1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Author: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
16 +----------------------------------------------------------------------+
17 */
18
19 #include <stdio.h>
20 #include "php.h"
21 #include "ext/standard/php_standard.h"
22 #include "ext/date/php_date.h"
23 #include "SAPI.h"
24 #include "php_main.h"
25 #include "head.h"
26 #ifdef TM_IN_SYS_TIME
27 #include <sys/time.h>
28 #else
29 #include <time.h>
30 #endif
31
32 #include "php_globals.h"
33 #include "zend_smart_str.h"
34
35
36 /* Implementation of the language Header() function */
37 /* {{{ proto void header(string header [, bool replace, [int http_response_code]])
38 Sends a raw HTTP header */
PHP_FUNCTION(header)39 PHP_FUNCTION(header)
40 {
41 zend_bool rep = 1;
42 sapi_header_line ctr = {0};
43 size_t len;
44
45 ZEND_PARSE_PARAMETERS_START(1, 3)
46 Z_PARAM_STRING(ctr.line, len)
47 Z_PARAM_OPTIONAL
48 Z_PARAM_BOOL(rep)
49 Z_PARAM_LONG(ctr.response_code)
50 ZEND_PARSE_PARAMETERS_END();
51
52 ctr.line_len = (uint32_t)len;
53 sapi_header_op(rep ? SAPI_HEADER_REPLACE:SAPI_HEADER_ADD, &ctr);
54 }
55 /* }}} */
56
57 /* {{{ proto void header_remove([string name])
58 Removes an HTTP header previously set using header() */
PHP_FUNCTION(header_remove)59 PHP_FUNCTION(header_remove)
60 {
61 sapi_header_line ctr = {0};
62 size_t len = 0;
63
64 ZEND_PARSE_PARAMETERS_START(0, 1)
65 Z_PARAM_OPTIONAL
66 Z_PARAM_STRING(ctr.line, len)
67 ZEND_PARSE_PARAMETERS_END();
68
69 ctr.line_len = (uint32_t)len;
70 sapi_header_op(ZEND_NUM_ARGS() == 0 ? SAPI_HEADER_DELETE_ALL : SAPI_HEADER_DELETE, &ctr);
71 }
72 /* }}} */
73
php_header(void)74 PHPAPI int php_header(void)
75 {
76 if (sapi_send_headers()==FAILURE || SG(request_info).headers_only) {
77 return 0; /* don't allow output */
78 } else {
79 return 1; /* allow output */
80 }
81 }
82
php_setcookie(zend_string * name,zend_string * value,time_t expires,zend_string * path,zend_string * domain,int secure,int httponly,zend_string * samesite,int url_encode)83 PHPAPI int php_setcookie(zend_string *name, zend_string *value, time_t expires, zend_string *path, zend_string *domain, int secure, int httponly, zend_string *samesite, int url_encode)
84 {
85 zend_string *dt;
86 sapi_header_line ctr = {0};
87 int result;
88 smart_str buf = {0};
89
90 if (!ZSTR_LEN(name)) {
91 zend_error( E_WARNING, "Cookie names must not be empty" );
92 return FAILURE;
93 } else if (strpbrk(ZSTR_VAL(name), "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
94 zend_error(E_WARNING, "Cookie names cannot contain any of the following '=,; \\t\\r\\n\\013\\014'" );
95 return FAILURE;
96 }
97
98 if (!url_encode && value &&
99 strpbrk(ZSTR_VAL(value), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
100 zend_error(E_WARNING, "Cookie values cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
101 return FAILURE;
102 }
103
104 if (path && strpbrk(ZSTR_VAL(path), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
105 zend_error(E_WARNING, "Cookie paths cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
106 return FAILURE;
107 }
108
109 if (domain && strpbrk(ZSTR_VAL(domain), ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
110 zend_error(E_WARNING, "Cookie domains cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
111 return FAILURE;
112 }
113
