diff options
| author | Ben Fuhrmannek | 2014-10-16 15:08:59 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2014-10-16 15:08:59 +0200 |
| commit | c4467269c3d5bf4cba72dadf846e229e4bc5c0c7 (patch) | |
| tree | d3696caedda0ffef0143a80cf3e70c459147b255 /ufilter.c | |
| parent | 82e8d0eb03fb3bd88062e99065f990b26fb9fc8b (diff) | |
| parent | 49a4321cec080d61ff112aaf27f55257e62402f9 (diff) | |
Merge branch 'ifilter'
Diffstat (limited to 'ufilter.c')
| -rw-r--r-- | ufilter.c | 18 |
1 files changed, 18 insertions, 0 deletions
| @@ -113,6 +113,24 @@ static int check_fileupload_varname(char *varname) | |||
| 113 | } | 113 | } |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | /* index whitelist/blacklist */ | ||
| 117 | if (SUHOSIN_G(array_index_whitelist) && *(SUHOSIN_G(array_index_whitelist))) { | ||
| 118 | if (suhosin_strnspn(index, index_length, SUHOSIN_G(array_index_whitelist)) != index_length) { | ||
| 119 | suhosin_log(S_VARS, "array index contains not whitelisted characters - dropped variable '%s'", var); | ||
| 120 | if (!SUHOSIN_G(simulation)) { | ||
| 121 | goto return_failure; | ||
| 122 | } | ||
| 123 | } | ||
| 124 | } else if (SUHOSIN_G(array_index_blacklist) && *(SUHOSIN_G(array_index_blacklist))) { | ||
| 125 | if (suhosin_strncspn(index, index_length, SUHOSIN_G(array_index_blacklist)) != index_length) { | ||
| 126 | suhosin_log(S_VARS, "array index contains blacklisted characters - dropped variable '%s'", var); | ||
| 127 | if (!SUHOSIN_G(simulation)) { | ||
| 128 | goto return_failure; | ||
| 129 | } | ||
| 130 | } | ||
| 131 | } | ||
| 132 | |||
| 133 | |||
| 116 | index = strchr(index, '['); | 134 | index = strchr(index, '['); |
| 117 | } | 135 | } |
| 118 | 136 | ||