1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Author: Rui Hirokawa <hirokawa@php.net> |
16 | Moriyoshi Koizumi <moriyoshi@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* {{{ includes */
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "php.h"
26 #include "php_ini.h"
27 #include "php_variables.h"
28 #include "libmbfl/mbfl/mbfilter_pass.h"
29 #include "mbstring.h"
30 #include "ext/standard/php_string.h"
31 #include "ext/standard/php_mail.h"
32 #include "ext/standard/url.h"
33 #include "main/php_output.h"
34 #include "ext/standard/info.h"
35
36 #include "php_variables.h"
37 #include "php_globals.h"
38 #include "rfc1867.h"
39 #include "php_content_types.h"
40 #include "SAPI.h"
41 #include "TSRM.h"
42
43 #include "mb_gpc.h"
44 /* }}} */
45
46 #if HAVE_MBSTRING
47
ZEND_EXTERN_MODULE_GLOBALS(mbstring)48 ZEND_EXTERN_MODULE_GLOBALS(mbstring)
49
50 /* {{{ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
51 * http input processing */
52 MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
53 {
54 char *res = NULL, *separator=NULL;
55 const char *c_var;
56 zval v_array;
57 int free_buffer=0;
58 const mbfl_encoding *detected;
59 php_mb_encoding_handler_info_t info;
60
61 if (arg != PARSE_STRING) {
62 char *value = MBSTRG(internal_encoding_name);
63 _php_mb_ini_mbstring_internal_encoding_set(value, value ? strlen(value): 0);
64 }
65
66 if (!MBSTRG(encoding_translation)) {
67 php_default_treat_data(arg, str, destArray);
68 return;
69 }
70
71 switch (arg) {
72 case PARSE_POST:
73 case PARSE_GET:
74 case PARSE_COOKIE:
75 array_init(&v_array);
76 switch (arg) {
77 case PARSE_POST:
78 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &v_array);
79 break;
80 case PARSE_GET:
81 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &v_array);
82 break;
83 case PARSE_COOKIE:
84 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &v_array);
85 break;
86 }
87 break;
88 default:
89 ZVAL_COPY_VALUE(&v_array, destArray);
90 break;
91 }
92
93 if (arg == PARSE_POST) {
94 sapi_handle_post(&v_array);
95 return;
96 }
97
98 if (arg == PARSE_GET) { /* GET data */
99 c_var = SG(request_info).query_string;
100 if (c_var && *c_var) {
101 res = (char *) estrdup(c_var);
102 free_buffer = 1;
103 } else {
104 free_buffer = 0;
105 }
106 } else if (arg == PARSE_COOKIE) { /* Cookie data */
107 c_var = SG(request_info).cookie_data;
108 if (c_var && *c_var) {
109 res = (char *) estrdup(c_var);
110 free_buffer = 1;
111 } else {
112 free_buffer = 0;
113 }
114 } else if (arg == PARSE_STRING) { /* String data */
115 res = str;
116 free_buffer = 1;
117 }
118
119 if (!res) {
120 return;
121 }
122
123 switch (arg) {
124 case PARSE_POST:
125 case PARSE_GET:
126 case PARSE_STRING:
127 separator = (char *) estrdup(PG(arg_separator).input);
128 break;
129 case PARSE_COOKIE:
130 separator = ";\0";
131 break;
132 }
133
134 switch (arg) {
135 case PARSE_POST:
136 MBSTRG(http_input_identify_post) = NULL;
137 break;
138 case PARSE_GET:
139 MBSTRG(http_input_identify_get) = NULL;
140 break;
141 case PARSE_COOKIE:
142 MBSTRG(http_input_identify_cookie) = NULL;
143 break;
144 case PARSE_STRING:
145 MBSTRG(http_input_identify_string) = NULL;
146 break;
147 }
148
149 info.data_type = arg;
150 info.separator = separator;
151 info.report_errors = 0;
152 info.to_encoding = MBSTRG(internal_encoding);
153 info.to_language = MBSTRG(language);
154 info.from_encodings = MBSTRG(http_input_list);
155 info.num_from_encodings = MBSTRG(http_input_list_size);
