1 : /*
2 : +----------------------------------------------------------------------+
3 : | PHP Version 6 |
4 : +----------------------------------------------------------------------+
5 : | Copyright (c) 1997-2009 The PHP Group |
6 : +----------------------------------------------------------------------+
7 : | This source file is subject to version 3.01 of the PHP license, |
8 : | that is bundled with this package in the file LICENSE, and is |
9 : | available through the world-wide-web at the following url: |
10 : | http://www.php.net/license/3_01.txt |
11 : | If you did not receive a copy of the PHP license and are unable to |
12 : | obtain it through the world-wide-web, please send a note to |
13 : | license@php.net so we can mail you a copy immediately. |
14 : +----------------------------------------------------------------------+
15 : | Authors: Rasmus Lerdorf <rasmus@php.net> |
16 : | Derick Rethans <derick@php.net> |
17 : | Pierre-A. Joye <pierre@php.net> |
18 : | Ilia Alshanetsky <iliaa@php.net> |
19 : +----------------------------------------------------------------------+
20 : */
21 :
22 : /* $Id: filter.c 288084 2009-09-05 17:39:18Z pajoye $ */
23 :
24 : #ifdef HAVE_CONFIG_H
25 : #include "config.h"
26 : #endif
27 :
28 : #include "php_filter.h"
29 :
30 : ZEND_DECLARE_MODULE_GLOBALS(filter)
31 :
32 : #include "filter_private.h"
33 :
34 : typedef struct filter_list_entry {
35 : const char *name;
36 : int id;
37 : void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
38 : } filter_list_entry;
39 :
40 : /* {{{ filter_list */
41 : static const filter_list_entry filter_list[] = {
42 : { "int", FILTER_VALIDATE_INT, php_filter_int },
43 : { "boolean", FILTER_VALIDATE_BOOLEAN, php_filter_boolean },
44 : { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
45 :
46 : { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
47 : { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
48 : { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
49 : { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
50 :
51 : { "string", FILTER_SANITIZE_STRING, php_filter_string },
52 : { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
53 : { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
54 : { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
55 : { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
56 : { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
57 : { "url", FILTER_SANITIZE_URL, php_filter_url },
58 : { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
59 : { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
60 : { "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_magic_quotes },
61 :
62 : { "callback", FILTER_CALLBACK, php_filter_callback },
63 : };
64 : /* }}} */
65 :
66 : #ifndef PARSE_ENV
67 : #define PARSE_ENV 4
68 : #endif
69 :
70 : #ifndef PARSE_SERVER
71 : #define PARSE_SERVER 5
72 : #endif
73 :
74 : #ifndef PARSE_SESSION
75 : #define PARSE_SESSION 6
76 : #endif
77 :
78 : static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC);
79 : static unsigned int php_sapi_filter_init(TSRMLS_D);
80 :
81 : /* {{{ arginfo */
82 : ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input, 0, 0, 2)
83 : ZEND_ARG_INFO(0, type)
84 : ZEND_ARG_INFO(0, variable_name)
85 : ZEND_ARG_INFO(0, filter)
86 : ZEND_ARG_INFO(0, options)
87 : ZEND_END_ARG_INFO()
88 :
89 : ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var, 0, 0, 1)
90 : ZEND_ARG_INFO(0, variable)
91 : ZEND_ARG_INFO(0, filter)
92 : ZEND_ARG_INFO(0, options)
93 : ZEND_END_ARG_INFO()
94 :
95 : ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input_array, 0, 0, 1)
96 : ZEND_ARG_INFO(0, type)
97 : ZEND_ARG_INFO(0, definition)
98 : ZEND_END_ARG_INFO()
99 :
100 : ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var_array, 0, 0, 1)
101 : ZEND_ARG_INFO(0, data)
102 : ZEND_ARG_INFO(0, definition)
103 : ZEND_END_ARG_INFO()
104 :
105 : ZEND_BEGIN_ARG_INFO(arginfo_filter_list, 0)
106 : ZEND_END_ARG_INFO()
107 :
108 : ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_has_var, 0, 0, 2)
109 : ZEND_ARG_INFO(0, type)
110 : ZEND_ARG_INFO(0, variable_name)
111 : ZEND_END_ARG_INFO()
112 :
