Permalink
Browse files

- Remove track_vars - it is now always on

- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
  • Loading branch information...
1 parent 3c45b97 commit eb3214490287d4f8fd87a0e709f24e56eb97ae12 @zsuraski zsuraski committed Sep 5, 2000
Showing with 107 additions and 127 deletions.
  1. +7 −38 ext/session/session.c
  2. +45 −38 main/main.c
  3. +5 −1 main/network.c
  4. +8 −10 main/php_globals.h
  5. +6 −1 main/php_network.h
  6. +19 −25 main/php_variables.c
  7. +4 −6 main/rfc1867.c
  8. +5 −2 php.ini-dist
  9. +2 −3 php.ini-optimized
  10. +2 −3 php.ini-recommended
  11. +4 −0 win32/php4dllts.dsp
View
45 ext/session/session.c
@@ -244,24 +244,22 @@ static void php_set_session_var(char *name, size_t namelen,
zval_copy_ctor(state_val_copy);
state_val_copy->refcount = 0;
- if (PG(register_globals) && PG(track_vars)) {
+ if (PG(register_globals)) {
zend_set_hash_symbol(state_val_copy, name, namelen, 0, 2, PS(http_session_vars)->value.ht, &EG(symbol_table));
} else {
if (PG(register_globals)) {
zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, &EG(symbol_table));
}
- if (PG(track_vars)) {
- zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, PS(http_session_vars)->value.ht);
- }
+ zend_set_hash_symbol(state_val_copy, name, namelen, 0, 1, PS(http_session_vars)->value.ht);
}
}
static int php_get_session_var(char *name, size_t namelen, zval ***state_var PLS_DC PSLS_DC ELS_DC)
{
HashTable *ht = &EG(symbol_table);
- if (!PG(register_globals) && PG(track_vars))
+ if (!PG(register_globals))
ht = PS(http_session_vars)->value.ht;
return zend_hash_find(ht, name, namelen + 1, (void **)state_var);
@@ -523,8 +521,7 @@ static void _php_session_decode(const char *val, int vallen PSLS_DC)
{
PLS_FETCH();
- if (PG(track_vars))
- php_session_track_init();
+ php_session_track_init();
if (PS(serializer)->decode(val, vallen PSLS_CC) == FAILURE) {
_php_session_destroy(PSLS_C);
php_error(E_WARNING, "Failed to decode session object. Session has been destroyed.");
@@ -844,8 +841,6 @@ static void _php_session_start(PSLS_D)
char *p;
int send_cookie = 1;
int define_sid = 1;
- zend_bool register_globals;
- zend_bool track_vars;
int module_number = PS(module_number);
int nrand;
int lensess;
@@ -856,39 +851,13 @@ static void _php_session_start(PSLS_D)
lensess = strlen(PS(session_name));
- register_globals = INI_BOOL("register_globals");
- track_vars = INI_BOOL("track_vars");
-
- if (!register_globals && !track_vars) {
- php_error(E_ERROR, "The session module will not work if you have disabled track_vars and register_globals. At least one of them must be enabled.");
- return;
- }
- if (!track_vars && PS(use_cookies))
- php_error(E_NOTICE, "Because track_vars is disabled, the session module will not be able to determine whether the user has sent a cookie. SID will always be defined.");
-
- /*
- * If our only resource is the global symbol_table, then check it.
- * If track_vars are enabled, we prefer these, because they are more
- * reliable, and we always know whether the user has accepted the
- * cookie.
- */
-
- if (register_globals &&
- !track_vars &&
- !PS(id) &&
- zend_hash_find(&EG(symbol_table), PS(session_name),
- lensess + 1, (void **) &ppid) == SUCCESS) {
- PPID2SID;
- send_cookie = 0;
- }
-
/*
- * Now check the track_vars. Cookies are preferred, because initially
+ * Cookies are preferred, because initially
* cookie and get variables will be available.
