iliaa Fri Nov 3 13:51:48 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/sapi/apache mod_php5.c
/php-src/sapi/apache2filter sapi_apache2.c
/php-src/sapi/apache2handler sapi_apache2.c
/php-src/sapi/cgi cgi_main.c
Log:
MFH:
Added filter support for $_SERVER in cgi/apache2 sapis
Make sure PHP_SELF is filtered in Apache 1 sapi
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.6&r2=1.19.2.7.2.7&diff_format=u
Index: php-src/sapi/apache/mod_php5.c
diff -u php-src/sapi/apache/mod_php5.c:1.19.2.7.2.6
php-src/sapi/apache/mod_php5.c:1.19.2.7.2.7
--- php-src/sapi/apache/mod_php5.c:1.19.2.7.2.6 Thu Oct 12 20:02:58 2006
+++ php-src/sapi/apache/mod_php5.c Fri Nov 3 13:51:47 2006
@@ -17,7 +17,7 @@
| PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: mod_php5.c,v 1.19.2.7.2.6 2006/10/12 20:02:58 bfrance Exp $ */
+/* $Id: mod_php5.c,v 1.19.2.7.2.7 2006/11/03 13:51:47 iliaa Exp $ */
#include "php_apache_http.h"
#include "http_conf_globals.h"
@@ -246,10 +246,11 @@
table_entry *elts = (table_entry *) arr->elts;
zval **path_translated;
HashTable *symbol_table;
+ int new_val_len;
for (i = 0; i < arr->nelts; i++) {
char *val;
- int val_len, new_val_len;
+ int val_len;
if (elts[i].val) {
val = elts[i].val;
@@ -277,7 +278,9 @@
php_register_variable("PATH_TRANSLATED",
Z_STRVAL_PP(path_translated), track_vars_array TSRMLS_CC);
}
- php_register_variable("PHP_SELF", ((request_rec *)
SG(server_context))->uri, track_vars_array TSRMLS_CC);
+ if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &((request_rec
*) SG(server_context))->uri, strlen(((request_rec *) SG(server_context))->uri),
&new_val_len TSRMLS_CC)) {
+ php_register_variable("PHP_SELF", ((request_rec *)
SG(server_context))->uri, track_vars_array TSRMLS_CC);
+ }
}
/* }}} */
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2filter/sapi_apache2.c?r1=1.136.2.2.2.3&r2=1.136.2.2.2.4&diff_format=u
Index: php-src/sapi/apache2filter/sapi_apache2.c
diff -u php-src/sapi/apache2filter/sapi_apache2.c:1.136.2.2.2.3
php-src/sapi/apache2filter/sapi_apache2.c:1.136.2.2.2.4
--- php-src/sapi/apache2filter/sapi_apache2.c:1.136.2.2.2.3 Tue Jul 25
13:40:05 2006
+++ php-src/sapi/apache2filter/sapi_apache2.c Fri Nov 3 13:51:47 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: sapi_apache2.c,v 1.136.2.2.2.3 2006/07/25 13:40:05 dmitry Exp $ */
+/* $Id: sapi_apache2.c,v 1.136.2.2.2.4 2006/11/03 13:51:47 iliaa Exp $ */
#include <fcntl.h>
@@ -212,11 +212,18 @@
char *key, *val;
APR_ARRAY_FOREACH_OPEN(arr, key, val)
- if (!val) val = "";
- php_register_variable(key, val, track_vars_array TSRMLS_CC);
+ if (!val) {
+ val = "";
+ }
+ if (sapi_module.input_filter(PARSE_SERVER, key, &val,
strlen(val), &new_val_len TSRMLS_CC)) {
+ php_register_variable_safe(key, val, new_val_len,
track_vars_array TSRMLS_CC);
+ }
APR_ARRAY_FOREACH_CLOSE()
php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array
TSRMLS_CC);
+ if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri,
strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+ php_register_variable_safe("PHP_SELF", ctx->r->uri,
new_val_len, track_vars_array TSRMLS_CC);
+ }
}
static void
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/sapi_apache2.c?r1=1.57.2.10.2.6&r2=1.57.2.10.2.7&diff_format=u
Index: php-src/sapi/apache2handler/sapi_apache2.c
diff -u php-src/sapi/apache2handler/sapi_apache2.c:1.57.2.10.2.6
