archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-19 08:49:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added filter support for $_SERVER in cgi/apache2 sapis

Browse source 
Make sure PHP_SELF if filtered in Apache 1 sapi
This commit is contained in:
Ilia Alshanetsky 2006-10-23 19:17:51 +00:00
parent a0407cf588
commit 3642ebdcdd
4 changed files with 33 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

5
sapi/apache/mod_php5.c
View file

@ -242,10 +242,11 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
table_entry *elts = (table_entry *) arr->elts; table_entry *elts = (table_entry *) arr->elts;
zval **path_translated; zval **path_translated;
HashTable *symbol_table; HashTable *symbol_table;
int new_val_len;
for (i = 0; i < arr->nelts; i++) { for (i = 0; i < arr->nelts; i++) {
char *val; char *val;
int val_len, new_val_len; int val_len;
if (elts[i].val) { if (elts[i].val) {
val = elts[i].val; val = elts[i].val;
@ -270,7 +271,9 @@ static void sapi_apache_register_server_variables(zval *track_vars_array TSRMLS_
php_register_variable("PATH_TRANSLATED", Z_STRVAL_PP(path_translated), track_vars_array TSRMLS_CC); php_register_variable("PATH_TRANSLATED", Z_STRVAL_PP(path_translated), track_vars_array TSRMLS_CC);
} }
if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &((request_rec *) SG(server_context))->uri, strlen(((request_rec *) SG(server_context))->uri), &new_val_len TSRMLS_CC)) {
php_register_variable("PHP_SELF", ((request_rec *) SG(server_context))->uri, track_vars_array TSRMLS_CC); php_register_variable("PHP_SELF", ((request_rec *) SG(server_context))->uri, track_vars_array TSRMLS_CC);
}
} }
/* }}} */ /* }}} */

11
sapi/apache2filter/sapi_apache2.c
View file

@ -220,11 +220,18 @@ php_apache_sapi_register_variables(zval *track_vars_array TSRMLS_DC)
char *key, *val; char *key, *val;
APR_ARRAY_FOREACH_OPEN(arr, key, val) APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) val = ""; if (!val) {
php_register_variable(key, val, track_vars_array TSRMLS_CC); val = "";
}
if (sapi_module.input_filter(PARSE_SERVER, key, &val, strlen(val), &new_val_len TSRMLS_CC)) {
php_register_variable_safe(key, val, new_val_len, track_vars_array TSRMLS_CC);
}
APR_ARRAY_FOREACH_CLOSE() APR_ARRAY_FOREACH_CLOSE()
php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array TSRMLS_CC); php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array TSRMLS_CC);
if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
php_register_variable_safe("PHP_SELF", ctx->r->uri, new_val_len, track_vars_array TSRMLS_CC);
}
} }
static void static void

13
sapi/apache2handler/sapi_apache2.c
View file

@ -232,13 +232,20 @@ php_apache_sapi_register_variables(zval *track_vars_array TSRMLS_DC)
php_struct *ctx = SG(server_context); php_struct *ctx = SG(server_context);
const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env); const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env);
char *key, *val; char *key, *val;
int new_val_len;
APR_ARRAY_FOREACH_OPEN(arr, key, val) APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) val = ""; if (!val) {
php_register_variable(key, val, track_vars_array TSRMLS_CC); val = "";
}
if (sapi_module.input_filter(PARSE_SERVER, key, &val, strlen(val), &new_val_len TSRMLS_CC)) {
php_register_variable_safe(key, val, new_val_len, track_vars_array TSRMLS_CC);
}
APR_ARRAY_FOREACH_CLOSE() APR_ARRAY_FOREACH_CLOSE()
php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array TSRMLS_CC); if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
php_register_variable_safe("PHP_SELF", ctx->r->uri, new_val_len, track_vars_array TSRMLS_CC);
}
} }
static void static void

11
sapi/cgi/cgi_main.c
View file

@ -467,19 +467,26 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC)
zend_hash_get_current_key_ex(&request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING && zend_hash_get_current_key_ex(&request->env, &var, &var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
zend_hash_get_current_data_ex(&request->env, (void **) &val, &pos) == SUCCESS; zend_hash_get_current_data_ex(&request->env, (void **) &val, &pos) == SUCCESS;
zend_hash_move_forward_ex(&request->env, &pos)) { zend_hash_move_forward_ex(&request->env, &pos)) {
php_register_variable(var.s, *val, array_ptr TSRMLS_CC); int new_val_len;
if (sapi_module.input_filter(PARSE_SERVER, var.s, val, strlen(*val), &new_val_len TSRMLS_CC)) {
php_register_variable_safe(var.s, *val, new_val_len, array_ptr TSRMLS_CC);
}
} }
} }
} }
static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC) static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
{ {
int new_val_len;
char *val = SG(request_info).request_uri ? SG(request_info).request_uri : "";
/* In CGI mode, we consider the environment to be a part of the server /* In CGI mode, we consider the environment to be a part of the server
* variables * variables
*/ */
php_import_environment_variables(track_vars_array TSRMLS_CC); php_import_environment_variables(track_vars_array TSRMLS_CC);
/* Build the special-case PHP_SELF variable for the CGI version */ /* Build the special-case PHP_SELF variable for the CGI version */
php_register_variable("PHP_SELF", (SG(request_info).request_uri ? SG(request_info).request_uri : ""), track_vars_array TSRMLS_CC); if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val, strlen(val), &new_val_len TSRMLS_CC)) {
php_register_variable_safe("PHP_SELF", var, new_val_len, track_vars_array TSRMLS_CC);
}
} }
static void sapi_cgi_log_message(char *message) static void sapi_cgi_log_message(char *message)