diff options
| author | Ben Fuhrmannek | 2014-07-17 16:45:02 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2014-07-17 16:45:02 +0200 |
| commit | 238f060a1362b9c6bf93aca2d45da6c2985fc3ca (patch) | |
| tree | 2c56b36fa4418e5d18b2e2d9acfad141b05adef2 /suhosin.c | |
| parent | fd00e0e1eedce6882632332774ab4fb278c2d5d3 (diff) | |
suhosin_get_raw_cookies() parses cookies in reverse order to give first occurrence precedence
Diffstat (limited to 'suhosin.c')
| -rw-r--r-- | suhosin.c | 43 |
1 files changed, 24 insertions, 19 deletions
| @@ -660,38 +660,43 @@ return_plain: | |||
| 660 | static PHP_FUNCTION(suhosin_get_raw_cookies) | 660 | static PHP_FUNCTION(suhosin_get_raw_cookies) |
| 661 | { | 661 | { |
| 662 | char *var, *val, *res; | 662 | char *var, *val, *res; |
| 663 | zval *array_ptr = return_value; | 663 | zval *array_ptr = return_value; |
| 664 | char *strtok_buf = NULL; | 664 | char *strtok_buf = NULL; |
| 665 | int val_len; | 665 | int val_len; |
| 666 | 666 | ||
| 667 | array_init(array_ptr); | 667 | array_init(array_ptr); |
| 668 | SDEBUG("get_raw_cookies %s", SUHOSIN_G(raw_cookie)); | ||
| 669 | if (SUHOSIN_G(raw_cookie)) { | ||
| 670 | res = estrdup(SUHOSIN_G(raw_cookie)); | ||
| 671 | } else { | ||
| 672 | return; | ||
| 673 | } | ||
| 674 | |||
| 675 | var = php_strtok_r(res, ";", &strtok_buf); | ||
| 676 | 668 | ||
| 677 | while (var) { | 669 | if (SUHOSIN_G(raw_cookie)) { |
| 678 | SDEBUG("raw cookie: %s", var); | 670 | res = estrdup(SUHOSIN_G(raw_cookie)); |
| 671 | } else { | ||
| 672 | return; | ||
| 673 | } | ||
| 674 | |||
| 675 | var = NULL; | ||
| 676 | while (var != res) { | ||
| 677 | var = strrchr(res, ';'); | ||
| 678 | if (var) { | ||
| 679 | *var++ = '\0'; | ||
| 680 | } else { | ||
| 681 | var = res; | ||
| 682 | } | ||
| 683 | if (!*var) { continue; } | ||
| 684 | |||
| 679 | val = strchr(var, '='); | 685 | val = strchr(var, '='); |
| 680 | if (val) { /* have a value */ | 686 | if (val) { /* have a value */ |
| 681 | *val++ = '\0'; | 687 | *val++ = '\0'; |
| 682 | php_url_decode(var, strlen(var)); | 688 | php_url_decode(var, strlen(var)); |
| 683 | val_len = php_url_decode(val, strlen(val)); | 689 | val_len = php_url_decode(val, strlen(val)); |
| 684 | php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); | ||
| 685 | } else { | 690 | } else { |
| 686 | php_url_decode(var, strlen(var)); | 691 | php_url_decode(var, strlen(var)); |
| 687 | val_len = 0; | 692 | val_len = 0; |
| 688 | val = ""; | 693 | val = ""; |
| 689 | php_register_variable_safe(var, "", 0, array_ptr TSRMLS_CC); | ||
| 690 | } | 694 | } |
| 691 | var = php_strtok_r(NULL, ";", &strtok_buf); | 695 | php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); |
| 696 | |||
| 692 | } | 697 | } |
| 693 | 698 | ||
| 694 | efree(res); | 699 | efree(res); |
| 695 | } | 700 | } |
| 696 | /* }}} */ | 701 | /* }}} */ |
| 697 | 702 | ||