*/
- if (!PS(id) && track_vars) {
+ if (!PS(id)) {
if (zend_hash_find(&EG(symbol_table), "HTTP_COOKIE_VARS",
sizeof("HTTP_COOKIE_VARS"), (void **) &data) == SUCCESS &&
(*data)->type == IS_ARRAY &&
@@ -1244,7 +1213,7 @@ static void php_register_var(zval** entry PSLS_DC PLS_DC)
} else {
convert_to_string_ex(entry);
- if (!PG(track_vars) || strcmp((*entry)->value.str.val, "HTTP_SESSION_VARS") != 0)
+ if (strcmp((*entry)->value.str.val, "HTTP_SESSION_VARS") != 0)
PS_ADD_VARL((*entry)->value.str.val, (*entry)->value.str.len);
}
}
View
83 main/main.c
@@ -225,7 +225,6 @@ PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("short_open_tag", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, short_tags, zend_compiler_globals, compiler_globals)
STD_PHP_INI_BOOLEAN("sql.safe_mode", "0", PHP_INI_SYSTEM, OnUpdateBool, sql_safe_mode, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("track_errors", "0", PHP_INI_ALL, OnUpdateBool, track_errors, php_core_globals, core_globals)
- STD_PHP_INI_BOOLEAN("track_vars", "1", PHP_INI_ALL, OnUpdateBool, track_vars, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("y2k_compliance", "0", PHP_INI_ALL, OnUpdateBool, y2k_compliance, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("arg_separator", "&", PHP_INI_ALL, OnUpdateStringUnempty, arg_separator, php_core_globals, core_globals)
@@ -922,12 +921,10 @@ static inline void php_register_server_variables(ELS_D SLS_DC PLS_DC)
{
zval *array_ptr=NULL;
- if (PG(track_vars)) {
- ALLOC_ZVAL(array_ptr);
- array_init(array_ptr);
- INIT_PZVAL(array_ptr);
- PG(http_globals).server = array_ptr;
- }
+ ALLOC_ZVAL(array_ptr);
+ array_init(array_ptr);
+ INIT_PZVAL(array_ptr);
+ PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
/* Server variables */
if (sapi_module.register_server_variables) {
@@ -954,8 +951,31 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC)
char *p;
unsigned char _gpc_flags[3] = {0,0,0};
zend_bool have_variables_order;
-
- PG(http_globals).post = PG(http_globals).get = PG(http_globals).cookie = PG(http_globals).server = PG(http_globals).environment = PG(http_globals).post_files = NULL;
+ zval *dummy_track_vars_array;
+ zend_bool initialized_dummy_track_vars_array=0;
+ int i;
+ char *track_vars_names[] = {
+ "HTTP_POST_VARS",
+ "HTTP_GET_VARS",
+ "HTTP_COOKIE_VARS",
+ "HTTP_SERVER_VARS",
+ "HTTP_ENV_VARS",
+ "HTTP_POST_FILES",
+ NULL
+ };
+ int track_vars_names_length[] = {
+ sizeof("HTTP_POST_VARS"),
+ sizeof("HTTP_GET_VARS"),
+ sizeof("HTTP_COOKIE_VARS"),
+ sizeof("HTTP_SERVER_VARS"),
+ sizeof("HTTP_ENV_VARS"),
+ sizeof("HTTP_POST_FILES")
+ };
+
+
+ for (i=0; i<6; i++) {
+ PG(http_globals)[i] = NULL;
+ }
if (PG(variables_order)) {
p = PG(variables_order);
@@ -1008,25 +1028,18 @@ static int php_hash_environment(ELS_D SLS_DC PLS_DC)
php_register_server_variables(ELS_C SLS_CC PLS_CC);
}
- if (PG(http_globals).post) {
- zend_hash_update(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), &PG(http_globals).post, sizeof(zval *), NULL);
- }
- if (PG(http_globals).get) {
- zend_hash_update(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), &PG(http_globals).get, sizeof(zval *), NULL);
- }
- if (PG(http_globals).cookie) {
- zend_hash_update(&EG(symbol_table), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), &PG(http_globals).cookie, sizeof(zval *), NULL);
- }
- if (PG(http_globals).server) {
- zend_hash_update(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), &PG(http_globals).server, sizeof(zval *), NULL);
- }
- if (PG(http_globals).environment) {
- zend_hash_update(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), &PG(http_globals).environment, sizeof(zval *), NULL);
- }
- if (PG(http_globals).post_files) {
- zend_hash_update(&EG(symbol_table), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), &PG(http_globals).post_files, sizeof(zval *),NULL);
+ for (i=0; i<6; i++) {
+ if (!PG(http_globals)[i] && !initialized_dummy_track_vars_array) {
+ ALLOC_ZVAL(dummy_track_vars_array);