114 if (value == NULL || ZSTR_LEN(value) == 0) {
115 /*
116 * MSIE doesn't delete a cookie when you set it to a null value
117 * so in order to force cookies to be deleted, even on MSIE, we
118 * pick an expiry date in the past
119 */
120 dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, 1, 0);
121 smart_str_appends(&buf, "Set-Cookie: ");
122 smart_str_append(&buf, name);
123 smart_str_appends(&buf, "=deleted; expires=");
124 smart_str_append(&buf, dt);
125 smart_str_appends(&buf, "; Max-Age=0");
126 zend_string_free(dt);
127 } else {
128 smart_str_appends(&buf, "Set-Cookie: ");
129 smart_str_append(&buf, name);
130 smart_str_appendc(&buf, '=');
131 if (url_encode) {
132 zend_string *encoded_value = php_url_encode(ZSTR_VAL(value), ZSTR_LEN(value));
133 smart_str_append(&buf, encoded_value);
134 zend_string_release_ex(encoded_value, 0);
135 } else {
136 smart_str_append(&buf, value);
137 }
138 if (expires > 0) {
139 const char *p;
140 double diff;
141
142 smart_str_appends(&buf, COOKIE_EXPIRES);
143 dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0);
144 /* check to make sure that the year does not exceed 4 digits in length */
145 p = zend_memrchr(ZSTR_VAL(dt), '-', ZSTR_LEN(dt));
146 if (!p || *(p + 5) != ' ') {
147 zend_string_free(dt);
148 smart_str_free(&buf);
149 zend_error(E_WARNING, "Expiry date cannot have a year greater than 9999");
150 return FAILURE;
151 }
152
153 smart_str_append(&buf, dt);
154 zend_string_free(dt);
155
156 diff = difftime(expires, php_time());
157 if (diff < 0) {
158 diff = 0;
159 }
160
161 smart_str_appends(&buf, COOKIE_MAX_AGE);
162 smart_str_append_long(&buf, (zend_long) diff);
163 }
164 }
165
166 if (path && ZSTR_LEN(path)) {
167 smart_str_appends(&buf, COOKIE_PATH);
168 smart_str_append(&buf, path);
169 }
170 if (domain && ZSTR_LEN(domain)) {
171 smart_str_appends(&buf, COOKIE_DOMAIN);
172 smart_str_append(&buf, domain);
173 }
174 if (secure) {
175 smart_str_appends(&buf, COOKIE_SECURE);
176 }
177 if (httponly) {
178 smart_str_appends(&buf, COOKIE_HTTPONLY);
179 }
180 if (samesite && ZSTR_LEN(samesite)) {
181 smart_str_appends(&buf, COOKIE_SAMESITE);
182 smart_str_append(&buf, samesite);
183 }
184
185 ctr.line = ZSTR_VAL(buf.s);
186 ctr.line_len = (uint32_t) ZSTR_LEN(buf.s);
187
188 result = sapi_header_op(SAPI_HEADER_ADD, &ctr);
189 zend_string_release(buf.s);
190 return result;
191 }
192
php_head_parse_cookie_options_array(zval * options,zend_long * expires,zend_string ** path,zend_string ** domain,zend_bool * secure,zend_bool * httponly,zend_string ** samesite)193 static void php_head_parse_cookie_options_array(zval *options, zend_long *expires, zend_string **path, zend_string **domain, zend_bool *secure, zend_bool *httponly, zend_string **samesite) {
194 int found = 0;
195 zend_string *key;
196 zval *value;
197
198 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(options), key, value) {
199 if (key) {
200 if (zend_string_equals_literal_ci(key, "expires")) {
201 *expires = zval_get_long(value);
202 found++;
203 } else if (zend_string_equals_literal_ci(key, "path")) {
204 *path = zval_get_string(value);
205 found++;
206 } else if (zend_string_equals_literal_ci(key, "domain")) {
207 *domain = zval_get_string(value);
208 found++;
209 } else if (zend_string_equals_literal_ci(key, "secure")) {
210 *secure = zval_is_true(value);
