iliaa Fri Mar 9 01:42:20 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/standard basic_functions.c
Log:
Fixed a possible super-global overwrite inside import_request_variables().
# Reported by Stefano Di Paola
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.44&r2=1.725.2.31.2.45&diff_format=u
Index: php-src/ext/standard/basic_functions.c
diff -u php-src/ext/standard/basic_functions.c:1.725.2.31.2.44
php-src/ext/standard/basic_functions.c:1.725.2.31.2.45
--- php-src/ext/standard/basic_functions.c:1.725.2.31.2.44 Thu Mar 8
00:44:23 2007
+++ php-src/ext/standard/basic_functions.c Fri Mar 9 01:42:20 2007
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: basic_functions.c,v 1.725.2.31.2.44 2007/03/08 00:44:23 tony2001 Exp $
*/
+/* $Id: basic_functions.c,v 1.725.2.31.2.45 2007/03/09 01:42:20 iliaa Exp $ */
#include "php.h"
#include "php_streams.h"
@@ -6245,6 +6245,19 @@
} else if (!strcmp(hash_key->arKey, "GLOBALS")) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
GLOBALS variable overwrite.");
return 0;
+ } else if (*hash_key->arKey == '_' &&
+ (
+ !strcmp(hash_key->arKey, "_GET") ||
+ !strcmp(hash_key->arKey, "_POST") ||
+ !strcmp(hash_key->arKey, "_COOKIE") ||
+ !strcmp(hash_key->arKey, "_ENV") ||
+ !strcmp(hash_key->arKey, "_SERVER") ||
+ !strcmp(hash_key->arKey, "_FILES") ||
+ !strcmp(hash_key->arKey, "_REQUEST")
+ )
+ ) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Attempted
super-global (%s) variable overwrite.", hash_key->arKey);
+ return 0;
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