+ array_init(dummy_track_vars_array);
+ INIT_PZVAL(dummy_track_vars_array);
+ initialized_dummy_track_vars_array = 1;
+ } else {
+ dummy_track_vars_array->refcount++;
+ PG(http_globals)[i] = dummy_track_vars_array;
+ }
+ zend_hash_update(&EG(symbol_table), track_vars_names[i], track_vars_names_length[i], &PG(http_globals)[i], sizeof(zval *), NULL);
}
-
return SUCCESS;
}
@@ -1036,9 +1049,6 @@ static void php_build_argv(char *s, zval *track_vars_array ELS_DC PLS_DC)
pval *arr, *argc, *tmp;
int count = 0;
char *ss, *space;
-
- if (!PG(register_globals) && !PG(track_vars))
- return;
ALLOC_ZVAL(arr);
array_init(arr);
@@ -1084,15 +1094,12 @@ static void php_build_argv(char *s, zval *track_vars_array ELS_DC PLS_DC)
zend_hash_add(&EG(symbol_table), "argc", sizeof("argc"), &argc, sizeof(zval *), NULL);
}
- if (PG(track_vars)) {
- if (PG(register_globals)) {
- arr->refcount++;
- argc->refcount++;
- }
- zend_hash_update(track_vars_array->value.ht, "argv", sizeof("argv"), &arr, sizeof(pval *), NULL);
- zend_hash_update(track_vars_array->value.ht, "argc", sizeof("argc"), &argc, sizeof(pval *), NULL);
+ if (PG(register_globals)) {
+ arr->refcount++;
+ argc->refcount++;
}
-
+ zend_hash_update(track_vars_array->value.ht, "argv", sizeof("argv"), &arr, sizeof(pval *), NULL);
+ zend_hash_update(track_vars_array->value.ht, "argc", sizeof("argc"), &argc, sizeof(pval *), NULL);
}
View
6 main/network.c
@@ -37,8 +37,12 @@
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
+#else
+int inet_aton(const char *, struct in_addr *);
#endif
+#include "php_network.h"
+
#ifdef PHP_WIN32
#undef AF_UNIX
#endif
@@ -150,7 +154,7 @@ static int php_network_getaddresses(const char *host, struct sockaddr ***sal)
* port, returns the created socket on success, else returns -1.
* timeout gives timeout in seconds, 0 means blocking mode.
*/
-int php_hostconnect(char *host, int port, int socktype, int timeout)
+int php_hostconnect(char *host, unsigned short port, int socktype, int timeout)
{
int s;
struct sockaddr **sal, **psal;
View
18 main/php_globals.h
@@ -42,14 +42,13 @@ extern PHPAPI int core_globals_id;
extern ZEND_API struct _php_core_globals core_globals;
#endif
-typedef struct _php_http_globals {
- zval *post;
- zval *get;
- zval *cookie;
- zval *server;
- zval *environment;
- zval *post_files;
-} php_http_globals;
+
+#define TRACK_VARS_POST 1
+#define TRACK_VARS_GET 2
+#define TRACK_VARS_COOKIE 3
+#define TRACK_VARS_SERVER 4
+#define TRACK_VARS_ENV 5
+#define TRACK_VARS_FILES 6
struct _php_tick_function_entry;
@@ -103,11 +102,10 @@ struct _php_core_globals {
zend_llist tick_functions;
- php_http_globals http_globals;
+ zval *http_globals[6];
zend_bool expose_php;
- zend_bool track_vars;
zend_bool register_globals;
zend_bool register_argc_argv;
View
7 main/php_network.h
@@ -17,7 +17,12 @@
*/
/* $Id$ */
-int php_hostconnect(char *host, int port, int socktype, int timeout);
+#ifndef _PHP_NETWORK_H
+#define _PHP_NETWORK_H
+
+int php_hostconnect(char *host, unsigned short port, int socktype, int timeout);
+
+#endif /* _PHP_NETWORK_H */
/*
* Local variables:
View
44 main/php_variables.c
@@ -57,7 +57,7 @@ PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_arra
zend_bool free_index;
HashTable *symtable1=NULL;
HashTable *symtable2=NULL;
-
+
if (PG(register_globals)) {
symtable1 = EG(active_symbol_table);
}
@@ -69,7 +69,7 @@ PHPAPI void php_register_variable_ex(char *var, zval *val, pval *track_vars_arra
}
}
if (!symtable1) {
- /* we don't need track_vars, and we're not setting GPC globals either. */
+ /* Nothing to do */
zval_dtor(val);
return;
}
@@ -220,23 +220,19 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC)
case PARSE_POST:
case PARSE_GET:
case PARSE_COOKIE:
- if (PG(track_vars)) {
- ALLOC_ZVAL(array_ptr);
- array_init(array_ptr);
- INIT_PZVAL(array_ptr);
- switch (arg) {
- case PARSE_POST:
- PG(http_globals).post = array_ptr;
- break;
- case PARSE_GET:
- PG(http_globals).get = array_ptr;
- break;
