php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #61000
Patch bug61000.patch revision 2012-02-08 06:08 UTC by laruence@php.net

Patch bug61000.patch for Scripting Engine problem Bug #61000

Patch version 2012-02-08 06:08 UTC

Return to Bug #61000 | Download this patch
Patch Revisions:

Developer: laruence@php.net

Index: trunk/tests/security/bug61000.phpt
===================================================================
--- trunk/tests/security/bug61000.phpt	(revision 0)
+++ trunk/tests/security/bug61000.phpt	(revision 0)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #61000 (Exceeding max nesting level doesn't delete numerical vars)
+--INI--
+max_input_nesting_level=2
+--POST--
+1[a][]=foo&1[a][b][c]=bar
+--GET--
+a[a][]=foo&a[a][b][c]=bar
+--FILE--
+<?php
+print_r($_GET);
+print_r($_POST);
+--EXPECTF--
+Array
+(
+)
+Array
+(
+)
Index: trunk/main/php_variables.c
===================================================================
--- trunk/main/php_variables.c	(revision 323119)
+++ trunk/main/php_variables.c	(working copy)
@@ -133,7 +133,7 @@
 
 				if (track_vars_array) {
 					ht = Z_ARRVAL_P(track_vars_array);
-					zend_hash_del(ht, var, var_len + 1);
+					zend_symtable_del(ht, var, var_len + 1);
 				}
 
 				zval_dtor(val);
Index: branches/PHP_5_3/tests/security/bug61000.phpt
===================================================================
--- branches/PHP_5_3/tests/security/bug61000.phpt	(revision 0)
+++ branches/PHP_5_3/tests/security/bug61000.phpt	(revision 0)
@@ -0,0 +1,19 @@
+--TEST--
+Bug #61000 (Exceeding max nesting level doesn't delete numerical vars)
+--INI--
+max_input_nesting_level=2
+--POST--
+1[a][]=foo&1[a][b][c]=bar
+--GET--
+a[a][]=foo&a[a][b][c]=bar
+--FILE--
+<?php
+print_r($_GET);
+print_r($_POST);
+--EXPECTF--
+Array
+(
+)
+Array
+(
+)
Index: branches/PHP_5_3/main/php_variables.c
===================================================================
--- branches/PHP_5_3/main/php_variables.c	(revision 323119)
+++ branches/PHP_5_3/main/php_variables.c	(working copy)
@@ -138,10 +138,10 @@
 
 				if (track_vars_array) {
 					ht = Z_ARRVAL_P(track_vars_array);
-					zend_hash_del(ht, var, var_len + 1);
+					zend_symtable_del(ht, var, var_len + 1);
 				} else if (PG(register_globals)) {
 					ht = EG(active_symbol_table);
-					zend_hash_del(ht, var, var_len + 1);
+					zend_symtable_del(ht, var, var_len + 1);
 				}
 
 				zval_dtor(val);
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 09:02:29 2014 UTC