1 : /*
2 : +----------------------------------------------------------------------+
3 : | PHP Version 5 |
4 : +----------------------------------------------------------------------+
5 : | Copyright (c) 1997-2009 The PHP Group |
6 : +----------------------------------------------------------------------+
7 : | This source file is subject to version 3.01 of the PHP license, |
8 : | that is bundled with this package in the file LICENSE, and is |
9 : | available through the world-wide-web at the following url: |
10 : | http://www.php.net/license/3_01.txt |
11 : | If you did not receive a copy of the PHP license and are unable to |
12 : | obtain it through the world-wide-web, please send a note to |
13 : | license@php.net so we can mail you a copy immediately. |
14 : +----------------------------------------------------------------------+
15 : | Authors: Rasmus Lerdorf <rasmus@php.net> |
16 : | Derick Rethans <derick@php.net> |
17 : | Pierre-A. Joye <pierre@php.net> |
18 : | Ilia Alshanetsky <iliaa@php.net> |
19 : +----------------------------------------------------------------------+
20 : */
21 :
22 : /* $Id: filter.c 288083 2009-09-05 17:35:26Z pajoye $ */
23 :
24 : #ifdef HAVE_CONFIG_H
25 : #include "config.h"
26 : #endif
27 :
28 : #include "php_filter.h"
29 :
30 : ZEND_DECLARE_MODULE_GLOBALS(filter)
31 :
32 : #include "filter_private.h"
33 :
34 : typedef struct filter_list_entry {
35 : const char *name;
36 : int id;
37 : void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
38 : } filter_list_entry;
39 :
40 : /* {{{ filter_list */
41 : filter_list_entry filter_list[] = {
42 : { "int", FILTER_VALIDATE_INT, php_filter_int },
43 : { "boolean", FILTER_VALIDATE_BOOLEAN, php_filter_boolean },
44 : { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
45 :
46 : { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
47 : { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
48 : { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
49 : { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
50 :
51 : { "string", FILTER_SANITIZE_STRING, php_filter_string },
52 : { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
53 : { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
54 : { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
55 : { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
56 : { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
57 : { "url", FILTER_SANITIZE_URL, php_filter_url },
58 : { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
59 : { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
60 : { "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_magic_quotes },
61 :
62 : { "callback", FILTER_CALLBACK, php_filter_callback },
63 : };
64 : /* }}} */
65 :
66 : #ifndef PARSE_ENV
67 : #define PARSE_ENV 4
68 : #endif
69 :
70 : #ifndef PARSE_SERVER
71 : #define PARSE_SERVER 5
72 : #endif
73 :
74 : #ifndef PARSE_SESSION
75 : #define PARSE_SESSION 6
76 : #endif
77 :
78 : static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC);
79 :
80 : /* {{{ filter_functions[]
81 : */
82 : zend_function_entry filter_functions[] = {
83 : PHP_FE(filter_input, NULL)
84 : PHP_FE(filter_var, NULL)
85 : PHP_FE(filter_input_array, NULL)
86 : PHP_FE(filter_var_array, NULL)
87 : PHP_FE(filter_list, NULL)
88 : PHP_FE(filter_has_var, NULL)
89 : PHP_FE(filter_id, NULL)
90 : {NULL, NULL, NULL}
91 : };
92 : /* }}} */
93 :
94 : /* {{{ filter_module_entry
95 : */
96 : zend_module_entry filter_module_entry = {
97 : #if ZEND_MODULE_API_NO >= 20010901
98 : STANDARD_MODULE_HEADER,
99 : #endif
100 : "filter",
101 : filter_functions,
102 : PHP_MINIT(filter),
103 : PHP_MSHUTDOWN(filter),
104 : NULL,
105 : PHP_RSHUTDOWN(filter),
106 : PHP_MINFO(filter),
107 : "0.11.0",
108 : STANDARD_MODULE_PROPERTIES
109 : };
110 : /* }}} */
111 :
112 : #ifdef COMPILE_DL_FILTER
113 : ZEND_GET_MODULE(filter)
114 : #endif
115 :
116 : static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
117 13565 : {
118 13565 : int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
119 :
120 162776 : for (i = 0; i < size; ++i) {
121 162775 : if ((strcasecmp(new_value, filter_list[i].name) == 0)) {
122 13564 : IF_G(default_filter) = filter_list[i].id;
123 13564 : return SUCCESS;
124 : }
125 : }
126 : /* Fallback to the default filter */
127 1 : IF_G(default_filter) = FILTER_DEFAULT;
128 1 : return SUCCESS;
129 : }
130 : /* }}} */
131 :
132 : /* {{{ PHP_INI
133 : */
134 : static PHP_INI_MH(OnUpdateFlags)
135 13565 : {
136 13565 : if (!new_value) {
137 13559 : IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
