summaryrefslogtreecommitdiff
path: root/suhosin.c
diff options
context:
space:
mode:
Diffstat (limited to 'suhosin.c')
-rw-r--r--suhosin.c530
1 files changed, 264 insertions, 266 deletions
diff --git a/suhosin.c b/suhosin.c
index 8336561..11f99f7 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -77,7 +77,7 @@ STATIC zend_extension suhosin_zend_extension_entry = {
77 NULL, 77 NULL,
78 suhosin_op_array_ctor, 78 suhosin_op_array_ctor,
79 suhosin_op_array_dtor, 79 suhosin_op_array_dtor,
80 80
81 STANDARD_ZEND_EXTENSION_PROPERTIES 81 STANDARD_ZEND_EXTENSION_PROPERTIES
82}; 82};
83 83
@@ -86,15 +86,15 @@ static void suhosin_op_array_ctor(zend_op_array *op_array)
86 TSRMLS_FETCH(); 86 TSRMLS_FETCH();
87 87
88 if (suhosin_zend_extension_entry.resource_number != -1) { 88 if (suhosin_zend_extension_entry.resource_number != -1) {
89 89
90 unsigned long suhosin_flags = 0; 90 unsigned long suhosin_flags = 0;
91 91
92 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) { 92 if (SUHOSIN_G(in_code_type) == SUHOSIN_EVAL) {
93 suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL; 93 suhosin_flags |= SUHOSIN_FLAG_CREATED_BY_EVAL;
94 } 94 }
95 95
96 op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags; 96 op_array->reserved[suhosin_zend_extension_entry.resource_number] = (void *)suhosin_flags;
97 97
98 } 98 }
99} 99}
100 100
@@ -112,16 +112,16 @@ static void suhosin_op_array_dtor(zend_op_array *op_array)
112static void stealth_op_array_ctor(zend_op_array *op_array) 112static void stealth_op_array_ctor(zend_op_array *op_array)
113{ 113{
114 if (orig_op_array_ctor != NULL) { 114 if (orig_op_array_ctor != NULL) {
115 orig_op_array_ctor(op_array); 115 orig_op_array_ctor(op_array);
116 } 116 }
117 suhosin_op_array_ctor(op_array); 117 suhosin_op_array_ctor(op_array);
118} 118}
119 119
120static void stealth_op_array_dtor(zend_op_array *op_array) 120static void stealth_op_array_dtor(zend_op_array *op_array)
121{ 121{
122 if (orig_op_array_dtor != NULL) { 122 if (orig_op_array_dtor != NULL) {
123 orig_op_array_dtor(op_array); 123 orig_op_array_dtor(op_array);
124 } 124 }
125 suhosin_op_array_dtor(op_array); 125 suhosin_op_array_dtor(op_array);
126} 126}
127 127
@@ -129,14 +129,14 @@ static int stealth_module_startup(zend_extension *extension)
129{ 129{
130 int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension); 130 int r = orig_module_startup == NULL ? SUCCESS : orig_module_startup(extension);
131 suhosin_module_startup(extension); 131 suhosin_module_startup(extension);
132 return r; 132 return r;
133} 133}
134 134
135static void stealth_module_shutdown(zend_extension *extension) 135static void stealth_module_shutdown(zend_extension *extension)
136{ 136{
137 if (orig_module_shutdown != NULL) { 137 if (orig_module_shutdown != NULL) {
138 orig_module_shutdown(extension); 138 orig_module_shutdown(extension);
139 } 139 }
140 suhosin_shutdown(extension); 140 suhosin_shutdown(extension);
141} 141}
142 142
@@ -146,22 +146,22 @@ static int suhosin_module_startup(zend_extension *extension)
146 zend_module_entry *module_entry_ptr; 146 zend_module_entry *module_entry_ptr;
147 int resid; 147 int resid;
148 TSRMLS_FETCH(); 148 TSRMLS_FETCH();
149 149
150/* zend_register_module(&suhosin_module_entry TSRMLS_CC); */ 150/* zend_register_module(&suhosin_module_entry TSRMLS_CC); */
151 151
152 if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) { 152 if (zend_hash_find(&module_registry, "suhosin", sizeof("suhosin"), (void **)&module_entry_ptr)==SUCCESS) {
153 153
154 if (extension) { 154 if (extension) {
155 extension->handle = module_entry_ptr->handle; 155 extension->handle = module_entry_ptr->handle;
156 } else { 156 } else {
157 zend_extension ext; 157 zend_extension ext;
158 ext = suhosin_zend_extension_entry; 158 ext = suhosin_zend_extension_entry;
159 ext.handle = module_entry_ptr->handle; 159 ext.handle = module_entry_ptr->handle;
160 /* 160 /*
161 zend_llist_add_element(&zend_extensions, &ext); 161 zend_llist_add_element(&zend_extensions, &ext);
162 extension = zend_llist_get_last(&zend_extensions); 162 extension = zend_llist_get_last(&zend_extensions);
163 */ 163 */
164 extension = &suhosin_zend_extension_entry; 164 extension = &suhosin_zend_extension_entry;
165 } 165 }
166 module_entry_ptr->handle = NULL; 166 module_entry_ptr->handle = NULL;
167 167
@@ -198,14 +198,13 @@ static void suhosin_shutdown(zend_extension *extension)
198 suhosin_unhook_header_handler(); 198 suhosin_unhook_header_handler();
199 suhosin_unhook_post_handlers(TSRMLS_C); 199 suhosin_unhook_post_handlers(TSRMLS_C);
200 /* suhosin_unhook_session(); - enabling this causes compability problems */ 200 /* suhosin_unhook_session(); - enabling this causes compability problems */
201 201
202 if (ze != NULL) { 202 if (ze != NULL) {
203 ze->startup = orig_module_startup; 203 ze->startup = orig_module_startup;
204 ze->shutdown = orig_module_shutdown; 204 ze->shutdown = orig_module_shutdown;
205 ze->op_array_ctor = orig_op_array_ctor; 205 ze->op_array_ctor = orig_op_array_ctor;
206 ze->op_array_dtor = orig_op_array_dtor; 206 ze->op_array_dtor = orig_op_array_dtor;
207 } 207 }
208
209} 208}
210 209
211 210
@@ -216,10 +215,10 @@ static int suhosin_startup_wrapper(zend_extension *ext)
216 char *new_info; 215 char *new_info;
217 int new_info_length; 216 int new_info_length;
218 TSRMLS_FETCH(); 217 TSRMLS_FETCH();
219 218
220 /* Ugly but working hack */ 219 /* Ugly but working hack */
221 new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n") 220 new_info_length = sizeof("%s\n with %s v%s, %s, by %s\n")
222 + strlen(ext->author) 221 + strlen(ext->author)
223 + strlen(ex->name) 222 + strlen(ex->name)
224 + strlen(ex->version) 223 + strlen(ex->version)
225 + strlen(ex->copyright) 224 + strlen(ex->copyright)
@@ -230,43 +229,42 @@ static int suhosin_startup_wrapper(zend_extension *ext)
230 ext->author = new_info; 229 ext->author = new_info;
231 230
232 ze->startup = old_startup; 231 ze->startup = old_startup;
233 232
234 /* Stealth Mode */ 233 /* Stealth Mode */
235 orig_module_startup = ze->startup; 234 orig_module_startup = ze->startup;
