re-introduced suhosin_is_protected_varname as extra varname check

author: Ben Fuhrmannek 2014-07-23 23:34:12 +0200
committer: Ben Fuhrmannek 2014-07-24 00:03:48 +0200
commit: 3d5192e407f88d8a55822c081b22450016b70932 (patch)
tree: cb52400411e7e530a8b144af4753dce12ec343fc /ifilter.c
parent: 238f060a1362b9c6bf93aca2d45da6c2985fc3ca (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ifilter.c b/ifilter.c
index d85c3c2..b9da668 100644
--- a/ifilter.c
+++ b/ifilter.c
@@ -620,7 +620,7 @@ unsigned int suhosin_input_filter(int arg, char *var, char **val, unsigned int v
        
        /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
        /* This is to protect several silly scripts that do globalizing themself */
-        if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) {
+        if (suhosin_is_protected_varname(var, var_len)) {
                suhosin_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");
                if (!SUHOSIN_G(simulation)) {
                        return 0;
author	Ben Fuhrmannek	2014-07-23 23:34:12 +0200
committer	Ben Fuhrmannek	2014-07-24 00:03:48 +0200
commit	3d5192e407f88d8a55822c081b22450016b70932 (patch)
tree	cb52400411e7e530a8b144af4753dce12ec343fc /ifilter.c
parent	238f060a1362b9c6bf93aca2d45da6c2985fc3ca (diff)

diff --git a/ifilter.c b/ifilter.c index d85c3c2..b9da668 100644 --- a/ifilter.c +++ b/ifilter.c
@@ -620,7 +620,7 @@ unsigned int suhosin_input_filter(int arg, char var, char *val, unsigned int v
620		620
621	/* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */	621	/* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
622	/* This is to protect several silly scripts that do globalizing themself */	622	/* This is to protect several silly scripts that do globalizing themself */
623	if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) {	623	if (suhosin_is_protected_varname(var, var_len)) {
624	suhosin_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");	624	suhosin_log(S_VARS, "tried to register forbidden variable '%s' through %s variables", var, arg == PARSE_GET ? "GET" : arg == PARSE_POST ? "POST" : "COOKIE");
625	if (!SUHOSIN_G(simulation)) {	625	if (!SUHOSIN_G(simulation)) {
626	return 0;	626	return 0;