138 : } else {
139 6 : IF_G(default_filter_flags) = atoi(new_value);
140 : }
141 13565 : return SUCCESS;
142 : }
143 :
144 : PHP_INI_BEGIN()
145 : STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
146 : PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
147 : PHP_INI_END()
148 : /* }}} */
149 :
150 : static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
151 13565 : {
152 13565 : filter_globals->post_array = NULL;
153 13565 : filter_globals->get_array = NULL;
154 13565 : filter_globals->cookie_array = NULL;
155 13565 : filter_globals->env_array = NULL;
156 13565 : filter_globals->server_array = NULL;
157 13565 : filter_globals->session_array = NULL;
158 13565 : filter_globals->default_filter = FILTER_DEFAULT;
159 13565 : }
160 : /* }}} */
161 :
162 : #define PARSE_REQUEST 99
163 :
164 : /* {{{ PHP_MINIT_FUNCTION
165 : */
166 : PHP_MINIT_FUNCTION(filter)
167 13565 : {
168 13565 : ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
169 :
170 13565 : REGISTER_INI_ENTRIES();
171 :
172 13565 : REGISTER_LONG_CONSTANT("INPUT_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
173 13565 : REGISTER_LONG_CONSTANT("INPUT_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
174 13565 : REGISTER_LONG_CONSTANT("INPUT_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
175 13565 : REGISTER_LONG_CONSTANT("INPUT_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT);
176 13565 : REGISTER_LONG_CONSTANT("INPUT_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT);
177 13565 : REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION, CONST_CS | CONST_PERSISTENT);
178 13565 : REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT);
179 :
180 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
181 :
182 13565 : REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
183 13565 : REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
184 13565 : REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
185 13565 : REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);
186 :
187 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
188 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOLEAN, CONST_CS | CONST_PERSISTENT);
189 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);
190 :
191 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
192 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
193 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
194 13565 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);
195 :
196 13565 : REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
197 13565 : REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
198 :
199 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
200 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
201 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
202 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
203 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
204 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
205 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
206 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
207 13565 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
208 :
209 13565 : REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
210 :
211 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
212 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);
213 :
214 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
215 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
216 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
217 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
218 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
219 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
220 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
221 :
222 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
223 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
224 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);
225 :
226 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_SCHEME_REQUIRED", FILTER_FLAG_SCHEME_REQUIRED, CONST_CS | CONST_PERSISTENT);
227 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_HOST_REQUIRED", FILTER_FLAG_HOST_REQUIRED, CONST_CS | CONST_PERSISTENT);
228 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
229 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);
230 :
231 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
232 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
233 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
234 13565 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);
