diff options
Diffstat (limited to 'ifilter.c')
| -rw-r--r-- | ifilter.c | 44 |
1 files changed, 26 insertions, 18 deletions
| @@ -187,30 +187,38 @@ static void suhosin_server_encode(HashTable *arr, char *key, int klen) | |||
| 187 | void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC) | 187 | void suhosin_register_server_variables(zval *track_vars_array TSRMLS_DC) |
| 188 | { | 188 | { |
| 189 | HashTable *svars; | 189 | HashTable *svars; |
| 190 | int retval, failure=0, i; | 190 | int retval = 0, failure = 0; |
| 191 | |||
| 192 | char *varnames[] = { | ||
| 193 | "HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_COOKIE_VARS", | ||
| 194 | "HTTP_ENV_VARS", "HTTP_SERVER_VARS", "HTTP_SESSION_VARS", | ||
| 195 | "HTTP_POST_FILES", "HTTP_RAW_POST_DATA", | ||
| 196 | NULL | ||
| 197 | }; | ||
| 198 | 191 | ||
| 199 | orig_register_server_variables(track_vars_array TSRMLS_CC); | 192 | orig_register_server_variables(track_vars_array TSRMLS_CC); |
| 200 | 193 | ||
| 201 | svars = Z_ARRVAL_P(track_vars_array); | 194 | svars = Z_ARRVAL_P(track_vars_array); |
| 202 | if (!SUHOSIN_G(simulation)) { | 195 | if (!SUHOSIN_G(simulation)) { |
| 203 | for (i = 0; varnames[i]; i++) { | 196 | retval = zend_hash_del(svars, "HTTP_GET_VARS", sizeof("HTTP_GET_VARS")); |
| 204 | retval = zend_hash_del(svars, varnames[i], strlen(varnames[i])+1); | 197 | if (retval == SUCCESS) failure = 1; |
| 205 | if (retval == SUCCESS) failure = 1; | 198 | retval = zend_hash_del(svars, "HTTP_POST_VARS", sizeof("HTTP_POST_VARS")); |
| 206 | } | 199 | if (retval == SUCCESS) failure = 1; |
| 200 | retval = zend_hash_del(svars, "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS")); | ||
| 201 | if (retval == SUCCESS) failure = 1; | ||
| 202 | retval = zend_hash_del(svars, "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS")); | ||
| 203 | if (retval == SUCCESS) failure = 1; | ||
| 204 | retval = zend_hash_del(svars, "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS")); | ||
| 205 | if (retval == SUCCESS) failure = 1; | ||
| 206 | retval = zend_hash_del(svars, "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")); | ||
| 207 | if (retval == SUCCESS) failure = 1; | ||
| 208 | retval = zend_hash_del(svars, "HTTP_POST_FILES", sizeof("HTTP_POST_FILES")); | ||
| 209 | if (retval == SUCCESS) failure = 1; | ||
| 210 | retval = zend_hash_del(svars, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA")); | ||
| 211 | if (retval == SUCCESS) failure = 1; | ||
| 207 | } else { | 212 | } else { |
| 208 | for (i = 0; varnames[i]; i++) { | 213 | retval = zend_hash_exists(svars, "HTTP_GET_VARS", sizeof("HTTP_GET_VARS")); |
| 209 | if (zend_hash_exists(svars, varnames[i], strlen(varnames[i])+1)) { | 214 | retval+= zend_hash_exists(svars, "HTTP_POST_VARS", sizeof("HTTP_POST_VARS")); |
| 210 | failure = 1; | 215 | retval+= zend_hash_exists(svars, "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS")); |
| 211 | break; | 216 | retval+= zend_hash_exists(svars, "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS")); |
| 212 | } | 217 | retval+= zend_hash_exists(svars, "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS")); |
| 213 | } | 218 | retval+= zend_hash_exists(svars, "HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS")); |
| 219 | retval+= zend_hash_exists(svars, "HTTP_POST_FILES", sizeof("HTTP_POST_FILES")); | ||
| 220 | retval+= zend_hash_exists(svars, "HTTP_RAW_POST_DATA", sizeof("HTTP_RAW_POST_DATA")); | ||
| 221 | if (retval > 0) failure = 1; | ||
| 214 | } | 222 | } |
| 215 | 223 | ||
| 216 | if (failure) { | 224 | if (failure) { |