1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Author: Rui Hirokawa <hirokawa@php.net> |
16 | Moriyoshi Koizumi <moriyoshi@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* $Id$ */
21
22 /* {{{ includes */
23 #ifdef HAVE_CONFIG_H
24 #include "config.h"
25 #endif
26
27 #include "php.h"
28 #include "php_ini.h"
29 #include "php_variables.h"
30 #include "libmbfl/mbfl/mbfilter_pass.h"
31 #include "mbstring.h"
32 #include "ext/standard/php_string.h"
33 #include "ext/standard/php_mail.h"
34 #include "ext/standard/url.h"
35 #include "main/php_output.h"
36 #include "ext/standard/info.h"
37
38 #include "php_variables.h"
39 #include "php_globals.h"
40 #include "rfc1867.h"
41 #include "php_content_types.h"
42 #include "SAPI.h"
43 #include "TSRM.h"
44
45 #include "mb_gpc.h"
46 /* }}} */
47
48 #if HAVE_MBSTRING
49
ZEND_EXTERN_MODULE_GLOBALS(mbstring)50 ZEND_EXTERN_MODULE_GLOBALS(mbstring)
51
52 /* {{{ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
53 * http input processing */
54 MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
55 {
56 char *res = NULL, *separator=NULL;
57 const char *c_var;
58 zval v_array;
59 int free_buffer=0;
60 const mbfl_encoding *detected;
61 php_mb_encoding_handler_info_t info;
62
63 if (arg != PARSE_STRING) {
64 char *value = MBSTRG(internal_encoding_name);
65 _php_mb_ini_mbstring_internal_encoding_set(value, value ? strlen(value): 0);
66 }
67
68 if (!MBSTRG(encoding_translation)) {
69 php_default_treat_data(arg, str, destArray);
70 return;
71 }
72
73 switch (arg) {
74 case PARSE_POST:
75 case PARSE_GET:
76 case PARSE_COOKIE:
77 array_init(&v_array);
78 switch (arg) {
79 case PARSE_POST:
80 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &v_array);
81 break;
82 case PARSE_GET:
83 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &v_array);
84 break;
85 case PARSE_COOKIE:
86 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &v_array);
87 break;
88 }
89 break;
90 default:
91 ZVAL_COPY_VALUE(&v_array, destArray);
92 break;
93 }
94
95 if (arg == PARSE_POST) {
96 sapi_handle_post(&v_array);
97 return;
98 }
99
100 if (arg == PARSE_GET) { /* GET data */
101 c_var = SG(request_info).query_string;
102 if (c_var && *c_var) {
103 res = (char *) estrdup(c_var);
104 free_buffer = 1;
105 } else {
106 free_buffer = 0;
107 }
108 } else if (arg == PARSE_COOKIE) { /* Cookie data */
109 c_var = SG(request_info).cookie_data;
110 if (c_var && *c_var) {
111 res = (char *) estrdup(c_var);
112 free_buffer = 1;
113 } else {
114 free_buffer = 0;
115 }
116 } else if (arg == PARSE_STRING) { /* String data */
117 res = str;
118 free_buffer = 1;
119 }
120
121 if (!res) {
122 return;
123 }
124
125 switch (arg) {
126 case PARSE_POST:
127 case PARSE_GET:
128 case PARSE_STRING:
129 separator = (char *) estrdup(PG(arg_separator).input);
130 break;
131 case PARSE_COOKIE:
132 separator = ";\0";
133 break;
134 }
135
136 switch (arg) {
137 case PARSE_POST:
138 MBSTRG(http_input_identify_post) = NULL;
139 break;
140 case PARSE_GET:
141 MBSTRG(http_input_identify_get) = NULL;
142 break;
143 case PARSE_COOKIE:
144 MBSTRG(http_input_identify_cookie) = NULL;
145 break;
146 case PARSE_STRING:
147 MBSTRG(http_input_identify_string) = NULL;
148 break;
149 }
150
151 info.data_type = arg;
152 info.separator = separator;
153 info.report_errors = 0;
154 info.to_encoding = MBSTRG(internal_encoding);
155 info.to_language = MBSTRG(language);
156 info.from_encodings = MBSTRG(http_input_list);