235 :
236 13565 : sapi_register_input_filter(php_sapi_filter);
237 :
238 13565 : return SUCCESS;
239 : }
240 : /* }}} */
241 :
242 : /* {{{ PHP_MSHUTDOWN_FUNCTION
243 : */
244 : PHP_MSHUTDOWN_FUNCTION(filter)
245 13597 : {
246 13597 : UNREGISTER_INI_ENTRIES();
247 :
248 13597 : return SUCCESS;
249 : }
250 : /* }}} */
251 :
252 : /* {{{ PHP_RSHUTDOWN_FUNCTION
253 : */
254 : #define VAR_ARRAY_COPY_DTOR(a) \
255 : if (IF_G(a)) { \
256 : zval_ptr_dtor(&IF_G(a)); \
257 : IF_G(a) = NULL; \
258 : }
259 :
260 : PHP_RSHUTDOWN_FUNCTION(filter)
261 13584 : {
262 13584 : VAR_ARRAY_COPY_DTOR(get_array)
263 13584 : VAR_ARRAY_COPY_DTOR(post_array)
264 13584 : VAR_ARRAY_COPY_DTOR(cookie_array)
265 13584 : VAR_ARRAY_COPY_DTOR(server_array)
266 13584 : VAR_ARRAY_COPY_DTOR(env_array)
267 13584 : VAR_ARRAY_COPY_DTOR(session_array)
268 13584 : return SUCCESS;
269 : }
270 : /* }}} */
271 :
272 : /* {{{ PHP_MINFO_FUNCTION
273 : */
274 : PHP_MINFO_FUNCTION(filter)
275 6 : {
276 6 : php_info_print_table_start();
277 6 : php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
278 6 : php_info_print_table_row( 2, "Revision", "$Revision: 288083 $");
279 6 : php_info_print_table_end();
280 :
281 6 : DISPLAY_INI_ENTRIES();
282 6 : }
283 : /* }}} */
284 :
285 : static filter_list_entry php_find_filter(long id) /* {{{ */
286 854 : {
287 854 : int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
288 :
289 6394 : for (i = 0; i < size; ++i) {
290 6389 : if (filter_list[i].id == id) {
291 849 : return filter_list[i];
292 : }
293 : }
294 : /* Fallback to "string" filter */
295 60 : for (i = 0; i < size; ++i) {
296 60 : if (filter_list[i].id == FILTER_DEFAULT) {
297 5 : return filter_list[i];
298 : }
299 : }
300 : /* To shut up GCC */
301 0 : return filter_list[0];
302 : }
303 : /* }}} */
304 :
305 : static void php_zval_filter(zval **value, long filter, long flags, zval *options, char* charset, zend_bool copy TSRMLS_DC) /* {{{ */
306 854 : {
307 : filter_list_entry filter_func;
308 :
309 854 : filter_func = php_find_filter(filter);
310 :
311 854 : if (!filter_func.id) {
312 : /* Find default filter */
313 0 : filter_func = php_find_filter(FILTER_DEFAULT);
314 : }
315 :
316 854 : if (copy) {
317 824 : SEPARATE_ZVAL(value);
318 : }
319 :
320 : /* #49274, fatal error with object without a toString method
321 : Fails nicely instead of getting a recovarable fatal error. */
322 854 : if (Z_TYPE_PP(value) == IS_OBJECT) {
323 : zend_class_entry *ce;
324 :
325 2 : ce = Z_OBJCE_PP(value);
326 2 : if (!ce->__tostring) {
327 1 : ZVAL_FALSE(*value);
328 1 : return;
329 : }
330 : }
331 :
332 : /* Here be strings */
333 853 : convert_to_string(*value);
334 :
335 853 : filter_func.function(*value, flags, options, charset TSRMLS_CC);
336 :
337 853 : if (
338 : options && (Z_TYPE_P(options) == IS_ARRAY || Z_TYPE_P(options) == IS_OBJECT) &&
339 : ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_PP(value) == IS_NULL) ||
340 : (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_PP(value) == IS_BOOL && Z_LVAL_PP(value) == 0)) &&
341 : zend_hash_exists(HASH_OF(options), "default", sizeof("default"))
342 : ) {
343 : zval **tmp;
344 1 : if (zend_hash_find(HASH_OF(options), "default", sizeof("default"), (void **)&tmp) == SUCCESS) {
345 1 : **value = **tmp;
346 1 : zval_copy_ctor(*value);
347 1 : INIT_PZVAL(*value);
348 : }
349 : }
350 : }
351 : /* }}} */
352 :
353 : static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC) /* {{{ */
354 416 : {
355 : zval new_var, raw_var;
356 416 : zval *array_ptr = NULL, *orig_array_ptr = NULL;
357 416 : char *orig_var = NULL;
358 416 : int retval = 0;
359 :
360 : assert(*val != NULL);
361 :
362 : #define PARSE_CASE(s,a,t) \
363 : case s: \
364 : if (!IF_G(a)) { \
365 : ALLOC_ZVAL(array_ptr); \
366 : array_init(array_ptr); \
367 : INIT_PZVAL(array_ptr); \
368 : IF_G(a) = array_ptr; \
369 : } else { \
370 : array_ptr = IF_G(a); \
371 : } \
372 : orig_array_ptr = PG(http_globals)[t]; \
373 : break;
374 :
375 416 : switch (arg) {
376 76 : PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
377 95 : PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
378 38 : PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
379 95 : PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
380 0 : PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
381 :
382 : case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
383 112 : retval = 1;
384 : break;
385 : }
386 :
387 : /*
388 : * According to rfc2965, more specific paths are listed above the less specific ones.
