iliaa Sun Jun 3 16:29:24 2007 UTC Added files: (Branch: PHP_4_4) /php-src/tests/basic 027.phpt
Modified files: /php-src NEWS /php-src/main php_variables.c Log: MFB: Improved fix for MOPB-02-2007 http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.231&r2=1.1247.2.920.2.232&diff_format=u Index: php-src/NEWS diff -u php-src/NEWS:1.1247.2.920.2.231 php-src/NEWS:1.1247.2.920.2.232 --- php-src/NEWS:1.1247.2.920.2.231 Wed May 30 00:35:41 2007 +++ php-src/NEWS Sun Jun 3 16:29:24 2007 @@ -1,6 +1,7 @@ PHP 4 NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2007, Version 4.4.8 +- Improved fix for MOPB-02-2007 (Ilia) - Fixed an interger overflow inside chunk_split(), identified by Gerhard Wagner (Ilia) - Addded "max_input_nesting_level" php.ini option to limit nesting level of http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.11&r2=1.45.2.13.2.12&diff_format=u Index: php-src/main/php_variables.c diff -u php-src/main/php_variables.c:1.45.2.13.2.11 php-src/main/php_variables.c:1.45.2.13.2.12 --- php-src/main/php_variables.c:1.45.2.13.2.11 Tue May 22 18:16:38 2007 +++ php-src/main/php_variables.c Sun Jun 3 16:29:24 2007 @@ -16,7 +16,7 @@ | Zeev Suraski <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: php_variables.c,v 1.45.2.13.2.11 2007/05/22 18:16:38 stas Exp $ */ +/* $Id: php_variables.c,v 1.45.2.13.2.12 2007/06/03 16:29:24 iliaa Exp $ */ #include <stdio.h> #include "php.h" @@ -130,8 +130,22 @@ int new_idx_len = 0; if(++nest_level > PG(max_input_nesting_level)) { - /* too many levels of nesting */ - php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variable nesting level more than allowed %d (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level)); + HashTable *ht; + /* too many levels of nesting */ + + if (track_vars_array) { + ht = Z_ARRVAL_P(track_vars_array); + } else if (PG(register_globals)) { + ht = EG(active_symbol_table); + } + + zend_hash_del(ht, var, var_len + 1); + zval_dtor(val); + + if (!PG(display_errors)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level more than allowed %ld (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level)); + } + return; } ip++; index_s = ip; @@ -146,9 +160,9 @@ /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ *(index_s - 1) = '_'; - index_len = var_len = 0; + index_len = 0; if (index) { - index_len = var_len = strlen(index); + index_len = strlen(index); } goto plain_var; return; http://cvs.php.net/viewvc.cgi/php-src/tests/basic/027.phpt?view=markup&rev=1.1 Index: php-src/tests/basic/027.phpt +++ php-src/tests/basic/027.phpt -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php