From edbc43558d40768d91b378205c2d52bd7ba9d00a Mon Sep 17 00:00:00 2001 From: Andrew Clayton Date: Fri, 31 Mar 2023 14:01:43 +0100 Subject: [PATCH] PHP: Make the filter_input() function work. On GitHub, @jamesRUS52 reported that the PHP filter_input()[0] function would just return NULL. To enable this function we need to run the variables through the sapi_module.input_filter() function when we call php_register_variable_safe(). In PHP versions prior to 7.0.0, input_filter() takes 'len' as an unsigned int, while later versions take it as a size_t. Now, with this commit and the following PHP you get $ curl 'http://localhost:8080/854.php?get=foo<>' string(3) "::1" string(18) "/854.php?get=foo<>" string(13) "foo<>" [0]: Tested-by: Closes: Reviewed-by: Alejandro Colomar Signed-off-by: Andrew Clayton --- src/nxt_php_sapi.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/nxt_php_sapi.c b/src/nxt_php_sapi.c index 32a13a70..ba000fc0 100644 --- a/src/nxt_php_sapi.c +++ b/src/nxt_php_sapi.c @@ -1532,14 +1532,23 @@ static void nxt_php_set_sptr(nxt_unit_request_info_t *req, const char *name, nxt_unit_sptr_t *v, uint32_t len, zval *track_vars_array TSRMLS_DC) { - char *str; + char *str; +#if NXT_PHP7 + size_t new_len; +#else + unsigned int new_len; +#endif str = nxt_unit_sptr_get(v); nxt_unit_req_debug(req, "php: register %s='%.*s'", name, (int) len, str); - php_register_variable_safe((char *) name, str, len, - track_vars_array TSRMLS_CC); + if (sapi_module.input_filter(PARSE_SERVER, (char *) name, &str, len, + &new_len TSRMLS_CC)) + { + php_register_variable_safe((char *) name, str, new_len, + track_vars_array TSRMLS_CC); + } }