archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Improved max_input_vars directive to check nested variables

Browse source
This commit is contained in:
Dmitry Stogov 2012-02-14 08:58:52 +00:00
parent 5d683614f9
commit 2ad7f44b7b
2 changed files with 31 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

35
main/php_variables.c
View file

@ -183,18 +183,9 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
} else {
if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
}
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
} else {
zval_dtor(val);
free_alloca(var_orig, use_heap);
return;
}
MAKE_STD_ZVAL(gpc_element);
array_init(gpc_element);
zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
}
symtable1 = Z_ARRVAL_PP(gpc_element_p);
@ -231,14 +222,7 @@ plain_var:
zend_symtable_exists(symtable1, index, index_len + 1)) {
zval_ptr_dtor(&gpc_element);
} else {
if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) {
if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
}
zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
} else {
zval_ptr_dtor(&gpc_element);
}
zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
}
}
}
@ -249,6 +233,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
{
char *var, *val, *e, *s, *p;
zval *array_ptr = (zval *) arg;
long count = 0;
if (SG(request_info).post_data == NULL) {
return;
@ -262,6 +247,10 @@ last_value:
if ((val = memchr(s, '=', (p - s)))) { /* have a value */
unsigned int val_len, new_val_len;
if (++count > PG(max_input_vars)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
return;
}
var = s;
php_url_decode(var, (val - s));
@ -295,6 +284,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
zval *array_ptr;
int free_buffer = 0;
char *strtok_buf = NULL;
long count = 0;
switch (arg) {
case PARSE_POST:
@ -384,6 +374,11 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
}
}
if (++count > PG(max_input_vars)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
break;
}
if (val) { /* have a value */
int val_len;
unsigned int new_val_len;