summaryrefslogtreecommitdiff
path: root/ufilter.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2014-07-23 23:34:12 +0200
committerBen Fuhrmannek2014-07-24 00:03:48 +0200
commit3d5192e407f88d8a55822c081b22450016b70932 (patch)
treecb52400411e7e530a8b144af4753dce12ec343fc /ufilter.c
parent238f060a1362b9c6bf93aca2d45da6c2985fc3ca (diff)
re-introduced suhosin_is_protected_varname as extra varname check
Diffstat (limited to 'ufilter.c')
-rw-r--r--ufilter.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/ufilter.c b/ufilter.c
index 6464ce6..10102aa 100644
--- a/ufilter.c
+++ b/ufilter.c
@@ -133,7 +133,7 @@ static int check_fileupload_varname(char *varname)
133 133
134 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */ 134 /* Drop this variable if it is one of GLOBALS, _GET, _POST, ... */
135 /* This is to protect several silly scripts that do globalizing themself */ 135 /* This is to protect several silly scripts that do globalizing themself */
136 if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE) { 136 if (php_varname_check(var, var_len, 1 TSRMLS_CC) == FAILURE || suhosin_is_protected_varname(var, var_len)) {
137 suhosin_log(S_FILES, "tried to register forbidden variable '%s' through FILE variables", var); 137 suhosin_log(S_FILES, "tried to register forbidden variable '%s' through FILE variables", var);
138 if (!SUHOSIN_G(simulation)) { 138 if (!SUHOSIN_G(simulation)) {
139 goto return_failure; 139 goto return_failure;