php-src/sapi/apache2handler/sapi_apache2.c:1.57.2.10.2.7
--- php-src/sapi/apache2handler/sapi_apache2.c:1.57.2.10.2.6 Thu Aug 10
13:43:18 2006
+++ php-src/sapi/apache2handler/sapi_apache2.c Fri Nov 3 13:51:47 2006
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: sapi_apache2.c,v 1.57.2.10.2.6 2006/08/10 13:43:18 tony2001 Exp $ */
+/* $Id: sapi_apache2.c,v 1.57.2.10.2.7 2006/11/03 13:51:47 iliaa Exp $ */
#define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
@@ -232,13 +232,20 @@
php_struct *ctx = SG(server_context);
const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env);
char *key, *val;
+ int new_val_len;
APR_ARRAY_FOREACH_OPEN(arr, key, val)
- if (!val) val = "";
- php_register_variable(key, val, track_vars_array TSRMLS_CC);
+ if (!val) {
+ val = "";
+ }
+ if (sapi_module.input_filter(PARSE_SERVER, key, &val,
strlen(val), &new_val_len TSRMLS_CC)) {
+ php_register_variable_safe(key, val, new_val_len,
track_vars_array TSRMLS_CC);
+ }
APR_ARRAY_FOREACH_CLOSE()
- php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array
TSRMLS_CC);
+ if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri,
strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+ php_register_variable_safe("PHP_SELF", ctx->r->uri,
new_val_len, track_vars_array TSRMLS_CC);
+ }
}
static void
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.13&r2=1.267.2.15.2.14&diff_format=u
Index: php-src/sapi/cgi/cgi_main.c
diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.13
php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.14
--- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.13 Sat Sep 23 12:27:40 2006
+++ php-src/sapi/cgi/cgi_main.c Fri Nov 3 13:51:48 2006
@@ -21,7 +21,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: cgi_main.c,v 1.267.2.15.2.13 2006/09/23 12:27:40 tony2001 Exp $ */
+/* $Id: cgi_main.c,v 1.267.2.15.2.14 2006/11/03 13:51:48 iliaa Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -490,7 +490,10 @@
zend_hash_get_current_key_ex(&request->env, &var,
&var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
zend_hash_get_current_data_ex(&request->env, (void **)
&val, &pos) == SUCCESS;
zend_hash_move_forward_ex(&request->env, &pos)) {
- php_register_variable(var, *val, array_ptr TSRMLS_CC);
+ int new_val_len;
+ if (sapi_module.input_filter(PARSE_SERVER, var.s, val,
strlen(*val), &new_val_len TSRMLS_CC)) {
+ php_register_variable_safe(var.s, *val,
new_val_len, array_ptr TSRMLS_CC);
+ }
}
PG(magic_quotes_gpc) = magic_quotes_gpc;
}
@@ -499,12 +502,16 @@
static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
{
+ int new_val_len;
+ char *val = SG(request_info).request_uri ? SG(request_info).request_uri
: "";
/* In CGI mode, we consider the environment to be a part of the server
* variables
*/
php_import_environment_variables(track_vars_array TSRMLS_CC);
/* Build the special-case PHP_SELF variable for the CGI version */
- php_register_variable("PHP_SELF", (SG(request_info).request_uri ?
SG(request_info).request_uri : ""), track_vars_array TSRMLS_CC);
+ if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val,
strlen(val), &new_val_len TSRMLS_CC)) {
+ php_register_variable_safe("PHP_SELF", val, new_val_len,
track_vars_array TSRMLS_CC);
+ }
}
static void sapi_cgi_log_message(char *message)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