236 orig_module_shutdown = ze->shutdown; 235 orig_module_shutdown = ze->shutdown;
237 orig_op_array_ctor = ze->op_array_ctor; 236 orig_op_array_ctor = ze->op_array_ctor;
238 orig_op_array_dtor = ze->op_array_dtor; 237 orig_op_array_dtor = ze->op_array_dtor;
239 238
240 /*if (SUHOSIN_G(stealth) != 0) {*/ 239 /*if (SUHOSIN_G(stealth) != 0) {*/
241 ze->startup = stealth_module_startup; 240 ze->startup = stealth_module_startup;
242 ze->shutdown = stealth_module_shutdown; 241 ze->shutdown = stealth_module_shutdown;
243 ze->op_array_ctor = stealth_op_array_ctor; 242 ze->op_array_ctor = stealth_op_array_ctor;
244 ze->op_array_dtor = stealth_op_array_dtor; 243 ze->op_array_dtor = stealth_op_array_dtor;
245 /*}*/ 244 /*}*/
246 245
247 if (old_startup != NULL) { 246 if (old_startup != NULL) {
248 res = old_startup(ext); 247 res = old_startup(ext);
249 } 248 }
250 249
251/* ex->name = NULL; 250/* ex->name = NULL;
252 ex->author = NULL; 251 ex->author = NULL;
253 ex->copyright = NULL; 252 ex->copyright = NULL;
254 ex->version = NULL;*/ 253 ex->version = NULL;*/
255 254
256 /*zend_extensions.head=NULL;*/ 255 /*zend_extensions.head=NULL;*/
257 256
258 suhosin_module_startup(NULL); 257 suhosin_module_startup(NULL);
259 258
260
261 return res; 259 return res;
262} 260}
263 261
264/*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/ 262/*static zend_extension_version_info extension_version_info = { ZEND_EXTENSION_API_NO, ZEND_VERSION, ZTS_V, ZEND_DEBUG };*/
265 263
266#define PERDIR_CHECK(upper, lower) \ 264#define PERDIR_CHECK(upper, lower) \
267 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \ 265 if (!SUHOSIN_G(lower ## _perdir) && stage == ZEND_INI_STAGE_HTACCESS) { \
268 return FAILURE; \ 266 return FAILURE; \
269 } 267 }
270 268
271#define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log) 269#define LOG_PERDIR_CHECK() PERDIR_CHECK(LOG, log)
272#define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec) 270#define EXEC_PERDIR_CHECK() PERDIR_CHECK(EXEC, exec)
@@ -283,94 +281,94 @@ static int suhosin_startup_wrapper(zend_extension *ext)
283 281
284static ZEND_INI_MH(OnUpdateSuhosin_perdir) 282static ZEND_INI_MH(OnUpdateSuhosin_perdir)
285{ 283{
286 char *tmp; 284 char *tmp;
287 285
288 if (SUHOSIN_G(perdir)) { 286 if (SUHOSIN_G(perdir)) {
289 pefree(SUHOSIN_G(perdir), 1); 287 pefree(SUHOSIN_G(perdir), 1);
290 } 288 }
291 SUHOSIN_G(perdir) = NULL; 289 SUHOSIN_G(perdir) = NULL;
292 290
293 /* Initialize the perdir flags */ 291 /* Initialize the perdir flags */
294 SUHOSIN_G(log_perdir) = 0; 292 SUHOSIN_G(log_perdir) = 0;
295 SUHOSIN_G(exec_perdir) = 0; 293 SUHOSIN_G(exec_perdir) = 0;
296 SUHOSIN_G(get_perdir) = 0; 294 SUHOSIN_G(get_perdir) = 0;
297 SUHOSIN_G(cookie_perdir) = 0; 295 SUHOSIN_G(cookie_perdir) = 0;
298 SUHOSIN_G(post_perdir) = 0; 296 SUHOSIN_G(post_perdir) = 0;
299 SUHOSIN_G(request_perdir) = 0; 297 SUHOSIN_G(request_perdir) = 0;
300 SUHOSIN_G(sql_perdir) = 0; 298 SUHOSIN_G(sql_perdir) = 0;
301 SUHOSIN_G(upload_perdir) = 0; 299 SUHOSIN_G(upload_perdir) = 0;
302 SUHOSIN_G(misc_perdir) = 0; 300 SUHOSIN_G(misc_perdir) = 0;
303 301
304 if (new_value == NULL) { 302 if (new_value == NULL) {
305 return SUCCESS; 303 return SUCCESS;
306 } 304 }
307 305
308 tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1); 306 tmp = SUHOSIN_G(perdir) = pestrdup(new_value,1);
309 307
310 /* trim the whitespace */ 308 /* trim the whitespace */
311 while (isspace(*tmp)) tmp++; 309 while (isspace(*tmp)) tmp++;
312 310
313 /* should we deactivate perdir completely? */ 311 /* should we deactivate perdir completely? */
314 if (*tmp == 0 || *tmp == '0') { 312 if (*tmp == 0 || *tmp == '0') {
315 return SUCCESS; 313 return SUCCESS;
316 } 314 }
317 315
318 /* no deactivation so check the flags */ 316 /* no deactivation so check the flags */
319 while (*tmp) { 317 while (*tmp) {
320 switch (*tmp) { 318 switch (*tmp) {
321 case 'l': 319 case 'l':
322 case 'L': 320 case 'L':
323 SUHOSIN_G(log_perdir) = 1; 321 SUHOSIN_G(log_perdir) = 1;
324 break; 322 break;
325 case 'e': 323 case 'e':
326 case 'E': 324 case 'E':
327 SUHOSIN_G(exec_perdir) = 1; 325 SUHOSIN_G(exec_perdir) = 1;
328 break; 326 break;
329 case 'g': 327 case 'g':
330 case 'G': 328 case 'G':
331 SUHOSIN_G(get_perdir) = 1; 329 SUHOSIN_G(get_perdir) = 1;
332 break; 330 break;
333 case 'c': 331 case 'c':
334 case 'C': 332 case 'C':
335 SUHOSIN_G(cookie_perdir) = 1; 333 SUHOSIN_G(cookie_perdir) = 1;
336 break; 334 break;
337 case 'p': 335 case 'p':
338 case 'P': 336 case 'P':
339 SUHOSIN_G(post_perdir) = 1; 337 SUHOSIN_G(post_perdir) = 1;
340 break; 338 break;
341 case 'r': 339 case 'r':
342 case 'R': 340 case 'R':
343 SUHOSIN_G(request_perdir) = 1; 341 SUHOSIN_G(request_perdir) = 1;
344 break; 342 break;
345 case 's': 343 case 's':
346 case 'S': 344 case 'S':
347 SUHOSIN_G(sql_perdir) = 1; 345 SUHOSIN_G(sql_perdir) = 1;
348 break; 346 break;
349 case 'u': 347 case 'u':
350 case 'U': 348 case 'U':
351 SUHOSIN_G(upload_perdir) = 1; 349 SUHOSIN_G(upload_perdir) = 1;
352 break; 350 break;
353 case 'm': 351 case 'm':
354 case 'M': 352 case 'M':
355 SUHOSIN_G(misc_perdir) = 1; 353 SUHOSIN_G(misc_perdir) = 1;
356 break; 354 break;
357 } 355 }
358 tmp++; 356 tmp++;
359 } 357 }
360 return SUCCESS; 358 return SUCCESS;
361} 359}
362 360
363#define dohandler(handler, name, upper, lower) \ 361#define dohandler(handler, name, upper, lower) \
364 static ZEND_INI_MH(OnUpdate ## name ## handler) \ 362 static ZEND_INI_MH(OnUpdate ## name ## handler) \
365 { \ 363 { \
366 PERDIR_CHECK(upper, lower) \ 364 PERDIR_CHECK(upper, lower) \
367 return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \ 365 return OnUpdate ## handler (ZEND_INI_MH_PASSTHRU); \
368 } \ 366 } \
369 367
370#define dohandlers(name, upper, lower) \ 368#define dohandlers(name, upper, lower) \
371 dohandler(Bool, name, upper, lower) \ 369 dohandler(Bool, name, upper, lower) \
372 dohandler(String, name, upper, lower) \ 370 dohandler(String, name, upper, lower) \
373 dohandler(Long, name, upper, lower) \ 371 dohandler(Long, name, upper, lower) \
374 372