113 : ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_id, 0, 0, 1)
114 : ZEND_ARG_INFO(0, filtername)
115 : ZEND_END_ARG_INFO()
116 : /* }}} */
117 :
118 : /* {{{ filter_functions[]
119 : */
120 : static const zend_function_entry filter_functions[] = {
121 : PHP_FE(filter_input, arginfo_filter_input)
122 : PHP_FE(filter_var, arginfo_filter_var)
123 : PHP_FE(filter_input_array, arginfo_filter_input_array)
124 : PHP_FE(filter_var_array, arginfo_filter_var_array)
125 : PHP_FE(filter_list, arginfo_filter_list)
126 : PHP_FE(filter_has_var, arginfo_filter_has_var)
127 : PHP_FE(filter_id, arginfo_filter_id)
128 : {NULL, NULL, NULL}
129 : };
130 : /* }}} */
131 :
132 : /* {{{ filter_module_entry
133 : */
134 : zend_module_entry filter_module_entry = {
135 : #if ZEND_MODULE_API_NO >= 20010901
136 : STANDARD_MODULE_HEADER,
137 : #endif
138 : "filter",
139 : filter_functions,
140 : PHP_MINIT(filter),
141 : PHP_MSHUTDOWN(filter),
142 : PHP_RINIT(filter),
143 : PHP_RSHUTDOWN(filter),
144 : PHP_MINFO(filter),
145 : "0.11.0",
146 : STANDARD_MODULE_PROPERTIES
147 : };
148 : /* }}} */
149 :
150 : #ifdef COMPILE_DL_FILTER
151 : ZEND_GET_MODULE(filter)
152 : #endif
153 :
154 : static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
155 17007 : {
156 17007 : int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
157 :
158 204073 : for (i = 0; i < size; ++i) {
159 204073 : if ((strcasecmp(new_value, filter_list[i].name) == 0)) {
160 17007 : IF_G(default_filter) = filter_list[i].id;
161 17007 : return SUCCESS;
162 : }
163 : }
164 : /* Fallback to the default filter */
165 0 : IF_G(default_filter) = FILTER_DEFAULT;
166 0 : return SUCCESS;
167 : }
168 : /* }}} */
169 :
170 : /* {{{ PHP_INI
171 : */
172 : static PHP_INI_MH(OnUpdateFlags)
173 17007 : {
174 17007 : if (!new_value) {
175 17003 : IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
176 : } else {
177 4 : IF_G(default_filter_flags) = atoi(new_value);
178 : }
179 17007 : return SUCCESS;
180 : }
181 :
182 : PHP_INI_BEGIN()
183 : STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
184 : PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
185 : PHP_INI_END()
186 : /* }}} */
187 :
188 : static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
189 17007 : {
190 17007 : filter_globals->post_array = NULL;
191 17007 : filter_globals->get_array = NULL;
192 17007 : filter_globals->cookie_array = NULL;
193 17007 : filter_globals->env_array = NULL;
194 17007 : filter_globals->server_array = NULL;
195 17007 : filter_globals->session_array = NULL;
196 17007 : filter_globals->default_filter = FILTER_DEFAULT;
197 17007 : }
198 : /* }}} */
199 :
200 : #define PARSE_REQUEST 99
201 :
202 : /* {{{ PHP_MINIT_FUNCTION
203 : */
204 : PHP_MINIT_FUNCTION(filter)
205 17007 : {
206 17007 : ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
207 :
208 17007 : REGISTER_INI_ENTRIES();
209 :
210 17007 : REGISTER_LONG_CONSTANT("INPUT_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
211 17007 : REGISTER_LONG_CONSTANT("INPUT_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
212 17007 : REGISTER_LONG_CONSTANT("INPUT_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
213 17007 : REGISTER_LONG_CONSTANT("INPUT_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT);
214 17007 : REGISTER_LONG_CONSTANT("INPUT_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT);
215 17007 : REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION, CONST_CS | CONST_PERSISTENT);
216 17007 : REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT);
217 :
218 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
219 :
220 17007 : REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
221 17007 : REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
222 17007 : REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
223 17007 : REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);
224 :
225 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
226 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOLEAN, CONST_CS | CONST_PERSISTENT);
227 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);
228 :
229 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
