OSDN Git Service

(root) / pukiwiki / pukiwiki.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 511e446)
Added PKWK_QUERY_STRING_MAX, prohibits too-long-GET-method, like a worm
authorhenoheno <henoheno>
Sun, 2 Jan 2005 07:19:44 +0000 (16:19 +0900)
committerhenoheno <henoheno>
Sun, 2 Jan 2005 07:19:44 +0000 (16:19 +0900)
lib/init.php patch | blob | history

diff --git a/lib/init.php b/lib/init.php
index 5f83ba1..059926d 100644 (file)
--- a/lib/init.php
+++ b/lib/init.php
@@ -1,11 +1,9 @@
 <?php
-/////////////////////////////////////////////////
 // PukiWiki - Yet another WikiWikiWeb clone.
+// $Id: init.php,v 1.22 2005/01/02 07:19:44 henoheno Exp $
 //
-// $Id: init.php,v 1.21 2004/12/30 14:05:34 henoheno Exp $
-//
+// Init PukiWiki here
 
-/////////////////////////////////////////////////
 // PukiWiki version / Copyright / Licence
 
 define('S_VERSION', '1.4.5_alpha');
@@ -250,9 +248,16 @@ if (isset($_GET['encode_hint']) && $_GET['encode_hint'] != '')
 // ¥Ú¡¼¥¸Ì¾¤«InterWikiName¤Ç¤¢¤ë¤È¤ß¤Ê¤¹
 $arg = '';
 if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING']) {
-       $arg = $_SERVER['QUERY_STRING'];
-} else if (isset($_SERVER['argv']) && count($_SERVER['argv'])) {
-       $arg = $_SERVER['argv'][0];
+       $arg = & $_SERVER['QUERY_STRING'];
+} else if (isset($_SERVER['argv']) && ! empty($_SERVER['argv'])) {
+       $arg = & $_SERVER['argv'][0];
+}
+if (strlen($arg) > PKWK_QUERY_STRING_MAX) {
+       // Something nasty attack?
+       pkwk_common_headers();
+       sleep(1);       // Fake processing, and/or process other threads
+       echo('Query string too long');
+       exit;
 }
 $arg = input_filter($arg); // \0 ½üµî
 
About OSDN
Find Software
Develop Software
Help