stas Fri Apr 13 00:42:48 2007 UTC
Modified files: (Branch: PHP_4_4)
/php-src/main rfc1867.c php_variables.c
Log:
fix for #38236 (patch by [EMAIL PROTECTED])
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.122.2.34.2.3&r2=1.122.2.34.2.4&diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.122.2.34.2.3
php-src/main/rfc1867.c:1.122.2.34.2.4
--- php-src/main/rfc1867.c:1.122.2.34.2.3 Mon Jan 1 09:46:50 2007
+++ php-src/main/rfc1867.c Fri Apr 13 00:42:48 2007
@@ -16,7 +16,7 @@
| Jani Taskinen <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: rfc1867.c,v 1.122.2.34.2.3 2007/01/01 09:46:50 sebastian Exp $ */
+/* $Id: rfc1867.c,v 1.122.2.34.2.4 2007/04/13 00:42:48 stas Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -37,7 +37,7 @@
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
#include "ext/mbstring/mbstring.h"
-static void safe_php_register_variable(char *var, char *strval, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC);
+static void safe_php_register_variable(char *var, char *strval, int val_len,
zval *track_vars_array, zend_bool override_protection TSRMLS_DC);
#define SAFE_RETURN { \
php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr
TSRMLS_CC); \
@@ -61,7 +61,7 @@
php_mb_gpc_encoding_converter(val_list, len_list,
num_vars, NULL, NULL TSRMLS_CC);
}
for (i=0; i<num_vars; i+=2){
- safe_php_register_variable(val_list[i], val_list[i+1],
array_ptr, 0 TSRMLS_CC);
+ safe_php_register_variable(val_list[i], val_list[i+1],
len_list[i+1], array_ptr, 0 TSRMLS_CC);
efree(val_list[i]);
efree(val_list[i+1]);
}
@@ -215,10 +215,10 @@
}
-static void safe_php_register_variable(char *var, char *strval, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC)
+static void safe_php_register_variable(char *var, char *strval, int val_len,
zval *track_vars_array, zend_bool override_protection TSRMLS_DC)
{
if (override_protection || !is_protected_variable(var TSRMLS_CC)) {
- php_register_variable(var, strval, track_vars_array TSRMLS_CC);
+ php_register_variable_safe(var, strval, val_len,
track_vars_array TSRMLS_CC);
}
}
@@ -236,7 +236,7 @@
int register_globals = PG(register_globals);
PG(register_globals) = 0;
- safe_php_register_variable(strvar, val, http_post_files,
override_protection TSRMLS_CC);
+ safe_php_register_variable(strvar, val, strlen(val), http_post_files,
override_protection TSRMLS_CC);
PG(register_globals) = register_globals;
}
@@ -749,7 +749,7 @@
XXX: this is horrible memory-usage-wise, but we only expect
to do this on small pieces of form data.
*/
-static char *multipart_buffer_read_body(multipart_buffer *self TSRMLS_DC)
+static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int
*len TSRMLS_DC)
{
char buf[FILLUNIT], *out=NULL;
int total_bytes=0, read_bytes=0;
@@ -761,6 +761,7 @@
}
if (out) out[total_bytes] = '\0';
+ *len = total_bytes;
return out;
}
@@ -895,8 +896,8 @@
/* Normal form variable, safe to read all data into
memory */
if (!filename && param) {
-
- char *value = multipart_buffer_read_body(mbuff
TSRMLS_CC);
+ unsigned int value_len;
+ char *value = multipart_buffer_read_body(mbuff,
&value_len TSRMLS_CC);
if (!value) {
value = estrdup("");
@@ -907,10 +908,10 @@
php_mb_gpc_stack_variable(param, value,
&val_list, &len_list,
&num_vars, &num_vars_max TSRMLS_CC);
} else {
- safe_php_register_variable(param,
value, array_ptr, 0 TSRMLS_CC);
+ safe_php_register_variable(param,
value, value_len, array_ptr, 0 TSRMLS_CC);
}
#else
- safe_php_register_variable(param, value,
array_ptr, 0 TSRMLS_CC);
+ safe_php_register_variable(param, value,
value_len, array_ptr, 0 TSRMLS_CC);
#endif
if (!strcasecmp(param, "MAX_FILE_SIZE")) {
max_file_size = atol(value);
@@ -1104,9 +1105,9 @@
filedone:
#endif
if (s && s > filename) {
- safe_php_register_variable(lbuf, s+1, NULL, 0
TSRMLS_CC);
+ safe_php_register_variable(lbuf, s+1,
strlen(s+1), NULL, 0 TSRMLS_CC);
} else {
- safe_php_register_variable(lbuf, filename,
NULL, 0 TSRMLS_CC);
+ safe_php_register_variable(lbuf, filename,
strlen(filename), NULL, 0 TSRMLS_CC);
}
/* Add $foo[name] */
@@ -1140,7 +1141,7 @@
} else {
sprintf(lbuf, "%s_type", param);
}
- safe_php_register_variable(lbuf, cd, NULL, 0 TSRMLS_CC);
+ safe_php_register_variable(lbuf, cd, strlen(cd), NULL,
0 TSRMLS_CC);
/* Add $foo[type] */
if (is_arr_upload) {
@@ -1162,7 +1163,7 @@
magic_quotes_gpc = PG(magic_quotes_gpc);
PG(magic_quotes_gpc) = 0;
/* if param is of form xxx[.*] this will cut it to xxx
*/
- safe_php_register_variable(param, temp_filename, NULL,
1 TSRMLS_CC);
+ safe_php_register_variable(param, temp_filename,
strlen(temp_filename), NULL, 1 TSRMLS_CC);
/* Add $foo[tmp_name] */
if (is_arr_upload) {
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.9&r2=1.45.2.13.2.10&diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.9
php-src/main/php_variables.c:1.45.2.13.2.10
--- php-src/main/php_variables.c:1.45.2.13.2.9 Mon Mar 26 11:19:37 2007
+++ php-src/main/php_variables.c Fri Apr 13 00:42:48 2007
@@ -16,7 +16,7 @@
| Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.45.2.13.2.9 2007/03/26 11:19:37 tony2001 Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.10 2007/04/13 00:42:48 stas Exp $ */
#include <stdio.h>
#include "php.h"
@@ -225,27 +225,33 @@
SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
{
- char *var, *val;
- char *strtok_buf = NULL;
+ char *var, *val, *e, *s, *p;
zval *array_ptr = (zval *) arg;
if (SG(request_info).post_data==NULL) {
return;
}
- var = php_strtok_r(SG(request_info).post_data, "&", &strtok_buf);
+ s = SG(request_info).post_data;
+ e = s + SG(request_info).post_data_length;
- while (var) {
- val = strchr(var, '=');
- if (val) { /* have a value */
+ while (s < e && (p = memchr(s, '&', (e - s)))) {
+last_value:
+ if ((val = memchr(s, '=', (p - s)))) { /* have a value */
int val_len;
- *val++ = '\0';
- php_url_decode(var, strlen(var));
- val_len = php_url_decode(val, strlen(val));
+ var = s;
+
+ php_url_decode(var, (val - s));
+ val++;
+ val_len = php_url_decode(val, (p - val));
php_register_variable_safe(var, val, val_len, array_ptr
TSRMLS_CC);
}
- var = php_strtok_r(NULL, "&", &strtok_buf);
+ s = p + 1;
+ }
+ if (s < e) {
+ p = e;
+ goto last_value;
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
