Hi Stanislav
The documentation team would appreciate if you would use the new [DOC]
tag in the future to cc the documentation mailing list so we have at
least some hope in catching new features and document them in time for
new release.
-Hannes
On 3/2/07, Stanislav Malyshev <[EMAIL PROTECTED]> wrote:
stas Fri Mar 2 21:58:05 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/main main.c php_globals.h php_variables.c
Log:
limit nesting level of input variables
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.640.2.23.2.30&r2=1.640.2.23.2.31&diff_format=u
Index: php-src/main/main.c
diff -u php-src/main/main.c:1.640.2.23.2.30 php-src/main/main.c:1.640.2.23.2.31
--- php-src/main/main.c:1.640.2.23.2.30 Wed Feb 7 21:01:06 2007
+++ php-src/main/main.c Fri Mar 2 21:58:05 2007
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: main.c,v 1.640.2.23.2.30 2007/02/07 21:01:06 helly Exp $ */
+/* $Id: main.c,v 1.640.2.23.2.31 2007/03/02 21:58:05 stas Exp $ */
/* {{{ includes
*/
@@ -305,6 +305,7 @@
STD_PHP_INI_ENTRY("upload_max_filesize", "2M",
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, upload_max_filesize,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("post_max_size", "8M",
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size,
sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY("upload_tmp_dir", NULL,
PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir,
php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("max_input_nesting_level", "64",
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("user_dir", NULL,
PHP_INI_SYSTEM, OnUpdateString, user_dir,
php_core_globals, core_globals)
STD_PHP_INI_ENTRY("variables_order", "EGPCS",
PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order,
php_core_globals, core_globals)
http://cvs.php.net/viewvc.cgi/php-src/main/php_globals.h?r1=1.98.2.1.2.4&r2=1.98.2.1.2.5&diff_format=u
Index: php-src/main/php_globals.h
diff -u php-src/main/php_globals.h:1.98.2.1.2.4
php-src/main/php_globals.h:1.98.2.1.2.5
--- php-src/main/php_globals.h:1.98.2.1.2.4 Mon Jan 1 09:36:11 2007
+++ php-src/main/php_globals.h Fri Mar 2 21:58:05 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_globals.h,v 1.98.2.1.2.4 2007/01/01 09:36:11 sebastian Exp $ */
+/* $Id: php_globals.h,v 1.98.2.1.2.5 2007/03/02 21:58:05 stas Exp $ */
#ifndef PHP_GLOBALS_H
#define PHP_GLOBALS_H
@@ -155,6 +155,7 @@
#ifdef PHP_WIN32
zend_bool com_initialized;
#endif
+ long max_input_nesting_level;
};
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.4&r2=1.104.2.10.2.5&diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.104.2.10.2.4
php-src/main/php_variables.c:1.104.2.10.2.5
--- php-src/main/php_variables.c:1.104.2.10.2.4 Sat Jan 20 22:16:24 2007
+++ php-src/main/php_variables.c Fri Mar 2 21:58:05 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.104.2.10.2.4 2007/01/20 22:16:24 iliaa Exp $ */
+/* $Id: php_variables.c,v 1.104.2.10.2.5 2007/03/02 21:58:05 stas Exp $ */
#include <stdio.h>
#include "php.h"
@@ -119,10 +119,16 @@
index_len = var_len;
if (is_array) {
+ int nest_level = 0;
while (1) {
char *index_s;
int new_idx_len = 0;
+ if(++nest_level > PG(max_nesting_level)) {
+ /* too many levels of nesting */
+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input
variable nesting level more than allowed %d (change max_input_nesting_level in php.ini to
increase the limit)", PG(max_input_nesting_level));
+ }
+
ip++;
index_s = ip;
if (isspace(*ip)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
