Hi,
In this bug:
http://sourceforge.net/tracker/index.php?func=detail&aid=1709463&group_id=2…
there are many fields involved and we get a false alarm "possible deep
recursion attack". Do we really need to protect from 1000 recursions
overall? I think that protecting from 1000 recursions for each
superglobal would be correct.
Proposed patch which resets the recursive counter:
Index: common.lib.php
===================================================================
--- common.lib.php (revision 10333)
+++ common.lib.php (working copy)
@@ -269,9 +269,12 @@
* @param array $array array to walk
* @param string $function function to call for every array element
*/
-function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also
= false)
+function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also
= false, $reset_static = false)
{
static $recursive_counter = 0;
+ if ($reset_static) {
+ $recursive_counter = 0;
+ }
if (++$recursive_counter > 1000) {
die('possible deep recursion attack');
}
@@ -2604,10 +2607,10 @@
// remove quotes added by php
if (get_magic_quotes_gpc()) {
- PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
- PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
- PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
- PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
+ PMA_arrayWalkRecursive($_GET, 'stripslashes', true, true);
+ PMA_arrayWalkRecursive($_POST, 'stripslashes', true, true);
+ PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true, true);
+ PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true, true);
}
/**
* In some cases, this one is not set
