Commit:    7fcbe4d5467300a0acee78330a0cdc9d1cbf05ad
Author:    Xinchen Hui <larue...@php.net>         Wed, 7 Nov 2012 17:05:24 +0800
Parents:   0ee5d18f91d731636f3ba39c7487e2a8cf04fa36
Branches:  PHP-5.3

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=7fcbe4d5467300a0acee78330a0cdc9d1cbf05ad

Log:
Fixed bug #63447 (max_input_vars doesn't filter variables when 
mbstring.encoding_translation = On)

Bugs:
https://bugs.php.net/63447

Changed paths:
  M  NEWS
  M  ext/mbstring/mb_gpc.c
  A  ext/mbstring/tests/bug63447_001.phpt
  A  ext/mbstring/tests/bug63447_002.phpt
  A  ext/mbstring/tests/bug63447_003.phpt


Diff:
diff --git a/NEWS b/NEWS
index 83274c2..d03a2da 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,10 @@ PHP                                                          
              NEWS
   . Fixed bug #63389 (Missing context check on libxml_set_streams_context()
     causes memleak). (Laruence)
 
+- Mbstring:
+  . Fixed bug #63447 (max_input_vars doesn't filter variables when
+    mbstring.encoding_translation = On). (Laruence)
+
 - MySQL:
   . Fixed compilation failure on mixed 32/64 bit systems. (Andrey)
 
diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c
index dd60302..b35ece3 100644
--- a/ext/mbstring/mb_gpc.c
+++ b/ext/mbstring/mb_gpc.c
@@ -262,6 +262,12 @@ enum mbfl_no_encoding _php_mb_encoding_handler_ex(const 
php_mb_encoding_handler_
                n++;
                var = php_strtok_r(NULL, info->separator, &strtok_buf);
        } 
+
+       if (n > (PG(max_input_vars) * 2)) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables 
exceeded %ld. To increase the limit change max_input_vars in php.ini.", 
PG(max_input_vars));
+               goto out;
+       }
+
        num = n; /* make sure to process initilized vars only */
        
        /* initialize converter */
diff --git a/ext/mbstring/tests/bug63447_001.phpt 
b/ext/mbstring/tests/bug63447_001.phpt
new file mode 100644
index 0000000..5130299
--- /dev/null
+++ b/ext/mbstring/tests/bug63447_001.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #63447 (max_input_vars doesn't filter variables when 
mbstring.encoding_translation = On)
+--SKIPIF--
+<?php
+extension_loaded('mbstring') or die('skip');
+?>
+--INI--
+max_input_nesting_level=10
+max_input_vars=5
+mbstring.encoding_translation=1
+--POST--
+a=1&b=2&c=3&d=4&e=5&f=6
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECT--
+Warning: Unknown: Input variables exceeded 5. To increase the limit change 
max_input_vars in php.ini. in Unknown on line 0
+array(0) {
+}
diff --git a/ext/mbstring/tests/bug63447_002.phpt 
b/ext/mbstring/tests/bug63447_002.phpt
new file mode 100644
index 0000000..e51089b
--- /dev/null
+++ b/ext/mbstring/tests/bug63447_002.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Bug #63447 (max_input_vars doesn't filter variables when 
mbstring.encoding_translation = On)
+--SKIPIF--
+<?php
+extension_loaded('mbstring') or die('skip');
+?>
+--INI--
+max_input_nesting_level=10
+max_input_vars=4
+mbstring.encoding_translation=1
+--POST--
+a=1&b=2&c=3&d=4&e=5
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECT--
+Warning: Unknown: Input variables exceeded 4. To increase the limit change 
max_input_vars in php.ini. in Unknown on line 0
+array(0) {
+}
diff --git a/ext/mbstring/tests/bug63447_003.phpt 
b/ext/mbstring/tests/bug63447_003.phpt
new file mode 100644
index 0000000..a4a7e14
--- /dev/null
+++ b/ext/mbstring/tests/bug63447_003.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Bug #63447 (max_input_vars doesn't filter variables when 
mbstring.encoding_translation = On)
+--SKIPIF--
+<?php
+extension_loaded('mbstring') or die('skip');
+?>
+--INI--
+max_input_nesting_level=5
+max_input_vars=100
+mbstring.encoding_translation=1
+--POST--
+a=1&b[][][]=2&c[][][][][][]=7
+--FILE--
+<?php
+print_r($_POST);
+?>
+--EXPECT--
+Array
+(
+    [a] => 1
+    [b] => Array
+        (
+            [0] => Array
+                (
+                    [0] => Array
+                        (
+                            [0] => 2
+                        )
+
+                )
+
+        )
+
+)


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to