Verified $HTTP_*[] protection

2024-09-22 18:37:25 +00:00 · 2000-02-26 22:14:49 +00:00 · 2000-02-26 22:14:49 +00:00 · 5222c8872d
commit 5222c8872d
parent ece1369191
2 changed files with 12 additions and 14 deletions
--- a/main/configuration-parser.y
+++ b/main/configuration-parser.y
@ -44,10 +44,8 @@
 #define PARSING_MODE_BROWSCAP 1

 static HashTable configuration_hash;
-#ifndef THREAD_SAFE
 extern HashTable browser_hash;
 PHPAPI extern char *php_ini_path;
-#endif
 static HashTable *active_hash_table;
 static zval *current_section;
 static char *currently_parsed_filename;
@ -428,7 +426,7 @@ statement:
 			free($1.value.str.val);
 		}
 	|	TC_STRING { free($1.value.str.val); }
-	|	EXTENSION '=' string_foo {
+	|	EXTENSION '=' cfg_string {
 			zval dummy;
 #if DEBUG_CFG_PARSER
 			printf("Loading '%s'\n",$3.value.str.val);
@ -436,25 +434,25 @@ statement:
 			
 			php_dl(&$3,MODULE_PERSISTENT,&dummy);
 		}
-	|	T_ZEND_EXTENSION '=' string_foo {
+	|	T_ZEND_EXTENSION '=' cfg_string {
 #if !defined(ZTS) && !ZEND_DEBUG
 			zend_load_extension($3.value.str.val);
 #endif
 			free($3.value.str.val);
 		}
-	|	T_ZEND_EXTENSION_TS '=' string_foo { 
+	|	T_ZEND_EXTENSION_TS '=' cfg_string { 
 #if defined(ZTS) && !ZEND_DEBUG
 			zend_load_extension($3.value.str.val);
 #endif
 			free($3.value.str.val);
 		}
-	|	T_ZEND_EXTENSION_DEBUG '=' string_foo { 
+	|	T_ZEND_EXTENSION_DEBUG '=' cfg_string { 
 #if !defined(ZTS) && ZEND_DEBUG
 			zend_load_extension($3.value.str.val);
 #endif
 			free($3.value.str.val);
 		}
-	|	T_ZEND_EXTENSION_DEBUG_TS '=' string_foo { 
+	|	T_ZEND_EXTENSION_DEBUG_TS '=' cfg_string { 
 #if defined(ZTS) && ZEND_DEBUG
 			zend_load_extension($3.value.str.val);
 #endif
@ -488,7 +486,7 @@ statement:
 ;


-string_foo:
+cfg_string:
 		TC_STRING { $$ = $1; }
 	|	TC_ENCAPSULATED_STRING { $$ = $1; }
 ;
--- a/main/main.c
+++ b/main/main.c
@ -1001,22 +1001,22 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC)
 	}

 	if (PG(http_globals).post) {
-		zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), PG(http_globals).post, sizeof(zval *), NULL);
+		zend_hash_update_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), PG(http_globals).post, sizeof(zval *), NULL);
 	}
 	if (PG(http_globals).get) {
-		zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), PG(http_globals).get, sizeof(zval *), NULL);
+		zend_hash_update_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), PG(http_globals).get, sizeof(zval *), NULL);
 	}
 	if (PG(http_globals).cookie) {
-		zend_hash_add_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), PG(http_globals).cookie, sizeof(zval *), NULL);
+		zend_hash_update_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), PG(http_globals).cookie, sizeof(zval *), NULL);
 	}
 	if (PG(http_globals).server) {
-		zend_hash_add_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), PG(http_globals).server, sizeof(zval *), NULL);
+		zend_hash_update_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), PG(http_globals).server, sizeof(zval *), NULL);
 	}
 	if (PG(http_globals).environment) {
-		zend_hash_add_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), PG(http_globals).environment, sizeof(zval *), NULL);
+		zend_hash_update_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), PG(http_globals).environment, sizeof(zval *), NULL);
 	}
 	if (PG(http_globals).post_files) {
-		zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), PG(http_globals).post_files, sizeof(zval *),NULL);
+		zend_hash_update_ptr(&EG(symbol_table), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), PG(http_globals).post_files, sizeof(zval *),NULL);
 	}

 	return SUCCESS;