1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
16 | Zeev Suraski <zeev@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #include <stdio.h>
21 #include "php.h"
22 #include "ext/standard/php_standard.h"
23 #include "ext/standard/credits.h"
24 #include "zend_smart_str.h"
25 #include "php_variables.h"
26 #include "php_globals.h"
27 #include "php_content_types.h"
28 #include "SAPI.h"
29 #include "zend_globals.h"
30 #ifdef PHP_WIN32
31 # include "win32/php_inttypes.h"
32 #endif
33
34 /* for systems that need to override reading of environment variables */
35 void _php_import_environment_variables(zval *array_ptr);
36 PHPAPI void (*php_import_environment_variables)(zval *array_ptr) = _php_import_environment_variables;
37
php_register_variable(char * var,char * strval,zval * track_vars_array)38 PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array)
39 {
40 php_register_variable_safe(var, strval, strlen(strval), track_vars_array);
41 }
42
43 /* binary-safe version */
php_register_variable_safe(char * var,char * strval,size_t str_len,zval * track_vars_array)44 PHPAPI void php_register_variable_safe(char *var, char *strval, size_t str_len, zval *track_vars_array)
45 {
46 zval new_entry;
47 assert(strval != NULL);
48
49 /* Prepare value */
50 if (str_len == 0) {
51 ZVAL_EMPTY_STRING(&new_entry);
52 } else if (str_len == 1) {
53 ZVAL_INTERNED_STR(&new_entry, ZSTR_CHAR((zend_uchar)*strval));
54 } else {
55 ZVAL_NEW_STR(&new_entry, zend_string_init(strval, str_len, 0));
56 }
57 php_register_variable_ex(var, &new_entry, track_vars_array);
58 }
59
php_register_variable_quick(const char * name,size_t name_len,zval * val,HashTable * ht)60 static zend_always_inline void php_register_variable_quick(const char *name, size_t name_len, zval *val, HashTable *ht)
61 {
62 zend_string *key = zend_string_init_interned(name, name_len, 0);
63
64 zend_hash_update_ind(ht, key, val);
65 zend_string_release_ex(key, 0);
66 }
67
php_register_variable_ex(char * var_name,zval * val,zval * track_vars_array)68 PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array)
69 {
70 char *p = NULL;
71 char *ip = NULL; /* index pointer */
72 char *index;
73 char *var, *var_orig;
74 size_t var_len, index_len;
75 zval gpc_element, *gpc_element_p;
76 zend_bool is_array = 0;
77 HashTable *symtable1 = NULL;
78 ALLOCA_FLAG(use_heap)
79
80 assert(var_name != NULL);
81
82 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
83 symtable1 = Z_ARRVAL_P(track_vars_array);
84 }
85
86 if (!symtable1) {
87 /* Nothing to do */
88 zval_ptr_dtor_nogc(val);
89 return;
90 }
91
92
93 /* ignore leading spaces in the variable name */
94 while (*var_name==' ') {
95 var_name++;
96 }
97
98 /*
99 * Prepare variable name
100 */
101 var_len = strlen(var_name);
102 var = var_orig = do_alloca(var_len + 1, use_heap);
103 memcpy(var_orig, var_name, var_len + 1);
104
105 /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
106 for (p = var; *p; p++) {
107 if (*p == ' ' || *p == '.') {
108 *p='_';
109 } else if (*p == '[') {
110 is_array = 1;
111 ip = p;
112 *p = 0;
113 break;
114 }
115 }
116 var_len = p - var;
117
118 /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
119 if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
120 zval_ptr_dtor_nogc(val);
121 free_alloca(var_orig, use_heap);
122 return;
123 }
124
125 /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
126 if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
127 zval_ptr_dtor_nogc(val);
128 free_alloca(var_orig, use_heap);
129 return;
130 }
131
132 if (var_len==0) { /* empty variable name, or variable name with a space in it */
133 zval_ptr_dtor_nogc(val);
