iliaa Sun Jun 3 16:29:24 2007 UTC
Added files: (Branch: PHP_4_4)
/php-src/tests/basic 027.phpt
Modified files:
/php-src NEWS
/php-src/main php_variables.c
Log:
MFB: Improved fix for MOPB-02-2007
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.231&r2=1.1247.2.920.2.232&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.231 php-src/NEWS:1.1247.2.920.2.232
--- php-src/NEWS:1.1247.2.920.2.231 Wed May 30 00:35:41 2007
+++ php-src/NEWS Sun Jun 3 16:29:24 2007
@@ -1,6 +1,7 @@
PHP 4 NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2007, Version 4.4.8
+- Improved fix for MOPB-02-2007 (Ilia)
- Fixed an interger overflow inside chunk_split(), identified by Gerhard
Wagner (Ilia)
- Addded "max_input_nesting_level" php.ini option to limit nesting level of
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.11&r2=1.45.2.13.2.12&diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.11
php-src/main/php_variables.c:1.45.2.13.2.12
--- php-src/main/php_variables.c:1.45.2.13.2.11 Tue May 22 18:16:38 2007
+++ php-src/main/php_variables.c Sun Jun 3 16:29:24 2007
@@ -16,7 +16,7 @@
| Zeev Suraski <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: php_variables.c,v 1.45.2.13.2.11 2007/05/22 18:16:38 stas Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.12 2007/06/03 16:29:24 iliaa Exp $ */
#include <stdio.h>
#include "php.h"
@@ -130,8 +130,22 @@
int new_idx_len = 0;
if(++nest_level > PG(max_input_nesting_level)) {
- /* too many levels of nesting */
- php_error_docref(NULL TSRMLS_CC, E_ERROR,
"Input variable nesting level more than allowed %d (change
max_input_nesting_level in php.ini to increase the limit)",
PG(max_input_nesting_level));
+ HashTable *ht;
+ /* too many levels of nesting */
+
+ if (track_vars_array) {
+ ht = Z_ARRVAL_P(track_vars_array);
+ } else if (PG(register_globals)) {
+ ht = EG(active_symbol_table);
+ }
+
+ zend_hash_del(ht, var, var_len + 1);
+ zval_dtor(val);
+
+ if (!PG(display_errors)) {
+ php_error_docref(NULL TSRMLS_CC,
E_WARNING, "Input variable nesting level more than allowed %ld (change
max_input_nesting_level in php.ini to increase the limit)",
PG(max_input_nesting_level));
+ }
+ return;
}
ip++;
index_s = ip;
@@ -146,9 +160,9 @@
/* PHP variables cannot contain '[' in
their names, so we replace the character with a '_' */
*(index_s - 1) = '_';
- index_len = var_len = 0;
+ index_len = 0;
if (index) {
- index_len = var_len =
strlen(index);
+ index_len = strlen(index);
}
goto plain_var;
return;
http://cvs.php.net/viewvc.cgi/php-src/tests/basic/027.phpt?view=markup&rev=1.1
Index: php-src/tests/basic/027.phpt
+++ php-src/tests/basic/027.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
