From 22281ed0f243e3aa41fa0d30aafb1dbc3417d6ee Mon Sep 17 00:00:00 2001
From: Stefan Esser
Date: Tue, 11 Feb 2014 13:35:40 +0100
Subject: Fix standard post handler

---
 Changelog      |  1 +
 post_handler.c | 71 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 37 insertions(+), 35 deletions(-)

diff --git a/Changelog b/Changelog
index 9817639..3d68be4 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,7 @@
 
     - Fix problems with the hard memory_limit on 64 bit systems
 	- Fix problems with user space session handler due to change in PHP 5.4.0
+	- Fix std post handler for PHP >= 5.3.11
 	- Added some test cases for various things
 
 2012-02-12 - 0.9.34
diff --git a/post_handler.c b/post_handler.c
index 470057e..7c03892 100644
--- a/post_handler.c
+++ b/post_handler.c
@@ -38,45 +38,46 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler);
 
 SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler)
 {
-    char *var, *val, *e, *s, *p;
-    zval *array_ptr = (zval *) arg;
-
-    if (SG(request_info).post_data==NULL) {
-        return;
-    }	
+	char *var, *val, *e, *s, *p;
+	zval *array_ptr = (zval *) arg;
+#if PHP_VERSION_ID >= 50311	
+	long count = 0;
+#endif
+	if (SG(request_info).post_data == NULL) {
+		return;
+	}	
 
-    s = SG(request_info).post_data;
-    e = s + SG(request_info).post_data_length;
+	s = SG(request_info).post_data;
+	e = s + SG(request_info).post_data_length;
 
-    while (s < e && (p = memchr(s, '&', (e - s)))) {
+	while (s < e && (p = memchr(s, '&', (e - s)))) {
 last_value:
-        if ((val = memchr(s, '=', (p - s)))) { /* have a value */
-            unsigned int val_len, new_val_len;
-            var = s;
-
-            php_url_decode(var, (val - s));
-            val++;
-            val_len = php_url_decode(val, (p - val));
-            val = estrndup(val, val_len);
-            if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
-#ifdef ZEND_ENGINE_2
-                if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) {
+		if ((val = memchr(s, '=', (p - s)))) { /* have a value */
+			unsigned int val_len, new_val_len;
+
+#if PHP_VERSION_ID >= 50311	
+			if (++count > PG(max_input_vars)) {
+				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
+				return;
+			}
 #endif
-                    php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
-#ifdef ZEND_ENGINE_2
-                }
-#endif
-            } else {
-                SUHOSIN_G(abort_request)=1;
-            }
-            efree(val);
-        }
-        s = p + 1;
-    }
-    if (s < e) {
-        p = e;
-        goto last_value;
-    }
+			var = s;
+
+			php_url_decode(var, (val - s));
+			val++;
+			val_len = php_url_decode(val, (p - val));
+			val = estrndup(val, val_len);
+			if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+				php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+			}
+			efree(val);
+		}
+		s = p + 1;
+	}
+	if (s < e) {
+		p = e;
+		goto last_value;
+	}
 }
 
 static void suhosin_post_handler_modification(sapi_post_entry *spe)
-- 
cgit v1.3