50 lines
1.6 KiB
Diff
50 lines
1.6 KiB
Diff
diff --git a/ext/standard/tests/bug81727.phpt b/ext/standard/tests/bug81727.phpt
|
|
new file mode 100644
|
|
index 0000000000..71a9cb46c8
|
|
--- /dev/null
|
|
+++ b/ext/standard/tests/bug81727.phpt
|
|
@@ -0,0 +1,15 @@
|
|
+--TEST--
|
|
+Bug #81727: $_COOKIE name starting with ..Host/..Secure should be discarded
|
|
+--COOKIE--
|
|
+..Host-test=ignore; __Host-test=correct; . Secure-test=ignore; . Elephpant=Awesome;
|
|
+--FILE--
|
|
+<?php
|
|
+var_dump($_COOKIE);
|
|
+?>
|
|
+--EXPECT--
|
|
+array(2) {
|
|
+ ["__Host-test"]=>
|
|
+ string(7) "correct"
|
|
+ ["__Elephpant"]=>
|
|
+ string(7) "Awesome"
|
|
+}
|
|
diff --git a/main/php_variables.c b/main/php_variables.c
|
|
index 097c17d32a..bd59134fc9 100644
|
|
--- a/main/php_variables.c
|
|
+++ b/main/php_variables.c
|
|
@@ -109,6 +109,20 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars
|
|
}
|
|
var_len = p - var;
|
|
|
|
+ /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
|
|
+ if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
|
|
+ zval_ptr_dtor_nogc(val);
|
|
+ free_alloca(var_orig, use_heap);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
|
|
+ if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
|
|
+ zval_ptr_dtor_nogc(val);
|
|
+ free_alloca(var_orig, use_heap);
|
|
+ return;
|
|
+ }
|
|
+
|
|
if (var_len==0) { /* empty variable name, or variable name with a space in it */
|
|
zval_dtor(val);
|
|
free_alloca(var_orig, use_heap);
|
|
--
|
|
2.37.3
|
|
|
