tony2001 Tue May 22 14:34:23 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/standard/tests/general_functions import_request1.phpt
import_request2.phpt
import_request3.phpt
Modified files:
/php-src/ext/standard basic_functions.c php_var.h
Log:
MFH: improve variable name checks
add more tests
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.51&r2=1.725.2.31.2.52&diff_format=u
Index: php-src/ext/standard/basic_functions.c
diff -u php-src/ext/standard/basic_functions.c:1.725.2.31.2.51
php-src/ext/standard/basic_functions.c:1.725.2.31.2.52
--- php-src/ext/standard/basic_functions.c:1.725.2.31.2.51 Thu May 17
06:38:13 2007
+++ php-src/ext/standard/basic_functions.c Tue May 22 14:34:22 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: basic_functions.c,v 1.725.2.31.2.51 2007/05/17 06:38:13 rasmus Exp $ */
+/* $Id: basic_functions.c,v 1.725.2.31.2.52 2007/05/22 14:34:22 tony2001 Exp $
*/
#include "php.h"
#include "php_streams.h"
@@ -6261,51 +6261,25 @@
prefix = va_arg(args, char *);
prefix_len = va_arg(args, uint);
- if (!prefix_len) {
- if (!hash_key->nKeyLength) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric
key detected - possible security hazard.");
- return 0;
- } else if (!strcmp(hash_key->arKey, "GLOBALS")) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
GLOBALS variable overwrite.");
- return 0;
- } else if (*hash_key->arKey == '_' &&
- (
- !strcmp(hash_key->arKey, "_GET") ||
- !strcmp(hash_key->arKey, "_POST") ||
- !strcmp(hash_key->arKey, "_COOKIE") ||
- !strcmp(hash_key->arKey, "_ENV") ||
- !strcmp(hash_key->arKey, "_SERVER") ||
- !strcmp(hash_key->arKey, "_SESSION") ||
- !strcmp(hash_key->arKey, "_FILES") ||
- !strcmp(hash_key->arKey, "_REQUEST")
- )
- ) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
super-global (%s) variable overwrite.", hash_key->arKey);
- return 0;
- } else if (*hash_key->arKey == 'H' &&
- (
- !strcmp(hash_key->arKey,
"HTTP_POST_VARS") ||
- !strcmp(hash_key->arKey,
"HTTP_GET_VARS") ||
- !strcmp(hash_key->arKey,
"HTTP_COOKIE_VARS") ||
- !strcmp(hash_key->arKey,
"HTTP_ENV_VARS") ||
- !strcmp(hash_key->arKey,
"HTTP_SERVER_VARS") ||
- !strcmp(hash_key->arKey,
"HTTP_RAW_POST_DATA") ||
- !strcmp(hash_key->arKey,
"HTTP_POST_FILES")
- )
- ) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
long input array (%s) overwrite.", hash_key->arKey);
- return 0;
- }
+ if (!prefix_len && !hash_key->nKeyLength) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric key
detected - possible security hazard.");
+ return 0;
}
if (hash_key->nKeyLength) {
new_key_len = prefix_len + hash_key->nKeyLength;
- new_key = (char *) emalloc(new_key_len);
+ new_key = (char *) emalloc(new_key_len); /* +1 comes from
nKeyLength */
memcpy(new_key, prefix, prefix_len);
memcpy(new_key+prefix_len, hash_key->arKey,
hash_key->nKeyLength);
} else {
new_key_len = spprintf(&new_key, 0, "%s%ld", prefix,
hash_key->h);
+ new_key_len++;
+ }
+
+ if (php_varname_check(new_key, new_key_len, 0 TSRMLS_CC) == FAILURE) {
+ efree(new_key);
+ return 0;
}
zend_delete_global_variable(new_key, new_key_len-1 TSRMLS_CC);
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/php_var.h?r1=1.30.2.1.2.5&r2=1.30.2.1.2.6&diff_format=u
Index: php-src/ext/standard/php_var.h
diff -u php-src/ext/standard/php_var.h:1.30.2.1.2.5
php-src/ext/standard/php_var.h:1.30.2.1.2.6
--- php-src/ext/standard/php_var.h:1.30.2.1.2.5 Mon Jan 1 09:36:08 2007
+++ php-src/ext/standard/php_var.h Tue May 22 14:34:22 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_var.h,v 1.30.2.1.2.5 2007/01/01 09:36:08 sebastian Exp $ */
+/* $Id: php_var.h,v 1.30.2.1.2.6 2007/05/22 14:34:22 tony2001 Exp $ */
#ifndef PHP_VAR_H
#define PHP_VAR_H
@@ -67,4 +67,48 @@
PHPAPI zend_class_entry *php_create_empty_class(char *class_name, int len);