389 : * If we encounter a duplicate cookie name, we should skip it, since it is not possible
390 : * to have the same (plain text) cookie name for the same path and we should not overwrite
391 : * more specific cookies with the less specific ones.
392 : */
393 416 : if (arg == PARSE_COOKIE && orig_array_ptr && zend_symtable_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var)+1)) {
394 3 : return 0;
395 : }
396 :
397 413 : if (array_ptr) {
398 : /* Make a copy of the variable name, as php_register_variable_ex seems to
399 : * modify it */
400 301 : orig_var = estrdup(var);
401 :
402 : /* Store the RAW variable internally */
403 : /* FIXME: Should not use php_register_variable_ex as that also registers
404 : * globals when register_globals is turned on */
405 301 : Z_STRLEN(raw_var) = val_len;
406 301 : Z_STRVAL(raw_var) = estrndup(*val, val_len);
407 301 : Z_TYPE(raw_var) = IS_STRING;
408 :
409 301 : php_register_variable_ex(var, &raw_var, array_ptr TSRMLS_CC);
410 : }
411 :
412 413 : if (val_len) {
413 : /* Register mangled variable */
414 : /* FIXME: Should not use php_register_variable_ex as that also registers
415 : * globals when register_globals is turned on */
416 264 : Z_STRLEN(new_var) = val_len;
417 264 : Z_TYPE(new_var) = IS_STRING;
418 :
419 264 : if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
420 9 : zval *tmp_new_var = &new_var;
421 9 : Z_STRVAL(new_var) = estrndup(*val, val_len);
422 9 : INIT_PZVAL(tmp_new_var);
423 9 : php_zval_filter(&tmp_new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL/*charset*/, 0 TSRMLS_CC);
424 390 : } else if (PG(magic_quotes_gpc) && !retval) { /* for PARSE_STRING php_register_variable_safe() will do the addslashes() */
425 135 : Z_STRVAL(new_var) = php_addslashes(*val, Z_STRLEN(new_var), &Z_STRLEN(new_var), 0 TSRMLS_CC);
426 : } else {
427 120 : Z_STRVAL(new_var) = estrndup(*val, val_len);
428 : }
429 : } else { /* empty string */
430 149 : ZVAL_EMPTY_STRING(&new_var);
431 : }
432 :
433 413 : if (orig_array_ptr) {
434 301 : php_register_variable_ex(orig_var, &new_var, orig_array_ptr TSRMLS_CC);
435 : }
436 413 : if (array_ptr) {
437 301 : efree(orig_var);
438 : }
439 :
440 413 : if (retval) {
441 112 : if (new_val_len) {
442 112 : *new_val_len = Z_STRLEN(new_var);
443 : }
444 112 : efree(*val);
445 112 : if (Z_STRLEN(new_var)) {
446 104 : *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
447 : } else {
448 8 : *val = estrdup("");
449 : }
450 112 : zval_dtor(&new_var);
451 : }
452 :
453 413 : return retval;
454 : }
455 : /* }}} */
456 :
457 : static void php_zval_filter_recursive(zval **value, long filter, long flags, zval *options, char *charset, zend_bool copy TSRMLS_DC) /* {{{ */
458 19 : {
459 19 : if (Z_TYPE_PP(value) == IS_ARRAY) {
460 : zval **element;
461 : HashPosition pos;
462 :
463 19 : if (Z_ARRVAL_PP(value)->nApplyCount > 1) {
464 0 : return;
465 : }
466 :
467 19 : for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(value), &pos);
468 81 : zend_hash_get_current_data_ex(Z_ARRVAL_PP(value), (void **) &element, &pos) == SUCCESS;
469 : zend_hash_move_forward_ex(Z_ARRVAL_PP(value), &pos)
470 43 : ) {
471 43 : SEPARATE_ZVAL_IF_NOT_REF(element);
472 43 : if (Z_TYPE_PP(element) == IS_ARRAY) {
473 5 : Z_ARRVAL_PP(element)->nApplyCount++;
474 5 : php_zval_filter_recursive(element, filter, flags, options, charset, copy TSRMLS_CC);
