (convert error on receiving variables when duplicate [). + (cmb) + - JIT: . Fixed bug #79864 (JIT segfault in Symfony OptionsResolver). (Dmitry) diff --git a/main/php_variables.c b/main/php_variables.c index dc33e54920..7b753f0cdf 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -178,8 +178,14 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac } else { ip = strchr(ip, ']'); if (!ip) { - /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ + /* not an index; un-terminate the var name */ *(index_s - 1) = '_'; + /* PHP variables cannot contain ' ', '.', '[' in their names, so we replace the characters with a '_' */ + for (p = index_s; *p; p++) { + if (*p == ' ' || *p == '.' || *p == '[') { + *p = '_'; + } + } index_len = 0; if (index) { diff --git a/tests/basic/bug78236.phpt b/tests/basic/bug78236.phpt new file mode 100644 index 0000000000..9b56b1388c --- /dev/null +++ b/tests/basic/bug78236.phpt @@ -0,0 +1,17 @@ +--TEST-- +Bug #78236 (convert error on receiving variables when duplicate [) +--POST-- +id[name=1&id[[name=a&id[na me.=3 +--FILE-- +<?php +var_dump($_POST); +?> +--EXPECT-- +array(3) { + ["id_name"]=> + string(1) "1" + ["id__name"]=> + string(1) "a" + ["id_na_me_"]=> + string(1) "3" +} |