1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 5 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2013 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Rasmus Lerdorf <rasmus@php.net> |
16 | Derick Rethans <derick@php.net> |
17 | Pierre-A. Joye <pierre@php.net> |
18 | Ilia Alshanetsky <iliaa@php.net> |
19 +----------------------------------------------------------------------+
20 */
21
22 /* $Id: 209a1c3c98c04a5474846e7bbe8ca72054ccfd4f $ */
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include "php_filter.h"
29
30 ZEND_DECLARE_MODULE_GLOBALS(filter)
31
32 #include "filter_private.h"
33
34 typedef struct filter_list_entry {
35 const char *name;
36 int id;
37 void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
38 } filter_list_entry;
39
40 /* {{{ filter_list */
41 static const filter_list_entry filter_list[] = {
42 { "int", FILTER_VALIDATE_INT, php_filter_int },
43 { "boolean", FILTER_VALIDATE_BOOLEAN, php_filter_boolean },
44 { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
45
46 { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
47 { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
48 { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
49 { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
50
51 { "string", FILTER_SANITIZE_STRING, php_filter_string },
52 { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
53 { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
54 { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
55 { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars },
56 { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
57 { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
58 { "url", FILTER_SANITIZE_URL, php_filter_url },
59 { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
60 { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
61 { "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_magic_quotes },
62
63 { "callback", FILTER_CALLBACK, php_filter_callback },
64 };
65 /* }}} */
66
67 #ifndef PARSE_ENV
68 #define PARSE_ENV 4
69 #endif
70
71 #ifndef PARSE_SERVER
72 #define PARSE_SERVER 5
73 #endif
74
75 #ifndef PARSE_SESSION
76 #define PARSE_SESSION 6
77 #endif
78
79 static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC);
80 static unsigned int php_sapi_filter_init(TSRMLS_D);
81
82 /* {{{ arginfo */
83 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input, 0, 0, 2)
84 ZEND_ARG_INFO(0, type)
85 ZEND_ARG_INFO(0, variable_name)
86 ZEND_ARG_INFO(0, filter)
87 ZEND_ARG_INFO(0, options)
88 ZEND_END_ARG_INFO()
89
90 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var, 0, 0, 1)
91 ZEND_ARG_INFO(0, variable)
92 ZEND_ARG_INFO(0, filter)
93 ZEND_ARG_INFO(0, options)
94 ZEND_END_ARG_INFO()
95
96 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input_array, 0, 0, 1)
97 ZEND_ARG_INFO(0, type)
98 ZEND_ARG_INFO(0, definition)
99 ZEND_ARG_INFO(0, add_empty)
100 ZEND_END_ARG_INFO()
101
102 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var_array, 0, 0, 1)
103 ZEND_ARG_INFO(0, data)
104 ZEND_ARG_INFO(0, definition)
105 ZEND_ARG_INFO(0, add_empty)
106 ZEND_END_ARG_INFO()
107
108 ZEND_BEGIN_ARG_INFO(arginfo_filter_list, 0)
109 ZEND_END_ARG_INFO()
110
111 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_has_var, 0, 0, 2)
112 ZEND_ARG_INFO(0, type)
113 ZEND_ARG_INFO(0, variable_name)
114 ZEND_END_ARG_INFO()
115
116 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_id, 0, 0, 1)
117 ZEND_ARG_INFO(0, filtername)
118 ZEND_END_ARG_INFO()
119 /* }}} */
120
121 /* {{{ filter_functions[]
122 */
123 static const zend_function_entry filter_functions[] = {
124 PHP_FE(filter_input, arginfo_filter_input)
125 PHP_FE(filter_var, arginfo_filter_var)
126 PHP_FE(filter_input_array, arginfo_filter_input_array)
127 PHP_FE(filter_var_array, arginfo_filter_var_array)