475 5 : Z_ARRVAL_PP(element)->nApplyCount--;
476 : } else {
477 38 : php_zval_filter(element, filter, flags, options, charset, copy TSRMLS_CC);
478 : }
479 : }
480 : } else {
481 0 : php_zval_filter(value, filter, flags, options, charset, copy TSRMLS_CC);
482 : }
483 : }
484 : /* }}} */
485 :
486 : static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
487 :
488 45 : {
489 45 : zval *array_ptr = NULL;
490 45 : zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals) && !PG(register_long_arrays));
491 :
492 45 : switch (arg) {
493 : case PARSE_GET:
494 22 : array_ptr = IF_G(get_array);
495 22 : break;
496 : case PARSE_POST:
497 14 : array_ptr = IF_G(post_array);
498 14 : break;
499 : case PARSE_COOKIE:
500 7 : array_ptr = IF_G(cookie_array);
501 7 : break;
502 : case PARSE_SERVER:
503 0 : if (jit_initialization) {
504 0 : zend_is_auto_global("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
505 : }
506 0 : array_ptr = IF_G(server_array);
507 0 : break;
508 : case PARSE_ENV:
509 0 : if (jit_initialization) {
510 0 : zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
511 : }
512 0 : array_ptr = IF_G(env_array);
513 0 : break;
514 : case PARSE_SESSION:
515 : /* FIXME: Implement session source */
516 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "INPUT_SESSION is not yet implemented");
517 0 : break;
518 : case PARSE_REQUEST:
519 : /* FIXME: Implement request source */
520 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "INPUT_REQUEST is not yet implemented");
521 : break;
522 : }
523 :
524 45 : return array_ptr;
525 : }
526 : /* }}} */
527 :
528 : /* {{{ proto mixed filter_has_var(constant type, string variable_name)
529 : * Returns true if the variable with the name 'name' exists in source.
530 : */
531 : PHP_FUNCTION(filter_has_var)
532 31 : {
533 : long arg;
534 : char *var;
535 : int var_len;
536 31 : zval *array_ptr = NULL;
537 :
538 31 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
539 9 : RETURN_FALSE;
540 : }
541 :
542 22 : array_ptr = php_filter_get_storage(arg TSRMLS_CC);
543 :
544 22 : if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var, var_len + 1)) {
545 9 : RETURN_TRUE;
546 : }
547 :
548 13 : RETURN_FALSE;
549 : }
550 : /* }}} */
551 :
552 : static void php_filter_call(zval **filtered, long filter, zval **filter_args, const int copy, long filter_flags TSRMLS_DC) /* {{{ */
553 826 : {
554 826 : zval *options = NULL;
555 : zval **option;
556 826 : char *charset = NULL;
557 :
558 929 : if (filter_args && Z_TYPE_PP(filter_args) != IS_ARRAY) {
559 : long lval;
560 :
561 103 : PHP_FILTER_GET_LONG_OPT(filter_args, lval);
562 :
563 103 : if (filter != -1) { /* handler for array apply */
564 : /* filter_args is the filter_flags */
565 92 : filter_flags = lval;
566 :
567 92 : if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
568 87 : filter_flags |= FILTER_REQUIRE_SCALAR;
569 : }
570 : } else {
571 11 : filter = lval;
572 : }
573 723 : } else if (filter_args) {
574 520 : if (zend_hash_find(HASH_OF(*filter_args), "filter", sizeof("filter"), (void **)&option) == SUCCESS) {
575 7 : PHP_FILTER_GET_LONG_OPT(option, filter);
576 : }
577 :
578 520 : if (zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
579 310 : PHP_FILTER_GET_LONG_OPT(option, filter_flags);
580 :
581 310 : if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
