iliaa Wed Feb 16 23:44:12 2005 EDT
Modified files:
/php-src/main php_variables.c
Log:
Fixed bug #31440 ($GLOBALS can be overwritten via GPC when register_globals
is enabled).
http://cvs.php.net/diff.php/php-src/main/php_variables.c?r1=1.84&r2=1.85&ty=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.84 php-src/main/php_variables.c:1.85
--- php-src/main/php_variables.c:1.84 Sun Oct 24 13:41:13 2004
+++ php-src/main/php_variables.c Wed Feb 16 23:44:11 2005
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.84 2004/10/24 17:41:13 iliaa Exp $ */
+/* $Id: php_variables.c,v 1.85 2005/02/17 04:44:11 iliaa Exp $ */
#include <stdio.h>
#include "php.h"
@@ -539,6 +539,7 @@
ulong num_key;
HashPosition pos;
int key_type;
+ int globals_check = (PG(register_globals) && (dest ==
(&EG(symbol_table))));
zend_hash_internal_pointer_reset_ex(src, &pos);
while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) ==
SUCCESS) {
@@ -549,7 +550,12 @@
|| Z_TYPE_PP(dest_entry) != IS_ARRAY) {
(*src_entry)->refcount++;
if (key_type == HASH_KEY_IS_STRING) {
- zend_hash_update(dest, string_key,
strlen(string_key)+1, src_entry, sizeof(zval *), NULL);
+ /* if register_globals is on and working with
main symbol table, prevent overwriting of GLOBALS */
+ if (!globals_check || string_key_len !=
sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
+ zend_hash_update(dest, string_key,
string_key_len, src_entry, sizeof(zval *), NULL);
+ } else {
+ (*src_entry)->refcount--;
+ }
} else {
zend_hash_index_update(dest, num_key,
src_entry, sizeof(zval *), NULL);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
