php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch max_input_vars.patch for *General Issues Bug #60655Patch version 2012-01-05 05:03 UTC Return to Bug #60655 | Download this patchThis patch renders other patches obsolete Obsolete patches:
Developer: laruence@php.net-Warning: unserialize() expects exactly 1 parameter, 2 given in %s on line 21 +Notice: unserialize(): Error at offset 0 of 1 bytes in %sserialization_error_001.php on line %d bool(false) Done Index: trunk/ext/standard/tests/serialize/unserialize_max_vars.phpt =================================================================== --- trunk/ext/standard/tests/serialize/unserialize_max_vars.phpt (revision 0) +++ trunk/ext/standard/tests/serialize/unserialize_max_vars.phpt (revision 0) @@ -0,0 +1,57 @@ +--TEST-- +Test unserialize() functions with max_input_vars +--FILE-- +<?php +$str = serialize(array(1,2,3)); // there will be 4 items, array, and 1, 2, 3 + +print_r(unserialize($str, 3)); +print_r(unserialize($str, 4)); + +$str = serialize(array(array(),array(2,3))); // there will be 5 items, array, and array, array, 2, 3 +print_r(unserialize($str, 3)); +print_r(unserialize($str, 5)); + +$obj = (object)(array(array(),array(2,3))); +$str = serialize($obj); + +print_r(unserialize($str, 3)); +print_r(unserialize($str, 5)); +?> +--EXPECTF-- +Warning: unserialize(): Unserialized variables exceeded 3 in %sunserialize_max_vars.php on line %d +Array +( + [0] => 1 + [1] => 2 + [2] => 3 +) + +Warning: unserialize(): Unserialized variables exceeded 3 in %sunserialize_max_vars.php on line %d +Array +( + [0] => Array + ( + ) + + [1] => Array + ( + [0] => 2 + [1] => 3 + ) + +) + +Warning: unserialize(): Unserialized variables exceeded 3 in %sunserialize_max_vars.php on line %d +stdClass Object +( + [0] => Array + ( + ) + + [1] => Array + ( + [0] => 2 + [1] => 3 + ) + +) Index: trunk/ext/standard/var_unserializer.c =================================================================== --- trunk/ext/standard/var_unserializer.c (revision 321767) +++ trunk/ext/standard/var_unserializer.c (working copy) yy14: ++YYCURSOR; -#line 741 "ext/standard/var_unserializer.re" +#line 760 "ext/standard/var_unserializer.re" { { /* this is the case where we have less data than planned */ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Unexpected end of serialized data"); return 0; /* not sure if it should be 0 or 1 here? */ } { long elements = parse_iv(start + 2); /* use iv() not uiv() in order to check data range */ @@ -747,13 +756,14 @@ array_init_size(*rval, elements); + ++(BG(unserialize).num_vars); if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_PP(rval), elements, 0)) { return 0; } array_init_size(*rval, elements); + ++(BG(unserialize).num_vars); if (!process_nested_data(UNSERIALIZE_PASSTHRU, Z_ARRVAL_PP(rval), elements, 0)) { return 0; } return finish_nested_data(UNSERIALIZE_PASSTHRU); } -#line 757 "ext/standard/var_unserializer.c" +#line 767 "ext/standard/var_unserializer.c" { size_t len, maxlen; char *str; @@ -801,9 +811,10 @@ INIT_PZVAL(*rval); INIT_PZVAL(*rval); ZVAL_STRINGL(*rval, str, len, 0); + ++(BG(unserialize).num_vars); return 1; } yy63: ++YYCURSOR; -#line 529 "ext/standard/var_unserializer.re" +#line 541 "ext/standard/var_unserializer.re" { #if SIZEOF_LONG == 4 { #if SIZEOF_LONG == 4 use_double: @@ -948,9 +960,10 @@ *p = YYCURSOR; INIT_PZVAL(*rval); yych = *++YYCURSOR; if (yych == 'N') goto yy73; @@ -1051,7 +1065,7 @@ if (yych <= '9') goto yy79; if (yych != ';') goto yy18; if (yych != ';') goto yy18; ++YYCURSOR; -#line 487 "ext/standard/var_unserializer.re" +#line 497 "ext/standard/var_unserializer.re" { if (yych != ';') goto yy18; ++YYCURSOR; -#line 450 "ext/standard/var_unserializer.re" +#line 457 "ext/standard/var_unserializer.re" { { long id; @@ -1147,9 +1164,10 @@ Z_ADDREF_PP(rval); + long max_vars = PG(max_input_vars); - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|l", &buf, &buf_len, &max_vars) == FAILURE) { RETURN_FALSE; RETURN_FALSE; } @@ -939,10 +940,13 @@ /*!re2c "R:" iv ";" { @@ -444,6 +450,7 @@ Z_ADDREF_PP(rval); Z_SET_ISREF_PP(rval); + ++(BG(unserialize).num_vars); return 1; } @@ -467,6 +474,7 @@ Z_ADDREF_PP(rval); Z_UNSET_ISREF_PP(rval); + ++(BG(unserialize).num_vars); return 1; } Z_ADDREF_PP(rval); Z_SET_ISREF_PP(rval); + ++(BG(unserialize).num_vars); return 1; } @@ -467,6 +474,7 @@ Z_ADDREF_PP(rval); Z_UNSET_ISREF_PP(rval); + ++(BG(unserialize).num_vars); return 1; } @@ -474,6 +482,7 @@ *p = YYCURSOR; INIT_PZVAL(*rval); +$x = json_decode($json, false, 512, 1000, JSON_BIGINT_AS_STRING); var_dump($x->largenum); echo "Done\n"; ?