some php_varname_check()s may be silent as we produce custom errors

author: Ben Fuhrmannek 2014-07-17 13:59:29 +0200
committer: Ben Fuhrmannek 2014-07-17 13:59:29 +0200
commit: 02f527a6948558636ea04198a61e4a8d231f0484 (patch)
tree: d9d2617dc25700ebf2609f4bdc404681400d49e7
parent: 64d667b91a0f9c140383b8f74ea470fb8bd1da5e (diff)
3 files changed, 3 insertions, 3 deletions
diff --git a/ex_imp.c b/ex_imp.c
index 15bad3d..2ea2b99 100644
--- a/ex_imp.c
+++ b/ex_imp.c
@@ -74,7 +74,7 @@ static int php_valid_var_name(char *var_name, int len) /* {{{ */
                }
        }
-        if (php_varname_check(var_name, len, 0 TSRMLS_CC) == FAILURE) {
+        if (php_varname_check(var_name, len, 1 TSRMLS_CC) == FAILURE) {
                return 0;
        }
        
diff --git a/ifilter.c b/ifilter.c
index 65b48cd..d85c3c2 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -620,7 +620,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
        
        /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
        /* This is to protect several silly scripts that do globalizing themself */
-        if (php_varname_check(var, var_len, 0 TSRMLS_CC) == FAILURE) {
+        if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) {
                suhosin_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");
                if (!SUHOSIN_G(simulation)) {
                        return 0;
diff --git a/ufilter.c b/ufilter.c
index 6775ec1..6464ce6 100644
--- a/ufilter.c
+++ b/ufilter.c
@@ -133,7 +133,7 @@ static int check_fileupload_varname(char *varname)
        
        /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
        /* This is to protect several silly scripts that do globalizing themself */
-        if (php_varname_check(var, var_len, 0 TSRMLS_CC) == FAILURE) {
+        if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) {
                suhosin_log(S_FILES, "tried to register forbidden variable '%s' through FILE variables", var);
                if (!SUHOSIN_G(simulation)) {
                        goto return_failure;
author	Ben Fuhrmannek	2014-07-17 13:59:29 +0200
committer	Ben Fuhrmannek	2014-07-17 13:59:29 +0200
commit	02f527a6948558636ea04198a61e4a8d231f0484 (patch)
tree	d9d2617dc25700ebf2609f4bdc404681400d49e7
parent	64d667b91a0f9c140383b8f74ea470fb8bd1da5e (diff)

diff --git a/ex_imp.c b/ex_imp.c index 15bad3d..2ea2b99 100644 --- a/ex_imp.c +++ b/ex_imp.c
@@ -74,7 +74,7 @@ static int php_valid_var_name(char var_name, int len) / {{{ */
74	}	74	}
75	}	75	}
76		76
77	if (php_varname_check(var_name, len, 0 TSRMLS_CC) == FAILURE) {	77	if (php_varname_check(var_name, len, 1 TSRMLS_CC) == FAILURE) {
78	return 0;	78	return 0;
79	}	79	}
80		80


diff --git a/ifilter.c b/ifilter.c index 65b48cd..d85c3c2 100644 --- a/ifilter.c +++ b/ifilter.c
@@ -620,7 +620,7 @@ unsigned int suhosin_input_filter(int arg, char var, char *val, unsigned int v
620		620
621	/* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */	621	/* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
622	/* This is to protect several silly scripts that do globalizing themself */	622	/* This is to protect several silly scripts that do globalizing themself */
623	if (php_varname_check(var, var_len, 0 TSRMLS_CC) == FAILURE) {	623	if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) {
624	suhosin_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");	624	suhosin_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");
625	if (!SUHOSIN_G(simulation)) {	625	if (!SUHOSIN_G(simulation)) {
626	return 0;	626	return 0;


diff --git a/ufilter.c b/ufilter.c index 6775ec1..6464ce6 100644 --- a/ufilter.c +++ b/ufilter.c
@@ -133,7 +133,7 @@ static int check_fileupload_varname(char *varname)
133		133
134	/* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */	134	/* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
135	/* This is to protect several silly scripts that do globalizing themself */	135	/* This is to protect several silly scripts that do globalizing themself */
136	if (php_varname_check(var, var_len, 0 TSRMLS_CC) == FAILURE) {	136	if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) {
137	suhosin_log(S_FILES, "tried to register forbidden variable '%s' through FILE variables", var);	137	suhosin_log(S_FILES, "tried to register forbidden variable '%s' through FILE variables", var);
138	if (!SUHOSIN_G(simulation)) {	138	if (!SUHOSIN_G(simulation)) {
139	goto return_failure;	139	goto return_failure;