582 299 : filter_flags |= FILTER_REQUIRE_SCALAR;
583 : }
584 : }
585 :
586 520 : if (zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&option) == SUCCESS) {
587 210 : if (filter != FILTER_CALLBACK) {
588 175 : if (Z_TYPE_PP(option) == IS_ARRAY) {
589 31 : options = *option;
590 : }
591 : } else {
592 35 : options = *option;
593 35 : filter_flags = 0;
594 : }
595 : }
596 : }
597 :
598 826 : if (Z_TYPE_PP(filtered) == IS_ARRAY) {
599 18 : if (filter_flags & FILTER_REQUIRE_SCALAR) {
600 4 : if (copy) {
601 2 : SEPARATE_ZVAL(filtered);
602 : }
603 4 : zval_dtor(*filtered);
604 4 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
605 0 : ZVAL_NULL(*filtered);
606 : } else {
607 4 : ZVAL_FALSE(*filtered);
608 : }
609 4 : return;
610 : }
611 14 : php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy TSRMLS_CC);
612 14 : return;
613 : }
614 808 : if (filter_flags & FILTER_REQUIRE_ARRAY) {
615 1 : if (copy) {
616 1 : SEPARATE_ZVAL(filtered);
617 : }
618 1 : zval_dtor(*filtered);
619 1 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
620 0 : ZVAL_NULL(*filtered);
621 : } else {
622 1 : ZVAL_FALSE(*filtered);
623 : }
624 1 : return;
625 : }
626 :
627 807 : php_zval_filter(filtered, filter, filter_flags, options, charset, copy TSRMLS_CC);
628 807 : if (filter_flags & FILTER_FORCE_ARRAY) {
629 : zval *tmp;
630 :
631 5 : ALLOC_ZVAL(tmp);
632 5 : *tmp = **filtered;
633 5 : zval_copy_ctor(tmp);
634 5 : INIT_PZVAL(tmp);
635 :
636 5 : zval_dtor(*filtered);
637 :
638 5 : array_init(*filtered);
639 5 : add_next_index_zval(*filtered, tmp);
640 : }
641 : }
642 : /* }}} */
643 :
644 : static void php_filter_array_handler(zval *input, zval **op, zval *return_value TSRMLS_DC) /* {{{ */
645 20 : {
646 : char *arg_key;
647 : uint arg_key_len;
648 : ulong index;
649 : HashPosition pos;
650 : zval **tmp, **arg_elm;
651 :
652 20 : if (!op) {
653 2 : zval_dtor(return_value);
654 2 : *return_value = *input;
655 2 : zval_copy_ctor(return_value);
656 2 : INIT_PZVAL(return_value);
657 2 : php_filter_call(&return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC);
658 18 : } else if (Z_TYPE_PP(op) == IS_LONG) {
659 0 : zval_dtor(return_value);
660 0 : *return_value = *input;
661 0 : zval_copy_ctor(return_value);
662 0 : INIT_PZVAL(return_value);
663 0 : php_filter_call(&return_value, Z_LVAL_PP(op), NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC);
664 18 : } else if (Z_TYPE_PP(op) == IS_ARRAY) {
665 13 : array_init(return_value);
666 :
667 13 : zend_hash_internal_pointer_reset(Z_ARRVAL_PP(op));
668 13 : for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(op), &pos);
669 54 : zend_hash_get_current_data_ex(Z_ARRVAL_PP(op), (void **) &arg_elm, &pos) == SUCCESS;
670 28 : zend_hash_move_forward_ex(Z_ARRVAL_PP(op), &pos))
671 : {
672 30 : if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(op), &arg_key, &arg_key_len, &index, 0, &pos) != HASH_KEY_IS_STRING) {
673 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric keys are not allowed in the definition array");
674 0 : zval_dtor(return_value);
675 0 : RETURN_FALSE;
676 : }
677 30 : if (arg_key_len < 2) {
678 2 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty keys are not allowed in the definition array");
679 2 : zval_dtor(return_value);
680 2 : RETURN_FALSE;
681 : }
682 28 : if (zend_hash_find(Z_ARRVAL_P(input), arg_key, arg_key_len, (void **)&tmp) != SUCCESS) {
