diff options
| author | Stefan Esser | 2014-06-09 09:29:18 +0200 |
|---|---|---|
| committer | Stefan Esser | 2014-06-09 09:29:18 +0200 |
| commit | 2a4ef7b3c7bd354a30737005840f9d10f9ff858d (patch) | |
| tree | cf4470d99ef56cd39142c20a5d203da34c5c0d90 /execute.c | |
| parent | 134a88c1da096f787a560c43534f07b74867b9cb (diff) | |
Fix variable logging statistics outputting on every include
Diffstat (limited to '')
| -rw-r--r-- | execute.c | 130 |
1 files changed, 67 insertions, 63 deletions
| @@ -397,96 +397,100 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML | |||
| 397 | unsigned long *suhosin_flags = NULL; | 397 | unsigned long *suhosin_flags = NULL; |
| 398 | 398 | ||
| 399 | /* log variable dropping statistics */ | 399 | /* log variable dropping statistics */ |
| 400 | if (SUHOSIN_G(abort_request) && (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0)) { | 400 | if (SUHOSIN_G(abort_request)) { |
| 401 | suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", | ||
| 402 | SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables), | ||
| 403 | SUHOSIN_G(att_get_vars)-SUHOSIN_G(cur_get_vars), | ||
| 404 | SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars), | ||
| 405 | SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars)); | ||
| 406 | } | ||
| 407 | |||
| 408 | if (SUHOSIN_G(abort_request) && !SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) { | ||
| 409 | |||
| 410 | char *action = SUHOSIN_G(filter_action); | ||
| 411 | long code = -1; | ||
| 412 | 401 | ||
| 413 | SUHOSIN_G(abort_request) = 0; /* we do not want to endlessloop */ | 402 | SUHOSIN_G(abort_request) = 0; /* we only want this to happen the first time */ |
| 414 | 403 | ||
| 415 | while (*action == ' ' || *action == '\t') action++; | 404 | if (SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables) > 0) { |
| 405 | suhosin_log(S_VARS, "dropped %u request variables - (%u in GET, %u in POST, %u in COOKIE)", | ||
| 406 | SUHOSIN_G(att_request_variables)-SUHOSIN_G(cur_request_variables), | ||
| 407 | SUHOSIN_G(att_get_vars)-SUHOSIN_G(cur_get_vars), | ||
| 408 | SUHOSIN_G(att_post_vars)-SUHOSIN_G(cur_post_vars), | ||
| 409 | SUHOSIN_G(att_cookie_vars)-SUHOSIN_G(cur_cookie_vars)); | ||
| 416 | 410 | ||
| 417 | if (*action >= '0' && *action <= '9') { | ||
| 418 | char *end = action; | ||
| 419 | while (*end && *end != ',' && *end != ';') end++; | ||
| 420 | code = zend_atoi(action, end-action); | ||
| 421 | action = end; | ||
| 422 | } | 411 | } |
| 412 | |||
| 413 | if (!SUHOSIN_G(simulation) && SUHOSIN_G(filter_action)) { | ||
| 414 | |||
| 415 | char *action = SUHOSIN_G(filter_action); | ||
| 416 | long code = -1; | ||
| 417 | |||
| 418 | while (*action == ' ' || *action == '\t') action++; | ||
| 419 | |||
| 420 | if (*action >= '0' && *action <= '9') { | ||
| 421 | char *end = action; | ||
| 422 | while (*end && *end != ',' && *end != ';') end++; | ||
| 423 | code = zend_atoi(action, end-action); | ||
| 424 | action = end; | ||
| 425 | } | ||
| 423 | 426 | ||
| 424 | while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++; | 427 | while (*action == ' ' || *action == '\t' || *action == ',' || *action == ';') action++; |
| 425 | 428 | ||
| 426 | if (*action) { | 429 | if (*action) { |
| 427 | 430 | ||
| 428 | if (strncmp("http://", action, sizeof("http://")-1)==0) { | 431 | if (strncmp("http://", action, sizeof("http://")-1)==0) { |
| 429 | sapi_header_line ctr = {0}; | 432 | sapi_header_line ctr = {0}; |
| 430 | 433 | ||
| 431 | if (code == -1) { | 434 | if (code == -1) { |
| 432 | code = 302; | 435 | code = 302; |
| 433 | } | 436 | } |
| 434 | 437 | ||
