diff options
| author | Zeev Suraski <zeev@php.net> | 2000-02-26 16:36:57 +0000 |
|---|---|---|
| committer | Zeev Suraski <zeev@php.net> | 2000-02-26 16:36:57 +0000 |
| commit | 0e90b9dc83956f7de3d269cfe9b1be42618c2812 (patch) | |
| tree | d80fb084aaefaa5abccfa48e38ab07d598df7356 /main | |
| parent | e6146d6bf382df0de28271cc58fce03afc20797b (diff) | |
| download | php-git-0e90b9dc83956f7de3d269cfe9b1be42618c2812.tar.gz | |
@- The various $HTTP_*_VARS[] are now protected, and cannot be manipulated by
@ user input (Zeev)
This patch is untested! I'll only have time to test it thoroughly in a couple of hours...
Diffstat (limited to 'main')
| -rw-r--r-- | main/main.c | 20 | ||||
| -rw-r--r-- | main/php_globals.h | 10 | ||||
| -rw-r--r-- | main/php_variables.c | 18 |
3 files changed, 33 insertions, 15 deletions
diff --git a/main/main.c b/main/main.c index 981b2adced..31433062bc 100644 --- a/main/main.c +++ b/main/main.c @@ -918,7 +918,7 @@ static inline void php_register_server_variables(ELS_D SLS_DC PLS_DC) ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); - zend_hash_add_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), array_ptr, sizeof(pval *),NULL); + PG(http_globals).server = array_ptr; } /* Server variables */ @@ -956,6 +956,8 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC) php_import_environment_variables(ELS_C PLS_CC); } + PG(http_globals).post = PG(http_globals).get = PG(http_globals).cookie = PG(http_globals).server = PG(http_globals).environment = NULL; + while(*p) { switch(*p++) { case 'p': @@ -996,6 +998,22 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC) } } + if (PG(http_globals).post) { + zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), PG(http_globals).post, sizeof(zval *), NULL); + } + if (PG(http_globals).get) { + zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), PG(http_globals).get, sizeof(zval *), NULL); + } + if (PG(http_globals).cookie) { + zend_hash_add_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), PG(http_globals).cookie, sizeof(zval *), NULL); + } + if (PG(http_globals).server) { + zend_hash_add_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), PG(http_globals).server, sizeof(zval *), NULL); + } + if (PG(http_globals).environment) { + zend_hash_add_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), PG(http_globals).environment, sizeof(zval *), NULL); + } + if (!have_variables_order) { php_register_server_variables(ELS_C SLS_CC PLS_CC); diff --git a/main/php_globals.h b/main/php_globals.h index 9c3ee04294..1a1a6db707 100644 --- a/main/php_globals.h +++ b/main/php_globals.h @@ -42,6 +42,14 @@ extern PHPAPI int core_globals_id; extern ZEND_API struct _php_core_globals core_globals; #endif +typedef struct _php_http_globals { + zval *post; + zval *get; + zval *cookie; + zval *server; + zval *environment; +} php_http_globals; + struct _php_tick_function_entry; struct _php_core_globals { @@ -100,6 +108,8 @@ struct _php_core_globals { unsigned char header_is_being_sent; zend_llist tick_functions; + + php_http_globals http_globals; }; diff --git a/main/php_variables.c b/main/php_variables.c index 1897610d6c..84c487d01f 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -226,16 +226,15 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC) INIT_PZVAL(array_ptr); switch (arg) { case PARSE_POST: - zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), array_ptr, sizeof(pval *),NULL); + PG(http_globals).post = array_ptr; break; case PARSE_GET: - zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), array_ptr, sizeof(pval *),NULL); + PG(http_globals).get = array_ptr; break; case PARSE_COOKIE: - zend_hash_add_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), array_ptr, sizeof(pval *),NULL); + PG(http_globals).cookie = array_ptr; break; } - array_ptr->refcount++; /* If someone overwrites us, array_ptr must stay valid */ } else { array_ptr=NULL; } @@ -247,9 +246,6 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC) if (arg==PARSE_POST) { sapi_handle_post(array_ptr SLS_CC); - if (array_ptr) { - zval_ptr_dtor(&array_ptr); - } return; } @@ -275,9 +271,6 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC) } if (!res) { - if (array_ptr) { - zval_ptr_dtor(&array_ptr); - } return; } @@ -307,9 +300,6 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC) if (free_buffer) { efree(res); } - if (array_ptr) { - zval_ptr_dtor(&array_ptr); - } } @@ -323,7 +313,7 @@ void php_import_environment_variables(ELS_D PLS_DC) ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); - zend_hash_add_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), array_ptr, sizeof(pval *),NULL); + PG(http_globals).environment = array_ptr; } for (env = environ; env != NULL && *env != NULL; env++) { |