1 files changed, 9 insertions, 6 deletions
diff --git a/post_handler.c b/post_handler.c
index 4794a6b..8daf055 100644
--- a/post_handler.c
+++ b/post_handler.c
@@ -96,7 +96,7 @@ typedef struct post_var_data {
 static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSRMLS_DC)
 {
-        char *ksep, *vsep;
+        char *ksep, *vsep, *val;
        size_t klen, vlen;
        /* FIXME: string-size_t */
        unsigned int new_vlen;
@@ -127,19 +127,22 @@ static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSR
                vlen = 0;
        }
+        /* do not forget that value needs to be allocated for the filters */
+        val = estrndup(ksep, vlen);
+        
        php_url_decode(var->ptr, klen);
        if (vlen) {
-                vlen = php_url_decode(ksep, vlen);
+                vlen = php_url_decode(val, vlen);
        }
-        if (suhosin_input_filter(PARSE_POST, var->ptr, &ksep, vlen, &new_vlen TSRMLS_CC)) {
+        if (suhosin_input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen TSRMLS_CC)) {
-                if (sapi_module.input_filter(PARSE_POST, var->ptr, &ksep, new_vlen, &new_vlen TSRMLS_CC)) {
+                if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, new_vlen, &new_vlen TSRMLS_CC)) {
-                        php_register_variable_safe(var->ptr, ksep, new_vlen, arr TSRMLS_CC);
+                        php_register_variable_safe(var->ptr, val, new_vlen, arr TSRMLS_CC);
                }
        } else {
                SUHOSIN_G(abort_request)=1;
        }
+        efree(val);
        var->ptr = vsep + (vsep != var->end);
        return 1;

diff --git a/post_handler.c b/post_handler.c index 4794a6b..8daf055 100644 --- a/post_handler.c +++ b/post_handler.c
@@ -96,7 +96,7 @@ typedef struct post_var_data {
96		96
97	static zend_bool add_post_var(zval arr, post_var_data_t var, zend_bool eof TSRMLS_DC)	97	static zend_bool add_post_var(zval arr, post_var_data_t var, zend_bool eof TSRMLS_DC)
98	{	98	{
99	char ksep, vsep;	99	char ksep, vsep, *val;
100	size_t klen, vlen;	100	size_t klen, vlen;
101	/* FIXME: string-size_t */	101	/* FIXME: string-size_t */
102	unsigned int new_vlen;	102	unsigned int new_vlen;
@@ -127,19 +127,22 @@ static zend_bool add_post_var(zval arr, post_var_data_t var, zend_bool eof TSR
127	vlen = 0;	127	vlen = 0;
128	}	128	}
129		129
130		130	/* do not forget that value needs to be allocated for the filters */
		131	val = estrndup(ksep, vlen);
		132
131	php_url_decode(var->ptr, klen);	133	php_url_decode(var->ptr, klen);
132	if (vlen) {	134	if (vlen) {
133	vlen = php_url_decode(ksep, vlen);	135	vlen = php_url_decode(val, vlen);
134	}	136	}
135		137
136	if (suhosin_input_filter(PARSE_POST, var->ptr, &ksep, vlen, &new_vlen TSRMLS_CC)) {	138	if (suhosin_input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen TSRMLS_CC)) {
137	if (sapi_module.input_filter(PARSE_POST, var->ptr, &ksep, new_vlen, &new_vlen TSRMLS_CC)) {	139	if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, new_vlen, &new_vlen TSRMLS_CC)) {
138	php_register_variable_safe(var->ptr, ksep, new_vlen, arr TSRMLS_CC);	140	php_register_variable_safe(var->ptr, val, new_vlen, arr TSRMLS_CC);
139	}	141	}
140	} else {	142	} else {
141	SUHOSIN_G(abort_request)=1;	143	SUHOSIN_G(abort_request)=1;
142	}	144	}
		145	efree(val);
143		146
144	var->ptr = vsep + (vsep != var->end);	147	var->ptr = vsep + (vsep != var->end);
145	return 1;	148	return 1;