230 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
231 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
232 17007 : REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);
233 :
234 17007 : REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
235 17007 : REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
236 :
237 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
238 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
239 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
240 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
241 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
242 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
243 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
244 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
245 17007 : REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
246 :
247 17007 : REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
248 :
249 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
250 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);
251 :
252 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
253 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
254 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
255 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
256 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
257 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
258 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
259 :
260 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
261 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
262 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);
263 :
264 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_SCHEME_REQUIRED", FILTER_FLAG_SCHEME_REQUIRED, CONST_CS | CONST_PERSISTENT);
265 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_HOST_REQUIRED", FILTER_FLAG_HOST_REQUIRED, CONST_CS | CONST_PERSISTENT);
266 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
267 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);
268 :
269 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
270 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
271 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
272 17007 : REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);
273 :
274 17007 : sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
275 :
276 17007 : return SUCCESS;
277 : }
278 : /* }}} */
279 :
280 : /* {{{ PHP_MSHUTDOWN_FUNCTION
281 : */
282 : PHP_MSHUTDOWN_FUNCTION(filter)
283 17039 : {
284 17039 : UNREGISTER_INI_ENTRIES();
285 :
286 17039 : return SUCCESS;
287 : }
288 : /* }}} */
289 :
290 : /* {{{ PHP_RINIT_FUNCTION
291 : */
292 : PHP_RINIT_FUNCTION(filter)
293 16993 : {
294 16993 : IF_G(get_array) = NULL;
295 16993 : IF_G(post_array) = NULL;
296 16993 : IF_G(cookie_array) = NULL;
297 16993 : IF_G(server_array) = NULL;
298 16993 : IF_G(env_array) = NULL;
299 16993 : IF_G(session_array) = NULL;
300 16993 : return SUCCESS;
301 : }
302 : /* }}} */
303 :
304 : /* {{{ PHP_RSHUTDOWN_FUNCTION
305 : */
306 : #define VAR_ARRAY_COPY_DTOR(a) \
307 : if (IF_G(a)) { \
308 : zval_ptr_dtor(&IF_G(a)); \
309 : IF_G(a) = NULL; \
310 : }
311 :
312 : PHP_RSHUTDOWN_FUNCTION(filter)
313 17025 : {
314 17025 : VAR_ARRAY_COPY_DTOR(get_array)
315 17025 : VAR_ARRAY_COPY_DTOR(post_array)
316 17025 : VAR_ARRAY_COPY_DTOR(cookie_array)
317 17025 : VAR_ARRAY_COPY_DTOR(server_array)
318 17025 : VAR_ARRAY_COPY_DTOR(env_array)
319 17025 : VAR_ARRAY_COPY_DTOR(session_array)
320 17025 : return SUCCESS;
321 : }
322 : /* }}} */
323 :
324 : /* {{{ PHP_MINFO_FUNCTION
325 : */
326 : PHP_MINFO_FUNCTION(filter)
327 43 : {
328 43 : php_info_print_table_start();
329 43 : php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
330 43 : php_info_print_table_row( 2, "Revision", "$Revision: 288084 $");
331 43 : php_info_print_table_end();
332 :
333 43 : DISPLAY_INI_ENTRIES();
334 43 : }
335 : /* }}} */
336 :
337 : static filter_list_entry php_find_filter(long id) /* {{{ */
338 67319 : {
339 67319 : int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
340 :
341 804170 : for (i = 0; i < size; ++i) {
342 804170 : if (filter_list[i].id == id) {
