diff options
| author | Stefan Esser | 2014-02-11 13:35:40 +0100 |
|---|---|---|
| committer | Stefan Esser | 2014-02-11 13:35:40 +0100 |
| commit | 22281ed0f243e3aa41fa0d30aafb1dbc3417d6ee (patch) | |
| tree | 4db401d08a0b04de7ae375f2fede474d7fcece1d /post_handler.c | |
| parent | 459dadf561e044bdf3cf246fe8a354adec17e34d (diff) | |
Fix standard post handler
Diffstat (limited to 'post_handler.c')
| -rw-r--r-- | post_handler.c | 69 |
1 files changed, 35 insertions, 34 deletions
diff --git a/post_handler.c b/post_handler.c index 470057e..7c03892 100644 --- a/post_handler.c +++ b/post_handler.c | |||
| @@ -38,45 +38,46 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler); | |||
| 38 | 38 | ||
| 39 | SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler) | 39 | SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler) |
| 40 | { | 40 | { |
| 41 | char *var, *val, *e, *s, *p; | 41 | char *var, *val, *e, *s, *p; |
| 42 | zval *array_ptr = (zval *) arg; | 42 | zval *array_ptr = (zval *) arg; |
| 43 | 43 | #if PHP_VERSION_ID >= 50311 | |
| 44 | if (SG(request_info).post_data==NULL) { | 44 | long count = 0; |
| 45 | return; | 45 | #endif |
| 46 | } | 46 | if (SG(request_info).post_data == NULL) { |
| 47 | return; | ||
| 48 | } | ||
| 47 | 49 | ||
| 48 | s = SG(request_info).post_data; | 50 | s = SG(request_info).post_data; |
| 49 | e = s + SG(request_info).post_data_length; | 51 | e = s + SG(request_info).post_data_length; |
| 50 | 52 | ||
| 51 | while (s < e && (p = memchr(s, '&', (e - s)))) { | 53 | while (s < e && (p = memchr(s, '&', (e - s)))) { |
| 52 | last_value: | 54 | last_value: |
| 53 | if ((val = memchr(s, '=', (p - s)))) { /* have a value */ | 55 | if ((val = memchr(s, '=', (p - s)))) { /* have a value */ |
| 54 | unsigned int val_len, new_val_len; | 56 | unsigned int val_len, new_val_len; |
| 55 | var = s; | ||
| 56 | 57 | ||
| 57 | php_url_decode(var, (val - s)); | 58 | #if PHP_VERSION_ID >= 50311 |
| 58 | val++; | 59 | if (++count > PG(max_input_vars)) { |
| 59 | val_len = php_url_decode(val, (p - val)); | 60 | php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); |
| 60 | val = estrndup(val, val_len); | 61 | return; |
| 61 | if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { | 62 | } |
| 62 | #ifdef ZEND_ENGINE_2 | ||
| 63 | if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) { | ||
| 64 | #endif | ||
| 65 | php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); | ||
| 66 | #ifdef ZEND_ENGINE_2 | ||
| 67 | } | ||
| 68 | #endif | 63 | #endif |
| 69 | } else { | 64 | var = s; |
| 70 | SUHOSIN_G(abort_request)=1; | 65 | |
| 71 | } | 66 | php_url_decode(var, (val - s)); |
| 72 | efree(val); | 67 | val++; |
| 73 | } | 68 | val_len = php_url_decode(val, (p - val)); |
| 74 | s = p + 1; | 69 | val = estrndup(val, val_len); |
| 75 | } | 70 | if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { |
| 76 | if (s < e) { | 71 | php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); |
| 77 | p = e; | 72 | } |
| 78 | goto last_value; | 73 | efree(val); |
| 79 | } | 74 | } |
| 75 | s = p + 1; | ||
| 76 | } | ||
| 77 | if (s < e) { | ||
| 78 | p = e; | ||
| 79 | goto last_value; | ||
| 80 | } | ||
| 80 | } | 81 | } |
| 81 | 82 | ||
| 82 | static void suhosin_post_handler_modification(sapi_post_entry *spe) | 83 | static void suhosin_post_handler_modification(sapi_post_entry *spe) |