128 PHP_FE(filter_list, arginfo_filter_list)
129 PHP_FE(filter_has_var, arginfo_filter_has_var)
130 PHP_FE(filter_id, arginfo_filter_id)
131 PHP_FE_END
132 };
133 /* }}} */
134
135 /* {{{ filter_module_entry
136 */
137 zend_module_entry filter_module_entry = {
138 #if ZEND_MODULE_API_NO >= 20010901
139 STANDARD_MODULE_HEADER,
140 #endif
141 "filter",
142 filter_functions,
143 PHP_MINIT(filter),
144 PHP_MSHUTDOWN(filter),
145 NULL,
146 PHP_RSHUTDOWN(filter),
147 PHP_MINFO(filter),
148 "0.11.0",
149 STANDARD_MODULE_PROPERTIES
150 };
151 /* }}} */
152
153 #ifdef COMPILE_DL_FILTER
154 ZEND_GET_MODULE(filter)
155 #endif
156
PHP_INI_MH(UpdateDefaultFilter)157 static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
158 {
159 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
160
161 for (i = 0; i < size; ++i) {
162 if ((strcasecmp(new_value, filter_list[i].name) == 0)) {
163 IF_G(default_filter) = filter_list[i].id;
164 return SUCCESS;
165 }
166 }
167 /* Fallback to the default filter */
168 IF_G(default_filter) = FILTER_DEFAULT;
169 return SUCCESS;
170 }
171 /* }}} */
172
173 /* {{{ PHP_INI
174 */
PHP_INI_MH(OnUpdateFlags)175 static PHP_INI_MH(OnUpdateFlags)
176 {
177 if (!new_value) {
178 IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
179 } else {
180 IF_G(default_filter_flags) = atoi(new_value);
181 }
182 return SUCCESS;
183 }
184
185 PHP_INI_BEGIN()
186 STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
187 PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
PHP_INI_END()188 PHP_INI_END()
189 /* }}} */
190
191 static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
192 {
193 filter_globals->post_array = NULL;
194 filter_globals->get_array = NULL;
195 filter_globals->cookie_array = NULL;
196 filter_globals->env_array = NULL;
197 filter_globals->server_array = NULL;
198 filter_globals->session_array = NULL;
199 filter_globals->default_filter = FILTER_DEFAULT;
200 }
201 /* }}} */
202
203 #define PARSE_REQUEST 99
204
205 /* {{{ PHP_MINIT_FUNCTION
206 */
PHP_MINIT_FUNCTION(filter)207 PHP_MINIT_FUNCTION(filter)
208 {
209 ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
210
211 REGISTER_INI_ENTRIES();
212
213 REGISTER_LONG_CONSTANT("INPUT_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
214 REGISTER_LONG_CONSTANT("INPUT_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
215 REGISTER_LONG_CONSTANT("INPUT_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
216 REGISTER_LONG_CONSTANT("INPUT_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT);
217 REGISTER_LONG_CONSTANT("INPUT_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT);
218 REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION, CONST_CS | CONST_PERSISTENT);
219 REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT);
220
221 REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
222
223 REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
224 REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
225 REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
226 REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);
227
228 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
229 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOLEAN, CONST_CS | CONST_PERSISTENT);
230 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);
231
232 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
233 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
234 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
235 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);
236
237 REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
238 REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
239
240 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
241 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