343 67319 : return filter_list[i];
344 : }
345 : }
346 : /* Fallback to "string" filter */
347 0 : for (i = 0; i < size; ++i) {
348 0 : if (filter_list[i].id == FILTER_DEFAULT) {
349 0 : return filter_list[i];
350 : }
351 : }
352 : /* To shut up GCC */
353 0 : return filter_list[0];
354 : }
355 : /* }}} */
356 :
357 : static unsigned int php_sapi_filter_init(TSRMLS_D)
358 16993 : {
359 16993 : IF_G(get_array) = NULL;
360 16993 : IF_G(post_array) = NULL;
361 16993 : IF_G(cookie_array) = NULL;
362 16993 : IF_G(server_array) = NULL;
363 16993 : IF_G(env_array) = NULL;
364 16993 : IF_G(session_array) = NULL;
365 16993 : return SUCCESS;
366 : }
367 :
368 : static void php_zval_filter(zval **value, long filter, long flags, zval *options, char* charset, zend_bool copy TSRMLS_DC) /* {{{ */
369 67319 : {
370 : filter_list_entry filter_func;
371 :
372 67319 : filter_func = php_find_filter(filter);
373 :
374 67319 : if (!filter_func.id) {
375 : /* Find default filter */
376 0 : filter_func = php_find_filter(FILTER_DEFAULT);
377 : }
378 :
379 67319 : if (copy) {
380 800 : SEPARATE_ZVAL(value);
381 : }
382 :
383 : /* #49274, fatal error with object without a toString method
384 : Fails nicely instead of getting a recovarable fatal error. */
385 67319 : if (Z_TYPE_PP(value) == IS_OBJECT) {
386 : zend_class_entry *ce;
387 :
388 2 : ce = Z_OBJCE_PP(value);
389 2 : if (!ce->__tostring) {
390 1 : ZVAL_FALSE(*value);
391 1 : return;
392 : }
393 : }
394 :
395 : /* Here be strings */
396 67318 : convert_to_string(*value);
397 :
398 67318 : filter_func.function(*value, flags, options, charset TSRMLS_CC);
399 :
400 67318 : if (
401 : options && (Z_TYPE_P(options) == IS_ARRAY || Z_TYPE_P(options) == IS_OBJECT) &&
402 : ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_PP(value) == IS_NULL) ||
403 : (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_PP(value) == IS_BOOL && Z_LVAL_PP(value) == 0)) &&
404 : zend_hash_exists(HASH_OF(options), "default", sizeof("default"))
405 : ) {
406 : zval **tmp;
407 0 : if (zend_hash_find(HASH_OF(options), "default", sizeof("default"), (void **)&tmp) == SUCCESS) {
408 0 : **value = **tmp;
409 0 : zval_copy_ctor(*value);
410 0 : INIT_PZVAL(*value);
411 : }
412 : }
413 : }
414 : /* }}} */
415 :
416 : static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC) /* {{{ */
417 83246 : {
418 : zval new_var, raw_var;
419 83246 : zval *array_ptr = NULL, *orig_array_ptr = NULL;
420 83246 : char *orig_var = NULL;
421 83246 : int retval = 0;
422 :
423 : assert(*val != NULL);
424 :
425 : #define PARSE_CASE(s,a,t) \
426 : case s: \
427 : if (!IF_G(a)) { \
428 : ALLOC_ZVAL(array_ptr); \
429 : array_init(array_ptr); \
430 : INIT_PZVAL(array_ptr); \
431 : IF_G(a) = array_ptr; \
432 : } else { \
433 : array_ptr = IF_G(a); \
434 : } \
435 : orig_array_ptr = PG(http_globals)[t]; \
436 : break;
437 :
438 83246 : switch (arg) {
439 0 : PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
440 0 : PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
441 0 : PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
442 83195 : PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
443 6 : PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
444 :
445 : case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
446 45 : retval = 1;
447 : break;
448 : }
449 :
450 : /*
451 : * According to rfc2965, more specific paths are listed above the less specific ones.
452 : * If we encounter a duplicate cookie name, we should skip it, since it is not possible
453 : * to have the same (plain text) cookie name for the same path and we should not overwrite
454 : * more specific cookies with the less specific ones.
455 : */
456 83246 : if (arg == PARSE_COOKIE && orig_array_ptr && zend_symtable_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var)+1)) {
457 0 : return 0;
458 : }
459 :
460 83246 : if (array_ptr) {
461 : /* Make a copy of the variable name, as php_register_variable_ex seems to
462 : * modify it */
463 83201 : orig_var = estrdup(var);
464 :
465 : /* Store the RAW variable internally */
466 : /* FIXME: Should not use php_register_variable_ex as that also registers
467 : * globals when register_globals is turned on */
