From 5222c8872da8fb51b981894934aa8e3562ee9240 Mon Sep 17 00:00:00 2001 From: Zeev Suraski Date: Sat, 26 Feb 2000 22:14:49 +0000 Subject: [PATCH] Verified $HTTP_*[] protection --- main/configuration-parser.y | 14 ++++++-------- main/main.c | 12 ++++++------ 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/main/configuration-parser.y b/main/configuration-parser.y index c31b2751bc8..49a60a75ec6 100644 --- a/main/configuration-parser.y +++ b/main/configuration-parser.y @@ -44,10 +44,8 @@ #define PARSING_MODE_BROWSCAP 1 static HashTable configuration_hash; -#ifndef THREAD_SAFE extern HashTable browser_hash; PHPAPI extern char *php_ini_path; -#endif static HashTable *active_hash_table; static zval *current_section; static char *currently_parsed_filename; @@ -428,7 +426,7 @@ statement: free($1.value.str.val); } | TC_STRING { free($1.value.str.val); } - | EXTENSION '=' string_foo { + | EXTENSION '=' cfg_string { zval dummy; #if DEBUG_CFG_PARSER printf("Loading '%s'\n",$3.value.str.val); @@ -436,25 +434,25 @@ statement: php_dl(&$3,MODULE_PERSISTENT,&dummy); } - | T_ZEND_EXTENSION '=' string_foo { + | T_ZEND_EXTENSION '=' cfg_string { #if !defined(ZTS) && !ZEND_DEBUG zend_load_extension($3.value.str.val); #endif free($3.value.str.val); } - | T_ZEND_EXTENSION_TS '=' string_foo { + | T_ZEND_EXTENSION_TS '=' cfg_string { #if defined(ZTS) && !ZEND_DEBUG zend_load_extension($3.value.str.val); #endif free($3.value.str.val); } - | T_ZEND_EXTENSION_DEBUG '=' string_foo { + | T_ZEND_EXTENSION_DEBUG '=' cfg_string { #if !defined(ZTS) && ZEND_DEBUG zend_load_extension($3.value.str.val); #endif free($3.value.str.val); } - | T_ZEND_EXTENSION_DEBUG_TS '=' string_foo { + | T_ZEND_EXTENSION_DEBUG_TS '=' cfg_string { #if defined(ZTS) && ZEND_DEBUG zend_load_extension($3.value.str.val); #endif @@ -488,7 +486,7 @@ statement: ; -string_foo: +cfg_string: TC_STRING { $$ = $1; } | TC_ENCAPSULATED_STRING { $$ = $1; } ; diff --git a/main/main.c b/main/main.c index 5f173789379..be0084e7f46 100644 --- a/main/main.c +++ b/main/main.c @@ -1001,22 +1001,22 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC) } if (PG(http_globals).post) { - zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), PG(http_globals).post, sizeof(zval *), NULL); + zend_hash_update_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), PG(http_globals).post, sizeof(zval *), NULL); } if (PG(http_globals).get) { - zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), PG(http_globals).get, sizeof(zval *), NULL); + zend_hash_update_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), PG(http_globals).get, sizeof(zval *), NULL); } if (PG(http_globals).cookie) { - zend_hash_add_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), PG(http_globals).cookie, sizeof(zval *), NULL); + zend_hash_update_ptr(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), PG(http_globals).cookie, sizeof(zval *), NULL); } if (PG(http_globals).server) { - zend_hash_add_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), PG(http_globals).server, sizeof(zval *), NULL); + zend_hash_update_ptr(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), PG(http_globals).server, sizeof(zval *), NULL); } if (PG(http_globals).environment) { - zend_hash_add_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), PG(http_globals).environment, sizeof(zval *), NULL); + zend_hash_update_ptr(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), PG(http_globals).environment, sizeof(zval *), NULL); } if (PG(http_globals).post_files) { - zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), PG(http_globals).post_files, sizeof(zval *),NULL); + zend_hash_update_ptr(&EG(symbol_table), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), PG(http_globals).post_files, sizeof(zval *),NULL); } return SUCCESS;