iliaa Sun Mar 18 16:36:13 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/mbstring mb_gpc.c
Log:
Fixed MOPB-26-2007 mb_parse_str() can be used to activate register_globals
# Discovered by Stefan Esser
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/mb_gpc.c?r1=1.17.2.2.2.2&r2=1.17.2.2.2.3&diff_format=u
Index: php-src/ext/mbstring/mb_gpc.c
diff -u php-src/ext/mbstring/mb_gpc.c:1.17.2.2.2.2
php-src/ext/mbstring/mb_gpc.c:1.17.2.2.2.3
--- php-src/ext/mbstring/mb_gpc.c:1.17.2.2.2.2 Mon Jan 1 09:36:02 2007
+++ php-src/ext/mbstring/mb_gpc.c Sun Mar 18 16:36:13 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mb_gpc.c,v 1.17.2.2.2.2 2007/01/01 09:36:02 sebastian Exp $ */
+/* $Id: mb_gpc.c,v 1.17.2.2.2.3 2007/03/18 16:36:13 iliaa Exp $ */
/* {{{ includes */
#ifdef HAVE_CONFIG_H
@@ -208,9 +208,8 @@
/* register_globals stuff
* XXX: this feature is going to be deprecated? */
- if (info->force_register_globals) {
- prev_rg_state = PG(register_globals);
- PG(register_globals) = 1;
+ if (info->force_register_globals && !(prev_rg_state =
PG(register_globals))) {
+ zend_alter_ini_entry("register_globals",
sizeof("register_globals"), "1", sizeof("1")-1, PHP_INI_PERDIR,
PHP_INI_STAGE_RUNTIME);
}
if (!res || *res == '\0') {
@@ -343,8 +342,8 @@
out:
/* register_global stuff */
- if (info->force_register_globals) {
- PG(register_globals) = prev_rg_state;
+ if (info->force_register_globals && !prev_rg_state) {
+ zend_alter_ini_entry("register_globals",
sizeof("register_globals"), "0", sizeof("0")-1, PHP_INI_PERDIR,
PHP_INI_STAGE_RUNTIME);
}
if (convd != NULL) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
