diff options
| author | Gustavo André dos Santos Lopes <cataphract@php.net> | 2012-03-21 21:06:00 +0000 |
|---|---|---|
| committer | Gustavo André dos Santos Lopes <cataphract@php.net> | 2012-03-21 21:12:31 +0000 |
| commit | 2d2995f343629b80649fb09ce37e7e0750d2af4a (patch) | |
| tree | 873e9e37068f6ea767539c6f82715c20f1c0ec53 /sapi | |
| parent | 657547f8c4758efcf85c73fec6d7fd8b3983d7cb (diff) | |
| parent | d1fd5432e1576865dbeb7650b7c7e0fa0bd3a4e1 (diff) | |
| download | php-git-2d2995f343629b80649fb09ce37e7e0750d2af4a.tar.gz | |
Fixed bug #61043: Regression in magic_quotes_gpc fix (CVE-2012-0831)
Merge commit 'refs/pull/12/head' of git://github.com/php/php-src into 5.3
Signed-off-by: Gustavo André dos Santos Lopes <cataphract@php.net>
Diffstat (limited to 'sapi')
| -rw-r--r-- | sapi/cgi/cgi_main.c | 6 | ||||
| -rw-r--r-- | sapi/fpm/fpm/fpm_main.c | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c index 6444781747..dfd77e49d3 100644 --- a/sapi/cgi/cgi_main.c +++ b/sapi/cgi/cgi_main.c @@ -624,7 +624,7 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC) int filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER; /* turn off magic_quotes while importing environment variables */ - if (PG(magic_quotes_gpc)) { + if (magic_quotes_gpc) { zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC); } for (zend_hash_internal_pointer_reset_ex(request->env, &pos); @@ -638,7 +638,9 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC) php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC); } } - PG(magic_quotes_gpc) = magic_quotes_gpc; + if (magic_quotes_gpc) { + zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC); + } } } diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c index 79ec9c37f1..1ebeefaab1 100644 --- a/sapi/fpm/fpm/fpm_main.c +++ b/sapi/fpm/fpm/fpm_main.c @@ -595,7 +595,7 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC) filter_arg = (array_ptr == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER; /* turn off magic_quotes while importing environment variables */ - if (PG(magic_quotes_gpc)) { + if (magic_quotes_gpc) { zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC); } for (zend_hash_internal_pointer_reset_ex(request->env, &pos); @@ -609,7 +609,9 @@ void cgi_php_import_environment_variables(zval *array_ptr TSRMLS_DC) php_register_variable_safe(var, *val, new_val_len, array_ptr TSRMLS_CC); } } - PG(magic_quotes_gpc) = magic_quotes_gpc; + if (magic_quotes_gpc) { + zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC); + } } static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC) |