156 info.from_language = MBSTRG(language);
157
158 MBSTRG(illegalchars) = 0;
159
160 detected = _php_mb_encoding_handler_ex(&info, &v_array, res);
161 MBSTRG(http_input_identify) = detected;
162
163 if (detected) {
164 switch(arg){
165 case PARSE_POST:
166 MBSTRG(http_input_identify_post) = detected;
167 break;
168 case PARSE_GET:
169 MBSTRG(http_input_identify_get) = detected;
170 break;
171 case PARSE_COOKIE:
172 MBSTRG(http_input_identify_cookie) = detected;
173 break;
174 case PARSE_STRING:
175 MBSTRG(http_input_identify_string) = detected;
176 break;
177 }
178 }
179
180 if (arg != PARSE_COOKIE) {
181 efree(separator);
182 }
183
184 if (free_buffer) {
185 efree(res);
186 }
187 }
188 /* }}} */
189
190 /* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */
_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t * info,zval * arg,char * res)191 const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *arg, char *res)
192 {
193 char *var, *val;
194 const char *s1, *s2;
195 char *strtok_buf = NULL, **val_list = NULL;
196 zval *array_ptr = (zval *) arg;
197 size_t n, num, *len_list = NULL;
198 size_t val_len, new_val_len;
199 mbfl_string string, resvar, resval;
200 const mbfl_encoding *from_encoding = NULL;
201 mbfl_encoding_detector *identd = NULL;
202 mbfl_buffer_converter *convd = NULL;
203
204 mbfl_string_init_set(&string, info->to_language, info->to_encoding);
205 mbfl_string_init_set(&resvar, info->to_language, info->to_encoding);
206 mbfl_string_init_set(&resval, info->to_language, info->to_encoding);
207
208 if (!res || *res == '\0') {
209 goto out;
210 }
211
212 /* count the variables(separators) contained in the "res".
213 * separator may contain multiple separator chars.
214 */
215 num = 1;
216 for (s1=res; *s1 != '\0'; s1++) {
217 for (s2=info->separator; *s2 != '\0'; s2++) {
218 if (*s1 == *s2) {
219 num++;
220 }
221 }
222 }
223 num *= 2; /* need space for variable name and value */
224
225 val_list = (char **)ecalloc(num, sizeof(char *));
226 len_list = (size_t *)ecalloc(num, sizeof(size_t));
227
228 /* split and decode the query */
229 n = 0;
230 strtok_buf = NULL;
231 var = php_strtok_r(res, info->separator, &strtok_buf);
232 while (var) {
233 val = strchr(var, '=');
234 if (val) { /* have a value */
235 len_list[n] = php_url_decode(var, val-var);
236 val_list[n] = var;
237 n++;
238
239 *val++ = '\0';
240 val_list[n] = val;
241 len_list[n] = php_url_decode(val, strlen(val));
242 } else {
243 len_list[n] = php_url_decode(var, strlen(var));
244 val_list[n] = var;
245 n++;
246
247 val_list[n] = "";
248 len_list[n] = 0;
249 }
250 n++;
251 var = php_strtok_r(NULL, info->separator, &strtok_buf);
252 }
253
254 if (ZEND_SIZE_T_GT_ZEND_LONG(n, (PG(max_input_vars) * 2))) {
255 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
256 goto out;
257 }
258
259 num = n; /* make sure to process initialized vars only */
260
261 /* initialize converter */
262 if (info->num_from_encodings == 0) {
263 from_encoding = &mbfl_encoding_pass;
264 } else if (info->num_from_encodings == 1) {
265 from_encoding = info->from_encodings[0];
266 } else {
267 /* auto detect */
268 from_encoding = NULL;
269 identd = mbfl_encoding_detector_new(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection));
270 if (identd != NULL) {
271 n = 0;
272 while (n < num) {
273 string.val = (unsigned char *)val_list[n];
274 string.len = len_list[n];
275 if (mbfl_encoding_detector_feed(identd, &string)) {