+static inline int php_varname_check(char *name, int name_len, zend_bool silent
TSRMLS_DC) /* {{{ */
+{
+ if (name_len == sizeof("GLOBALS") && !memcmp(name, "GLOBALS",
sizeof("GLOBALS"))) {
+ if (!silent) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
GLOBALS variable overwrite");
+ }
+ return FAILURE;
+ } else if (name[0] == '_' &&
+ (
+ (name_len == sizeof("_GET") && !memcmp(name, "_GET",
sizeof("_GET"))) ||
+ (name_len == sizeof("_POST") && !memcmp(name, "_POST",
sizeof("_POST"))) ||
+ (name_len == sizeof("_COOKIE") && !memcmp(name, "_COOKIE",
sizeof("_COOKIE"))) ||
+ (name_len == sizeof("_ENV") && !memcmp(name, "_ENV",
sizeof("_ENV"))) ||
+ (name_len == sizeof("_SERVER") && !memcmp(name, "_SERVER",
sizeof("_SERVER"))) ||
+ (name_len == sizeof("_SESSION") && !memcmp(name, "_SESSION",
sizeof("_SESSION"))) ||
+ (name_len == sizeof("_FILES") && !memcmp(name, "_FILES",
sizeof("_FILES"))) ||
+ (name_len == sizeof("_REQUEST") && !memcmp(name, "_REQUEST",
sizeof("_REQUEST")))
+ )
+ ) {
+ if (!silent) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
super-global (%s) variable overwrite", name);
+ }
+ return FAILURE;
+ } else if (name[0] == 'H' &&
+ (
+ (name_len == sizeof("HTTP_POST_VARS") && !memcmp(name,
"HTTP_POST_VARS", sizeof("HTTP_POST_VARS"))) ||
+ (name_len == sizeof("HTTP_GET_VARS") && !memcmp(name,
"HTTP_GET_VARS", sizeof("HTTP_GET_VARS"))) ||
+ (name_len == sizeof("HTTP_COOKIE_VARS") && !memcmp(name,
"HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"))) ||
+ (name_len == sizeof("HTTP_ENV_VARS") && !memcmp(name,
"HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"))) ||
+ (name_len == sizeof("HTTP_SERVER_VARS") && !memcmp(name,
"HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"))) ||
+ (name_len == sizeof("HTTP_SESSION_VARS") && !memcmp(name,
"HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"))) ||
+ (name_len == sizeof("HTTP_RAW_POST_DATA") && !memcmp(name,
"HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA"))) ||
+ (name_len == sizeof("HTTP_POST_FILES") && !memcmp(name,
"HTTP_POST_FILES", sizeof("HTTP_POST_FILES")))
+ )
+ ) {
+ if (!silent) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
long input array (%s) overwrite", name);
+ }
+ return FAILURE;
+ }
+ return SUCCESS;
+}
+/* }}} */
+
#endif /* PHP_VAR_H */
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/general_functions/import_request1.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/general_functions/import_request1.phpt
+++ php-src/ext/standard/tests/general_functions/import_request1.phpt
--TEST--
import_request_variables() test (overwrite super-globals)
--GET--
GET=0&POST=1&COOKIE=2&FILES=3&REQUEST=4
--POST--
GET=5&POST=6&COOKIE=7&FILES=8&REQUEST=9
--COOKIE--
GET=10;POST=11;COOKIE=12;FILES=13;REQUEST=14
--INI--
variables_order=CGP
--FILE--
<?php
import_request_variables("gpc", "_");
var_dump($_GET, $_POST, $_COOKIE, $_FILES, $_REQUEST);
echo "Done\n";
?>
--EXPECTF--
Warning: import_request_variables(): Attempted super-global (_GET) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_POST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_COOKIE) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_FILES) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_REQUEST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_GET) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_POST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_COOKIE) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_FILES) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_REQUEST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_GET) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_POST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_COOKIE) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_FILES) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_REQUEST) variable
