cgi cgi_main.c

Ilia Alshanetsky Wed, 25 Oct 2006 07:05:33 -0700

Fixed, thanks for the info.


On 25-Oct-06, at 5:06 AM, Dmitry Stogov wrote:

Hi Ilia,

CGI is even doesn't compile after you patch.

Dmitry.

-----Original Message-----
From: Ilia Alshanetsky [mailto:[EMAIL PROTECTED]
Sent: Monday, October 23, 2006 11:18 PM
To: php-cvs@lists.php.net
Subject: [PHP-CVS] cvs: php-src /sapi/apache mod_php5.c
/sapi/apache2filter sapi_apache2.c /sapi/apache2handler
sapi_apache2.c /sapi/cgi cgi_main.c


iliaa           Mon Oct 23 19:17:51 2006 UTC

  Modified files:
    /php-src/sapi/apache        mod_php5.c
    /php-src/sapi/apache2filter sapi_apache2.c
    /php-src/sapi/apache2handler        sapi_apache2.c
    /php-src/sapi/cgi   cgi_main.c
  Log:
  Added filter support for $_SERVER in cgi/apache2 sapis
  Make sure PHP_SELF if filtered in Apache 1 sapi


http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r
1=1.39&r2=1.40&diff_format=u
Index: php-src/sapi/apache/mod_php5.c
diff -u php-src/sapi/apache/mod_php5.c:1.39
php-src/sapi/apache/mod_php5.c:1.40
--- php-src/sapi/apache/mod_php5.c:1.39 Thu Oct 12 20:13:07 2006
+++ php-src/sapi/apache/mod_php5.c      Mon Oct 23 19:17:50 2006
@@ -17,7 +17,7 @@
    | PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]>
             |

+-------------------------------------------------------------
---------+
  */
-/* $Id: mod_php5.c,v 1.39 2006/10/12 20:13:07 bfrance Exp $ */
+/* $Id: mod_php5.c,v 1.40 2006/10/23 19:17:50 iliaa Exp $ */

 #include "php_apache_http.h"
 #include "http_conf_globals.h"
@@ -242,10 +242,11 @@
        table_entry *elts = (table_entry *) arr->elts;
        zval **path_translated;
        HashTable *symbol_table;
+       int new_val_len;

        for (i = 0; i < arr->nelts; i++) {
                char *val;
-               int val_len, new_val_len;
+               int val_len;

                if (elts[i].val) {
                        val = elts[i].val;
@@ -270,7 +271,9 @@
                php_register_variable("PATH_TRANSLATED",
Z_STRVAL_PP(path_translated), track_vars_array TSRMLS_CC);
        }

-       php_register_variable("PHP_SELF", ((request_rec *)
SG(server_context))->uri, track_vars_array TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF",
&((request_rec *) SG(server_context))->uri,
strlen(((request_rec *) SG(server_context))->uri),
&new_val_len TSRMLS_CC)) {
+               php_register_variable("PHP_SELF", ((request_rec
*) SG(server_context))->uri, track_vars_array TSRMLS_CC);
+       }
 }
 /* }}} */

http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2filter/sapi_
apache2.c?r1=1.141&r2=1.142&diff_format=u
Index: php-src/sapi/apache2filter/sapi_apache2.c
diff -u php-src/sapi/apache2filter/sapi_apache2.c:1.141
php-src/sapi/apache2filter/sapi_apache2.c:1.142
--- php-src/sapi/apache2filter/sapi_apache2.c:1.141     Tue Jul
25 13:41:08 2006

+++ php-src/sapi/apache2filter/sapi_apache2.c Mon Oct 23 19:17:502006

@@ -18,7 +18,7 @@

+-------------------------------------------------------------
---------+
  */

-/* $Id: sapi_apache2.c,v 1.141 2006/07/25 13:41:08 dmitry Exp $ */
+/* $Id: sapi_apache2.c,v 1.142 2006/10/23 19:17:50 iliaa Exp $ */

 #include <fcntl.h>

@@ -220,11 +220,18 @@
        char *key, *val;
        
        APR_ARRAY_FOREACH_OPEN(arr, key, val)
-               if (!val) val = "";
-               php_register_variable(key, val,
track_vars_array TSRMLS_CC);
+               if (!val) {
+                       val = "";
+               }
+               if (sapi_module.input_filter(PARSE_SERVER, key,
&val, strlen(val), &new_val_len TSRMLS_CC)) {
+                       php_register_variable_safe(key, val,
new_val_len, track_vars_array TSRMLS_CC);
+               }
        APR_ARRAY_FOREACH_CLOSE()
                
        php_register_variable("PHP_SELF", ctx->r->uri,
track_vars_array TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF",
&ctx->r->uri, strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+               php_register_variable_safe("PHP_SELF",
ctx->r->uri, new_val_len, track_vars_array TSRMLS_CC);
+       }
 }

 static void
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/sapi
_apache2.c?r1=1.74&r2=1.75&diff_format=u
Index: php-src/sapi/apache2handler/sapi_apache2.c
diff -u php-src/sapi/apache2handler/sapi_apache2.c:1.74
php-src/sapi/apache2handler/sapi_apache2.c:1.75
--- php-src/sapi/apache2handler/sapi_apache2.c:1.74     Thu Aug
10 13:43:59 2006
+++ php-src/sapi/apache2handler/sapi_apache2.c  Mon Oct
23 19:17:51 2006
@@ -18,7 +18,7 @@

