archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #7987: POST/GET: string with \0(%00) values not parsed correctly

Browse source
This commit is contained in:
Stanislav Malyshev 2000-12-12 10:47:47 +00:00
parent 868c8769f8
commit 0731f54d35
2 changed files with 17 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

23
main/php_variables.c
View file

@ -29,12 +29,17 @@
#include "zend_globals.h" #include "zend_globals.h"
PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array ELS_DC PLS_DC) {
php_register_variable_safe(var, strval, strlen(strval), track_vars_array ELS_CC PLS_CC);
}
/* binary-safe version */
PHPAPI void php_register_variable_safe(char *var, char *strval, int str_len, zval *track_vars_array ELS_DC PLS_DC)
{ {
zval new_entry; zval new_entry;
/* Prepare value */ /* Prepare value */
new_entry.value.str.len = strlen(strval); new_entry.value.str.len = str_len;
if (PG(magic_quotes_gpc)) { if (PG(magic_quotes_gpc)) {
new_entry.value.str.val = php_addslashes(strval, new_entry.value.str.len, &new_entry.value.str.len, 0); new_entry.value.str.val = php_addslashes(strval, new_entry.value.str.len, &new_entry.value.str.len, 0);
} else { } else {
@ -198,11 +203,12 @@ SAPI_POST_HANDLER_FUNC(php_std_post_handler)
while (var) { while (var) {
val = strchr(var, '='); val = strchr(var, '=');
if (val) { /* have a value */ if (val) { /* have a value */
int val_len;
*val++ = '\0'; *val++ = '\0';
/* FIXME: XXX: not binary safe, discards returned length */
php_url_decode(var, strlen(var)); php_url_decode(var, strlen(var));
php_url_decode(val, strlen(val)); val_len = php_url_decode(val, strlen(val));
php_register_variable(var, val, array_ptr ELS_CC PLS_CC); php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC);
} }
var = php_strtok_r(NULL, "&", &strtok_buf); var = php_strtok_r(NULL, "&", &strtok_buf);
} }
@ -282,11 +288,12 @@ void php_treat_data(int arg, char *str, zval* destArray ELS_DC PLS_DC SLS_DC)
while (var) { while (var) {
val = strchr(var, '='); val = strchr(var, '=');
if (val) { /* have a value */ if (val) { /* have a value */
int val_len;
*val++ = '\0'; *val++ = '\0';
/* FIXME: XXX: not binary safe, discards returned length */
php_url_decode(var, strlen(var)); php_url_decode(var, strlen(var));
php_url_decode(val, strlen(val)); val_len = php_url_decode(val, strlen(val));
php_register_variable(var, val, array_ptr ELS_CC PLS_CC); php_register_variable_safe(var, val, val_len, array_ptr ELS_CC PLS_CC);
} }
if (arg == PARSE_COOKIE) { if (arg == PARSE_COOKIE) {
var = php_strtok_r(NULL, ";", &strtok_buf); var = php_strtok_r(NULL, ";", &strtok_buf);

2
main/php_variables.h
View file

@ -33,6 +33,8 @@
void php_treat_data(int arg, char *str, zval* destArray ELS_DC PLS_DC SLS_DC); void php_treat_data(int arg, char *str, zval* destArray ELS_DC PLS_DC SLS_DC);
PHPAPI void php_import_environment_variables(zval *array_ptr ELS_DC PLS_DC); PHPAPI void php_import_environment_variables(zval *array_ptr ELS_DC PLS_DC);
PHPAPI void php_register_variable(char *var, char *val, pval *track_vars_array ELS_DC PLS_DC); PHPAPI void php_register_variable(char *var, char *val, pval *track_vars_array ELS_DC PLS_DC);
/* binary-safe version */
PHPAPI void php_register_variable_safe(char *var, char *val, int val_len, pval *track_vars_array ELS_DC PLS_DC);
PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_array ELS_DC PLS_DC); PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_array ELS_DC PLS_DC);