iliaa Sun Jun 3 16:19:55 2007 UTC
Modified files:
/php-src/tests/basic 027.phpt
/php-src/main php_variables.c
Log:
MFB: Improved fix for MOPB-02-2007
http://cvs.php.net/viewvc.cgi/php-src/tests/basic/027.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/tests/basic/027.phpt
diff -u /dev/null php-src/tests/basic/027.phpt:1.2
--- /dev/null Sun Jun 3 16:19:55 2007
+++ php-src/tests/basic/027.phpt Sun Jun 3 16:19:55 2007
@@ -0,0 +1,35 @@
+--TEST--
+Handling of max_input_nesting_level being reached
+--INI--
+magic_quotes_gpc=0
+always_populate_raw_post_data=0
+display_errors=0
+max_input_nesting_level=10
+track_errors=1
+log_errors=0
+--SKIPIF--
+<?php if (php_sapi_name()=='cli') echo 'skip'; ?>
+--POST--
+a=1&b=ZYX&c[][][][][][][][][][][][][][][][][][][][][][]=123&d=123&e[][]][]=3
+--FILE--
+<?php
+var_dump($_POST, $php_errormsg);
+?>
+--EXPECT--
+array(4) {
+ ["a"]=>
+ string(1) "1"
+ ["b"]=>
+ string(3) "ZYX"
+ ["d"]=>
+ string(3) "123"
+ ["e"]=>
+ array(1) {
+ [0]=>
+ array(1) {
+ [0]=>
+ string(1) "3"
+ }
+ }
+}
+string(124) "Unknown: Input variable nesting level more than allowed 10
(change max_input_nesting_level in php.ini to increase the limit)"
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.138&r2=1.139&diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.138 php-src/main/php_variables.c:1.139
--- php-src/main/php_variables.c:1.138 Wed Mar 28 09:13:55 2007
+++ php-src/main/php_variables.c Sun Jun 3 16:19:55 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.138 2007/03/28 09:13:55 tony2001 Exp $ */
+/* $Id: php_variables.c,v 1.139 2007/06/03 16:19:55 iliaa Exp $ */
#include <stdio.h>
#include "php.h"
@@ -133,8 +133,22 @@
int new_idx_len = 0;
if(++nest_level > PG(max_input_nesting_level)) {
+ HashTable *ht;
/* too many levels of nesting */
- php_error_docref(NULL TSRMLS_CC, E_ERROR,
"Input variable nesting level more than allowed %ld (change
max_input_nesting_level in php.ini to increase the limit)",
PG(max_input_nesting_level));
+
+ if (track_vars_array) {
+ ht = Z_ARRVAL_P(track_vars_array);
+ } else if (PG(register_globals)) {
+ ht = EG(active_symbol_table);
+ }
+
+ zend_hash_del(ht, var, var_len + 1);
+ zval_dtor(val);
+
+ if (!PG(display_errors)) {
+ php_error_docref(NULL TSRMLS_CC,
E_WARNING, "Input variable nesting level more than allowed %ld (change
max_input_nesting_level in php.ini to increase the limit)",
PG(max_input_nesting_level));
+ }
+ return;
}
ip++;
@@ -150,9 +164,9 @@
/* PHP variables cannot contain '[' in
their names, so we replace the character with a '_' */
*(index_s - 1) = '_';
- index_len = var_len = 0;
+ index_len = 0;
if (index) {
- index_len = var_len =
strlen(index);
+ index_len = strlen(index);
}
goto plain_var;
return;
@@ -818,8 +832,6 @@
{
char *p;
unsigned char _gpc_flags[5] = {0, 0, 0, 0, 0};
- zval *dummy_track_vars_array = NULL;
- zend_bool initialized_dummy_track_vars_array=0;
zend_bool jit_initialization = PG(auto_globals_jit);
struct auto_global_record {
char *name;
@@ -893,15 +905,9 @@
continue;
}
if (!PG(http_globals)[i]) {
- if (!initialized_dummy_track_vars_array) {
- ALLOC_ZVAL(dummy_track_vars_array);
- array_init(dummy_track_vars_array);
- INIT_PZVAL(dummy_track_vars_array);
- initialized_dummy_track_vars_array = 1;
- } else {
- dummy_track_vars_array->refcount++;
- }
- PG(http_globals)[i] = dummy_track_vars_array;
+ ALLOC_ZVAL(PG(http_globals)[i]);
+ array_init(PG(http_globals)[i]);
+ INIT_PZVAL(PG(http_globals)[i]);
}
PG(http_globals)[i]->refcount++;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