overwrite in %s on line %d
array(5) {
["GET"]=>
string(1) "0"
["POST"]=>
string(1) "1"
["COOKIE"]=>
string(1) "2"
["FILES"]=>
string(1) "3"
["REQUEST"]=>
string(1) "4"
}
array(5) {
["GET"]=>
string(1) "5"
["POST"]=>
string(1) "6"
["COOKIE"]=>
string(1) "7"
["FILES"]=>
string(1) "8"
["REQUEST"]=>
string(1) "9"
}
array(5) {
["GET"]=>
string(2) "10"
["POST"]=>
string(2) "11"
["COOKIE"]=>
string(2) "12"
["FILES"]=>
string(2) "13"
["REQUEST"]=>
string(2) "14"
}
array(0) {
}
array(5) {
["GET"]=>
string(1) "5"
["POST"]=>
string(1) "6"
["COOKIE"]=>
string(1) "7"
["FILES"]=>
string(1) "8"
["REQUEST"]=>
string(1) "9"
}
Done
--UEXPECTF--
Warning: import_request_variables(): Attempted super-global (_GET) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_POST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_COOKIE) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_FILES) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_REQUEST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_GET) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_POST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_COOKIE) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_FILES) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_REQUEST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_GET) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_POST) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_COOKIE) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_FILES) variable
overwrite in %s on line %d
Warning: import_request_variables(): Attempted super-global (_REQUEST) variable
overwrite in %s on line %d
array(5) {
[u"GET"]=>
unicode(1) "0"
[u"POST"]=>
unicode(1) "1"
[u"COOKIE"]=>
unicode(1) "2"
[u"FILES"]=>
unicode(1) "3"
[u"REQUEST"]=>
unicode(1) "4"
}
array(5) {
[u"GET"]=>
unicode(1) "5"
[u"POST"]=>
unicode(1) "6"
[u"COOKIE"]=>
unicode(1) "7"
[u"FILES"]=>
unicode(1) "8"
[u"REQUEST"]=>
unicode(1) "9"
}
array(5) {
[u"GET"]=>
unicode(2) "10"
[u"POST"]=>
unicode(2) "11"
[u"COOKIE"]=>
unicode(2) "12"
[u"FILES"]=>
unicode(2) "13"
[u"REQUEST"]=>
unicode(2) "14"
}
array(0) {
}
array(5) {
[u"GET"]=>
unicode(1) "5"
[u"POST"]=>
unicode(1) "6"
[u"COOKIE"]=>
unicode(1) "7"
[u"FILES"]=>
unicode(1) "8"
[u"REQUEST"]=>
unicode(1) "9"
}
Done
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/general_functions/import_request2.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/general_functions/import_request2.phpt
+++ php-src/ext/standard/tests/general_functions/import_request2.phpt
--TEST--
import_request_variables() test (numeric keys)
--GET--
1=0&2=1&3=2&4=3&5=4
--POST--
1=5&2=6&3=7&4=8&5=9
--COOKIE--
1=10;2=11;3=12;4=13;5=14
--INI--
variables_order=CGP
--FILE--
<?php
import_request_variables("gpc", "_");
var_dump($_1, $_2, $_3, $_4, $_5);
echo "Done\n";
?>
--EXPECTF--
string(2) "10"
string(2) "11"
string(2) "12"
string(2) "13"
string(2) "14"
Done
--UEXPECTF--
unicode(2) "10"
unicode(2) "11"
unicode(2) "12"
unicode(2) "13"
unicode(2) "14"
Done
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/general_functions/import_request3.phpt?view=markup&rev=1.1
Index: php-src/ext/standard/tests/general_functions/import_request3.phpt
+++ php-src/ext/standard/tests/general_functions/import_request3.phpt
--TEST--
import_request_variables() test (numeric keys, different order)
--GET--
1=0&2=1&3=2&4=3&5=4
--POST--
1=5&2=6&3=7&4=8&5=9
--COOKIE--
1=10;2=11;3=12;4=13;5=14
--INI--
variables_order=CGP
--FILE--
<?php
import_request_variables("gcp", "_");
var_dump($_1, $_2, $_3, $_4, $_5);
echo "Done\n";
?>
--EXPECTF--
string(1) "5"
string(1) "6"
string(1) "7"
string(1) "8"
string(1) "9"
Done
--UEXPECTF--
unicode(1) "5"
unicode(1) "6"
unicode(1) "7"
unicode(1) "8"
unicode(1) "9"
Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