+-------------------------------------------------------------
---------+
  */

-/* $Id: sapi_apache2.c,v 1.74 2006/08/10 13:43:59 tony2001 Exp $ */
+/* $Id: sapi_apache2.c,v 1.75 2006/10/23 19:17:51 iliaa Exp $ */

 #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS

@@ -232,13 +232,20 @@
        php_struct *ctx = SG(server_context);
        const apr_array_header_t *arr =
apr_table_elts(ctx->r->subprocess_env);
        char *key, *val;
+       int new_val_len;

        APR_ARRAY_FOREACH_OPEN(arr, key, val)
-               if (!val) val = "";
-               php_register_variable(key, val,
track_vars_array TSRMLS_CC);
+               if (!val) {
+                       val = "";
+               }
+               if (sapi_module.input_filter(PARSE_SERVER, key,
&val, strlen(val), &new_val_len TSRMLS_CC)) {
+                       php_register_variable_safe(key, val,
new_val_len, track_vars_array TSRMLS_CC);
+               }
        APR_ARRAY_FOREACH_CLOSE()

-       php_register_variable("PHP_SELF", ctx->r->uri,
track_vars_array TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF",
&ctx->r->uri, strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+               php_register_variable_safe("PHP_SELF",
ctx->r->uri, new_val_len, track_vars_array TSRMLS_CC);
+       }
 }

 static void
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1
.300&r2=1.301&diff_format=u
Index: php-src/sapi/cgi/cgi_main.c
diff -u php-src/sapi/cgi/cgi_main.c:1.300
php-src/sapi/cgi/cgi_main.c:1.301
--- php-src/sapi/cgi/cgi_main.c:1.300   Sat Sep 23 12:27:35 2006
+++ php-src/sapi/cgi/cgi_main.c Mon Oct 23 19:17:51 2006
@@ -21,7 +21,7 @@

+-------------------------------------------------------------
---------+
 */

-/* $Id: cgi_main.c,v 1.300 2006/09/23 12:27:35 tony2001 Exp $ */
+/* $Id: cgi_main.c,v 1.301 2006/10/23 19:17:51 iliaa Exp $ */

 #include "php.h"
 #include "php_globals.h"
@@ -467,19 +467,26 @@
                
zend_hash_get_current_key_ex(&request->env, &var, &var_len,
&idx, 0, &pos) == HASH_KEY_IS_STRING &&
                
zend_hash_get_current_data_ex(&request->env, (void **) &val,
&pos) == SUCCESS;
                     zend_hash_move_forward_ex(&request->env, &pos)) {
-                       php_register_variable(var.s, *val,
array_ptr TSRMLS_CC);
+                       int new_val_len;
+                       if
(sapi_module.input_filter(PARSE_SERVER, var.s, val,
strlen(*val), &new_val_len TSRMLS_CC)) {
+                               
php_register_variable_safe(var.s, *val, new_val_len,
array_ptr TSRMLS_CC);
+                       }
                }
        }
 }

 static void sapi_cgi_register_variables(zval
*track_vars_array TSRMLS_DC)  {
+       int new_val_len;
+       char *val = SG(request_info).request_uri ?
+SG(request_info).request_uri : "";
        /* In CGI mode, we consider the environment to be a
part of the server
         * variables
         */
        php_import_environment_variables(track_vars_array TSRMLS_CC);
        /* Build the special-case PHP_SELF variable for the CGI
version */
-       php_register_variable("PHP_SELF",
(SG(request_info).request_uri ? SG(request_info).request_uri
: ""), track_vars_array TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF",
&val, strlen(val), &new_val_len TSRMLS_CC)) {
+               php_register_variable_safe("PHP_SELF", var,
new_val_len, track_vars_array TSRMLS_CC);
+       }
 }

 static void sapi_cgi_log_message(char *message)

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


Ilia Alshanetsky

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] cvs: php-src /sapi/apache mod_php5.c /sapi/apache2filter sapi_apache2.c /sapi/apache2handler sapi_apache2.c /sapi/cgi cgi_main.c

Reply via email to