242 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
243 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
244 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
245 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
246 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
247 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
248 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
249 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
250
251 REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
252
253 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
254 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);
255
256 REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
257 REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
258 REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_BACKTICK", FILTER_FLAG_STRIP_BACKTICK, CONST_CS | CONST_PERSISTENT);
259 REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
260 REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
261 REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
262 REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
263 REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
264
265 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
266 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
267 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);
268
269 REGISTER_LONG_CONSTANT("FILTER_FLAG_SCHEME_REQUIRED", FILTER_FLAG_SCHEME_REQUIRED, CONST_CS | CONST_PERSISTENT);
270 REGISTER_LONG_CONSTANT("FILTER_FLAG_HOST_REQUIRED", FILTER_FLAG_HOST_REQUIRED, CONST_CS | CONST_PERSISTENT);
271 REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
272 REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);
273
274 REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
275 REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
276 REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
277 REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);
278
279 sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
280
281 return SUCCESS;
282 }
283 /* }}} */
284
285 /* {{{ PHP_MSHUTDOWN_FUNCTION
286 */
PHP_MSHUTDOWN_FUNCTION(filter)287 PHP_MSHUTDOWN_FUNCTION(filter)
288 {
289 UNREGISTER_INI_ENTRIES();
290
291 return SUCCESS;
292 }
293 /* }}} */
294
295 /* {{{ PHP_RSHUTDOWN_FUNCTION
296 */
297 #define VAR_ARRAY_COPY_DTOR(a) \
298 if (IF_G(a)) { \
299 zval_ptr_dtor(&IF_G(a)); \
300 IF_G(a) = NULL; \
301 }
302
PHP_RSHUTDOWN_FUNCTION(filter)303 PHP_RSHUTDOWN_FUNCTION(filter)
304 {
305 VAR_ARRAY_COPY_DTOR(get_array)
306 VAR_ARRAY_COPY_DTOR(post_array)
307 VAR_ARRAY_COPY_DTOR(cookie_array)
308 VAR_ARRAY_COPY_DTOR(server_array)
309 VAR_ARRAY_COPY_DTOR(env_array)
310 VAR_ARRAY_COPY_DTOR(session_array)
311 return SUCCESS;
312 }
313 /* }}} */
314
315 /* {{{ PHP_MINFO_FUNCTION
316 */
PHP_MINFO_FUNCTION(filter)317 PHP_MINFO_FUNCTION(filter)
318 {
319 php_info_print_table_start();
320 php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
321 php_info_print_table_row( 2, "Revision", "$Id: 209a1c3c98c04a5474846e7bbe8ca72054ccfd4f $");
322 php_info_print_table_end();
323
324 DISPLAY_INI_ENTRIES();
325 }
326 /* }}} */
327
php_find_filter(long id)328 static filter_list_entry php_find_filter(long id) /* {{{ */
329 {
330 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
331
332 for (i = 0; i < size; ++i) {
333 if (filter_list[i].id == id) {
334 return filter_list[i];
335 }
336 }
337 /* Fallback to "string" filter */
338 for (i = 0; i < size; ++i) {
339 if (filter_list[i].id == FILTER_DEFAULT) {
340 return filter_list[i];
341 }
342 }
343 /* To shut up GCC */
344 return filter_list[0];
345 }
346 /* }}} */
347
php_sapi_filter_init(TSRMLS_D)348 static unsigned int php_sapi_filter_init(TSRMLS_D)
349 {
350 IF_G(get_array) = NULL;
351 IF_G(post_array) = NULL;
