mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-25 02:44:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

- Prevent registration of the variable when a zero-length is returned

Browse Source 
from the sapi_input_filter.
This commit is contained in:
Derick Rethans 2003-11-26 09:53:22 +00:00
parent 7780cbc9f3
commit 370dfd39a9
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
main/php_variables.c
View File

@ -213,7 +213,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
php_url_decode(var, strlen(var));
val_len = php_url_decode(val, strlen(val));
val_len = sapi_module.input_filter(PARSE_POST, var, &val, val_len TSRMLS_CC);
php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
if (val_len) {
php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
}
}
var = php_strtok_r(NULL, "&", &strtok_buf);
}
@ -308,7 +310,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
php_url_decode(var, strlen(var));
val_len = php_url_decode(val, strlen(val));
val_len = sapi_module.input_filter(arg, var, &val, val_len TSRMLS_CC);
php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
if (val_len) {
php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
}
} else {
php_url_decode(var, strlen(var));
php_register_variable_safe(var, "", 0, array_ptr TSRMLS_CC);

19
main/rfc1867.c
View File

@ -881,22 +881,25 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
if (!filename && param) {
char *value = multipart_buffer_read_body(mbuff TSRMLS_CC);
int val_len;
if (!value) {
value = estrdup("");
}
sapi_module.input_filter(PARSE_POST, param, &value, strlen(value) TSRMLS_CC);
val_len = sapi_module.input_filter(PARSE_POST, param, &value, strlen(value) TSRMLS_CC);
if (val_len) {
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
if (php_mb_encoding_translation(TSRMLS_C)) {
php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
&num_vars, &num_vars_max TSRMLS_CC);
} else {
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
}
if (php_mb_encoding_translation(TSRMLS_C)) {
php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
&num_vars, &num_vars_max TSRMLS_CC);
} else {
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
}
#else
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
#endif
}
if (!strcasecmp(param, "MAX_FILE_SIZE")) {
max_file_size = atol(value);
}