archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 22:18:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Remove variable registration code from rfc1867

Browse source 
This now longer does anything -- registering a variable for a NULL
array is a no-op.
This commit is contained in:
Nikita Popov 2021-04-27 12:29:38 +02:00
parent 4d78598e8e
commit 61ba79df17
1 changed files with 1 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

42
main/rfc1867.c
View file

@ -678,7 +678,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0; int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0;
size_t array_len = 0; size_t array_len = 0;
int64_t total_bytes = 0, max_file_size = 0; int64_t total_bytes = 0, max_file_size = 0;
int skip_upload = 0, anonymous_index = 0, is_anonymous; int skip_upload = 0, anonymous_index = 0;
HashTable *uploaded_files = NULL; HashTable *uploaded_files = NULL;
multipart_buffer *mbuff; multipart_buffer *mbuff;
zval *array_ptr = (zval *) arg; zval *array_ptr = (zval *) arg;
@ -921,11 +921,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
} }
if (!param) { if (!param) {
is_anonymous = 1;
param = emalloc(MAX_SIZE_ANONNAME); param = emalloc(MAX_SIZE_ANONNAME);
snprintf(param, MAX_SIZE_ANONNAME, "%u", anonymous_index++); snprintf(param, MAX_SIZE_ANONNAME, "%u", anonymous_index++);
} else {
is_anonymous = 0;
} }
/* New Rule: never repair potential malicious user input */ /* New Rule: never repair potential malicious user input */
@ -1138,10 +1135,6 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
s = filename; s = filename;
} }
if (!is_anonymous) {
safe_php_register_variable(lbuf, s, strlen(s), NULL, 0);
}
/* Add $foo[name] */ /* Add $foo[name] */
if (is_arr_upload) { if (is_arr_upload) {
snprintf(lbuf, llen, "%s[name][%s]", abuf, array_index); snprintf(lbuf, llen, "%s[name][%s]", abuf, array_index);
@ -1163,16 +1156,6 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
} }
} }
/* Add $foo_type */
if (is_arr_upload) {
snprintf(lbuf, llen, "%s_type[%s]", abuf, array_index);
} else {
snprintf(lbuf, llen, "%s_type", param);
}
if (!is_anonymous) {
safe_php_register_variable(lbuf, cd, strlen(cd), NULL, 0);
}
/* Add $foo[type] */ /* Add $foo[type] */
if (is_arr_upload) { if (is_arr_upload) {
snprintf(lbuf, llen, "%s[type][%s]", abuf, array_index); snprintf(lbuf, llen, "%s[type][%s]", abuf, array_index);
@ -1195,16 +1178,6 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
/* Initialize variables */ /* Initialize variables */
add_protected_variable(param); add_protected_variable(param);
/* if param is of form xxx[.*] this will cut it to xxx */
if (!is_anonymous) {
if (temp_filename) {
ZVAL_STR_COPY(&zfilename, temp_filename);
} else {
ZVAL_EMPTY_STRING(&zfilename);
}
safe_php_register_variable_ex(param, &zfilename, NULL, 1);
}
/* Add $foo[tmp_name] */ /* Add $foo[tmp_name] */
if (is_arr_upload) { if (is_arr_upload) {
snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index); snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index);
@ -1257,19 +1230,6 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
} }
register_http_post_files_variable_ex(lbuf, &error_type, &PG(http_globals)[TRACK_VARS_FILES], 0); register_http_post_files_variable_ex(lbuf, &error_type, &PG(http_globals)[TRACK_VARS_FILES], 0);
/* Add $foo_size */
if (is_arr_upload) {
snprintf(lbuf, llen, "%s_size[%s]", abuf, array_index);
} else {
snprintf(lbuf, llen, "%s_size", param);
}
if (!is_anonymous) {
if (size_overflow) {
ZVAL_STRING(&file_size, file_size_buf);
}
safe_php_register_variable_ex(lbuf, &file_size, NULL, size_overflow);
}
/* Add $foo[size] */ /* Add $foo[size] */
if (is_arr_upload) { if (is_arr_upload) {
snprintf(lbuf, llen, "%s[size][%s]", abuf, array_index); snprintf(lbuf, llen, "%s[size][%s]", abuf, array_index);