- case PARSE_COOKIE:
- PG(http_globals).cookie = array_ptr;
- break;
- }
- } else {
- array_ptr=NULL;
+ ALLOC_ZVAL(array_ptr);
+ array_init(array_ptr);
+ INIT_PZVAL(array_ptr);
+ switch (arg) {
+ case PARSE_POST:
+ PG(http_globals)[TRACK_VARS_POST] = array_ptr;
+ break;
+ case PARSE_GET:
+ PG(http_globals)[TRACK_VARS_GET] = array_ptr;
+ break;
+ case PARSE_COOKIE:
+ PG(http_globals)[TRACK_VARS_COOKIE] = array_ptr;
+ break;
}
break;
default:
@@ -309,12 +305,10 @@ void php_import_environment_variables(ELS_D PLS_DC)
char **env, *p, *t;
zval *array_ptr=NULL;
- if (PG(track_vars)) {
- ALLOC_ZVAL(array_ptr);
- array_init(array_ptr);
- INIT_PZVAL(array_ptr);
- PG(http_globals).environment = array_ptr;
- }
+ ALLOC_ZVAL(array_ptr);
+ array_init(array_ptr);
+ INIT_PZVAL(array_ptr);
+ PG(http_globals)[TRACK_VARS_ENV] = array_ptr;
for (env = environ; env != NULL && *env != NULL; env++) {
p = strchr(*env, '=');
View
10 main/rfc1867.c
@@ -102,12 +102,10 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr)
zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0);
- if (PG(track_vars)) {
- ALLOC_ZVAL(http_post_files);
- array_init(http_post_files);
- INIT_PZVAL(http_post_files);
- PG(http_globals).post_files = http_post_files;
- }
+ ALLOC_ZVAL(http_post_files);
+ array_init(http_post_files);
+ INIT_PZVAL(http_post_files);
+ PG(http_globals)[TRACK_VARS_POST] = http_post_files;
ptr = buf;
rem = cnt;
View
7 php.ini-dist
@@ -181,6 +181,7 @@ warn_plus_overloading = Off ; warn if the + operator is used with strings
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
+; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
variables_order = "EGPCS" ; This directive describes the order in which PHP registers
; GET, POST, Cookie, Environment and Built-in variables (G, P,
; C, E & S respectively, often referred to as EGPCS or GPC).
@@ -192,12 +193,14 @@ register_globals = On ; Whether or not to register the EGPCS variables as globa
; most sense when coupled with track_vars - in which case you can
; access all of the GPC variables through the $HTTP_*_VARS[],
; variables.
+ ; You should do your best to write your scripts so that they do
+ ; not require register_globals to be on; Using form variables
+ ; as globals can easily lead to possible security problems, if
+ ; the code is not very well thought of.
register_argc_argv = On ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
; increased performance
-track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of
- ; ENV, POST, GET, COOKIE or SERVER.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
View
5 php.ini-optimized
@@ -182,9 +182,8 @@ register_globals = Off ; Whether or not to register the EGPCS variables as glob
register_argc_argv = Off ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
- ; increased performance
-track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of
- ; ENV, POST, GET, COOKIE or SERVER.
+ ; increased performance (you should try not to use it anyway,
+ ; for less likelihood of security bugs in your code).
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
View
5 php.ini-recommended
@@ -182,9 +182,8 @@ register_globals = Off ; Whether or not to register the EGPCS variables as glob
register_argc_argv = Off ; This directive tells PHP whether to declare the argv&argc
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
- ; increased performance
-track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of
- ; ENV, POST, GET, COOKIE or SERVER.
+ ; increased performance (you should try not to use it anyway,
+ ; for less likelihood of security bugs in your code).
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
View
4 win32/php4dllts.dsp
@@ -153,6 +153,10 @@ SOURCE=..\main\mergesort.c
# End Source File
# Begin Source File
+SOURCE=..\main\network.c
+# End Source File
+# Begin Source File
+
SOURCE=..\main\php_content_types.c
# End Source File
# Begin Source File

0 comments on commit eb32144

Please sign in to comment.