352 IF_G(cookie_array) = NULL;
353 IF_G(server_array) = NULL;
354 IF_G(env_array) = NULL;
355 IF_G(session_array) = NULL;
356 return SUCCESS;
357 }
358
php_zval_filter(zval ** value,long filter,long flags,zval * options,char * charset,zend_bool copy TSRMLS_DC)359 static void php_zval_filter(zval **value, long filter, long flags, zval *options, char* charset, zend_bool copy TSRMLS_DC) /* {{{ */
360 {
361 filter_list_entry filter_func;
362
363 filter_func = php_find_filter(filter);
364
365 if (!filter_func.id) {
366 /* Find default filter */
367 filter_func = php_find_filter(FILTER_DEFAULT);
368 }
369
370 if (copy) {
371 SEPARATE_ZVAL(value);
372 }
373
374 /* #49274, fatal error with object without a toString method
375 Fails nicely instead of getting a recovarable fatal error. */
376 if (Z_TYPE_PP(value) == IS_OBJECT) {
377 zend_class_entry *ce;
378
379 ce = Z_OBJCE_PP(value);
380 if (!ce->__tostring) {
381 ZVAL_FALSE(*value);
382 return;
383 }
384 }
385
386 /* Here be strings */
387 convert_to_string(*value);
388
389 filter_func.function(*value, flags, options, charset TSRMLS_CC);
390
391 if (
392 options && (Z_TYPE_P(options) == IS_ARRAY || Z_TYPE_P(options) == IS_OBJECT) &&
393 ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_PP(value) == IS_NULL) ||
394 (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_PP(value) == IS_BOOL && Z_LVAL_PP(value) == 0)) &&
395 zend_hash_exists(HASH_OF(options), "default", sizeof("default"))
396 ) {
397 zval **tmp;
398 if (zend_hash_find(HASH_OF(options), "default", sizeof("default"), (void **)&tmp) == SUCCESS) {
399 MAKE_COPY_ZVAL(tmp, *value);
400 }
401 }
402 }
403 /* }}} */
404
php_sapi_filter(int arg,char * var,char ** val,unsigned int val_len,unsigned int * new_val_len TSRMLS_DC)405 static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC) /* {{{ */
406 {
407 zval new_var, raw_var;
408 zval *array_ptr = NULL, *orig_array_ptr = NULL;
409 char *orig_var = NULL;
410 int retval = 0;
411
412 assert(*val != NULL);
413
414 #define PARSE_CASE(s,a,t) \
415 case s: \
416 if (!IF_G(a)) { \
417 ALLOC_ZVAL(array_ptr); \
418 array_init(array_ptr); \
419 INIT_PZVAL(array_ptr); \
420 IF_G(a) = array_ptr; \
421 } else { \
422 array_ptr = IF_G(a); \
423 } \
424 orig_array_ptr = PG(http_globals)[t]; \
425 break;
426
427 switch (arg) {
428 PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
429 PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
430 PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
431 PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
432 PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
433
434 case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
435 retval = 1;
436 break;
437 }
438
439 /*
440 * According to rfc2965, more specific paths are listed above the less specific ones.
441 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
442 * to have the same (plain text) cookie name for the same path and we should not overwrite
443 * more specific cookies with the less specific ones.
444 */
445 if (arg == PARSE_COOKIE && orig_array_ptr && zend_symtable_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var)+1)) {
446 return 0;
447 }
448
449 if (array_ptr) {
450 /* Make a copy of the variable name, as php_register_variable_ex seems to
451 * modify it */
452 orig_var = estrdup(var);
453
454 /* Store the RAW variable internally */
455 /* FIXME: Should not use php_register_variable_ex as that also registers
456 * globals when register_globals is turned on */
457 Z_STRLEN(raw_var) = val_len;
458 Z_STRVAL(raw_var) = estrndup(*val, val_len);
459 Z_TYPE(raw_var) = IS_STRING;
460
461 php_register_variable_ex(var, &raw_var, array_ptr TSRMLS_CC);
462 }
463
464 if (val_len) {
465 /* Register mangled variable */
466 /* FIXME: Should not use php_register_variable_ex as that also registers