468 83201 : Z_STRLEN(raw_var) = val_len;
469 83201 : Z_STRVAL(raw_var) = estrndup(*val, val_len);
470 83201 : Z_TYPE(raw_var) = IS_STRING;
471 :
472 83201 : php_register_variable_ex(var, &raw_var, array_ptr TSRMLS_CC);
473 : }
474 :
475 83246 : if (val_len) {
476 : /* Register mangled variable */
477 : /* FIXME: Should not use php_register_variable_ex as that also registers
478 : * globals when register_globals is turned on */
479 66517 : Z_STRLEN(new_var) = val_len;
480 66517 : Z_TYPE(new_var) = IS_STRING;
481 :
482 133034 : if (IF_G(default_filter) != FILTER_UNSAFE_RAW || IF_G(default_filter_flags) != 0) {
483 66517 : zval *tmp_new_var = &new_var;
484 66517 : Z_STRVAL(new_var) = estrndup(*val, val_len);
485 66517 : INIT_PZVAL(tmp_new_var);
486 66517 : php_zval_filter(&tmp_new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL/*charset*/, 0 TSRMLS_CC);
487 : }
488 : else {
489 0 : Z_STRVAL(new_var) = estrndup(*val, val_len);
490 : }
491 : } else { /* empty string */
492 16729 : ZVAL_EMPTY_STRING(&new_var);
493 : }
494 :
495 83246 : if (orig_array_ptr) {
496 83195 : php_register_variable_ex(orig_var, &new_var, orig_array_ptr TSRMLS_CC);
497 : }
498 83246 : if (array_ptr) {
499 83201 : efree(orig_var);
500 : }
501 :
502 83246 : if (retval) {
503 45 : if (new_val_len) {
504 45 : *new_val_len = Z_STRLEN(new_var);
505 : }
506 45 : efree(*val);
507 45 : if (Z_STRLEN(new_var)) {
508 37 : *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
509 : } else {
510 8 : *val = estrdup("");
511 : }
512 45 : zval_dtor(&new_var);
513 : }
514 :
515 83246 : return retval;
516 : }
517 : /* }}} */
518 :
519 : static void php_zval_filter_recursive(zval **value, long filter, long flags, zval *options, char *charset, zend_bool copy TSRMLS_DC) /* {{{ */
520 11 : {
521 11 : if (Z_TYPE_PP(value) == IS_ARRAY) {
522 : zval **element;
523 : HashPosition pos;
524 :
525 11 : if (Z_ARRVAL_PP(value)->nApplyCount > 1) {
526 0 : return;
527 : }
528 :
529 11 : for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(value), &pos);
530 53 : zend_hash_get_current_data_ex(Z_ARRVAL_PP(value), (void **) &element, &pos) == SUCCESS;
531 : zend_hash_move_forward_ex(Z_ARRVAL_PP(value), &pos)
532 31 : ) {
533 31 : SEPARATE_ZVAL_IF_NOT_REF(element);
534 31 : if (Z_TYPE_PP(element) == IS_ARRAY) {
535 4 : Z_ARRVAL_PP(element)->nApplyCount++;
536 4 : php_zval_filter_recursive(element, filter, flags, options, charset, copy TSRMLS_CC);
537 4 : Z_ARRVAL_PP(element)->nApplyCount--;
538 : } else {
539 27 : php_zval_filter(element, filter, flags, options, charset, copy TSRMLS_CC);
540 : }
541 : }
542 : } else {
543 0 : php_zval_filter(value, filter, flags, options, charset, copy TSRMLS_CC);
544 : }
545 : }
546 : /* }}} */
547 :
548 : static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
549 :
550 46 : {
551 46 : zval *array_ptr = NULL;
552 46 : zend_bool jit_initialization = (PG(auto_globals_jit));
553 :
554 46 : switch (arg) {
555 : case PARSE_GET:
556 22 : array_ptr = IF_G(get_array);
557 22 : break;
558 : case PARSE_POST:
559 14 : array_ptr = IF_G(post_array);
560 14 : break;
561 : case PARSE_COOKIE:
562 7 : array_ptr = IF_G(cookie_array);
563 7 : break;
564 : case PARSE_SERVER:
565 1 : if (jit_initialization) {
566 1 : zend_is_auto_global("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
567 : }
568 1 : array_ptr = IF_G(server_array);
569 1 : break;
570 : case PARSE_ENV:
571 0 : if (jit_initialization) {
572 0 : zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
573 : }
574 0 : array_ptr = IF_G(env_array);
575 0 : break;
576 : case PARSE_SESSION:
577 : /* FIXME: Implement session source */
578 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "INPUT_SESSION is not yet implemented");
579 0 : break;
580 : case PARSE_REQUEST:
581 : /* FIXME: Implement request source */
582 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "INPUT_REQUEST is not yet implemented");
583 : break;
584 : }
585 :
586 46 : return array_ptr;
587 : }
588 : /* }}} */
589 :
590 : /* {{{ proto mixed filter_has_var(constant type, string variable_name)
591 : * Returns true if the variable with the name 'name' exists in source.
