iliaa Tue Jan 9 15:31:36 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/ext/session session.c
Log:
MFH: Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.336.2.53.2.12&r2=1.336.2.53.2.13&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.336.2.53.2.12
php-src/ext/session/session.c:1.336.2.53.2.13
--- php-src/ext/session/session.c:1.336.2.53.2.12 Mon Jan 1 09:46:47 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:36 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.336.2.53.2.12 2007/01/01 09:46:47 sebastian Exp $ */
+/* $Id: session.c,v 1.336.2.53.2.13 2007/01/09 15:31:36 iliaa Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -284,6 +284,10 @@
zend_hash_find(&EG(symbol_table), name, namelen + 1,
(void *) &sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY &&
Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global ==
PS(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL && sym_track == NULL) {
zval *empty_var;
@@ -313,7 +317,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void
*)&old_symbol) == SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY &&
Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol ==
PS(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already.
That
* symbol might have been created by other means (e.g.
$_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
