iliaa           Sun Jun  3 16:29:24 2007 UTC

  Added files:                 (Branch: PHP_4_4)
    /php-src/tests/basic        027.phpt 

  Modified files:              
    /php-src    NEWS 
    /php-src/main       php_variables.c 
  Log:
  
  MFB: Improved fix for MOPB-02-2007
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.1247.2.920.2.231&r2=1.1247.2.920.2.232&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.231 php-src/NEWS:1.1247.2.920.2.232
--- php-src/NEWS:1.1247.2.920.2.231     Wed May 30 00:35:41 2007
+++ php-src/NEWS        Sun Jun  3 16:29:24 2007
@@ -1,6 +1,7 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2007, Version 4.4.8
+- Improved fix for MOPB-02-2007 (Ilia)
 - Fixed an interger overflow inside chunk_split(), identified by Gerhard
   Wagner (Ilia)
 - Addded "max_input_nesting_level" php.ini option to limit nesting level of 
http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.45.2.13.2.11&r2=1.45.2.13.2.12&diff_format=u
Index: php-src/main/php_variables.c
diff -u php-src/main/php_variables.c:1.45.2.13.2.11 
php-src/main/php_variables.c:1.45.2.13.2.12
--- php-src/main/php_variables.c:1.45.2.13.2.11 Tue May 22 18:16:38 2007
+++ php-src/main/php_variables.c        Sun Jun  3 16:29:24 2007
@@ -16,7 +16,7 @@
    |          Zeev Suraski <[EMAIL PROTECTED]>                                |
    +----------------------------------------------------------------------+
  */
-/* $Id: php_variables.c,v 1.45.2.13.2.11 2007/05/22 18:16:38 stas Exp $ */
+/* $Id: php_variables.c,v 1.45.2.13.2.12 2007/06/03 16:29:24 iliaa Exp $ */
 
 #include <stdio.h>
 #include "php.h"
@@ -130,8 +130,22 @@
                        int new_idx_len = 0;
 
                        if(++nest_level > PG(max_input_nesting_level)) {
-                               /* too many levels of nesting */
-                               php_error_docref(NULL TSRMLS_CC, E_ERROR, 
"Input variable nesting level more than allowed %d (change 
max_input_nesting_level in php.ini to increase the limit)", 
PG(max_input_nesting_level));  
+                               HashTable *ht;
+                               /* too many levels of nesting */
+
+                               if (track_vars_array) {
+                                       ht = Z_ARRVAL_P(track_vars_array);
+                               } else if (PG(register_globals)) {
+                                       ht = EG(active_symbol_table);
+                               }
+
+                               zend_hash_del(ht, var, var_len + 1);
+                               zval_dtor(val);
+
+                               if (!PG(display_errors)) {
+                                       php_error_docref(NULL TSRMLS_CC, 
E_WARNING, "Input variable nesting level more than allowed %ld (change 
max_input_nesting_level in php.ini to increase the limit)", 
PG(max_input_nesting_level));
+                               }
+                               return;
                        }
                        ip++;
                        index_s = ip;
@@ -146,9 +160,9 @@
                                        /* PHP variables cannot contain '[' in 
their names, so we replace the character with a '_' */
                                        *(index_s - 1) = '_';
                                        
-                                       index_len = var_len = 0;
+                                       index_len = 0;
                                        if (index) {
-                                               index_len = var_len = 
strlen(index);
+                                               index_len = strlen(index);
                                        }
                                        goto plain_var;
                                        return;

http://cvs.php.net/viewvc.cgi/php-src/tests/basic/027.phpt?view=markup&rev=1.1
Index: php-src/tests/basic/027.phpt
+++ php-src/tests/basic/027.phpt

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to