Improved fix for MOPB-02-2007

2025-08-16 05:58:45 +02:00 · 2007-06-03 16:19:14 +00:00 · 2007-06-03 16:19:14 +00:00 · a8be5f419d
commit a8be5f419d
parent 79e3c88352
3 changed files with 53 additions and 3 deletions
--- a/1
+++ b/1
@ -1,6 +1,7 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2007, PHP 5.2.4
+- Improved fix for MOPB-02-2007. (Ilia)
 - Fixed bug #41518 (file_exists() warns of open_basedir restriction on 
  non-existent file). (Tony)
 - Fixed bug #39330 (apache2handler does not call shutdown actions before 
--- a/main/php_variables.c
+++ b/main/php_variables.c
@ -125,8 +125,22 @@ PHPAPI void php_register_variable_ex(char *var, zval *val, zval *track_vars_arra
 			int new_idx_len = 0;

 			if(++nest_level > PG(max_input_nesting_level)) {
+				HashTable *ht;
 				/* too many levels of nesting */
-				php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variable nesting level more than allowed %ld (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level));
+
+				if (track_vars_array) {
+					ht = Z_ARRVAL_P(track_vars_array);
+				} else if (PG(register_globals)) {
+					ht = EG(active_symbol_table);
+				}
+
+				zend_hash_del(ht, var, var_len + 1);
+				zval_dtor(val);
+
+				if (!PG(display_errors)) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level more than allowed %ld (change max_input_nesting_level in php.ini to increase the limit)", PG(max_input_nesting_level));
+				}
+				return;
 			}

 			ip++;
@ -142,9 +156,9 @@ PHPAPI void php_register_variable_ex(char *var, zval *val, zval *track_vars_arra
 					/* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */
 					*(index_s - 1) = '_';

-					index_len = var_len = 0;
+					index_len = 0;
 					if (index) {
-						index_len = var_len = strlen(index);
+						index_len = strlen(index);
 					}
 					goto plain_var;
 					return;
--- a/tests/basic/027.phpt
+++ b/tests/basic/027.phpt
@ -0,0 +1,35 @@
+--TEST--
+Handling of max_input_nesting_level being reached
+--INI--
+magic_quotes_gpc=0
+always_populate_raw_post_data=0
+display_errors=0
+max_input_nesting_level=10
+track_errors=1
+log_errors=0
+--SKIPIF--
+<?php if (php_sapi_name()=='cli') echo 'skip'; ?>
+--POST--
+a=1&b=ZYX&c[][][][][][][][][][][][][][][][][][][][][][]=123&d=123&e[][]][]=3
+--FILE--
+<?php
+var_dump($_POST, $php_errormsg);
+?>
+--EXPECT--
+array(4) {
+  ["a"]=>
+  string(1) "1"
+  ["b"]=>
+  string(3) "ZYX"
+  ["d"]=>
+  string(3) "123"
+  ["e"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "3"
+    }
+  }
+}
+string(124) "Unknown: Input variable nesting level more than allowed 10 (change max_input_nesting_level in php.ini to increase the limit)"