211 found++;
212 } else if (zend_string_equals_literal_ci(key, "httponly")) {
213 *httponly = zval_is_true(value);
214 found++;
215 } else if (zend_string_equals_literal_ci(key, "samesite")) {
216 *samesite = zval_get_string(value);
217 found++;
218 } else {
219 php_error_docref(NULL, E_WARNING, "Unrecognized key '%s' found in the options array", ZSTR_VAL(key));
220 }
221 } else {
222 php_error_docref(NULL, E_WARNING, "Numeric key found in the options array");
223 }
224 } ZEND_HASH_FOREACH_END();
225
226 /* Array is not empty but no valid keys were found */
227 if (found == 0 && zend_hash_num_elements(Z_ARRVAL_P(options)) > 0) {
228 php_error_docref(NULL, E_WARNING, "No valid options were found in the given array");
229 }
230 }
231
232 /* {{{ proto bool setcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly]]]]]])
233 setcookie(string name [, string value [, array options]])
234 Send a cookie */
PHP_FUNCTION(setcookie)235 PHP_FUNCTION(setcookie)
236 {
237 zval *expires_or_options = NULL;
238 zend_string *name, *value = NULL, *path = NULL, *domain = NULL, *samesite = NULL;
239 zend_long expires = 0;
240 zend_bool secure = 0, httponly = 0;
241
242 ZEND_PARSE_PARAMETERS_START(1, 7)
243 Z_PARAM_STR(name)
244 Z_PARAM_OPTIONAL
245 Z_PARAM_STR(value)
246 Z_PARAM_ZVAL(expires_or_options)
247 Z_PARAM_STR(path)
248 Z_PARAM_STR(domain)
249 Z_PARAM_BOOL(secure)
250 Z_PARAM_BOOL(httponly)
251 ZEND_PARSE_PARAMETERS_END();
252
253 if (expires_or_options) {
254 if (Z_TYPE_P(expires_or_options) == IS_ARRAY) {
255 if (UNEXPECTED(ZEND_NUM_ARGS() > 3)) {
256 php_error_docref(NULL, E_WARNING, "Cannot pass arguments after the options array");
257 RETURN_FALSE;
258 }
259 php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite);
260 } else {
261 expires = zval_get_long(expires_or_options);
262 }
263 }
264
265 if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, 1) == SUCCESS) {
266 RETVAL_TRUE;
267 } else {
268 RETVAL_FALSE;
269 }
270
271 if (expires_or_options && Z_TYPE_P(expires_or_options) == IS_ARRAY) {
272 if (path) {
273 zend_string_release(path);
274 }
275 if (domain) {
276 zend_string_release(domain);
277 }
278 if (samesite) {
279 zend_string_release(samesite);
280 }
281 }
282 }
283 /* }}} */
284
285 /* {{{ proto bool setrawcookie(string name [, string value [, int expires [, string path [, string domain [, bool secure[, bool httponly]]]]]])
286 setrawcookie(string name [, string value [, array options]])
287 Send a cookie with no url encoding of the value */
PHP_FUNCTION(setrawcookie)288 PHP_FUNCTION(setrawcookie)
289 {
290 zval *expires_or_options = NULL;
291 zend_string *name, *value = NULL, *path = NULL, *domain = NULL, *samesite = NULL;
292 zend_long expires = 0;
293 zend_bool secure = 0, httponly = 0;
294
295 ZEND_PARSE_PARAMETERS_START(1, 7)
296 Z_PARAM_STR(name)
297 Z_PARAM_OPTIONAL
298 Z_PARAM_STR(value)
299 Z_PARAM_ZVAL(expires_or_options)
300 Z_PARAM_STR(path)
301 Z_PARAM_STR(domain)
302 Z_PARAM_BOOL(secure)
303 Z_PARAM_BOOL(httponly)
304 ZEND_PARSE_PARAMETERS_END();
305
306 if (expires_or_options) {
307 if (Z_TYPE_P(expires_or_options) == IS_ARRAY) {
308 if (UNEXPECTED(ZEND_NUM_ARGS() > 3)) {
309 php_error_docref(NULL, E_WARNING, "Cannot pass arguments after the options array");
310 RETURN_FALSE;
311 }