683 8 : add_assoc_null_ex(return_value, arg_key, arg_key_len);
684 : } else {
685 : zval *nval;
686 :
687 20 : ALLOC_ZVAL(nval);
688 20 : *nval = **tmp;
689 20 : zval_copy_ctor(nval);
690 20 : INIT_PZVAL(nval);
691 :
692 20 : php_filter_call(&nval, -1, arg_elm, 0, FILTER_REQUIRE_SCALAR TSRMLS_CC);
693 20 : add_assoc_zval_ex(return_value, arg_key, arg_key_len, nval);
694 : }
695 : }
696 : } else {
697 5 : RETURN_FALSE;
698 : }
699 : }
700 : /* }}} */
701 :
702 : /* {{{ proto mixed filter_input(constant type, string variable_name [, long filter [, mixed options]])
703 : * Returns the filtered variable 'name'* from source `type`.
704 : */
705 : PHP_FUNCTION(filter_input)
706 23 : {
707 23 : long fetch_from, filter = FILTER_DEFAULT;
708 23 : zval **filter_args = NULL, **tmp;
709 23 : zval *input = NULL;
710 : char *var;
711 : int var_len;
712 :
713 23 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls|lZ", &fetch_from, &var, &var_len, &filter, &filter_args) == FAILURE) {
714 1 : return;
715 : }
716 :
717 22 : if (!PHP_FILTER_ID_EXISTS(filter)) {
718 0 : RETURN_FALSE;
719 : }
720 :
721 22 : input = php_filter_get_storage(fetch_from TSRMLS_CC);
722 :
723 22 : if (!input || !HASH_OF(input) || zend_hash_find(HASH_OF(input), var, var_len + 1, (void **)&tmp) != SUCCESS) {
724 3 : long filter_flags = 0;
725 : zval **option, **opt, **def;
726 3 : if (filter_args) {
727 0 : if (Z_TYPE_PP(filter_args) == IS_LONG) {
728 0 : filter_flags = Z_LVAL_PP(filter_args);
729 0 : } else if (Z_TYPE_PP(filter_args) == IS_ARRAY && zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
730 0 : PHP_FILTER_GET_LONG_OPT(option, filter_flags);
731 0 : } else if (Z_TYPE_PP(filter_args) == IS_ARRAY &&
732 : zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&opt) == SUCCESS &&
733 : Z_TYPE_PP(opt) == IS_ARRAY &&
734 : zend_hash_find(HASH_OF(*opt), "default", sizeof("default"), (void **)&def) == SUCCESS
735 : ) {
736 0 : *return_value = **def;
737 0 : zval_copy_ctor(return_value);
738 0 : INIT_PZVAL(return_value);
739 0 : return;
740 : }
741 : }
742 3 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
743 0 : RETURN_FALSE;
744 : } else {
745 3 : RETURN_NULL();
746 : }
747 : }
748 :
749 19 : *return_value = **tmp;
750 19 : zval_copy_ctor(return_value); /* Watch out for empty strings */
751 19 : INIT_PZVAL(return_value);
752 :
753 19 : php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
754 : }
755 : /* }}} */
756 :
757 : /* {{{ proto mixed filter_var(mixed variable [, long filter [, mixed options]])
758 : * Returns the filtered version of the vriable.
759 : */
760 : PHP_FUNCTION(filter_var)
761 791 : {
762 791 : long filter = FILTER_DEFAULT;
763 791 : zval **filter_args = NULL, *data;
764 :
765 791 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z/|lZ", &data, &filter, &filter_args) == FAILURE) {
766 4 : return;
767 : }
768 :
769 787 : if (!PHP_FILTER_ID_EXISTS(filter)) {
770 2 : RETURN_FALSE;
771 : }
772 :
773 785 : *return_value = *data;
774 785 : zval_copy_ctor(data);
775 785 : INIT_PZVAL(return_value);
776 :
777 785 : php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
778 : }
779 : /* }}} */
780 :
781 : /* {{{ proto mixed filter_input_array(constant type, [, mixed options]])
782 : * Returns an array with all arguments defined in 'definition'.