375dohandlers(Log, LOG, log) 373dohandlers(Log, LOG, log)
376dohandlers(Exec, EXEC, exec) 374dohandlers(Exec, EXEC, exec)
@@ -384,7 +382,7 @@ dohandlers(SQL, SQL, sql)
384 382
385static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) 383static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
386{ 384{
387 LOG_PERDIR_CHECK() 385 LOG_PERDIR_CHECK()
388 if (!new_value) { 386 if (!new_value) {
389 SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY; 387 SUHOSIN_G(log_syslog) = (S_ALL & ~S_SQL) | S_MEMORY;
390 } else { 388 } else {
@@ -399,7 +397,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
399} 397}
400static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) 398static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
401{ 399{
402 LOG_PERDIR_CHECK() 400 LOG_PERDIR_CHECK()
403 if (!new_value) { 401 if (!new_value) {
404 SUHOSIN_G(log_syslog_facility) = LOG_USER; 402 SUHOSIN_G(log_syslog_facility) = LOG_USER;
405 } else { 403 } else {
@@ -409,7 +407,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
409} 407}
410static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) 408static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
411{ 409{
412 LOG_PERDIR_CHECK() 410 LOG_PERDIR_CHECK()
413 if (!new_value) { 411 if (!new_value) {
414 SUHOSIN_G(log_syslog_priority) = LOG_ALERT; 412 SUHOSIN_G(log_syslog_priority) = LOG_ALERT;
415 } else { 413 } else {
@@ -419,7 +417,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
419} 417}
420static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) 418static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
421{ 419{
422 LOG_PERDIR_CHECK() 420 LOG_PERDIR_CHECK()
423 if (!new_value) { 421 if (!new_value) {
424 SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL); 422 SUHOSIN_G(log_sapi) = (S_ALL & ~S_SQL);
425 } else { 423 } else {
@@ -434,7 +432,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
434} 432}
435static ZEND_INI_MH(OnUpdateSuhosin_log_stdout) 433static ZEND_INI_MH(OnUpdateSuhosin_log_stdout)
436{ 434{
437 LOG_PERDIR_CHECK() 435 LOG_PERDIR_CHECK()
438 if (!new_value) { 436 if (!new_value) {
439 SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL); 437 SUHOSIN_G(log_stdout) = (S_ALL & ~S_SQL);
440 } else { 438 } else {
@@ -449,7 +447,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_stdout)
449} 447}
450static ZEND_INI_MH(OnUpdateSuhosin_log_script) 448static ZEND_INI_MH(OnUpdateSuhosin_log_script)
451{ 449{
452 LOG_PERDIR_CHECK() 450 LOG_PERDIR_CHECK()
453 if (!new_value) { 451 if (!new_value) {
454 SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY; 452 SUHOSIN_G(log_script) = S_ALL & ~S_MEMORY;
455 } else { 453 } else {
@@ -464,11 +462,11 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_script)
464} 462}
465static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) 463static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
466{ 464{
467 LOG_PERDIR_CHECK() 465 LOG_PERDIR_CHECK()
468 if (SUHOSIN_G(log_scriptname)) { 466 if (SUHOSIN_G(log_scriptname)) {
469 pefree(SUHOSIN_G(log_scriptname),1); 467 pefree(SUHOSIN_G(log_scriptname),1);
470 } 468 }
471 SUHOSIN_G(log_scriptname) = NULL; 469 SUHOSIN_G(log_scriptname) = NULL;
472 if (new_value) { 470 if (new_value) {
473 SUHOSIN_G(log_scriptname) = pestrdup(new_value,1); 471 SUHOSIN_G(log_scriptname) = pestrdup(new_value,1);
474 } 472 }
@@ -476,7 +474,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
476} 474}
477static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) 475static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
478{ 476{
479 LOG_PERDIR_CHECK() 477 LOG_PERDIR_CHECK()
480 if (!new_value) { 478 if (!new_value) {
481 SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY; 479 SUHOSIN_G(log_phpscript) = S_ALL & ~S_MEMORY;
482 } else { 480 } else {
@@ -491,7 +489,7 @@ static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
491} 489}
492static ZEND_INI_MH(OnUpdateSuhosin_log_file) 490static ZEND_INI_MH(OnUpdateSuhosin_log_file)
493{ 491{
494 LOG_PERDIR_CHECK() 492 LOG_PERDIR_CHECK()
495 if (!new_value) { 493 if (!new_value) {
496 SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY; 494 SUHOSIN_G(log_file) = S_ALL & ~S_MEMORY;
497 } else { 495 } else {
@@ -509,7 +507,7 @@ static void parse_list(HashTable **ht, char *list, zend_bool lc)
509{ 507{
510 char *s = NULL, *e, *val; 508 char *s = NULL, *e, *val;
511 unsigned long dummy = 1; 509 unsigned long dummy = 1;
512 510
513 if (list == NULL) { 511 if (list == NULL) {
514list_destroy: 512list_destroy:
515 if (*ht) { 513 if (*ht) {
@@ -523,17 +521,17 @@ list_destroy:
523 if (*list == 0) { 521 if (*list == 0) {
524 goto list_destroy; 522 goto list_destroy;
525 } 523 }
526 524
527 *ht = pemalloc(sizeof(HashTable), 1); 525 *ht = pemalloc(sizeof(HashTable), 1);
528 zend_hash_init(*ht, 5, NULL, NULL, 1); 526 zend_hash_init(*ht, 5, NULL, NULL, 1);
529 527
530 if (lc) { 528 if (lc) {
531 val = suhosin_str_tolower_dup(list, strlen(list)); 529 val = suhosin_str_tolower_dup(list, strlen(list));
532 } else { 530 } else {
533 val = estrndup(list, strlen(list)); 531 val = estrndup(list, strlen(list));
534 } 532 }
535 e = val; 533 e = val;
536 534
537 while (*e) { 535 while (*e) {
538 switch (*e) { 536 switch (*e) {
539 case ' ': 537 case ' ':
@@ -561,42 +559,42 @@ list_destroy:
561 559
562static ZEND_INI_MH(OnUpdate_include_blacklist) 560static ZEND_INI_MH(OnUpdate_include_blacklist)
563{ 561{
564 EXEC_PERDIR_CHECK() 562 EXEC_PERDIR_CHECK()
565 parse_list(&SUHOSIN_G(include_blacklist), new_value, 1); 563 parse_list(&SUHOSIN_G(include_blacklist), new_value, 1);
566 return SUCCESS; 564 return SUCCESS;
567} 565}
568 566
569static ZEND_INI_MH(OnUpdate_include_whitelist) 567static ZEND_INI_MH(OnUpdate_include_whitelist)
570{ 568{
571 EXEC_PERDIR_CHECK() 569 EXEC_PERDIR_CHECK()
572 parse_list(&SUHOSIN_G(include_whitelist), new_value, 1); 570 parse_list(&SUHOSIN_G(include_whitelist), new_value, 1);
573 return SUCCESS; 571 return SUCCESS;
574} 572}
575 573
576static ZEND_INI_MH(OnUpdate_func_blacklist) 574static ZEND_INI_MH(OnUpdate_func_blacklist)
