[pmwiki-users] Fourth Post--ZAP bugs

The Editor editor at fast.st
Fri Oct 27 06:19:41 CDT 2006

On 10/27/06, marc <gmane at auxbuss.com> wrote:
> The Editor said...
> >
> >       foreach ($_POST as $field => $value) {
> >                       if (get_magic_quotes_gpc()) $_POST[$field] = stripslashes($value);
> >                       $_POST[$field] = preg_replace('/\\(:/', '(&#x3a;', $value);
> >                       $_POST[$field] = preg_replace('/\\{(\\w+)\\}/e', "\$_POST[$1]", $value);
> >                       if (is_array($value)) $_POST[$field] = implode(",", $value);
> >                       }
> >
> > Lines three and four work perfectly.  Lines one and two are completely
> > ignored...

> Without looking more closely, have you read this from the PHP manual:
> Note: Also note that foreach operates on a copy of the specified array
> and not the array itself. Therefore, the array pointer is not modified
> as with the each() construct, and changes to the array element returned
> are not reflected in the original array. However, the internal pointer
> of the original array is advanced with the processing of the array.
> Assuming the foreach loop runs to completion, the array's internal
> pointer will be at the end of the array.

No--haven't read it, and not sure I fully understood exactly what it
means, but in my code, changes are saved directly back to the original
POST values, so this may not be the cause of the problem.  And whereas
lines 1 & 2 fail, lines 3 & 4 pass--and all four use exactly the same

$_POST[$field] = somefunction($value);

If I'm missing what you are saying please clarify.  I would be very
appreciative.  Just had a page destroyed this morning because of
vulnerability resulting from this code failure.


More information about the pmwiki-users mailing list