467 * globals when register_globals is turned on */
468 Z_STRLEN(new_var) = val_len;
469 Z_TYPE(new_var) = IS_STRING;
470
471 if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
472 zval *tmp_new_var = &new_var;
473 Z_STRVAL(new_var) = estrndup(*val, val_len);
474 INIT_PZVAL(tmp_new_var);
475 php_zval_filter(&tmp_new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL/*charset*/, 0 TSRMLS_CC);
476 } else if (PG(magic_quotes_gpc) && !retval) { /* for PARSE_STRING php_register_variable_safe() will do the addslashes() */
477 Z_STRVAL(new_var) = php_addslashes(*val, Z_STRLEN(new_var), &Z_STRLEN(new_var), 0 TSRMLS_CC);
478 } else {
479 Z_STRVAL(new_var) = estrndup(*val, val_len);
480 }
481 } else { /* empty string */
482 ZVAL_EMPTY_STRING(&new_var);
483 }
484
485 if (orig_array_ptr) {
486 php_register_variable_ex(orig_var, &new_var, orig_array_ptr TSRMLS_CC);
487 }
488 if (array_ptr) {
489 efree(orig_var);
490 }
491
492 if (retval) {
493 if (new_val_len) {
494 *new_val_len = Z_STRLEN(new_var);
495 }
496 efree(*val);
497 if (Z_STRLEN(new_var)) {
498 *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
499 } else {
500 *val = estrdup("");
501 }
502 zval_dtor(&new_var);
503 }
504
505 return retval;
506 }
507 /* }}} */
508
php_zval_filter_recursive(zval ** value,long filter,long flags,zval * options,char * charset,zend_bool copy TSRMLS_DC)509 static void php_zval_filter_recursive(zval **value, long filter, long flags, zval *options, char *charset, zend_bool copy TSRMLS_DC) /* {{{ */
510 {
511 if (Z_TYPE_PP(value) == IS_ARRAY) {
512 zval **element;
513 HashPosition pos;
514
515 if (Z_ARRVAL_PP(value)->nApplyCount > 1) {
516 return;
517 }
518
519 for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(value), &pos);
520 zend_hash_get_current_data_ex(Z_ARRVAL_PP(value), (void **) &element, &pos) == SUCCESS;
521 zend_hash_move_forward_ex(Z_ARRVAL_PP(value), &pos)
522 ) {
523 SEPARATE_ZVAL_IF_NOT_REF(element);
524 if (Z_TYPE_PP(element) == IS_ARRAY) {
525 Z_ARRVAL_PP(element)->nApplyCount++;
526 php_zval_filter_recursive(element, filter, flags, options, charset, copy TSRMLS_CC);
527 Z_ARRVAL_PP(element)->nApplyCount--;
528 } else {
529 php_zval_filter(element, filter, flags, options, charset, copy TSRMLS_CC);
530 }
531 }
532 } else {
533 php_zval_filter(value, filter, flags, options, charset, copy TSRMLS_CC);
534 }
535 }
536 /* }}} */
537
php_filter_get_storage(long arg TSRMLS_DC)538 static zval *php_filter_get_storage(long arg TSRMLS_DC)/* {{{ */
539
540 {
541 zval *array_ptr = NULL;
542 zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals) && !PG(register_long_arrays));
543
544 switch (arg) {
545 case PARSE_GET:
546 array_ptr = IF_G(get_array);
547 break;
548 case PARSE_POST:
549 array_ptr = IF_G(post_array);
550 break;
551 case PARSE_COOKIE:
552 array_ptr = IF_G(cookie_array);
553 break;
554 case PARSE_SERVER:
555 if (jit_initialization) {
556 zend_is_auto_global("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
557 }
558 array_ptr = IF_G(server_array);
559 break;
560 case PARSE_ENV:
561 if (jit_initialization) {
562 zend_is_auto_global("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
563 }
564 array_ptr = IF_G(env_array) ? IF_G(env_array) : PG(http_globals)[TRACK_VARS_ENV];
565 break;
566 case PARSE_SESSION:
567 /* FIXME: Implement session source */
568 php_error_docref(NULL TSRMLS_CC, E_WARNING, "INPUT_SESSION is not yet implemented");
569 break;
570 case PARSE_REQUEST:
571 /* FIXME: Implement request source */
572 php_error_docref(NULL TSRMLS_CC, E_WARNING, "INPUT_REQUEST is not yet implemented");
573 break;
574 }
575
576 return array_ptr;
577 }
578 /* }}} */
579
580 /* {{{ proto mixed filter_has_var(constant type, string variable_name)
581 * Returns true if the variable with the name 'name' exists in source.