592 : */
593 : PHP_FUNCTION(filter_has_var)
594 31 : {
595 : long arg;
596 : char *var;
597 : int var_len;
598 31 : zval *array_ptr = NULL;
599 :
600 31 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
601 9 : RETURN_FALSE;
602 : }
603 :
604 22 : array_ptr = php_filter_get_storage(arg TSRMLS_CC);
605 :
606 22 : if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var, var_len + 1)) {
607 0 : RETURN_TRUE;
608 : }
609 :
610 22 : RETURN_FALSE;
611 : }
612 : /* }}} */
613 :
614 : static void php_filter_call(zval **filtered, long filter, zval **filter_args, const int copy, long filter_flags TSRMLS_DC) /* {{{ */
615 788 : {
616 788 : zval *options = NULL;
617 : zval **option;
618 788 : char *charset = NULL;
619 :
620 879 : if (filter_args && Z_TYPE_PP(filter_args) != IS_ARRAY) {
621 : long lval;
622 :
623 91 : PHP_FILTER_GET_LONG_OPT(filter_args, lval);
624 :
625 91 : if (filter != -1) { /* handler for array apply */
626 : /* filter_args is the filter_flags */
627 91 : filter_flags = lval;
628 :
629 91 : if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
630 86 : filter_flags |= FILTER_REQUIRE_SCALAR;
631 : }
632 : } else {
633 0 : filter = lval;
634 : }
635 697 : } else if (filter_args) {
636 506 : if (zend_hash_find(HASH_OF(*filter_args), "filter", sizeof("filter"), (void **)&option) == SUCCESS) {
637 0 : PHP_FILTER_GET_LONG_OPT(option, filter);
638 : }
639 :
640 506 : if (zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
641 0 : PHP_FILTER_GET_LONG_OPT(option, filter_flags);
642 :
643 0 : if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
644 0 : filter_flags |= FILTER_REQUIRE_SCALAR;
645 : }
646 : }
647 :
648 506 : if (zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&option) == SUCCESS) {
649 0 : if (filter != FILTER_CALLBACK) {
650 0 : if (Z_TYPE_PP(option) == IS_ARRAY) {
651 0 : options = *option;
652 : }
653 : } else {
654 0 : options = *option;
655 0 : filter_flags = 0;
656 : }
657 : }
658 : }
659 :
660 788 : if (Z_TYPE_PP(filtered) == IS_ARRAY) {
661 13 : if (filter_flags & FILTER_REQUIRE_SCALAR) {
662 6 : if (copy) {
663 6 : SEPARATE_ZVAL(filtered);
664 : }
665 6 : zval_dtor(*filtered);
666 6 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
667 0 : ZVAL_NULL(*filtered);
668 : } else {
669 6 : ZVAL_FALSE(*filtered);
670 : }
671 6 : return;
672 : }
673 7 : php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy TSRMLS_CC);
674 7 : return;
675 : }
676 775 : if (filter_flags & FILTER_REQUIRE_ARRAY) {
677 0 : if (copy) {
678 0 : SEPARATE_ZVAL(filtered);
679 : }
680 0 : zval_dtor(*filtered);
681 0 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
682 0 : ZVAL_NULL(*filtered);
683 : } else {
684 0 : ZVAL_FALSE(*filtered);
685 : }
686 0 : return;
687 : }
688 :
689 775 : php_zval_filter(filtered, filter, filter_flags, options, charset, copy TSRMLS_CC);
690 775 : if (filter_flags & FILTER_FORCE_ARRAY) {
691 : zval *tmp;
692 :
693 0 : ALLOC_ZVAL(tmp);
694 0 : *tmp = **filtered;
695 0 : zval_copy_ctor(tmp);
696 0 : INIT_PZVAL(tmp);
697 :
698 0 : zval_dtor(*filtered);
699 :
700 0 : array_init(*filtered);
701 0 : add_next_index_zval(*filtered, tmp);
702 : }
703 : }
704 : /* }}} */
705 :
706 : static void php_filter_array_handler(zval *input, zval **op, zval *return_value TSRMLS_DC) /* {{{ */
707 19 : {
708 : zstr arg_key;
709 : uint arg_key_len;
710 : ulong index;
711 : HashPosition pos;
712 : zval **tmp, **arg_elm;
713 :
714 19 : if (!op) {
715 2 : zval_dtor(return_value);
716 2 : *return_value = *input;
717 2 : zval_copy_ctor(return_value);
718 2 : INIT_PZVAL(return_value);
719 2 : php_filter_call(&return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC);
720 17 : } else if (Z_TYPE_PP(op) == IS_LONG) {
721 0 : zval_dtor(return_value);
722 0 : *return_value = *input;
