diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-23 11:10:11 +0200 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-07-23 15:48:09 +0200 |
commit | fc4d462e947828fdbeac6020ac8f34704a218834 (patch) | |
tree | 106f1c5e9bbde38a468bd3689e8c8d8626714165 /main/php_variables.c | |
parent | 4293dd5d344dd7277fc3af5aa6c0da5ea327f3b6 (diff) | |
download | php-git-fc4d462e947828fdbeac6020ac8f34704a218834.tar.gz |
Fix #78236: convert error on receiving variables when duplicate [
When an input variable name contains a non matched open bracket, we not
only have to replace that with an underscore, but also all following
forbidden characters.
Diffstat (limited to 'main/php_variables.c')
-rw-r--r-- | main/php_variables.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/main/php_variables.c b/main/php_variables.c index dc33e54920..7b753f0cdf 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -178,8 +178,14 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac } else { ip = strchr(ip, ']'); if (!ip) { - /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */ + /* not an index; un-terminate the var name */ *(index_s - 1) = '_'; + /* PHP variables cannot contain ' ', '.', '[' in their names, so we replace the characters with a '_' */ + for (p = index_s; *p; p++) { + if (*p == ' ' || *p == '.' || *p == '[') { + *p = '_'; + } + } index_len = 0; if (index) { |