summaryrefslogtreecommitdiff
path: root/post_handler.c
diff options
context:
space:
mode:
Diffstat (limited to 'post_handler.c')
-rw-r--r--post_handler.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/post_handler.c b/post_handler.c
index 4794a6b..8daf055 100644
--- a/post_handler.c
+++ b/post_handler.c
@@ -96,7 +96,7 @@ typedef struct post_var_data {
96 96
97static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSRMLS_DC) 97static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSRMLS_DC)
98{ 98{
99 char *ksep, *vsep; 99 char *ksep, *vsep, *val;
100 size_t klen, vlen; 100 size_t klen, vlen;
101 /* FIXME: string-size_t */ 101 /* FIXME: string-size_t */
102 unsigned int new_vlen; 102 unsigned int new_vlen;
@@ -127,19 +127,22 @@ static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSR
127 vlen = 0; 127 vlen = 0;
128 } 128 }
129 129
130 130 /* do not forget that value needs to be allocated for the filters */
131 val = estrndup(ksep, vlen);
132
131 php_url_decode(var->ptr, klen); 133 php_url_decode(var->ptr, klen);
132 if (vlen) { 134 if (vlen) {
133 vlen = php_url_decode(ksep, vlen); 135 vlen = php_url_decode(val, vlen);
134 } 136 }
135 137
136 if (suhosin_input_filter(PARSE_POST, var->ptr, &ksep, vlen, &new_vlen TSRMLS_CC)) { 138 if (suhosin_input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen TSRMLS_CC)) {
137 if (sapi_module.input_filter(PARSE_POST, var->ptr, &ksep, new_vlen, &new_vlen TSRMLS_CC)) { 139 if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, new_vlen, &new_vlen TSRMLS_CC)) {
138 php_register_variable_safe(var->ptr, ksep, new_vlen, arr TSRMLS_CC); 140 php_register_variable_safe(var->ptr, val, new_vlen, arr TSRMLS_CC);
139 } 141 }
140 } else { 142 } else {
141 SUHOSIN_G(abort_request)=1; 143 SUHOSIN_G(abort_request)=1;
142 } 144 }
145 efree(val);
143 146
144 var->ptr = vsep + (vsep != var->end); 147 var->ptr = vsep + (vsep != var->end);
145 return 1; 148 return 1;