577{ 575{
578 EXEC_PERDIR_CHECK() 576 EXEC_PERDIR_CHECK()
579 parse_list(&SUHOSIN_G(func_blacklist), new_value, 1); 577 parse_list(&SUHOSIN_G(func_blacklist), new_value, 1);
580 return SUCCESS; 578 return SUCCESS;
581} 579}
582 580
583static ZEND_INI_MH(OnUpdate_func_whitelist) 581static ZEND_INI_MH(OnUpdate_func_whitelist)
584{ 582{
585 EXEC_PERDIR_CHECK() 583 EXEC_PERDIR_CHECK()
586 parse_list(&SUHOSIN_G(func_whitelist), new_value, 1); 584 parse_list(&SUHOSIN_G(func_whitelist), new_value, 1);
587 return SUCCESS; 585 return SUCCESS;
588} 586}
589 587
590static ZEND_INI_MH(OnUpdate_eval_blacklist) 588static ZEND_INI_MH(OnUpdate_eval_blacklist)
591{ 589{
592 EXEC_PERDIR_CHECK() 590 EXEC_PERDIR_CHECK()
593 parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1); 591 parse_list(&SUHOSIN_G(eval_blacklist), new_value, 1);
594 return SUCCESS; 592 return SUCCESS;
595} 593}
596 594
597static ZEND_INI_MH(OnUpdate_eval_whitelist) 595static ZEND_INI_MH(OnUpdate_eval_whitelist)
598{ 596{
599 EXEC_PERDIR_CHECK() 597 EXEC_PERDIR_CHECK()
600 parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1); 598 parse_list(&SUHOSIN_G(eval_whitelist), new_value, 1);
601 return SUCCESS; 599 return SUCCESS;
602} 600}
@@ -662,16 +660,16 @@ static PHP_FUNCTION(suhosin_encrypt_cookie)
662 char *name, *value; 660 char *name, *value;
663 int name_len, value_len; 661 int name_len, value_len;
664 char cryptkey[33]; 662 char cryptkey[33];
665 663
666 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) { 664 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &name, &name_len, &value, &value_len) == FAILURE) {
667 return; 665 return;
668 } 666 }
669 667
670 if (!SUHOSIN_G(cookie_encrypt)) { 668 if (!SUHOSIN_G(cookie_encrypt)) {
671return_plain: 669return_plain:
672 RETURN_STRINGL(value, value_len, 1); 670 RETURN_STRINGL(value, value_len, 1);
673 } 671 }
674 672
675 if (SUHOSIN_G(cookie_plainlist)) { 673 if (SUHOSIN_G(cookie_plainlist)) {
676 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) { 674 if (zend_hash_exists(SUHOSIN_G(cookie_plainlist), name, name_len+1)) {
677 goto return_plain; 675 goto return_plain;
@@ -681,10 +679,10 @@ return_plain:
681 goto return_plain; 679 goto return_plain;
682 } 680 }
683 } 681 }
684 682
685 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC); 683 suhosin_generate_key(SUHOSIN_G(cookie_cryptkey), SUHOSIN_G(cookie_cryptua), SUHOSIN_G(cookie_cryptdocroot), SUHOSIN_G(cookie_cryptraddr), (char *)&cryptkey TSRMLS_CC);
686 value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC); 684 value = suhosin_encrypt_string(value, value_len, name, name_len, (char *)&cryptkey TSRMLS_CC);
687 685
688 RETVAL_STRING(value, 0); 686 RETVAL_STRING(value, 0);
689} 687}
690/* }}} */ 688/* }}} */
@@ -697,9 +695,9 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
697 zval *array_ptr = return_value; 695 zval *array_ptr = return_value;
698 char *strtok_buf = NULL; 696 char *strtok_buf = NULL;
699 int val_len; 697 int val_len;
700 698
701 array_init(array_ptr); 699 array_init(array_ptr);
702 700
703 if (SUHOSIN_G(raw_cookie)) { 701 if (SUHOSIN_G(raw_cookie)) {
704 res = estrdup(SUHOSIN_G(raw_cookie)); 702 res = estrdup(SUHOSIN_G(raw_cookie));
705 } else { 703 } else {
@@ -715,7 +713,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
715 var = res; 713 var = res;
716 } 714 }
717 if (!*var) { continue; } 715 if (!*var) { continue; }
718 716
719 val = strchr(var, '='); 717 val = strchr(var, '=');
720 if (val) { /* have a value */ 718 if (val) { /* have a value */
721 *val++ = '\0'; 719 *val++ = '\0';
@@ -727,7 +725,7 @@ static PHP_FUNCTION(suhosin_get_raw_cookies)
727 val = ""; 725 val = "";
728 } 726 }
729 php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); 727 php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
730 728
731 } 729 }
732 730
733 efree(res); 731 efree(res);
@@ -787,7 +785,7 @@ static zend_ini_entry shared_ini_entries[] = {
787 STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals) 785 STD_ZEND_INI_BOOLEAN("suhosin.log.file.time", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_file_time, zend_suhosin_globals, suhosin_globals)
788 STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals) 786 STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateLogBool, log_phpscript_is_safe, zend_suhosin_globals, suhosin_globals)
789ZEND_INI_END() 787ZEND_INI_END()
790 788
791PHP_INI_BEGIN() 789PHP_INI_BEGIN()
792 STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals) 790 STD_PHP_INI_ENTRY("suhosin.log.max_error_length", "0", PHP_INI_SYSTEM, OnUpdateLogLong, log_max_error_length, zend_suhosin_globals, suhosin_globals)
793 ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir) 791 ZEND_INI_ENTRY("suhosin.perdir", "0", ZEND_INI_SYSTEM, OnUpdateSuhosin_perdir)
@@ -795,7 +793,7 @@ PHP_INI_BEGIN()
795 ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist) 793 ZEND_INI_ENTRY("suhosin.executor.include.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_whitelist)
796 ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist) 794 ZEND_INI_ENTRY("suhosin.executor.include.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_include_blacklist)
797 STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals) 795 STD_ZEND_INI_BOOLEAN("suhosin.executor.include.allow_writable_files", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_include_allow_writable_files, zend_suhosin_globals, suhosin_globals)
798 ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist) 796 ZEND_INI_ENTRY("suhosin.executor.eval.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_whitelist)
799 ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist) 797 ZEND_INI_ENTRY("suhosin.executor.eval.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_eval_blacklist)
800 ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist) 798 ZEND_INI_ENTRY("suhosin.executor.func.whitelist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_whitelist)
801 ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist) 799 ZEND_INI_ENTRY("suhosin.executor.func.blacklist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_func_blacklist)