157 info.num_from_encodings = MBSTRG(http_input_list_size);
158 info.from_language = MBSTRG(language);
159
160 MBSTRG(illegalchars) = 0;
161
162 detected = _php_mb_encoding_handler_ex(&info, &v_array, res);
163 MBSTRG(http_input_identify) = detected;
164
165 if (detected) {
166 switch(arg){
167 case PARSE_POST:
168 MBSTRG(http_input_identify_post) = detected;
169 break;
170 case PARSE_GET:
171 MBSTRG(http_input_identify_get) = detected;
172 break;
173 case PARSE_COOKIE:
174 MBSTRG(http_input_identify_cookie) = detected;
175 break;
176 case PARSE_STRING:
177 MBSTRG(http_input_identify_string) = detected;
178 break;
179 }
180 }
181
182 if (arg != PARSE_COOKIE) {
183 efree(separator);
184 }
185
186 if (free_buffer) {
187 efree(res);
188 }
189 }
190 /* }}} */
191
192 /* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */
_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t * info,zval * arg,char * res)193 const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *arg, char *res)
194 {
195 char *var, *val;
196 const char *s1, *s2;
197 char *strtok_buf = NULL, **val_list = NULL;
198 zval *array_ptr = (zval *) arg;
199 int n, num, *len_list = NULL;
200 size_t val_len, new_val_len;
201 mbfl_string string, resvar, resval;
202 const mbfl_encoding *from_encoding = NULL;
203 mbfl_encoding_detector *identd = NULL;
204 mbfl_buffer_converter *convd = NULL;
205
206 mbfl_string_init_set(&string, info->to_language, info->to_encoding->no_encoding);
207 mbfl_string_init_set(&resvar, info->to_language, info->to_encoding->no_encoding);
208 mbfl_string_init_set(&resval, info->to_language, info->to_encoding->no_encoding);
209
210 if (!res || *res == '\0') {
211 goto out;
212 }
213
214 /* count the variables(separators) contained in the "res".
215 * separator may contain multiple separator chars.
216 */
217 num = 1;
218 for (s1=res; *s1 != '\0'; s1++) {
219 for (s2=info->separator; *s2 != '\0'; s2++) {
220 if (*s1 == *s2) {
221 num++;
222 }
223 }
224 }
225 num *= 2; /* need space for variable name and value */
226
227 val_list = (char **)ecalloc(num, sizeof(char *));
228 len_list = (int *)ecalloc(num, sizeof(int));
229
230 /* split and decode the query */
231 n = 0;
232 strtok_buf = NULL;
233 var = php_strtok_r(res, info->separator, &strtok_buf);
234 while (var) {
235 val = strchr(var, '=');
236 if (val) { /* have a value */
237 len_list[n] = php_url_decode(var, val-var);
238 val_list[n] = var;
239 n++;
240
241 *val++ = '\0';
242 val_list[n] = val;
243 len_list[n] = php_url_decode(val, strlen(val));
244 } else {
245 len_list[n] = php_url_decode(var, strlen(var));
246 val_list[n] = var;
247 n++;
248
249 val_list[n] = "";
250 len_list[n] = 0;
251 }
252 n++;
253 var = php_strtok_r(NULL, info->separator, &strtok_buf);
254 }
255
256 if (n > (PG(max_input_vars) * 2)) {
257 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
258 goto out;
259 }
260
261 num = n; /* make sure to process initialized vars only */
262
263 /* initialize converter */
264 if (info->num_from_encodings <= 0) {
265 from_encoding = &mbfl_encoding_pass;
266 } else if (info->num_from_encodings == 1) {
267 from_encoding = info->from_encodings[0];
268 } else {
269 /* auto detect */
270 from_encoding = NULL;
271 identd = mbfl_encoding_detector_new2(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection));
272 if (identd != NULL) {
273 n = 0;
274 while (n < num) {
275 string.val = (unsigned char *)val_list[n];
276 string.len = len_list[n];
277 if (mbfl_encoding_detector_feed(identd, &string)) {
