Feel free to add one ;-)
On 9-Jan-07, at 1:13 PM, Nuno Lopes wrote:
I think this one needs a test..
----- Original Message ----- From: "Ilia Alshanetsky" <[EMAIL PROTECTED]>
To: <php-cvs@lists.php.net>
Sent: Tuesday, January 09, 2007 3:31 PM
Subject: [PHP-CVS] cvs: php-src(PHP_5_2) /ext/session session.c
iliaa Tue Jan 9 15:31:12 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/session session.c
Log:
Prevent SESSION/GLOBALS overload via session decoding
http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?
r1=1.417.2.8.2.24&r2=1.417.2.8.2.25&diff_format=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.417.2.8.2.24 php-src/ext/
session/session.c:1.417.2.8.2.25
--- php-src/ext/session/session.c:1.417.2.8.2.24 Mon Jan 1
09:36:06 2007
+++ php-src/ext/session/session.c Tue Jan 9 15:31:12 2007
@@ -17,7 +17,7 @@
+--------------------------------------------------------------------
--+
*/
-/* $Id: session.c,v 1.417.2.8.2.24 2007/01/01 09:36:06 sebastian
Exp $ */
+/* $Id: session.c,v 1.417.2.8.2.25 2007/01/09 15:31:12 iliaa Exp
$ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -331,6 +331,10 @@
zend_hash_find(&EG(symbol_table), name, namelen + 1,
(void *) &sym_global);
+ if ((Z_TYPE_PP(sym_global) == IS_ARRAY && Z_ARRVAL_PP
(sym_global) == &EG(symbol_table)) || *sym_global == PS
(http_session_vars)) {
+ return;
+ }
+
if (sym_global == NULL && sym_track == NULL) {
zval *empty_var;
@@ -360,7 +364,10 @@
if (PG(register_globals)) {
zval **old_symbol;
if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void *)
&old_symbol) == SUCCESS) {
-
+ if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && Z_ARRVAL_PP
(old_symbol) == &EG(symbol_table)) || *old_symbol == PS
(http_session_vars)) {
+ return;
+ }
+
/*
* A global symbol with the same name exists already. That
* symbol might have been created by other means (e.g. $_GET).
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php