@@ -805,71 +803,71 @@ PHP_INI_BEGIN()
805 STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals) 803 STD_ZEND_INI_BOOLEAN("suhosin.executor.allow_symlink", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecBool, executor_allow_symlink, zend_suhosin_globals, suhosin_globals)
806 STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals) 804 STD_ZEND_INI_ENTRY("suhosin.executor.max_depth", "750", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateExecLong, max_execution_depth, zend_suhosin_globals, suhosin_globals)
807 805
808 806
809 STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals) 807 STD_ZEND_INI_BOOLEAN("suhosin.multiheader", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, allow_multiheader, zend_suhosin_globals, suhosin_globals)
810 STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals) 808 STD_ZEND_INI_ENTRY("suhosin.mail.protect", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, mailprotect, zend_suhosin_globals, suhosin_globals)
811 STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals) 809 STD_ZEND_INI_ENTRY("suhosin.memory_limit", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscLong, memory_limit, zend_suhosin_globals, suhosin_globals)
812 STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals) 810 STD_ZEND_INI_BOOLEAN("suhosin.simulation", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, simulation, zend_suhosin_globals, suhosin_globals)
813 STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals) 811 STD_PHP_INI_ENTRY("suhosin.filter.action", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscString, filter_action, zend_suhosin_globals, suhosin_globals)
814 812
815 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals) 813 STD_ZEND_INI_BOOLEAN("suhosin.protectkey", "1", ZEND_INI_SYSTEM, OnUpdateBool, protectkey, zend_suhosin_globals, suhosin_globals)
816 STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals) 814 STD_ZEND_INI_BOOLEAN("suhosin.coredump", "0", ZEND_INI_SYSTEM, OnUpdateBool, coredump, zend_suhosin_globals, suhosin_globals)
817 STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals) 815 STD_ZEND_INI_BOOLEAN("suhosin.stealth", "1", ZEND_INI_SYSTEM, OnUpdateBool, stealth, zend_suhosin_globals, suhosin_globals)
818 STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals) 816 STD_ZEND_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", ZEND_INI_SYSTEM, OnUpdateBool, apc_bug_workaround, zend_suhosin_globals, suhosin_globals)
819 STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals) 817 STD_ZEND_INI_BOOLEAN("suhosin.disable.display_errors", "0", ZEND_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors, zend_suhosin_globals, suhosin_globals)
820
821
822 818
823 STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals)
824 STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals)
825 STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals)
826 STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals)
827 STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
828 STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
829 STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
830 STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
831 STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
832 STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
833
834 STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals)
835 STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals)
836 STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals)
837 STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals)
838 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals)
839 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals)
840 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals)
841 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals)
842 819
843 STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals)
844 STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals)
845 STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals)
846 STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals)
847 STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals)
848 STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals)
849 STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals)
850 STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals)
851 820
852 STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals) 821 STD_PHP_INI_ENTRY("suhosin.request.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_request_variables, zend_suhosin_globals, suhosin_globals)
853 STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals) 822 STD_PHP_INI_ENTRY("suhosin.request.max_varname_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_varname_length, zend_suhosin_globals, suhosin_globals)
854 STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals) 823 STD_PHP_INI_ENTRY("suhosin.request.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_value_length, zend_suhosin_globals, suhosin_globals)
855 STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals) 824 STD_PHP_INI_ENTRY("suhosin.request.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_depth, zend_suhosin_globals, suhosin_globals)
856 STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals) 825 STD_PHP_INI_ENTRY("suhosin.request.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_totalname_length, zend_suhosin_globals, suhosin_globals)
857 STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals) 826 STD_PHP_INI_ENTRY("suhosin.request.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestLong, max_array_index_length, zend_suhosin_globals, suhosin_globals)
858 STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals) 827 STD_PHP_INI_ENTRY("suhosin.request.array_index_whitelist", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_whitelist, zend_suhosin_globals, suhosin_globals)
859 STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals) 828 STD_PHP_INI_ENTRY("suhosin.request.array_index_blacklist", "'\"+<>;()", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, array_index_blacklist, zend_suhosin_globals, suhosin_globals)