134 free_alloca(var_orig, use_heap);
135 return;
136 }
137
138 if (var_len == sizeof("this")-1 && EG(current_execute_data)) {
139 zend_execute_data *ex = EG(current_execute_data);
140
141 while (ex) {
142 if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
143 if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
144 && ex->symbol_table == symtable1) {
145 if (memcmp(var, "this", sizeof("this")-1) == 0) {
146 zend_throw_error(NULL, "Cannot re-assign $this");
147 zval_ptr_dtor_nogc(val);
148 free_alloca(var_orig, use_heap);
149 return;
150 }
151 }
152 break;
153 }
154 ex = ex->prev_execute_data;
155 }
156 }
157
158 /* GLOBALS hijack attempt, reject parameter */
159 if (symtable1 == &EG(symbol_table) &&
160 var_len == sizeof("GLOBALS")-1 &&
161 !memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
162 zval_ptr_dtor_nogc(val);
163 free_alloca(var_orig, use_heap);
164 return;
165 }
166
167 index = var;
168 index_len = var_len;
169
170 if (is_array) {
171 int nest_level = 0;
172 while (1) {
173 char *index_s;
174 size_t new_idx_len = 0;
175
176 if(++nest_level > PG(max_input_nesting_level)) {
177 HashTable *ht;
178 /* too many levels of nesting */
179
180 if (track_vars_array) {
181 ht = Z_ARRVAL_P(track_vars_array);
182 zend_symtable_str_del(ht, var, var_len);
183 }
184
185 zval_ptr_dtor_nogc(val);
186
187 /* do not output the error message to the screen,
188 this helps us to to avoid "information disclosure" */
189 if (!PG(display_errors)) {
190 php_error_docref(NULL, E_WARNING, "Input variable nesting level exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
191 }
192 free_alloca(var_orig, use_heap);
193 return;
194 }
195
196 ip++;
197 index_s = ip;
198 if (isspace(*ip)) {
199 ip++;
200 }
201 if (*ip==']') {
202 index_s = NULL;
203 } else {
204 ip = strchr(ip, ']');
205 if (!ip) {
206 /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */
207 *(index_s - 1) = '_';
208
209 index_len = 0;
210 if (index) {
211 index_len = strlen(index);
212 }
213 goto plain_var;
214 return;
215 }
216 *ip = 0;
217 new_idx_len = strlen(index_s);
218 }
219
220 if (!index) {
221 array_init(&gpc_element);
222 if ((gpc_element_p = zend_hash_next_index_insert(symtable1, &gpc_element)) == NULL) {
223 zend_array_destroy(Z_ARR(gpc_element));
224 zval_ptr_dtor_nogc(val);
225 free_alloca(var_orig, use_heap);
226 return;
227 }
228 } else {
229 gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
230 if (!gpc_element_p) {
231 zval tmp;
232 array_init(&tmp);
233 gpc_element_p = zend_symtable_str_update_ind(symtable1, index, index_len, &tmp);
234 } else {
235 if (Z_TYPE_P(gpc_element_p) == IS_INDIRECT) {
236 gpc_element_p = Z_INDIRECT_P(gpc_element_p);
237 }
238 if (Z_TYPE_P(gpc_element_p) != IS_ARRAY) {
239 zval_ptr_dtor_nogc(gpc_element_p);
240 array_init(gpc_element_p);
241 } else {
242 SEPARATE_ARRAY(gpc_element_p);
243 }
244 }
245 }
246 symtable1 = Z_ARRVAL_P(gpc_element_p);
247 /* ip pointed to the '[' character, now obtain the key */
248 index = index_s;
249 index_len = new_idx_len;
250
251 ip++;
252 if (*ip == '[') {
253 is_array = 1;
254 *ip = 0;
255 } else {
256 goto plain_var;
257 }
258 }
259 } else {
260 plain_var:
261 if (!index) {
262 if (zend_hash_next_index_insert(symtable1, val) == NULL) {
263 zval_ptr_dtor_nogc(val);
264 }
265 } else {
266 zend_ulong idx;
267
268 /*
269 * According to rfc2965, more specific paths are listed above the less specific ones.
270 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
271 * to have the same (plain text) cookie name for the same path and we should not overwrite
272 * more specific cookies with the less specific ones.
