diff options
| author | Dmitry Stogov <dmitry@php.net> | 2012-02-14 08:58:52 +0000 |
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2012-02-14 08:58:52 +0000 |
| commit | 04f6171012cb65f3447ec66d62da70300d307799 (patch) | |
| tree | 5ed245fd0be2fce1a012f3acf9c77232ae560023 /main/rfc1867.c | |
| parent | dd14c92499c34b92177e354f90485479dbe795b8 (diff) | |
| download | php-git-04f6171012cb65f3447ec66d62da70300d307799.tar.gz | |
Improved max_input_vars directive to check nested variables
Diffstat (limited to 'main/rfc1867.c')
| -rw-r--r-- | main/rfc1867.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/main/rfc1867.c b/main/rfc1867.c index b848126b2a..5da3a99355 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -691,6 +691,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ php_rfc1867_getword_t getword; php_rfc1867_getword_conf_t getword_conf; php_rfc1867_basename_t _basename; + long count = 0; if (php_rfc1867_encoding_translation(TSRMLS_C) && internal_encoding) { getword = php_rfc1867_getword; @@ -861,7 +862,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ } } - if (sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { + if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { if (php_rfc1867_callback != NULL) { multipart_event_formdata event_formdata; size_t newlength = new_val_len; @@ -879,15 +880,21 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ new_val_len = newlength; } safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC); - } else if (php_rfc1867_callback != NULL) { - multipart_event_formdata event_formdata; - - event_formdata.post_bytes_processed = SG(read_post_bytes); - event_formdata.name = param; - event_formdata.value = &value; - event_formdata.length = value_len; - event_formdata.newlength = NULL; - php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + } else { + if (count == PG(max_input_vars) + 1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + } + + if (php_rfc1867_callback != NULL) { + multipart_event_formdata event_formdata; + + event_formdata.post_bytes_processed = SG(read_post_bytes); + event_formdata.name = param; + event_formdata.value = &value; + event_formdata.length = value_len; + event_formdata.newlength = NULL; + php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + } } if (!strcasecmp(param, "MAX_FILE_SIZE")) { |