829 STD_PHP_INI_ENTRY("suhosin.request.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_nul, zend_suhosin_globals, suhosin_globals)
830 STD_PHP_INI_ENTRY("suhosin.request.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateRequestBool, disallow_ws, zend_suhosin_globals, suhosin_globals)
860 831
861 STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals) 832 STD_PHP_INI_ENTRY("suhosin.cookie.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_vars, zend_suhosin_globals, suhosin_globals)
862 STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals) 833 STD_PHP_INI_ENTRY("suhosin.cookie.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_name_length, zend_suhosin_globals, suhosin_globals)
863 STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals) 834 STD_PHP_INI_ENTRY("suhosin.cookie.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_totalname_length, zend_suhosin_globals, suhosin_globals)
864 STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals) 835 STD_PHP_INI_ENTRY("suhosin.cookie.max_value_length", "10000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_value_length, zend_suhosin_globals, suhosin_globals)
865 STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals) 836 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_depth, zend_suhosin_globals, suhosin_globals)
866#ifdef SUHOSIN_EXPERIMENTAL 837 STD_PHP_INI_ENTRY("suhosin.cookie.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieLong, max_cookie_array_index_length, zend_suhosin_globals, suhosin_globals)
867 STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals) 838 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_nul, zend_suhosin_globals, suhosin_globals)
868#endif 839 STD_PHP_INI_ENTRY("suhosin.cookie.disallow_ws", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateCookieBool, disallow_cookie_ws, zend_suhosin_globals, suhosin_globals)
869 STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals) 840
841 STD_PHP_INI_ENTRY("suhosin.get.max_vars", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_vars, zend_suhosin_globals, suhosin_globals)
842 STD_PHP_INI_ENTRY("suhosin.get.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_name_length, zend_suhosin_globals, suhosin_globals)
843 STD_PHP_INI_ENTRY("suhosin.get.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_totalname_length, zend_suhosin_globals, suhosin_globals)
844 STD_PHP_INI_ENTRY("suhosin.get.max_value_length", "512", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_value_length, zend_suhosin_globals, suhosin_globals)
845 STD_PHP_INI_ENTRY("suhosin.get.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_depth, zend_suhosin_globals, suhosin_globals)
846 STD_PHP_INI_ENTRY("suhosin.get.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetLong, max_get_array_index_length, zend_suhosin_globals, suhosin_globals)
847 STD_PHP_INI_ENTRY("suhosin.get.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_nul, zend_suhosin_globals, suhosin_globals)
848 STD_PHP_INI_ENTRY("suhosin.get.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateGetBool, disallow_get_ws, zend_suhosin_globals, suhosin_globals)
849
850 STD_PHP_INI_ENTRY("suhosin.post.max_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_vars, zend_suhosin_globals, suhosin_globals)
851 STD_PHP_INI_ENTRY("suhosin.post.max_name_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_name_length, zend_suhosin_globals, suhosin_globals)
852 STD_PHP_INI_ENTRY("suhosin.post.max_totalname_length", "256", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_totalname_length, zend_suhosin_globals, suhosin_globals)
853 STD_PHP_INI_ENTRY("suhosin.post.max_value_length", "1000000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_value_length, zend_suhosin_globals, suhosin_globals)
854 STD_PHP_INI_ENTRY("suhosin.post.max_array_depth", "50", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_depth, zend_suhosin_globals, suhosin_globals)
855 STD_PHP_INI_ENTRY("suhosin.post.max_array_index_length", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostLong, max_post_array_index_length, zend_suhosin_globals, suhosin_globals)
856 STD_PHP_INI_ENTRY("suhosin.post.disallow_nul", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_nul, zend_suhosin_globals, suhosin_globals)
857 STD_PHP_INI_ENTRY("suhosin.post.disallow_ws", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdatePostBool, disallow_post_ws, zend_suhosin_globals, suhosin_globals)
858
859 STD_PHP_INI_ENTRY("suhosin.upload.max_uploads", "25", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_limit, zend_suhosin_globals, suhosin_globals)
860 STD_PHP_INI_ENTRY("suhosin.upload.max_newlines", "100", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadLong, upload_max_newlines, zend_suhosin_globals, suhosin_globals)
861 STD_PHP_INI_ENTRY("suhosin.upload.disallow_elf", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_elf, zend_suhosin_globals, suhosin_globals)
862 STD_PHP_INI_ENTRY("suhosin.upload.disallow_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_disallow_binary, zend_suhosin_globals, suhosin_globals)
863 STD_PHP_INI_ENTRY("suhosin.upload.remove_binary", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_remove_binary, zend_suhosin_globals, suhosin_globals)
864 #ifdef SUHOSIN_EXPERIMENTAL
865 STD_PHP_INI_BOOLEAN("suhosin.upload.allow_utf8", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadBool, upload_allow_utf8, zend_suhosin_globals, suhosin_globals)
866 #endif
867 STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals)
870 868
871 869
872 STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals) 870 STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSQLBool, sql_bailout_on_error, zend_suhosin_globals, suhosin_globals)
873 STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals) 871 STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals)
874 STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals) 872 STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals)