582 */
PHP_FUNCTION(filter_has_var)583 PHP_FUNCTION(filter_has_var)
584 {
585 long arg;
586 char *var;
587 int var_len;
588 zval *array_ptr = NULL;
589
590 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
591 RETURN_FALSE;
592 }
593
594 array_ptr = php_filter_get_storage(arg TSRMLS_CC);
595
596 if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var, var_len + 1)) {
597 RETURN_TRUE;
598 }
599
600 RETURN_FALSE;
601 }
602 /* }}} */
603
php_filter_call(zval ** filtered,long filter,zval ** filter_args,const int copy,long filter_flags TSRMLS_DC)604 static void php_filter_call(zval **filtered, long filter, zval **filter_args, const int copy, long filter_flags TSRMLS_DC) /* {{{ */
605 {
606 zval *options = NULL;
607 zval **option;
608 char *charset = NULL;
609
610 if (filter_args && Z_TYPE_PP(filter_args) != IS_ARRAY) {
611 long lval;
612
613 PHP_FILTER_GET_LONG_OPT(filter_args, lval);
614
615 if (filter != -1) { /* handler for array apply */
616 /* filter_args is the filter_flags */
617 filter_flags = lval;
618
619 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
620 filter_flags |= FILTER_REQUIRE_SCALAR;
621 }
622 } else {
623 filter = lval;
624 }
625 } else if (filter_args) {
626 if (zend_hash_find(HASH_OF(*filter_args), "filter", sizeof("filter"), (void **)&option) == SUCCESS) {
627 PHP_FILTER_GET_LONG_OPT(option, filter);
628 }
629
630 if (zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
631 PHP_FILTER_GET_LONG_OPT(option, filter_flags);
632
633 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
634 filter_flags |= FILTER_REQUIRE_SCALAR;
635 }
636 }
637
638 if (zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&option) == SUCCESS) {
639 if (filter != FILTER_CALLBACK) {
640 if (Z_TYPE_PP(option) == IS_ARRAY) {
641 options = *option;
642 }
643 } else {
644 options = *option;
645 filter_flags = 0;
646 }
647 }
648 }
649
650 if (Z_TYPE_PP(filtered) == IS_ARRAY) {
651 if (filter_flags & FILTER_REQUIRE_SCALAR) {
652 if (copy) {
653 SEPARATE_ZVAL(filtered);
654 }
655 zval_dtor(*filtered);
656 if (filter_flags & FILTER_NULL_ON_FAILURE) {
657 ZVAL_NULL(*filtered);
658 } else {
659 ZVAL_FALSE(*filtered);
660 }
661 return;
662 }
663 php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy TSRMLS_CC);
664 return;
665 }
666 if (filter_flags & FILTER_REQUIRE_ARRAY) {
667 if (copy) {
668 SEPARATE_ZVAL(filtered);
669 }
670 zval_dtor(*filtered);
671 if (filter_flags & FILTER_NULL_ON_FAILURE) {
672 ZVAL_NULL(*filtered);
673 } else {
674 ZVAL_FALSE(*filtered);
675 }
676 return;
677 }
678
679 php_zval_filter(filtered, filter, filter_flags, options, charset, copy TSRMLS_CC);
680 if (filter_flags & FILTER_FORCE_ARRAY) {
681 zval *tmp;
682
683 ALLOC_ZVAL(tmp);
684 MAKE_COPY_ZVAL(filtered, tmp);
685
686 zval_dtor(*filtered);
687
688 array_init(*filtered);
689 add_next_index_zval(*filtered, tmp);
690 }
691 }
692 /* }}} */
693
php_filter_array_handler(zval * input,zval ** op,zval * return_value,zend_bool add_empty TSRMLS_DC)694 static void php_filter_array_handler(zval *input, zval **op, zval *return_value, zend_bool add_empty TSRMLS_DC) /* {{{ */
695 {
696 char *arg_key;
697 uint arg_key_len;
698 ulong index;
699 HashPosition pos;
700 zval **tmp, **arg_elm;
701
702 if (!op) {
703 zval_dtor(return_value);
704 MAKE_COPY_ZVAL(&input, return_value);
705 php_filter_call(&return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC);
706 } else if (Z_TYPE_PP(op) == IS_LONG) {
707 zval_dtor(return_value);
708 MAKE_COPY_ZVAL(&input, return_value);
709 php_filter_call(&return_value, Z_LVAL_PP(op), NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC);
710 } else if (Z_TYPE_PP(op) == IS_ARRAY) {
711 array_init(return_value);
712
713 zend_hash_internal_pointer_reset(Z_ARRVAL_PP(op));
714 for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(op), &pos);
715 zend_hash_get_current_data_ex(Z_ARRVAL_PP(op), (void **) &arg_elm, &pos) == SUCCESS;
