derick Wed Nov 26 04:53:23 2003 EDT
Modified files:
/php-src/main php_variables.c rfc1867.c
Log:
- Prevent registration of the variable when a zero-length is returned
from the sapi_input_filter.
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.71 php-src/main/php_variables.c:1.72
--- php-src/main/php_variables.c:1.71 Mon Oct 13 23:49:13 2003
+++ php-src/main/php_variables.c Wed Nov 26 04:53:22 2003
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.71 2003/10/14 03:49:13 iliaa Exp $ */
+/* $Id: php_variables.c,v 1.72 2003/11/26 09:53:22 derick Exp $ */
#include <stdio.h>
#include "php.h"
@@ -213,7 +213,9 @@
php_url_decode(var, strlen(var));
val_len = php_url_decode(val, strlen(val));
val_len = sapi_module.input_filter(PARSE_POST, var, &val,
val_len TSRMLS_CC);
- php_register_variable_safe(var, val, val_len, array_ptr
TSRMLS_CC);
+ if (val_len) {
+ php_register_variable_safe(var, val, val_len,
array_ptr TSRMLS_CC);
+ }
}
var = php_strtok_r(NULL, "&", &strtok_buf);
}
@@ -308,7 +310,9 @@
php_url_decode(var, strlen(var));
val_len = php_url_decode(val, strlen(val));
val_len = sapi_module.input_filter(arg, var, &val, val_len
TSRMLS_CC);
- php_register_variable_safe(var, val, val_len, array_ptr
TSRMLS_CC);
+ if (val_len) {
+ php_register_variable_safe(var, val, val_len,
array_ptr TSRMLS_CC);
+ }
} else {
php_url_decode(var, strlen(var));
php_register_variable_safe(var, "", 0, array_ptr TSRMLS_CC);
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.146 php-src/main/rfc1867.c:1.147
--- php-src/main/rfc1867.c:1.146 Wed Nov 12 17:34:58 2003
+++ php-src/main/rfc1867.c Wed Nov 26 04:53:22 2003
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: rfc1867.c,v 1.146 2003/11/12 22:34:58 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.147 2003/11/26 09:53:22 derick Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -881,22 +881,25 @@
if (!filename && param) {
char *value = multipart_buffer_read_body(mbuff
TSRMLS_CC);
+ int val_len;
if (!value) {
value = estrdup("");
}
- sapi_module.input_filter(PARSE_POST, param, &value,
strlen(value) TSRMLS_CC);
+ val_len = sapi_module.input_filter(PARSE_POST, param,
&value, strlen(value) TSRMLS_CC);
+ if (val_len) {
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
- if (php_mb_encoding_translation(TSRMLS_C)) {
- php_mb_gpc_stack_variable(param, value,
&val_list, &len_list,
-
&num_vars, &num_vars_max TSRMLS_CC);
- } else {
- safe_php_register_variable(param, value,
array_ptr, 0 TSRMLS_CC);
- }
+ if (php_mb_encoding_translation(TSRMLS_C)) {
+ php_mb_gpc_stack_variable(param,
value, &val_list, &len_list,
+
&num_vars, &num_vars_max TSRMLS_CC);
+ } else {
+ safe_php_register_variable(param,
value, array_ptr, 0 TSRMLS_CC);
+ }
#else
- safe_php_register_variable(param, value, array_ptr, 0
TSRMLS_CC);
+ safe_php_register_variable(param, value,
array_ptr, 0 TSRMLS_CC);
#endif
+ }
if (!strcasecmp(param, "MAX_FILE_SIZE")) {
max_file_size = atol(value);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
