Patch bug61000.patch for Scripting Engine problem Bug #61000
Patch version 2012-02-08 06:08 UTC
Return to Bug #61000 |
Download this patch
Patch Revisions:
Developer: laruence@php.net
Index: trunk/tests/security/bug61000.phpt
===================================================================
--- trunk/tests/security/bug61000.phpt (revision 0)
+++ trunk/tests/security/bug61000.phpt (revision 0)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #61000 (Exceeding max nesting level doesn't delete numerical vars)
+--INI--
+max_input_nesting_level=2
+--POST--
+1[a][]=foo&1[a][b][c]=bar
+--GET--
+a[a][]=foo&a[a][b][c]=bar
+--FILE--
+<?php
+print_r($_GET);
+print_r($_POST);
+--EXPECTF--
+Array
+(
+)
+Array
+(
+)
Index: trunk/main/php_variables.c
===================================================================
--- trunk/main/php_variables.c (revision 323119)
+++ trunk/main/php_variables.c (working copy)
@@ -133,7 +133,7 @@
if (track_vars_array) {
ht = Z_ARRVAL_P(track_vars_array);
- zend_hash_del(ht, var, var_len + 1);
+ zend_symtable_del(ht, var, var_len + 1);
}
zval_dtor(val);
Index: branches/PHP_5_3/tests/security/bug61000.phpt
===================================================================
--- branches/PHP_5_3/tests/security/bug61000.phpt (revision 0)
+++ branches/PHP_5_3/tests/security/bug61000.phpt (revision 0)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #61000 (Exceeding max nesting level doesn't delete numerical vars)
+--INI--
+max_input_nesting_level=2
+--POST--
+1[a][]=foo&1[a][b][c]=bar
+--GET--
+a[a][]=foo&a[a][b][c]=bar
+--FILE--
+<?php
+print_r($_GET);
+print_r($_POST);
+--EXPECTF--
+Array
+(
+)
+Array
+(
+)
Index: branches/PHP_5_3/main/php_variables.c
===================================================================
--- branches/PHP_5_3/main/php_variables.c (revision 323119)
+++ branches/PHP_5_3/main/php_variables.c (working copy)
@@ -138,10 +138,10 @@
if (track_vars_array) {
ht = Z_ARRVAL_P(track_vars_array);
- zend_hash_del(ht, var, var_len + 1);
+ zend_symtable_del(ht, var, var_len + 1);
} else if (PG(register_globals)) {
ht = EG(active_symbol_table);
- zend_hash_del(ht, var, var_len + 1);
+ zend_symtable_del(ht, var, var_len + 1);
}
zval_dtor(val);
|
Copyright © 2001-2024 The PHP Group