clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-21 18:07:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #31440 ($GLOBALS can be overwritten via GPC when register_globals

Browse Source 
is enabled).
This commit is contained in:
Ilia Alshanetsky 2005-02-17 04:44:11 +00:00
parent 55f53a5a96
commit ed9e8c7c81
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
main/php_variables.c
View File

@ -539,6 +539,7 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
ulong num_key;
HashPosition pos;
int key_type;
int globals_check = (PG(register_globals) && (dest == (&EG(symbol_table))));
zend_hash_internal_pointer_reset_ex(src, &pos);
while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
@ -549,7 +550,12 @@ static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
|| Z_TYPE_PP(dest_entry) != IS_ARRAY) {
(*src_entry)->refcount++;
if (key_type == HASH_KEY_IS_STRING) {
zend_hash_update(dest, string_key, strlen(string_key)+1, src_entry, sizeof(zval *), NULL);
/* if register_globals is on and working with main symbol table, prevent overwriting of GLOBALS */
if (!globals_check || string_key_len != sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
zend_hash_update(dest, string_key, string_key_len, src_entry, sizeof(zval *), NULL);
} else {
(*src_entry)->refcount--;
}
} else {
zend_hash_index_update(dest, num_key, src_entry, sizeof(zval *), NULL);
}