diff options
| author | Ondřej Surý <ondrej@sury.org> | 2012-02-17 12:10:08 +0100 |
|---|---|---|
| committer | Ondřej Surý <ondrej@sury.org> | 2012-02-17 12:10:08 +0100 |
| commit | f89bb30da3cd51ee2deb566a08e318d6c3995324 (patch) | |
| tree | b402687176685db240a0043af98b91f8f8b3737f /main/php_variables.c | |
| parent | 5292df2401c781de56fd04835c18e11162152626 (diff) | |
| download | php-f89bb30da3cd51ee2deb566a08e318d6c3995324.tar.gz | |
Imported Upstream version 5.4.0~rc8upstream/5.4.0_rc8
Diffstat (limited to 'main/php_variables.c')
| -rw-r--r-- | main/php_variables.c | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/main/php_variables.c b/main/php_variables.c index c34ad4ec3..9ad7a96a4 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_variables.c 323013 2012-02-02 10:26:53Z dmitry $ */ +/* $Id: php_variables.c 323202 2012-02-14 08:58:52Z dmitry $ */ #include <stdio.h> #include "php.h" @@ -183,18 +183,9 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars } else { if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { - if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); - } - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); - } else { - zval_dtor(val); - free_alloca(var_orig, use_heap); - return; - } + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } } symtable1 = Z_ARRVAL_PP(gpc_element_p); @@ -231,14 +222,7 @@ plain_var: zend_symtable_exists(symtable1, index, index_len + 1)) { zval_ptr_dtor(&gpc_element); } else { - if (zend_hash_num_elements(symtable1) <= PG(max_input_vars)) { - if (zend_hash_num_elements(symtable1) == PG(max_input_vars)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); - } - zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); - } else { - zval_ptr_dtor(&gpc_element); - } + zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); } } } @@ -249,6 +233,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler) { char *var, *val, *e, *s, *p; zval *array_ptr = (zval *) arg; + long count = 0; if (SG(request_info).post_data == NULL) { return; @@ -262,6 +247,10 @@ last_value: if ((val = memchr(s, '=', (p - s)))) { /* have a value */ unsigned int val_len, new_val_len; + if (++count > PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + return; + } var = s; php_url_decode(var, (val - s)); @@ -295,6 +284,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) zval *array_ptr; int free_buffer = 0; char *strtok_buf = NULL; + long count = 0; switch (arg) { case PARSE_POST: @@ -384,6 +374,11 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) } } + if (++count > PG(max_input_vars)) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); + break; + } + if (val) { /* have a value */ int val_len; unsigned int new_val_len; |