diff options
author | Stanislav Malyshev <stas@php.net> | 2000-12-12 10:47:47 +0000 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2000-12-12 10:47:47 +0000 |
commit | 0731f54d35ba54a60a3011964e38339893b181e7 (patch) | |
tree | ff73466aa58ad43e9c7dcb8cadc4b2338f5f3b31 /main/php_variables.c | |
parent | 868c8769f8adfb6100c291fe25880c50b84e4ab7 (diff) | |
download | php-git-0731f54d35ba54a60a3011964e38339893b181e7.tar.gz |
Fix #7987: POST/GET: string with \0(%00) values not parsed correctly
Diffstat (limited to 'main/php_variables.c')
-rw-r--r-- | main/php_variables.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/main/php_variables.c b/main/php_variables.c index 08a201e874..e4c64f973e 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -29,12 +29,17 @@ #include "zend_globals.h" -PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) +PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) { + php_register_variable_safe(var, strval, strlen(strval), track_vars_array ELS_CC PLS_CC); +} + +/* binary-safe version */ +PHPAPI void php_register_variable_safe(char *var, char *strval, int str_len, zval *track_vars_array ELS_DC PLS_DC) { zval new_entry; /* Prepare value */ - new_entry.value.str.len = strlen(strval); + new_entry.value.str.len = str_len; if (PG(magic_quotes_gpc)) { new_entry.value.str.val = php_addslashes(strval, new_entry.value.str.len, &new_entry.value.str.len, 0); } else { @@ -198,11 +203,12 @@ SAPI_POST_HANDLER_FUNC(php_std_post_handler) while (var) { val = strchr(var, '='); if (val) { /* have a value */ + int val_len; + *val++ = '\0'; - /* FIXME: XXX: not binary safe, discards returned length */ php_url_decode(var, strlen(var)); - php_url_decode(val, strlen(val)); - php_register_variable(var, val, array_ptr ELS_CC PLS_CC); + val_len = php_url_decode(val, strlen(val)); + php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC); } var = php_strtok_r(NULL, "&", &strtok_buf); } @@ -282,11 +288,12 @@ void php_treat_data(int arg, char *str, zval* destArray ELS_DC PLS_DC SLS_DC) while (var) { val = strchr(var, '='); if (val) { /* have a value */ + int val_len; + *val++ = '\0'; - /* FIXME: XXX: not binary safe, discards returned length */ php_url_decode(var, strlen(var)); - php_url_decode(val, strlen(val)); - php_register_variable(var, val, array_ptr ELS_CC PLS_CC); + val_len = php_url_decode(val, strlen(val)); + php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC); } if (arg == PARSE_COOKIE) { var = php_strtok_r(NULL, ";", &strtok_buf); |