diff options
| author | Zeev Suraski <zeev@php.net> | 2000-09-04 22:05:00 +0000 |
|---|---|---|
| committer | Zeev Suraski <zeev@php.net> | 2000-09-04 22:05:00 +0000 |
| commit | 5dca99232e64336a389c73d19342ab224074bc8b (patch) | |
| tree | f7cc80296553d9fc2c09f47c6c14752a4d0212ba | |
| parent | 60825fab8808c76c98028b5d19e7f95f96c65279 (diff) | |
| download | php-git-5dca99232e64336a389c73d19342ab224074bc8b.tar.gz | |
Prevent exploit in [tmp_name] as well
| -rw-r--r-- | main/rfc1867.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/main/rfc1867.c b/main/rfc1867.c index 70ddeba927..183b1a8b86 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -358,6 +358,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr) sprintf(lbuf, "%s[tmp_name]", namebuf); } register_http_post_files_variable(lbuf, fn, http_post_files ELS_CC PLS_CC); + add_protected_variable(lbuf PLS_CC); { zval file_size; |