723 0 : zval_copy_ctor(return_value);
724 0 : INIT_PZVAL(return_value);
725 0 : php_filter_call(&return_value, Z_LVAL_PP(op), NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC);
726 17 : } else if (Z_TYPE_PP(op) == IS_ARRAY) {
727 12 : array_init(return_value);
728 :
729 12 : zend_hash_internal_pointer_reset(Z_ARRVAL_PP(op));
730 12 : for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(op), &pos);
731 24 : zend_hash_get_current_data_ex(Z_ARRVAL_PP(op), (void **) &arg_elm, &pos) == SUCCESS;
732 0 : zend_hash_move_forward_ex(Z_ARRVAL_PP(op), &pos))
733 : {
734 11 : if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(op), &arg_key, &arg_key_len, &index, 0, &pos) != HASH_KEY_IS_STRING) {
735 11 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric keys are not allowed in the definition array");
736 11 : zval_dtor(return_value);
737 11 : RETURN_FALSE;
738 : }
739 0 : if (arg_key_len < 2) {
740 0 : php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty keys are not allowed in the definition array");
741 0 : zval_dtor(return_value);
742 0 : RETURN_FALSE;
743 : }
744 0 : if (zend_hash_find(Z_ARRVAL_P(input), arg_key.s, arg_key_len, (void **)&tmp) != SUCCESS) {
745 0 : add_assoc_null_ex(return_value, arg_key.s, arg_key_len);
746 : } else {
747 : zval *nval;
748 :
749 0 : ALLOC_ZVAL(nval);
750 0 : *nval = **tmp;
751 0 : zval_copy_ctor(nval);
752 0 : INIT_PZVAL(nval);
753 :
754 0 : php_filter_call(&nval, -1, arg_elm, 0, FILTER_REQUIRE_SCALAR TSRMLS_CC);
755 0 : add_assoc_zval_ex(return_value, arg_key.s, arg_key_len, nval);
756 : }
757 : }
758 : } else {
759 5 : RETURN_FALSE;
760 : }
761 : }
762 : /* }}} */
763 :
764 : /* {{{ proto mixed filter_input(constant type, string variable_name [, long filter [, mixed options]])
765 : * Returns the filtered variable 'name'* from source `type`.
766 : */
767 : PHP_FUNCTION(filter_input)
768 24 : {
769 24 : long fetch_from, filter = FILTER_DEFAULT;
770 24 : zval **filter_args = NULL, **tmp;
771 24 : zval *input = NULL;
772 : char *var;
773 : int var_len;
774 :
775 24 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls|lZ", &fetch_from, &var, &var_len, &filter, &filter_args) == FAILURE) {
776 1 : return;
777 : }
778 :
779 23 : if (!PHP_FILTER_ID_EXISTS(filter)) {
780 0 : RETURN_FALSE;
781 : }
782 :
783 23 : input = php_filter_get_storage(fetch_from TSRMLS_CC);
784 :
785 23 : if (!input || !HASH_OF(input) || zend_hash_find(HASH_OF(input), var, var_len + 1, (void **)&tmp) != SUCCESS) {
786 22 : long filter_flags = 0;
787 : zval **option, **opt, **def;
788 22 : if (filter_args) {
789 7 : if (Z_TYPE_PP(filter_args) == IS_LONG) {
790 0 : filter_flags = Z_LVAL_PP(filter_args);
791 7 : } else if (Z_TYPE_PP(filter_args) == IS_ARRAY && zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
792 0 : PHP_FILTER_GET_LONG_OPT(option, filter_flags);
793 7 : } else if (Z_TYPE_PP(filter_args) == IS_ARRAY &&
794 : zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&opt) == SUCCESS &&
795 : Z_TYPE_PP(opt) == IS_ARRAY &&
796 : zend_hash_find(HASH_OF(*opt), "default", sizeof("default"), (void **)&def) == SUCCESS
797 : ) {
798 0 : *return_value = **def;
799 0 : zval_copy_ctor(return_value);
800 0 : INIT_PZVAL(return_value);
801 0 : return;
802 : }
803 : }
804 22 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
805 0 : RETURN_FALSE;
806 : } else {
807 22 : RETURN_NULL();
808 : }
809 : }
810 :
811 1 : *return_value = **tmp;
812 1 : zval_copy_ctor(return_value); /* Watch out for empty strings */
813 1 : INIT_PZVAL(return_value);
814 :
815 1 : php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
816 : }
817 : /* }}} */
818 :
819 : /* {{{ proto mixed filter_var(mixed variable [, long filter [, mixed options]])
820 : * Returns the filtered version of the vriable.
