Hi,
In this bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1709463&gro...
there are many fields involved and we get a false alarm "possible deep recursion attack". Do we really need to protect from 1000 recursions overall? I think that protecting from 1000 recursions for each superglobal would be correct.
Proposed patch which resets the recursive counter:
Index: common.lib.php =================================================================== --- common.lib.php (revision 10333) +++ common.lib.php (working copy) @@ -269,9 +269,12 @@ * @param array $array array to walk * @param string $function function to call for every array element */ -function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) +function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false, $reset_static = false) { static $recursive_counter = 0; + if ($reset_static) { + $recursive_counter = 0; + } if (++$recursive_counter > 1000) { die('possible deep recursion attack'); } @@ -2604,10 +2607,10 @@
// remove quotes added by php if (get_magic_quotes_gpc()) { - PMA_arrayWalkRecursive($_GET, 'stripslashes', true); - PMA_arrayWalkRecursive($_POST, 'stripslashes', true); - PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true); - PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true); + PMA_arrayWalkRecursive($_GET, 'stripslashes', true, true); + PMA_arrayWalkRecursive($_POST, 'stripslashes', true, true); + PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true, true); + PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true, true); } /** * In some cases, this one is not set