diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2005-10-05 00:43:38 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2005-10-05 00:43:38 +0000 |
| commit | f2ed06347bc8e8f516823a3c613cca6d059d61cd (patch) | |
| tree | 51ddfa548b86b7f48a34317cc482ca037f8c912d /sapi/apache2handler/sapi_apache2.c | |
| parent | 1b8ecbcf54bc9601df9eb6e481901aff9bd303f0 (diff) | |
| download | php-git-f2ed06347bc8e8f516823a3c613cca6d059d61cd.tar.gz | |
MFH: Fixed possible INI setting leak via virtual() in Apache 2 sapi.
Diffstat (limited to 'sapi/apache2handler/sapi_apache2.c')
| -rw-r--r-- | sapi/apache2handler/sapi_apache2.c | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c index aadf451226..88e48cc37b 100644 --- a/sapi/apache2handler/sapi_apache2.c +++ b/sapi/apache2handler/sapi_apache2.c @@ -453,6 +453,11 @@ static int php_handler(request_rec *r) request_rec *parent_req = NULL; TSRMLS_FETCH(); +#define PHPAP_INI_OFF \ + if (strcmp(r->protocol, "INCLUDED")) { \ + zend_try { zend_ini_deactivate(TSRMLS_C); } zend_end_try(); \ + } \ + conf = ap_get_module_config(r->per_dir_config, &php5_module); /* apply_config() needs r in some cases, so allocate server_context early */ @@ -475,9 +480,7 @@ normal: if (strcmp(r->handler, PHP_MAGIC_TYPE) && strcmp(r->handler, PHP_SOURCE_MAGIC_TYPE) && strcmp(r->handler, PHP_SCRIPT)) { /* Check for xbithack in this case. */ if (!AP2(xbithack) || strcmp(r->handler, "text/html") || !(r->finfo.protection & APR_UEXECUTE)) { - zend_try { - zend_ini_deactivate(TSRMLS_C); - } zend_end_try(); + PHPAP_INI_OFF; return DECLINED; } } @@ -486,32 +489,24 @@ normal: * the configuration; default behaviour is to accept. */ if (r->used_path_info == AP_REQ_REJECT_PATH_INFO && r->path_info && r->path_info[0]) { - zend_try { - zend_ini_deactivate(TSRMLS_C); - } zend_end_try(); + PHPAP_INI_OFF; return HTTP_NOT_FOUND; } /* handle situations where user turns the engine off */ if (!AP2(engine)) { - zend_try { - zend_ini_deactivate(TSRMLS_C); - } zend_end_try(); + PHPAP_INI_OFF; return DECLINED; } if (r->finfo.filetype == 0) { php_apache_sapi_log_message_ex("script '%s' not found or unable to stat", r); - zend_try { - zend_ini_deactivate(TSRMLS_C); - } zend_end_try(); + PHPAP_INI_OFF; return HTTP_NOT_FOUND; } if (r->finfo.filetype == APR_DIR) { php_apache_sapi_log_message_ex("attempt to invoke directory '%s' as script", r); - zend_try { - zend_ini_deactivate(TSRMLS_C); - } zend_end_try(); + PHPAP_INI_OFF; return HTTP_FORBIDDEN; } |