716 zend_hash_move_forward_ex(Z_ARRVAL_PP(op), &pos))
717 {
718 if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(op), &arg_key, &arg_key_len, &index, 0, &pos) != HASH_KEY_IS_STRING) {
719 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric keys are not allowed in the definition array");
720 zval_dtor(return_value);
721 RETURN_FALSE;
722 }
723 if (arg_key_len < 2) {
724 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty keys are not allowed in the definition array");
725 zval_dtor(return_value);
726 RETURN_FALSE;
727 }
728 if (zend_hash_find(Z_ARRVAL_P(input), arg_key, arg_key_len, (void **)&tmp) != SUCCESS) {
729 if (add_empty) {
730 add_assoc_null_ex(return_value, arg_key, arg_key_len);
731 }
732 } else {
733 zval *nval;
734
735 ALLOC_ZVAL(nval);
736 MAKE_COPY_ZVAL(tmp, nval);
737
738 php_filter_call(&nval, -1, arg_elm, 0, FILTER_REQUIRE_SCALAR TSRMLS_CC);
739 add_assoc_zval_ex(return_value, arg_key, arg_key_len, nval);
740 }
741 }
742 } else {
743 RETURN_FALSE;
744 }
745 }
746 /* }}} */
747
748 /* {{{ proto mixed filter_input(constant type, string variable_name [, long filter [, mixed options]])
749 * Returns the filtered variable 'name'* from source `type`.
750 */
PHP_FUNCTION(filter_input)751 PHP_FUNCTION(filter_input)
752 {
753 long fetch_from, filter = FILTER_DEFAULT;
754 zval **filter_args = NULL, **tmp;
755 zval *input = NULL;
756 char *var;
757 int var_len;
758
759 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls|lZ", &fetch_from, &var, &var_len, &filter, &filter_args) == FAILURE) {
760 return;
761 }
762
763 if (!PHP_FILTER_ID_EXISTS(filter)) {
764 RETURN_FALSE;
765 }
766
767 input = php_filter_get_storage(fetch_from TSRMLS_CC);
768
769 if (!input || !HASH_OF(input) || zend_hash_find(HASH_OF(input), var, var_len + 1, (void **)&tmp) != SUCCESS) {
770 long filter_flags = 0;
771 zval **option, **opt, **def;
772 if (filter_args) {
773 if (Z_TYPE_PP(filter_args) == IS_LONG) {
774 filter_flags = Z_LVAL_PP(filter_args);
775 } else if (Z_TYPE_PP(filter_args) == IS_ARRAY && zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
776 PHP_FILTER_GET_LONG_OPT(option, filter_flags);
777 }
778 if (Z_TYPE_PP(filter_args) == IS_ARRAY &&
779 zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&opt) == SUCCESS &&
780 Z_TYPE_PP(opt) == IS_ARRAY &&
781 zend_hash_find(HASH_OF(*opt), "default", sizeof("default"), (void **)&def) == SUCCESS
782 ) {
783 MAKE_COPY_ZVAL(def, return_value);
784 return;
785 }
786 }
787
788 /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
789 * the function: normally when validation fails false is returned, and
790 * when the input value doesn't exist NULL is returned. With the flag
791 * set, NULL and false should be returned, respectively. Ergo, although
792 * the code below looks incorrect, it's actually right. */
793 if (filter_flags & FILTER_NULL_ON_FAILURE) {
794 RETURN_FALSE;
795 } else {
796 RETURN_NULL();
797 }
798 }
799
800 MAKE_COPY_ZVAL(tmp, return_value);
801
802 php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
803 }
804 /* }}} */
805
806 /* {{{ proto mixed filter_var(mixed variable [, long filter [, mixed options]])
807 * Returns the filtered version of the vriable.
808 */
PHP_FUNCTION(filter_var)809 PHP_FUNCTION(filter_var)
810 {
811 long filter = FILTER_DEFAULT;
812 zval **filter_args = NULL, *data;
813
814 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z/|lZ", &data, &filter, &filter_args) == FAILURE) {
815 return;
816 }
817
818 if (!PHP_FILTER_ID_EXISTS(filter)) {
819 RETURN_FALSE;
820 }
821
822 MAKE_COPY_ZVAL(&data, return_value);
823
824 php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
825 }
826 /* }}} */
827
828 /* {{{ proto mixed filter_input_array(constant type, [, mixed options [, bool add_empty]]])
829 * Returns an array with all arguments defined in 'definition'.
