Edit report at https://bugs.php.net/bug.php?id=61000&edit=1
ID: 61000
Comment by: larue...@php.net
Reported by: cataphr...@php.net
Summary: Exceeding max nesting level doesn't delete numerical
vars
Status: Open
Type: Bug
Package: Scripting Engine problem
Operating System: Irrelevant
PHP Version: trunk-SVN-2012-02-07 (snap)
Block user comment: N
Private report: N
New Comment:
I am wondering that was there a disscussion about how to fix this? seems
replace
zend_hash_del with zend_symbol_del will solve this issue.
since it is so suspicious(seems too easy), so I attached my fix.
<laruence> I was wondering is there already a discussion about how to fix it ?
if not, I think zend_symbol_del will works
<Rasmus> I think Catahract already had a fix, didn't he?
<Rasmus> it was probably just that though
thanks
Previous Comments:
------------------------------------------------------------------------
[2012-02-08 06:08:12] larue...@php.net
The following patch has been added/updated:
Patch Name: bug61000.patch
Revision: 1328681292
URL:
https://bugs.php.net/patch-display.php?bug=61000&patch=bug61000.patch&revision=1328681292
------------------------------------------------------------------------
[2012-02-07 09:45:58] cataphr...@php.net
Description:
------------
Exceeding the max nesting level doesn't delete numerical vars, while it deletes
the non-numerical ones. php_register_variable_ex inappropriately uses
zend_hash_del.
(Found out by Stefan Esser, who points this can be used, together with
max_input_vars, to determine whether PHP is a 32-bit or 64-bit process)
Test script:
---------------
With max nesting level=2:
http://nebm.ist.utl.pt/phpinfo?1[a][]=foo&1[a][b][c]=bar
Expected result:
----------------
_GET is empty
Actual result:
--------------
_GET["1"] =
Array
(
[a] => Array
(
[0] => foo
)
)
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=61000&edit=1