> Index: trunk/ext/json/tests/max_input_vars.phpt =================================================================== --- trunk/ext/json/tests/max_input_vars.phpt (revision 0) +++ trunk/ext/json/tests/max_input_vars.phpt (revision 0) @@ -0,0 +1,40 @@ +--TEST-- +json_decode() with max_input_vars +--SKIPIF-- +<?php if (!extension_loaded("json")) print "skip"; ?> +--FILE-- +<?php + +$a = array(1,2,3,4); //an array, and 1,2,3,4 total 5 elements +$str = json_encode($a); + +print_r(json_decode($str, false, 512, 4)); +var_dump(json_last_error() == JSON_ERROR_MAX_VARS); +print_r(json_decode($str, false, 512, 5)); + +$a = array(1,array(1),3); //an array, 1, an array, 1, 3 total 5 elements +$str = json_encode($a); +print_r(json_decode($str, true, 512, 4)); +var_dump(json_last_error() == JSON_ERROR_MAX_VARS); +print_r(json_decode($str, true, 512, 5)); +?> +--EXPECT-- +bool(true) +Array +( + [0] => 1 + [1] => 2 + [2] => 3 + [3] => 4 +) +bool(true) +Array +( + [0] => 1 + [1] => Array + ( + [0] => 1 + ) + + [2] => 3 +) Index: trunk/ext/json/tests/json_decode_error.phpt =================================================================== --- trunk/ext/json/tests/json_decode_error.phpt (revision 321767) +++ trunk/ext/json/tests/json_decode_error.phpt (working copy) JSON_RESET_TYPE(); } @@ -615,6 +629,7 @@ if (jp->top > 1) { attach_zval(jp, jp->top - 1, jp->top, &key, assoc TSRMLS_CC); + ++num_vars; } static inline void php_json_decode(zval *return_value, char *str, int str_len, zend_bool assoc, long depth TSRMLS_DC) { - php_json_decode_ex(return_value, str, str_len, assoc ? PHP_JSON_OBJECT_AS_ARRAY : 0, depth TSRMLS_CC); + php_json_decode_ex(return_value, str, str_len, assoc ? PHP_JSON_OBJECT_AS_ARRAY : 0, depth, 0 TSRMLS_CC); } } Index: trunk/ext/json/JSON_parser.h =================================================================== --- trunk/ext/json/JSON_parser.h (revision 321767) +++ trunk/ext/json/JSON_parser.h (working copy) -Warning: unserialize() expects exactly 1 parameter, 2 given in %s on line 21 +Notice: unserialize(): Error at offset 0 of 1 bytes in %sserialization_error_001.php on line %d bool(false) Done Index: branches/PHP_5_4/ext/standard/tests/serialize/unserialize_max_vars.phpt =================================================================== --- branches/PHP_5_4/ext/standard/tests/serialize/unserialize_max_vars.phpt (revision 0) +++ branches/PHP_5_4/ext/standard/tests/serialize/unserialize_max_vars.phpt (revision 0) @@ -0,0 +1,57 @@ +--TEST-- +Test unserialize() functions with max_input_vars +--FILE-- +<?php +$str = serialize(array(1,2,3)); // there will be 4 items, array, and 1, 2, 3 + +print_r(unserialize($str, 3)); +print_r(unserialize($str, 4)); + +$str = serialize(array(array(),array(2,3))); // there will be 5 items, array, and array, array, 2, 3 +print_r(unserialize($str, 3)); +print_r(unserialize($str, 5)); + +$obj = (object)(array(array(),array(2,3))); +$str = serialize($obj); + +print_r(unserialize($str, 3)); +print_r(unserialize($str, 5)); +?> +--EXPECTF-- +Warning: unserialize(): Unserialized variables exceeded 3 in %sunserialize_max_vars.php on line %d +Array +( + [0] => 1 + [1] => 2 + [2] => 3 +) + +Warning: unserialize(): Unserialized variables exceeded 3 in %sunserialize_max_vars.php on line %d +Array +( + [0] => Array + ( + ) + + [1] => Array + ( + [0] => 2 + [1] => 3 + ) + +) + +Warning: unserialize(): Unserialized variables exceeded 3 in %sunserialize_max_vars.php on line %d +stdClass Object +( + [0] => Array + ( + ) + + [1] => Array + ( + [0] => 2 + [1] => 3 + ) + +) Index: branches/PHP_5_4/ext/standard/var_unserializer.c =================================================================== --- branches/PHP_5_4/ext/standard/var_unserializer.c (revision 321767) +++ branches/PHP_5_4/ext/standard/var_unserializer.c (working copy) |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Tue Apr 23 17:01:31 2024 UTC |