312 php_head_parse_cookie_options_array(expires_or_options, &expires, &path, &domain, &secure, &httponly, &samesite);
313 } else {
314 expires = zval_get_long(expires_or_options);
315 }
316 }
317
318 if (php_setcookie(name, value, expires, path, domain, secure, httponly, samesite, 0) == SUCCESS) {
319 RETVAL_TRUE;
320 } else {
321 RETVAL_FALSE;
322 }
323
324 if (expires_or_options && Z_TYPE_P(expires_or_options) == IS_ARRAY) {
325 if (path) {
326 zend_string_release(path);
327 }
328 if (domain) {
329 zend_string_release(domain);
330 }
331 if (samesite) {
332 zend_string_release(samesite);
333 }
334 }
335 }
336 /* }}} */
337
338
339 /* {{{ proto bool headers_sent([string &$file [, int &$line]])
340 Returns true if headers have already been sent, false otherwise */
PHP_FUNCTION(headers_sent)341 PHP_FUNCTION(headers_sent)
342 {
343 zval *arg1 = NULL, *arg2 = NULL;
344 const char *file="";
345 int line=0;
346
347 ZEND_PARSE_PARAMETERS_START(0, 2)
348 Z_PARAM_OPTIONAL
349 Z_PARAM_ZVAL_DEREF(arg1)
350 Z_PARAM_ZVAL_DEREF(arg2)
351 ZEND_PARSE_PARAMETERS_END();
352
353 if (SG(headers_sent)) {
354 line = php_output_get_start_lineno();
355 file = php_output_get_start_filename();
356 }
357
358 switch(ZEND_NUM_ARGS()) {
359 case 2:
360 zval_ptr_dtor(arg2);
361 ZVAL_LONG(arg2, line);
362 case 1:
363 zval_ptr_dtor(arg1);
364 if (file) {
365 ZVAL_STRING(arg1, file);
366 } else {
367 ZVAL_EMPTY_STRING(arg1);
368 }
369 break;
370 }
371
372 if (SG(headers_sent)) {
373 RETURN_TRUE;
374 } else {
375 RETURN_FALSE;
376 }
377 }
378 /* }}} */
379
380 /* {{{ php_head_apply_header_list_to_hash
381 Turn an llist of sapi_header_struct headers into a numerically indexed zval hash */
php_head_apply_header_list_to_hash(void * data,void * arg)382 static void php_head_apply_header_list_to_hash(void *data, void *arg)
383 {
384 sapi_header_struct *sapi_header = (sapi_header_struct *)data;
385
386 if (arg && sapi_header) {
387 add_next_index_string((zval *)arg, (char *)(sapi_header->header));
388 }
389 }
390
391 /* {{{ proto array headers_list(void)
392 Return list of headers to be sent / already sent */
PHP_FUNCTION(headers_list)393 PHP_FUNCTION(headers_list)
394 {
395 if (zend_parse_parameters_none() == FAILURE) {
396 return;
397 }
398
399 array_init(return_value);
400 zend_llist_apply_with_argument(&SG(sapi_headers).headers, php_head_apply_header_list_to_hash, return_value);
401 }
402 /* }}} */
403
404 /* {{{ proto int http_response_code([int response_code])
405 Sets a response code, or returns the current HTTP response code */
PHP_FUNCTION(http_response_code)406 PHP_FUNCTION(http_response_code)
407 {
408 zend_long response_code = 0;
409
410 ZEND_PARSE_PARAMETERS_START(0, 1)
411 Z_PARAM_OPTIONAL
412 Z_PARAM_LONG(response_code)
413 ZEND_PARSE_PARAMETERS_END();
414
415 if (response_code)
416 {
417 zend_long old_response_code;
418
419 old_response_code = SG(sapi_headers).http_response_code;
420 SG(sapi_headers).http_response_code = (int)response_code;
421
422 if (old_response_code) {
423 RETURN_LONG(old_response_code);
424 }
425
426 RETURN_TRUE;
427 }
428
429 if (!SG(sapi_headers).http_response_code) {
430 RETURN_FALSE;
431 }
432
433 RETURN_LONG(SG(sapi_headers).http_response_code);
434 }
435 /* }}} */
436
437 /*
438 * Local variables:
439 * tab-width: 4
440 * c-basic-offset: 4
441 * vim600: sw=4 ts=4 fdm=marker
442 * vim<600: sw=4 ts=4 * End:
443 */
444