783 : */
784 : PHP_FUNCTION(filter_input_array)
785 1 : {
786 : long fetch_from;
787 1 : zval *array_input = NULL, **op = NULL;
788 :
789 1 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|Z", &fetch_from, &op) == FAILURE) {
790 0 : return;
791 : }
792 :
793 1 : if (op
794 : && (Z_TYPE_PP(op) != IS_ARRAY)
795 : && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
796 : ) {
797 0 : RETURN_FALSE;
798 : }
799 :
800 1 : array_input = php_filter_get_storage(fetch_from TSRMLS_CC);
801 :
802 1 : if (!array_input || !HASH_OF(array_input)) {
803 0 : long filter_flags = 0;
804 : zval **option;
805 0 : if (op) {
806 0 : if (Z_TYPE_PP(op) == IS_LONG) {
807 0 : filter_flags = Z_LVAL_PP(op);
808 0 : } else if (Z_TYPE_PP(op) == IS_ARRAY && zend_hash_find(HASH_OF(*op), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
809 0 : PHP_FILTER_GET_LONG_OPT(option, filter_flags);
810 : }
811 : }
812 0 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
813 0 : RETURN_FALSE;
814 : } else {
815 0 : RETURN_NULL();
816 : }
817 : }
818 :
819 1 : php_filter_array_handler(array_input, op, return_value TSRMLS_CC);
820 : }
821 : /* }}} */
822 :
823 : /* {{{ proto mixed filter_var_array(array data, [, mixed options]])
824 : * Returns an array with all arguments defined in 'definition'.
825 : */
826 : PHP_FUNCTION(filter_var_array)
827 28 : {
828 28 : zval *array_input = NULL, **op = NULL;
829 :
830 28 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "a|Z", &array_input, &op) == FAILURE) {
831 1 : return;
832 : }
833 :
834 27 : if (op
835 : && (Z_TYPE_PP(op) != IS_ARRAY)
836 : && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
837 : ) {
838 8 : RETURN_FALSE;
839 : }
840 :
841 19 : php_filter_array_handler(array_input, op, return_value TSRMLS_CC);
842 : }
843 : /* }}} */
844 :
845 : /* {{{ proto filter_list()
846 : * Returns a list of all supported filters */
847 : PHP_FUNCTION(filter_list)
848 3 : {
849 3 : int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
850 :
851 3 : if (ZEND_NUM_ARGS()) {
852 1 : WRONG_PARAM_COUNT;
853 : }
854 :
855 2 : array_init(return_value);
856 38 : for (i = 0; i < size; ++i) {
857 36 : add_next_index_string(return_value, (char *)filter_list[i].name, 1);
858 : }
859 : }
860 : /* }}} */
861 :
862 : /* {{{ proto filter_id(string filtername)
863 : * Returns the filter ID belonging to a named filter */
864 : PHP_FUNCTION(filter_id)
865 170 : {
866 : int i, filter_len;
867 170 : int size = sizeof(filter_list) / sizeof(filter_list_entry);
868 : char *filter;
869 :
870 170 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filter, &filter_len) == FAILURE) {
871 2 : return;
872 : }
873 :
874 1609 : for (i = 0; i < size; ++i) {
875 1607 : if (strcmp(filter_list[i].name, filter) == 0) {
876 166 : RETURN_LONG(filter_list[i].id);
877 : }
878 : }
879 :
880 2 : RETURN_FALSE;
881 : }
882 : /* }}} */
883 :
884 : /*
885 : * Local variables:
886 : * tab-width: 4
887 : * c-basic-offset: 4
888 : * End:
889 : * vim600: noet sw=4 ts=4 fdm=marker
890 : * vim<600: noet sw=4 ts=4
891 : */
|