830 */
PHP_FUNCTION(filter_input_array)831 PHP_FUNCTION(filter_input_array)
832 {
833 long fetch_from;
834 zval *array_input = NULL, **op = NULL;
835 zend_bool add_empty = 1;
836
837 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|Zb", &fetch_from, &op, &add_empty) == FAILURE) {
838 return;
839 }
840
841 if (op
842 && (Z_TYPE_PP(op) != IS_ARRAY)
843 && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
844 ) {
845 RETURN_FALSE;
846 }
847
848 array_input = php_filter_get_storage(fetch_from TSRMLS_CC);
849
850 if (!array_input || !HASH_OF(array_input)) {
851 long filter_flags = 0;
852 zval **option;
853 if (op) {
854 if (Z_TYPE_PP(op) == IS_LONG) {
855 filter_flags = Z_LVAL_PP(op);
856 } else if (Z_TYPE_PP(op) == IS_ARRAY && zend_hash_find(HASH_OF(*op), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
857 PHP_FILTER_GET_LONG_OPT(option, filter_flags);
858 }
859 }
860
861 /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
862 * the function: normally when validation fails false is returned, and
863 * when the input value doesn't exist NULL is returned. With the flag
864 * set, NULL and false should be returned, respectively. Ergo, although
865 * the code below looks incorrect, it's actually right. */
866 if (filter_flags & FILTER_NULL_ON_FAILURE) {
867 RETURN_FALSE;
868 } else {
869 RETURN_NULL();
870 }
871 }
872
873 php_filter_array_handler(array_input, op, return_value, add_empty TSRMLS_CC);
874 }
875 /* }}} */
876
877 /* {{{ proto mixed filter_var_array(array data, [, mixed options [, bool add_empty]]])
878 * Returns an array with all arguments defined in 'definition'.
879 */
PHP_FUNCTION(filter_var_array)880 PHP_FUNCTION(filter_var_array)
881 {
882 zval *array_input = NULL, **op = NULL;
883 zend_bool add_empty = 1;
884
885 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "a|Zb", &array_input, &op, &add_empty) == FAILURE) {
886 return;
887 }
888
889 if (op
890 && (Z_TYPE_PP(op) != IS_ARRAY)
891 && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
892 ) {
893 RETURN_FALSE;
894 }
895
896 php_filter_array_handler(array_input, op, return_value, add_empty TSRMLS_CC);
897 }
898 /* }}} */
899
900 /* {{{ proto filter_list()
901 * Returns a list of all supported filters */
PHP_FUNCTION(filter_list)902 PHP_FUNCTION(filter_list)
903 {
904 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
905
906 if (zend_parse_parameters_none() == FAILURE) {
907 return;
908 }
909
910 array_init(return_value);
911 for (i = 0; i < size; ++i) {
912 add_next_index_string(return_value, (char *)filter_list[i].name, 1);
913 }
914 }
915 /* }}} */
916
917 /* {{{ proto filter_id(string filtername)
918 * Returns the filter ID belonging to a named filter */
PHP_FUNCTION(filter_id)919 PHP_FUNCTION(filter_id)
920 {
921 int i, filter_len;
922 int size = sizeof(filter_list) / sizeof(filter_list_entry);
923 char *filter;
924
925 if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filter, &filter_len) == FAILURE) {
926 return;
927 }
928
929 for (i = 0; i < size; ++i) {
930 if (strcmp(filter_list[i].name, filter) == 0) {
931 RETURN_LONG(filter_list[i].id);
932 }
933 }
934
935 RETURN_FALSE;
936 }
937 /* }}} */
938
939 /*
940 * Local variables:
941 * tab-width: 4
942 * c-basic-offset: 4
943 * End:
944 * vim600: noet sw=4 ts=4 fdm=marker
945 * vim<600: noet sw=4 ts=4
946 */
947
