diff options
author | Andrew Clayton <a.clayton@nginx.com> | 2023-03-31 14:01:43 +0100 |
---|---|---|
committer | Andrew Clayton <a.clayton@nginx.com> | 2023-04-11 19:08:12 +0100 |
commit | edbc43558d40768d91b378205c2d52bd7ba9d00a (patch) | |
tree | 7d44a6cf516507b011123cdbb641b922186a7857 /src/java/nginx/unit/websocket/WsExtensionParameter.java | |
parent | 028e537bef2d007ed8b1a02857cc8e569caeea57 (diff) | |
download | unit-edbc43558d40768d91b378205c2d52bd7ba9d00a.tar.gz unit-edbc43558d40768d91b378205c2d52bd7ba9d00a.tar.bz2 |
PHP: Make the filter_input() function work.
On GitHub, @jamesRUS52 reported that the PHP filter_input()[0] function
would just return NULL.
To enable this function we need to run the variables through the
sapi_module.input_filter() function when we call
php_register_variable_safe().
In PHP versions prior to 7.0.0, input_filter() takes 'len' as an
unsigned int, while later versions take it as a size_t.
Now, with this commit and the following PHP
<?php
var_dump(filter_input(INPUT_SERVER, 'REMOTE_ADDR'));
var_dump(filter_input(INPUT_SERVER, 'REQUEST_URI'));
var_dump(filter_input(INPUT_GET, 'get', FILTER_SANITIZE_SPECIAL_CHARS));
?>
you get
$ curl 'http://localhost:8080/854.php?get=foo<>'
string(3) "::1"
string(18) "/854.php?get=foo<>"
string(13) "foo<>"
[0]: <https://www.php.net/manual/en/function.filter-input.php>
Tested-by: <https://github.com/jamesRUS52>
Closes: <https://github.com/nginx/unit/issues/854>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
Diffstat (limited to 'src/java/nginx/unit/websocket/WsExtensionParameter.java')
0 files changed, 0 insertions, 0 deletions