diff options
| author | Dmitry Stogov <dmitry@php.net> | 2012-02-14 08:58:52 +0000 | 
|---|---|---|
| committer | Dmitry Stogov <dmitry@php.net> | 2012-02-14 08:58:52 +0000 | 
| commit | 04f6171012cb65f3447ec66d62da70300d307799 (patch) | |
| tree | 5ed245fd0be2fce1a012f3acf9c77232ae560023 /main/php_variables.c | |
| parent | dd14c92499c34b92177e354f90485479dbe795b8 (diff) | |
| download | php-git-04f6171012cb65f3447ec66d62da70300d307799.tar.gz | |
Improved max_input_vars directive to check nested variables
Diffstat (limited to 'main/php_variables.c')
| -rw-r--r-- | main/php_variables.c | 35 | 
1 files changed, 15 insertions, 20 deletions
| diff --git a/main/php_variables.c b/main/php_variables.c index f544b7a60e..49e4f4aca2 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -183,18 +183,9 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars  			} else {  				if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE  					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { -					if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { -						if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { -							php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); -						} -						MAKE_STD_ZVAL(gpc_element); -						array_init(gpc_element); -						zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -					} else { -						zval_dtor(val); -						free_alloca(var_orig, use_heap); -						return; -					} +					MAKE_STD_ZVAL(gpc_element); +					array_init(gpc_element); +					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);  				}  			}  			symtable1 = Z_ARRVAL_PP(gpc_element_p); @@ -231,14 +222,7 @@ plain_var:  				zend_symtable_exists(symtable1, index, index_len + 1)) {  				zval_ptr_dtor(&gpc_element);  			} else { -				if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { -					if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { -						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); -					} -					zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -				} else { -					zval_ptr_dtor(&gpc_element); -				} +				zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);  			}  		}  	} @@ -249,6 +233,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)  {  	char *var, *val, *e, *s, *p;  	zval *array_ptr = (zval *) arg; +	long count = 0;  	if (SG(request_info).post_data == NULL) {  		return; @@ -262,6 +247,10 @@ last_value:  		if ((val = memchr(s, '=', (p - s)))) { /* have a value */  			unsigned int val_len, new_val_len; +			if (++count > PG(max_input_vars)) { +				php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); +				return; +			}  			var = s;  			php_url_decode(var, (val - s)); @@ -295,6 +284,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)  	zval *array_ptr;  	int free_buffer = 0;  	char *strtok_buf = NULL; +	long count = 0;  	switch (arg) {  		case PARSE_POST: @@ -384,6 +374,11 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)  			}  		} +		if (++count > PG(max_input_vars)) { +			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); +			break; +		} +  		if (val) { /* have a value */  			int val_len;  			unsigned int new_val_len; | 