273 */
274 if (Z_TYPE(PG(http_globals)[TRACK_VARS_COOKIE]) != IS_UNDEF &&
275 symtable1 == Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]) &&
276 zend_symtable_str_exists(symtable1, index, index_len)) {
277 zval_ptr_dtor_nogc(val);
278 } else if (ZEND_HANDLE_NUMERIC_STR(index, index_len, idx)) {
279 zend_hash_index_update(symtable1, idx, val);
280 } else {
281 php_register_variable_quick(index, index_len, val, symtable1);
282 }
283 }
284 }
285 free_alloca(var_orig, use_heap);
286 }
287
288 typedef struct post_var_data {
289 smart_str str;
290 char *ptr;
291 char *end;
292 uint64_t cnt;
293
294 /* Bytes in ptr that have already been scanned for '&' */
295 size_t already_scanned;
296 } post_var_data_t;
297
add_post_var(zval * arr,post_var_data_t * var,zend_bool eof)298 static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof)
299 {
300 char *start, *ksep, *vsep, *val;
301 size_t klen, vlen;
302 size_t new_vlen;
303
304 if (var->ptr >= var->end) {
305 return 0;
306 }
307
308 start = var->ptr + var->already_scanned;
309 vsep = memchr(start, '&', var->end - start);
310 if (!vsep) {
311 if (!eof) {
312 var->already_scanned = var->end - var->ptr;
313 return 0;
314 } else {
315 vsep = var->end;
316 }
317 }
318
319 ksep = memchr(var->ptr, '=', vsep - var->ptr);
320 if (ksep) {
321 *ksep = '\0';
322 /* "foo=bar&" or "foo=&" */
323 klen = ksep - var->ptr;
324 vlen = vsep - ++ksep;
325 } else {
326 ksep = "";
327 /* "foo&" */
328 klen = vsep - var->ptr;
329 vlen = 0;
330 }
331
332 php_url_decode(var->ptr, klen);
333
334 val = estrndup(ksep, vlen);
335 if (vlen) {
336 vlen = php_url_decode(val, vlen);
337 }
338
339 if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) {
340 php_register_variable_safe(var->ptr, val, new_vlen, arr);
341 }
342 efree(val);
343
344 var->ptr = vsep + (vsep != var->end);
345 var->already_scanned = 0;
346 return 1;
347 }
348
add_post_vars(zval * arr,post_var_data_t * vars,zend_bool eof)349 static inline int add_post_vars(zval *arr, post_var_data_t *vars, zend_bool eof)
350 {
351 uint64_t max_vars = PG(max_input_vars);
352
353 vars->ptr = ZSTR_VAL(vars->str.s);
354 vars->end = ZSTR_VAL(vars->str.s) + ZSTR_LEN(vars->str.s);
355 while (add_post_var(arr, vars, eof)) {
356 if (++vars->cnt > max_vars) {
357 php_error_docref(NULL, E_WARNING,
358 "Input variables exceeded %" PRIu64 ". "
359 "To increase the limit change max_input_vars in php.ini.",
360 max_vars);
361 return FAILURE;
362 }
363 }
364
365 if (!eof && ZSTR_VAL(vars->str.s) != vars->ptr) {
366 memmove(ZSTR_VAL(vars->str.s), vars->ptr, ZSTR_LEN(vars->str.s) = vars->end - vars->ptr);
367 }
368 return SUCCESS;
369 }
370
371 #ifdef PHP_WIN32
372 #define SAPI_POST_HANDLER_BUFSIZ 16384
373 #else
374 # define SAPI_POST_HANDLER_BUFSIZ BUFSIZ
375 #endif
SAPI_POST_HANDLER_FUNC(php_std_post_handler)376 SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
377 {
378 zval *arr = (zval *) arg;
379 php_stream *s = SG(request_info).request_body;
380 post_var_data_t post_data;
381
382 if (s && SUCCESS == php_stream_rewind(s)) {
383 memset(&post_data, 0, sizeof(post_data));
384
385 while (!php_stream_eof(s)) {
386 char buf[SAPI_POST_HANDLER_BUFSIZ] = {0};
387 ssize_t len = php_stream_read(s, buf, SAPI_POST_HANDLER_BUFSIZ);
388
389 if (len > 0) {
390 smart_str_appendl(&post_data.str, buf, len);
391
392 if (SUCCESS != add_post_vars(arr, &post_data, 0)) {
393 smart_str_free(&post_data.str);
394 return;
395 }
396 }
397
398 if (len != SAPI_POST_HANDLER_BUFSIZ){
399 break;
400 }
401 }
402
403 if (post_data.str.s) {
404 add_post_vars(arr, &post_data, 1);
405 smart_str_free(&post_data.str);
406 }
407 }
408 }
409 #undef SAPI_POST_HANDLER_BUFSIZ
410
SAPI_INPUT_FILTER_FUNC(php_default_input_filter)411 SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
412 {
413 /* TODO: check .ini setting here and apply user-defined input filter */
414 if(new_val_len) *new_val_len = val_len;
415 return 1;
416 }
417
SAPI_TREAT_DATA_FUNC(php_default_treat_data)418 SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
419 {
420 char *res = NULL, *var, *val, *separator = NULL;
421 const char *c_var;
422 zval array;
423 int free_buffer = 0;
424 char *strtok_buf = NULL;
425 zend_long count = 0;
426
427 ZVAL_UNDEF(&array);