276 break;
277 }
278 n++;
279 }
280 from_encoding = mbfl_encoding_detector_judge(identd);
281 mbfl_encoding_detector_delete(identd);
282 }
283 if (!from_encoding) {
284 if (info->report_errors) {
285 php_error_docref(NULL, E_WARNING, "Unable to detect encoding");
286 }
287 from_encoding = &mbfl_encoding_pass;
288 }
289 }
290
291 convd = NULL;
292 if (from_encoding != &mbfl_encoding_pass) {
293 convd = mbfl_buffer_converter_new(from_encoding, info->to_encoding, 0);
294 if (convd != NULL) {
295 mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode));
296 mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar));
297 } else {
298 if (info->report_errors) {
299 php_error_docref(NULL, E_WARNING, "Unable to create converter");
300 }
301 goto out;
302 }
303 }
304
305 /* convert encoding */
306 string.encoding = from_encoding;
307
308 n = 0;
309 while (n < num) {
310 string.val = (unsigned char *)val_list[n];
311 string.len = len_list[n];
312 if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resvar) != NULL) {
313 var = (char *)resvar.val;
314 } else {
315 var = val_list[n];
316 }
317 n++;
318 string.val = (unsigned char *)val_list[n];
319 string.len = len_list[n];
320 if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resval) != NULL) {
321 val = (char *)resval.val;
322 val_len = resval.len;
323 } else {
324 val = val_list[n];
325 val_len = len_list[n];
326 }
327 n++;
328 /* we need val to be emalloc()ed */
329 val = estrndup(val, val_len);
330 if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len)) {
331 /* add variable to symbol table */
332 php_register_variable_safe(var, val, new_val_len, array_ptr);
333 }
334 efree(val);
335
336 if (convd != NULL){
337 mbfl_string_clear(&resvar);
338 mbfl_string_clear(&resval);
339 }
340 }
341
342 out:
343 if (convd != NULL) {
344 MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
345 mbfl_buffer_converter_delete(convd);
346 }
347 if (val_list != NULL) {
348 efree((void *)val_list);
349 }
350 if (len_list != NULL) {
351 efree((void *)len_list);
352 }
353
354 return from_encoding;
355 }
356 /* }}} */
357
358 /* {{{ SAPI_POST_HANDLER_FUNC(php_mb_post_handler) */
SAPI_POST_HANDLER_FUNC(php_mb_post_handler)359 SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
360 {
361 const mbfl_encoding *detected;
362 php_mb_encoding_handler_info_t info;
363 zend_string *post_data_str = NULL;
364
365 MBSTRG(http_input_identify_post) = NULL;
366
367 info.data_type = PARSE_POST;
368 info.separator = "&";
369 info.report_errors = 0;
370 info.to_encoding = MBSTRG(internal_encoding);
371 info.to_language = MBSTRG(language);
372 info.from_encodings = MBSTRG(http_input_list);
373 info.num_from_encodings = MBSTRG(http_input_list_size);
374 info.from_language = MBSTRG(language);
375
376 php_stream_rewind(SG(request_info).request_body);
377 post_data_str = php_stream_copy_to_mem(SG(request_info).request_body, PHP_STREAM_COPY_ALL, 0);
378 detected = _php_mb_encoding_handler_ex(&info, arg, post_data_str ? ZSTR_VAL(post_data_str) : NULL);
379 if (post_data_str) {
380 zend_string_release_ex(post_data_str, 0);
381 }
382
383 MBSTRG(http_input_identify) = detected;
384 if (detected) {
385 MBSTRG(http_input_identify_post) = detected;
386 }
387 }
388 /* }}} */
389
390 #endif /* HAVE_MBSTRING */
391
392 /*
393 * Local variables:
394 * tab-width: 4
395 * c-basic-offset: 4
396 * End:
397 * vim600: fdm=marker
398 * vim: noet sw=4 ts=4
399 */
400