278 break;
279 }
280 n++;
281 }
282 from_encoding = mbfl_encoding_detector_judge2(identd);
283 mbfl_encoding_detector_delete(identd);
284 }
285 if (!from_encoding) {
286 if (info->report_errors) {
287 php_error_docref(NULL, E_WARNING, "Unable to detect encoding");
288 }
289 from_encoding = &mbfl_encoding_pass;
290 }
291 }
292
293 convd = NULL;
294 if (from_encoding != &mbfl_encoding_pass) {
295 convd = mbfl_buffer_converter_new2(from_encoding, info->to_encoding, 0);
296 if (convd != NULL) {
297 mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode));
298 mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar));
299 } else {
300 if (info->report_errors) {
301 php_error_docref(NULL, E_WARNING, "Unable to create converter");
302 }
303 goto out;
304 }
305 }
306
307 /* convert encoding */
308 string.no_encoding = from_encoding->no_encoding;
309
310 n = 0;
311 while (n < num) {
312 string.val = (unsigned char *)val_list[n];
313 string.len = len_list[n];
314 if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resvar) != NULL) {
315 var = (char *)resvar.val;
316 } else {
317 var = val_list[n];
318 }
319 n++;
320 string.val = (unsigned char *)val_list[n];
321 string.len = len_list[n];
322 if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resval) != NULL) {
323 val = (char *)resval.val;
324 val_len = resval.len;
325 } else {
326 val = val_list[n];
327 val_len = len_list[n];
328 }
329 n++;
330 /* we need val to be emalloc()ed */
331 val = estrndup(val, val_len);
332 if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len)) {
333 /* add variable to symbol table */
334 php_register_variable_safe(var, val, new_val_len, array_ptr);
335 }
336 efree(val);
337
338 if (convd != NULL){
339 mbfl_string_clear(&resvar);
340 mbfl_string_clear(&resval);
341 }
342 }
343
344 out:
345 if (convd != NULL) {
346 MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
347 mbfl_buffer_converter_delete(convd);
348 }
349 if (val_list != NULL) {
350 efree((void *)val_list);
351 }
352 if (len_list != NULL) {
353 efree((void *)len_list);
354 }
355
356 return from_encoding;
357 }
358 /* }}} */
359
360 /* {{{ SAPI_POST_HANDLER_FUNC(php_mb_post_handler) */
SAPI_POST_HANDLER_FUNC(php_mb_post_handler)361 SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
362 {
363 const mbfl_encoding *detected;
364 php_mb_encoding_handler_info_t info;
365 zend_string *post_data_str = NULL;
366
367 MBSTRG(http_input_identify_post) = NULL;
368
369 info.data_type = PARSE_POST;
370 info.separator = "&";
371 info.report_errors = 0;
372 info.to_encoding = MBSTRG(internal_encoding);
373 info.to_language = MBSTRG(language);
374 info.from_encodings = MBSTRG(http_input_list);
375 info.num_from_encodings = MBSTRG(http_input_list_size);
376 info.from_language = MBSTRG(language);
377
378 php_stream_rewind(SG(request_info).request_body);
379 post_data_str = php_stream_copy_to_mem(SG(request_info).request_body, PHP_STREAM_COPY_ALL, 0);
380 detected = _php_mb_encoding_handler_ex(&info, arg, post_data_str ? ZSTR_VAL(post_data_str) : NULL);
381 if (post_data_str) {
382 zend_string_release(post_data_str);
383 }
384
385 MBSTRG(http_input_identify) = detected;
386 if (detected) {
387 MBSTRG(http_input_identify_post) = detected;
388 }
389 }
390 /* }}} */
391
392 #endif /* HAVE_MBSTRING */
393
394 /*
395 * Local variables:
396 * tab-width: 4
397 * c-basic-offset: 4
398 * End:
399 * vim600: fdm=marker
400 * vim: noet sw=4 ts=4
401 */
402
