thetaphi Wed Jul 2 09:37:39 2003 EDT
Modified files: (Branch: PHP_4_3)
/php-src/sapi/nsapi nsapi.c
Log:
Prevent user from making nested PHP requests with virtual()
Index: php-src/sapi/nsapi/nsapi.c
diff -u php-src/sapi/nsapi/nsapi.c:1.28.2.14 php-src/sapi/nsapi/nsapi.c:1.28.2.15
--- php-src/sapi/nsapi/nsapi.c:1.28.2.14 Sun Jun 1 17:15:52 2003
+++ php-src/sapi/nsapi/nsapi.c Wed Jul 2 09:37:39 2003
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: nsapi.c,v 1.28.2.14 2003/06/01 21:15:52 thetaphi Exp $ */
+/* $Id: nsapi.c,v 1.28.2.15 2003/07/02 13:37:39 thetaphi Exp $ */
/*
* PHP includes
@@ -203,7 +203,7 @@
NULL,
NULL,
PHP_MINFO(nsapi),
- "$Id: nsapi.c,v 1.28.2.14 2003/06/01 21:15:52 thetaphi Exp $",
+ "$Revision: 1.28.2.15 $",
STANDARD_MODULE_PROPERTIES
};
/* }}} */
@@ -827,6 +827,15 @@
TSRMLS_FETCH();
+ /* check if this uri was included in an other PHP script with virtual()
+ by looking for a request context in the current thread */
+ if (SG(server_context)) {
+ /* send 500 internal server error */
+ log_error(LOG_WARN, "php4_execute", sn, rq, "Cannot make nesting PHP
requests with virtual()");
+ protocol_status(sn, rq, 500, NULL);
+ return REQ_ABORTED;
+ }
+
request_context = (nsapi_request_context
*)MALLOC(sizeof(nsapi_request_context));
request_context->pb = pb;
request_context->sn = sn;
@@ -874,6 +883,7 @@
nsapi_free((void*)(SG(request_info).content_type));
FREE(request_context);
+ SG(server_context) = NULL;
return retval;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