875 STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals) 873 STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals)
@@ -883,8 +881,8 @@ PHP_INI_BEGIN()
883 STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals) 881 STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateMiscString, session_cryptkey, zend_suhosin_globals, suhosin_globals)
884 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals) 882 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptua", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptua, zend_suhosin_globals, suhosin_globals)
885 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals) 883 STD_ZEND_INI_BOOLEAN("suhosin.session.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateMiscBool, session_cryptdocroot, zend_suhosin_globals, suhosin_globals)
886 STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals) 884 STD_PHP_INI_ENTRY("suhosin.session.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_cryptraddr, zend_suhosin_globals, suhosin_globals)
887 STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals) 885 STD_PHP_INI_ENTRY("suhosin.session.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_checkraddr, zend_suhosin_globals, suhosin_globals)
888 STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals) 886 STD_PHP_INI_ENTRY("suhosin.session.max_id_length", "128", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateMiscLong, session_max_id_length, zend_suhosin_globals, suhosin_globals)
889#else /* HAVE_PHP_SESSION */ 887#else /* HAVE_PHP_SESSION */
890#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT 888#warning BUILDING SUHOSIN WITHOUT SESSION SUPPORT
@@ -895,8 +893,8 @@ PHP_INI_BEGIN()
895 STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals) 893 STD_PHP_INI_ENTRY("suhosin.cookie.cryptkey", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, cookie_cryptkey, zend_suhosin_globals, suhosin_globals)
896 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals) 894 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptua", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptua, zend_suhosin_globals, suhosin_globals)
897 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals) 895 STD_ZEND_INI_BOOLEAN("suhosin.cookie.cryptdocroot", "1", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, cookie_cryptdocroot, zend_suhosin_globals, suhosin_globals)
898 STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals) 896 STD_PHP_INI_ENTRY("suhosin.cookie.cryptraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_cryptraddr, zend_suhosin_globals, suhosin_globals)
899 STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals) 897 STD_PHP_INI_ENTRY("suhosin.cookie.checkraddr", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, cookie_checkraddr, zend_suhosin_globals, suhosin_globals)
900 ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist) 898 ZEND_INI_ENTRY("suhosin.cookie.cryptlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_cryptlist)
901 ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist) 899 ZEND_INI_ENTRY("suhosin.cookie.plainlist", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdate_cookie_plainlist)
902 900
@@ -916,7 +914,7 @@ PHP_INI_END()
916 */ 914 */
917char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC) 915char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC)
918{ 916{
919 if (sapi_module.getenv) { 917 if (sapi_module.getenv) {
920 char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC); 918 char *value, *tmp = sapi_module.getenv(name, name_len TSRMLS_CC);
921 if (tmp) { 919 if (tmp) {
922 value = estrdup(tmp); 920 value = estrdup(tmp);
@@ -927,7 +925,7 @@ char *suhosin_getenv(char *name, size_t name_len TSRMLS_DC)
927 } else { 925 } else {
928 /* fallback to the system's getenv() function */ 926 /* fallback to the system's getenv() function */
929 char *tmp; 927 char *tmp;
930 928
931 name = estrndup(name, name_len); 929 name = estrndup(name, name_len);
932 tmp = getenv(name); 930 tmp = getenv(name);
933 efree(name); 931 efree(name);
@@ -979,25 +977,25 @@ PHP_MINIT_FUNCTION(suhosin)
979 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); 977 REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
980 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); 978 REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
981 } 979 }
982 980
983 /* check if shared ini directives are already known (maybe a patched PHP) */ 981 /* check if shared ini directives are already known (maybe a patched PHP) */
984 if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) { 982 if (zend_hash_exists(EG(ini_directives), "suhosin.log.syslog", sizeof("suhosin.log.syslog"))) {
985 983
986 /* and update them */ 984 /* and update them */
987 zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries; 985 zend_ini_entry *p = (zend_ini_entry *)&shared_ini_entries;
988 986
989 while (p->name) { 987 while (p->name) {
990 988
991 zend_ini_entry *i; 989 zend_ini_entry *i;
992 990
993 if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) { 991 if (zend_hash_find(EG(ini_directives), p->name, p->name_length, (void **) &i)==FAILURE) {
994 /* continue registering them */ 992 /* continue registering them */
995 zend_register_ini_entries(p, module_number TSRMLS_CC); 993 zend_register_ini_entries(p, module_number TSRMLS_CC);
996 break; 994 break;
997 } 995 }
998 996
999 SDEBUG("updating ini %s=%s", i->name, i->value); 997 SDEBUG("updating ini %s=%s", i->name, i->value);
1000 998
1001 i->modifiable = p->modifiable; 999 i->modifiable = p->modifiable;
1002 i->module_number = module_number; 1000 i->module_number = module_number;
1003 i->on_modify = p->on_modify; 1001 i->on_modify = p->on_modify;
@@ -1008,15 +1006,15 @@ PHP_MINIT_FUNCTION(suhosin)
1008 p++; 1006 p++;
1009 } 1007 }
1010 } else { 1008 } else {
1011 1009
1012 /* not registered yet, then simply use the API */ 1010 /* not registered yet, then simply use the API */
1013 zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC); 1011 zend_register_ini_entries((zend_ini_entry *)&shared_ini_entries, module_number TSRMLS_CC);