821 : */
822 : PHP_FUNCTION(filter_var)
823 791 : {
824 791 : long filter = FILTER_DEFAULT;
825 791 : zval **filter_args = NULL, *data;
826 :
827 791 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z/|lZ", &data, &filter, &filter_args) == FAILURE) {
828 4 : return;
829 : }
830 :
831 787 : if (!PHP_FILTER_ID_EXISTS(filter)) {
832 2 : RETURN_FALSE;
833 : }
834 :
835 785 : *return_value = *data;
836 785 : zval_copy_ctor(data);
837 785 : INIT_PZVAL(return_value);
838 :
839 785 : php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
840 : }
841 : /* }}} */
842 :
843 : /* {{{ proto mixed filter_input_array(constant type, [, mixed options]])
844 : * Returns an array with all arguments defined in 'definition'.
845 : */
846 : PHP_FUNCTION(filter_input_array)
847 1 : {
848 : long fetch_from;
849 1 : zval *array_input = NULL, **op = NULL;
850 :
851 1 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|Z", &fetch_from, &op) == FAILURE) {
852 0 : return;
853 : }
854 :
855 1 : if (op
856 : && (Z_TYPE_PP(op) != IS_ARRAY)
857 : && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
858 : ) {
859 0 : RETURN_FALSE;
860 : }
861 :
862 1 : array_input = php_filter_get_storage(fetch_from TSRMLS_CC);
863 :
864 1 : if (!array_input || !HASH_OF(array_input)) {
865 1 : long filter_flags = 0;
866 : zval **option;
867 1 : if (op) {
868 1 : if (Z_TYPE_PP(op) == IS_LONG) {
869 0 : filter_flags = Z_LVAL_PP(op);
870 1 : } else if (Z_TYPE_PP(op) == IS_ARRAY && zend_hash_find(HASH_OF(*op), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
871 0 : PHP_FILTER_GET_LONG_OPT(option, filter_flags);
872 : }
873 : }
874 1 : if (filter_flags & FILTER_NULL_ON_FAILURE) {
875 0 : RETURN_FALSE;
876 : } else {
877 1 : RETURN_NULL();
878 : }
879 : }
880 :
881 0 : php_filter_array_handler(array_input, op, return_value TSRMLS_CC);
882 : }
883 : /* }}} */
884 :
885 : /* {{{ proto mixed filter_var_array(array data, [, mixed options]])
886 : * Returns an array with all arguments defined in 'definition'.
887 : */
888 : PHP_FUNCTION(filter_var_array)
889 28 : {
890 28 : zval *array_input = NULL, **op = NULL;
891 :
892 28 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "a|Z", &array_input, &op) == FAILURE) {
893 1 : return;
894 : }
895 :
896 27 : if (op
897 : && (Z_TYPE_PP(op) != IS_ARRAY)
898 : && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
899 : ) {
900 8 : RETURN_FALSE;
901 : }
902 :
903 19 : php_filter_array_handler(array_input, op, return_value TSRMLS_CC);
904 : }
905 : /* }}} */
906 :
907 : /* {{{ proto filter_list()
908 : * Returns a list of all supported filters */
909 : PHP_FUNCTION(filter_list)
910 3 : {
911 3 : int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
912 :
913 3 : if (zend_parse_parameters_none() == FAILURE) {
914 1 : return;
915 : }
916 :
917 2 : array_init(return_value);
918 38 : for (i = 0; i < size; ++i) {
919 36 : add_next_index_string(return_value, (char *)filter_list[i].name, 1);
920 : }
921 : }
922 : /* }}} */
923 :
924 : /* {{{ proto filter_id(string filtername)
925 : * Returns the filter ID belonging to a named filter */
926 : PHP_FUNCTION(filter_id)
927 170 : {
928 : int i, filter_len;
929 170 : int size = sizeof(filter_list) / sizeof(filter_list_entry);
930 : char *filter;
931 :
932 170 : if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filter, &filter_len) == FAILURE) {
933 2 : return;
934 : }
935 :
936 1609 : for (i = 0; i < size; ++i) {
937 1607 : if (strcmp(filter_list[i].name, filter) == 0) {
938 166 : RETURN_LONG(filter_list[i].id);
939 : }
940 : }
941 :
942 2 : RETURN_FALSE;
943 : }
944 : /* }}} */
945 :
946 : /*
947 : * Local variables:
948 : * tab-width: 4
949 : * c-basic-offset: 4
950 : * End:
951 : * vim600: noet sw=4 ts=4 fdm=marker
952 : * vim<600: noet sw=4 ts=4
953 : */
|
