[PHP-CVS] cvs: php-src(PHP_4_3) /main rfc1867.c

Sun, 12 Sep 2004 03:46:49 -0700 

sesser          Sun Sep 12 06:46:49 2004 EDT

  Modified files:              (Branch: PHP_4_3)
    /php-src/main       rfc1867.c 
  Log:
  MFH
  
  
  
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.122.2.24&r2=1.122.2.25&ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.122.2.24 php-src/main/rfc1867.c:1.122.2.25
--- php-src/main/rfc1867.c:1.122.2.24   Wed Aug 11 00:31:03 2004
+++ php-src/main/rfc1867.c      Sun Sep 12 06:46:49 2004
@@ -16,7 +16,7 @@
    |          Jani Taskinen <[EMAIL PROTECTED]>                              |
    +----------------------------------------------------------------------+
  */
-/* $Id: rfc1867.c,v 1.122.2.24 2004/08/11 04:31:03 pollita Exp $ */
+/* $Id: rfc1867.c,v 1.122.2.25 2004/09/12 10:46:49 sesser Exp $ */
 
 /*
  *  This product includes software developed by the Apache Group
@@ -932,6 +932,25 @@
                                }
                                SAFE_RETURN;
                        }
+                       
+                       /* New Rule: never repair potential malicious user input */
+                       if (!skip_upload) {
+                               char *tmp = param;
+                               long c = 0;
+                               
+                               while (*tmp) {
+                                       if (*tmp == '[') {
+                                               c++;
+                                       } else if (*tmp == ']') {
+                                               c--;
+                                       }
+                                       if (c < 0) {
+                                               skip_upload = 1;
+                                               break;
+                                       }
+                                       tmp++;                          
+                               }
+                       }
 
                        if (!skip_upload) {
                                /* Handle file */
@@ -1000,10 +1019,6 @@
                         * start_arr is set to point to 1st [
                         */
                        is_arr_upload = (start_arr = strchr(param,'[')) && 
(param[strlen(param)-1] == ']');
-                       /* handle unterminated [ */
-                       if (!is_arr_upload && start_arr) {
-                               *start_arr = '_';
-                       }
 
                        if (is_arr_upload) {
                                array_len = strlen(start_arr);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to