1014 1012
1015 } 1013 }
1016 1014
1017 /* and register the rest of the ini entries */ 1015 /* and register the rest of the ini entries */
1018 REGISTER_INI_ENTRIES(); 1016 REGISTER_INI_ENTRIES();
1019 1017
1020 /* Force display_errors=off */ 1018 /* Force display_errors=off */
1021 if (SUHOSIN_G(disable_display_errors)) { 1019 if (SUHOSIN_G(disable_display_errors)) {
1022 zend_ini_entry *i; 1020 zend_ini_entry *i;
@@ -1034,14 +1032,14 @@ PHP_MINIT_FUNCTION(suhosin)
1034 } 1032 }
1035 } 1033 }
1036 } 1034 }
1037 1035
1038 /* Load invisible to other Zend Extensions */ 1036 /* Load invisible to other Zend Extensions */
1039 if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) { 1037 if (zend_llist_count(&zend_extensions)==0 || SUHOSIN_G(stealth)==0) {
1040 zend_extension extension; 1038 zend_extension extension;
1041 extension = suhosin_zend_extension_entry; 1039 extension = suhosin_zend_extension_entry;
1042 extension.handle = NULL; 1040 extension.handle = NULL;
1043 zend_llist_add_element(&zend_extensions, &extension); 1041 zend_llist_add_element(&zend_extensions, &extension);
1044 ze = NULL; 1042 ze = NULL;
1045 } else { 1043 } else {
1046 ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp); 1044 ze = (zend_extension *)zend_llist_get_last_ex(&zend_extensions, &lp);
1047 old_startup = ze->startup; 1045 old_startup = ze->startup;
@@ -1099,12 +1097,12 @@ PHP_RINIT_FUNCTION(suhosin)
1099PHP_RSHUTDOWN_FUNCTION(suhosin) 1097PHP_RSHUTDOWN_FUNCTION(suhosin)
1100{ 1098{
1101 SDEBUG("(RSHUTDOWN)"); 1099 SDEBUG("(RSHUTDOWN)");
1102 1100
1103 /* We need to clear the input filtering 1101 /* We need to clear the input filtering
1104 variables in the request shutdown 1102 variables in the request shutdown
1105 because input filtering is done before 1103 because input filtering is done before
1106 RINIT */ 1104 RINIT */
1107 1105
1108 SUHOSIN_G(cur_request_variables) = 0; 1106 SUHOSIN_G(cur_request_variables) = 0;
1109 SUHOSIN_G(cur_cookie_vars) = 0; 1107 SUHOSIN_G(cur_cookie_vars) = 0;
1110 SUHOSIN_G(cur_get_vars) = 0; 1108 SUHOSIN_G(cur_get_vars) = 0;
@@ -1115,28 +1113,28 @@ PHP_RSHUTDOWN_FUNCTION(suhosin)
1115 SUHOSIN_G(att_post_vars) = 0; 1113 SUHOSIN_G(att_post_vars) = 0;
1116 SUHOSIN_G(num_uploads) = 0; 1114 SUHOSIN_G(num_uploads) = 0;
1117 1115
1118 SUHOSIN_G(no_more_variables) = 0; 1116 SUHOSIN_G(no_more_variables) = 0;
1119 SUHOSIN_G(no_more_get_variables) = 0; 1117 SUHOSIN_G(no_more_get_variables) = 0;
1120 SUHOSIN_G(no_more_post_variables) = 0; 1118 SUHOSIN_G(no_more_post_variables) = 0;
1121 SUHOSIN_G(no_more_cookie_variables) = 0; 1119 SUHOSIN_G(no_more_cookie_variables) = 0;
1122 SUHOSIN_G(no_more_uploads) = 0; 1120 SUHOSIN_G(no_more_uploads) = 0;
1123 1121
1124 SUHOSIN_G(abort_request) = 0; 1122 SUHOSIN_G(abort_request) = 0;
1125 1123
1126 if (SUHOSIN_G(reseed_every_request)) { 1124 if (SUHOSIN_G(reseed_every_request)) {
1127 SUHOSIN_G(r_is_seeded) = 0; 1125 SUHOSIN_G(r_is_seeded) = 0;
1128 SUHOSIN_G(mt_is_seeded) = 0; 1126 SUHOSIN_G(mt_is_seeded) = 0;
1129 } 1127 }
1130 1128
1131 if (SUHOSIN_G(decrypted_cookie)) { 1129 if (SUHOSIN_G(decrypted_cookie)) {
1132 efree(SUHOSIN_G(decrypted_cookie)); 1130 efree(SUHOSIN_G(decrypted_cookie));
1133 SUHOSIN_G(decrypted_cookie)=NULL; 1131 SUHOSIN_G(decrypted_cookie)=NULL;
1134 } 1132 }
1135 if (SUHOSIN_G(raw_cookie)) { 1133 if (SUHOSIN_G(raw_cookie)) {
1136 efree(SUHOSIN_G(raw_cookie)); 1134 efree(SUHOSIN_G(raw_cookie));
1137 SUHOSIN_G(raw_cookie)=NULL; 1135 SUHOSIN_G(raw_cookie)=NULL;
1138 } 1136 }
1139 1137
1140 return SUCCESS; 1138 return SUCCESS;
1141} 1139}
1142/* }}} */ 1140/* }}} */
@@ -1145,9 +1143,9 @@ PHP_RSHUTDOWN_FUNCTION(suhosin)
1145 */ 1143 */
1146static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type) 1144static void suhosin_ini_displayer(zend_ini_entry *ini_entry, int type)
1147{ 1145{
1148 TSRMLS_FETCH(); 1146 TSRMLS_FETCH();
1149 1147
1150 PHPWRITE("[ protected ]", strlen("[ protected ]")); 1148 PHPWRITE("[ protected ]", strlen("[ protected ]"));
1151} 1149}
1152/* }}} */ 1150/* }}} */
1153 1151
@@ -1181,35 +1179,35 @@ PHP_MINFO_FUNCTION(suhosin)
1181 } 1179 }
1182 php_info_print_box_end(); 1180 php_info_print_box_end();
1183 1181
1184 if (SUHOSIN_G(protectkey)) { 1182 if (SUHOSIN_G(protectkey)) {
1185 zend_ini_entry *i; 1183 zend_ini_entry *i;
1186 1184
1187 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { 1185 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) {
1188 i->displayer = suhosin_ini_displayer; 1186 i->displayer = suhosin_ini_displayer;
1189 } 1187 }
1190 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { 1188 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) {
1191 i->displayer = suhosin_ini_displayer; 1189 i->displayer = suhosin_ini_displayer;
1192 } 1190 }
1193 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { 1191 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) {
1194 i->displayer = suhosin_ini_displayer; 1192 i->displayer = suhosin_ini_displayer;
1195 } 1193 }
1196 } 1194 }
1197 1195
1198 DISPLAY_INI_ENTRIES(); 1196 DISPLAY_INI_ENTRIES();
1199 1197
1200 if (SUHOSIN_G(protectkey)) { 1198 if (SUHOSIN_G(protectkey)) {
1201 zend_ini_entry *i; 1199 zend_ini_entry *i;
1202 1200
1203 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) { 1201 if (zend_hash_find(EG(ini_directives), "suhosin.cookie.cryptkey", sizeof("suhosin.cookie.cryptkey"), (void **) &i)==SUCCESS) {
1204 i->displayer = NULL; 1202 i->displayer = NULL;
1205 } 1203 }
1206 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) { 1204 if (zend_hash_find(EG(ini_directives), "suhosin.session.cryptkey", sizeof("suhosin.session.cryptkey"), (void **) &i)==SUCCESS) {
1207 i->displayer = NULL; 1205 i->displayer = NULL;
1208 } 1206 }
1209 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) { 1207 if (zend_hash_find(EG(ini_directives), "suhosin.rand.seedingkey", sizeof("suhosin.rand.seedingkey"), (void **) &i)==SUCCESS) {
1210 i->displayer = NULL; 1208 i->displayer = NULL;
1211 } 1209 }
1212 } 1210 }
1213 1211
1214} 1212}
1215/* }}} */ 1213/* }}} */