| 435 | ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); | 438 | ctr.line_len = spprintf(&ctr.line, 0, "Location: %s", action); |
| 436 | ctr.response_code = code; | 439 | ctr.response_code = code; |
| 437 | sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); | 440 | sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); |
| 438 | efree(ctr.line); | 441 | efree(ctr.line); |
| 439 | } else { | 442 | } else { |
| 440 | zend_file_handle file_handle; | 443 | zend_file_handle file_handle; |
| 441 | zend_op_array *new_op_array; | 444 | zend_op_array *new_op_array; |
| 442 | zval *result = NULL; | 445 | zval *result = NULL; |
| 443 | 446 | ||
| 444 | if (code == -1) { | 447 | if (code == -1) { |
| 445 | code = 200; | 448 | code = 200; |
| 446 | } | 449 | } |
| 447 | 450 | ||
| 448 | #ifdef ZEND_ENGINE_2 | 451 | #ifdef ZEND_ENGINE_2 |
| 449 | if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) { | 452 | if (zend_stream_open(action, &file_handle TSRMLS_CC) == SUCCESS) { |
| 450 | #else | 453 | #else |
| 451 | if (zend_open(action, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) { | 454 | if (zend_open(action, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) { |
| 452 | file_handle.filename = action; | 455 | file_handle.filename = action; |
| 453 | file_handle.free_filename = 0; | 456 | file_handle.free_filename = 0; |
| 454 | #endif | 457 | #endif |
| 455 | if (!file_handle.opened_path) { | 458 | if (!file_handle.opened_path) { |
| 456 | file_handle.opened_path = estrndup(action, strlen(action)); | 459 | file_handle.opened_path = estrndup(action, strlen(action)); |
| 457 | } | 460 | } |
| 458 | new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); | 461 | new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); |
| 459 | zend_destroy_file_handle(&file_handle TSRMLS_CC); | 462 | zend_destroy_file_handle(&file_handle TSRMLS_CC); |
| 460 | if (new_op_array) { | 463 | if (new_op_array) { |
| 461 | EG(return_value_ptr_ptr) = &result; | 464 | EG(return_value_ptr_ptr) = &result; |
| 462 | EG(active_op_array) = new_op_array; | 465 | EG(active_op_array) = new_op_array; |
| 463 | zend_execute(new_op_array TSRMLS_CC); | 466 | zend_execute(new_op_array TSRMLS_CC); |
| 464 | #ifdef ZEND_ENGINE_2 | 467 | #ifdef ZEND_ENGINE_2 |
| 465 | destroy_op_array(new_op_array TSRMLS_CC); | 468 | destroy_op_array(new_op_array TSRMLS_CC); |
| 466 | #else | 469 | #else |
| 467 | destroy_op_array(new_op_array); | 470 | destroy_op_array(new_op_array); |
| 468 | #endif | 471 | #endif |
| 469 | efree(new_op_array); | 472 | efree(new_op_array); |
| 470 | #ifdef ZEND_ENGINE_2 | 473 | #ifdef ZEND_ENGINE_2 |
| 471 | if (!EG(exception)) | 474 | if (!EG(exception)) |
| 472 | #endif | 475 | #endif |
| 473 | { | 476 | { |
| 474 | if (EG(return_value_ptr_ptr)) { | 477 | if (EG(return_value_ptr_ptr)) { |
| 475 | zval_ptr_dtor(EG(return_value_ptr_ptr)); | 478 | zval_ptr_dtor(EG(return_value_ptr_ptr)); |
| 476 | EG(return_value_ptr_ptr) = NULL; | 479 | EG(return_value_ptr_ptr) = NULL; |
| 480 | } | ||
| 477 | } | 481 | } |
| 482 | } else { | ||
| 483 | code = 500; | ||
| 478 | } | 484 | } |
| 479 | } else { | 485 | } else { |
| 480 | code = 500; | 486 | code = 500; |
| 481 | } | 487 | } |
| 482 | } else { | ||
| 483 | code = 500; | ||
| 484 | } | 488 | } |
| 485 | } | 489 | } |
| 486 | } | ||
| 487 | 490 | ||
| 488 | sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC); | 491 | sapi_header_op(SAPI_HEADER_SET_STATUS, (void *)code TSRMLS_CC); |
| 489 | zend_bailout(); | 492 | zend_bailout(); |
| 493 | } | ||
| 490 | } | 494 | } |
| 491 | 495 | ||
| 492 | SDEBUG("%s %s", op_array->filename, op_array->function_name); | 496 | SDEBUG("%s %s", op_array->filename, op_array->function_name); |