thetaphi Wed Jul 2 09:39:41 2003 EDT
Modified files:
/php-src/sapi/nsapi nsapi.c
Log:
prevent user from making nested PHP requests using virtual()
Index: php-src/sapi/nsapi/nsapi.c
diff -u php-src/sapi/nsapi/nsapi.c:1.47 php-src/sapi/nsapi/nsapi.c:1.48
--- php-src/sapi/nsapi/nsapi.c:1.47 Sun Jun 15 07:50:17 2003
+++ php-src/sapi/nsapi/nsapi.c Wed Jul 2 09:39:41 2003
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: nsapi.c,v 1.47 2003/06/15 11:50:17 edink Exp $ */
+/* $Id: nsapi.c,v 1.48 2003/07/02 13:39:41 thetaphi Exp $ */
/*
* PHP includes
@@ -198,7 +198,7 @@
NULL,
NULL,
PHP_MINFO(nsapi),
- "$Id: nsapi.c,v 1.47 2003/06/15 11:50:17 edink Exp $",
+ "$Revision: 1.48 $",
STANDARD_MODULE_PROPERTIES
};
/* }}} */
@@ -822,6 +822,15 @@
TSRMLS_FETCH();
+ /* check if this uri was included in an other PHP script with virtual()
+ by looking for a request context in the current thread */
+ if (SG(server_context)) {
+ /* send 500 internal server error */
+ log_error(LOG_WARN, "php4_execute", sn, rq, "Cannot make nesting PHP
requests with virtual()");
+ protocol_status(sn, rq, 500, NULL);
+ return REQ_ABORTED;
+ }
+
request_context = (nsapi_request_context
*)MALLOC(sizeof(nsapi_request_context));
request_context->pb = pb;
request_context->sn = sn;
@@ -869,6 +878,7 @@
nsapi_free((void*)(SG(request_info).content_type));
FREE(request_context);
+ SG(server_context) = NULL;
return retval;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
