diff options
| author | Derick Rethans <derick@php.net> | 2003-11-26 09:53:22 +0000 |
|---|---|---|
| committer | Derick Rethans <derick@php.net> | 2003-11-26 09:53:22 +0000 |
| commit | 370dfd39a9822428663acd98e9e1e86a38c072c0 (patch) | |
| tree | c1194e0abdc531d15b6974426a056142b5ca5557 /main | |
| parent | 7780cbc9f339bf0abfca5544dbd1cfeb08f68c77 (diff) | |
| download | php-git-370dfd39a9822428663acd98e9e1e86a38c072c0.tar.gz | |
- Prevent registration of the variable when a zero-length is returned
from the sapi_input_filter.
Diffstat (limited to 'main')
| -rw-r--r-- | main/php_variables.c | 8 | ||||
| -rw-r--r-- | main/rfc1867.c | 19 |
2 files changed, 17 insertions, 10 deletions
diff --git a/main/php_variables.c b/main/php_variables.c index 78b1863fd9..ae59eced6c 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -213,7 +213,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler) php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); val_len = sapi_module.input_filter(PARSE_POST, var, &val, val_len TSRMLS_CC); - php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + if (val_len) { + php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + } } var = php_strtok_r(NULL, "&", &strtok_buf); } @@ -308,7 +310,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); val_len = sapi_module.input_filter(arg, var, &val, val_len TSRMLS_CC); - php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + if (val_len) { + php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); + } } else { php_url_decode(var, strlen(var)); php_register_variable_safe(var, "", 0, array_ptr TSRMLS_CC); diff --git a/main/rfc1867.c b/main/rfc1867.c index 1eaa0096ed..fc83952764 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -881,22 +881,25 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (!filename && param) { char *value = multipart_buffer_read_body(mbuff TSRMLS_CC); + int val_len; if (!value) { value = estrdup(""); } - sapi_module.input_filter(PARSE_POST, param, &value, strlen(value) TSRMLS_CC); + val_len = sapi_module.input_filter(PARSE_POST, param, &value, strlen(value) TSRMLS_CC); + if (val_len) { #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) - if (php_mb_encoding_translation(TSRMLS_C)) { - php_mb_gpc_stack_variable(param, value, &val_list, &len_list, - &num_vars, &num_vars_max TSRMLS_CC); - } else { - safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); - } + if (php_mb_encoding_translation(TSRMLS_C)) { + php_mb_gpc_stack_variable(param, value, &val_list, &len_list, + &num_vars, &num_vars_max TSRMLS_CC); + } else { + safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); + } #else - safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); + safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); #endif + } if (!strcasecmp(param, "MAX_FILE_SIZE")) { max_file_size = atol(value); } |