428 switch (arg) {
429 case PARSE_POST:
430 case PARSE_GET:
431 case PARSE_COOKIE:
432 array_init(&array);
433 switch (arg) {
434 case PARSE_POST:
435 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_POST]);
436 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
437 break;
438 case PARSE_GET:
439 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_GET]);
440 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
441 break;
442 case PARSE_COOKIE:
443 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_COOKIE]);
444 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
445 break;
446 }
447 break;
448 default:
449 ZVAL_COPY_VALUE(&array, destArray);
450 break;
451 }
452
453 if (arg == PARSE_POST) {
454 sapi_handle_post(&array);
455 return;
456 }
457
458 if (arg == PARSE_GET) { /* GET data */
459 c_var = SG(request_info).query_string;
460 if (c_var && *c_var) {
461 res = (char *) estrdup(c_var);
462 free_buffer = 1;
463 } else {
464 free_buffer = 0;
465 }
466 } else if (arg == PARSE_COOKIE) { /* Cookie data */
467 c_var = SG(request_info).cookie_data;
468 if (c_var && *c_var) {
469 res = (char *) estrdup(c_var);
470 free_buffer = 1;
471 } else {
472 free_buffer = 0;
473 }
474 } else if (arg == PARSE_STRING) { /* String data */
475 res = str;
476 free_buffer = 1;
477 }
478
479 if (!res) {
480 return;
481 }
482
483 switch (arg) {
484 case PARSE_GET:
485 case PARSE_STRING:
486 separator = PG(arg_separator).input;
487 break;
488 case PARSE_COOKIE:
489 separator = ";\0";
490 break;
491 }
492
493 var = php_strtok_r(res, separator, &strtok_buf);
494
495 while (var) {
496 size_t val_len;
497 size_t new_val_len;
498
499 val = strchr(var, '=');
500
501 if (arg == PARSE_COOKIE) {
502 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
503 while (isspace(*var)) {
504 var++;
505 }
506 if (var == val || *var == '\0') {
507 goto next_cookie;
508 }
509 }
510
511 if (++count > PG(max_input_vars)) {
512 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
513 break;
514 }
515
516 if (val) { /* have a value */
517
518 *val++ = '\0';
519
520 if (arg == PARSE_COOKIE) {
521 val_len = php_raw_url_decode(val, strlen(val));
522 } else {
523 val_len = php_url_decode(val, strlen(val));
524 }
525 } else {
526 val = "";
527 val_len = 0;
528 }
529
530 val = estrndup(val, val_len);
531 if (arg != PARSE_COOKIE) {
532 php_url_decode(var, strlen(var));
533 }
534 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
535 php_register_variable_safe(var, val, new_val_len, &array);
536 }
537 efree(val);
538 next_cookie:
539 var = php_strtok_r(NULL, separator, &strtok_buf);
540 }
541
542 if (free_buffer) {
543 efree(res);
544 }
545 }
546
valid_environment_name(const char * name,const char * end)547 static zend_always_inline int valid_environment_name(const char *name, const char *end)
548 {
549 const char *s;
550
551 for (s = name; s < end; s++) {
552 if (*s == ' ' || *s == '.' || *s == '[') {
553 return 0;
554 }
555 }
556 return 1;
557 }
558
import_environment_variable(HashTable * ht,char * env)559 static zend_always_inline void import_environment_variable(HashTable *ht, char *env)
560 {
561 char *p;
562 size_t name_len, len;
563 zval val;
564 zend_ulong idx;
565
566 p = strchr(env, '=');
567 if (!p
568 || p == env
569 || !valid_environment_name(env, p)) {
570 /* malformed entry? */
571 return;
572 }
573 name_len = p - env;
574 p++;
575 len = strlen(p);
576 if (len == 0) {
577 ZVAL_EMPTY_STRING(&val);
578 } else if (len == 1) {
579 ZVAL_INTERNED_STR(&val, ZSTR_CHAR((zend_uchar)*p));
580 } else {
581 ZVAL_NEW_STR(&val, zend_string_init(p, len, 0));
582 }
583 if (ZEND_HANDLE_NUMERIC_STR(env, name_len, idx)) {
584 zend_hash_index_update(ht, idx, &val);
585 } else {
586 php_register_variable_quick(env, name_len, &val, ht);
587 }
588 }
589
_php_import_environment_variables(zval * array_ptr)590 void _php_import_environment_variables(zval *array_ptr)
591 {
592 #ifndef PHP_WIN32
593 char **env;
594 #else
595 char *environment, *env;
596 #endif
597
598 tsrm_env_lock();
599
600 #ifndef PHP_WIN32
601 for (env = environ; env != NULL && *env != NULL; env++) {
602 import_environment_variable(Z_ARRVAL_P(array_ptr), *env);
603 }
604 #else
605 environment = GetEnvironmentStringsA();
606 for (env = environment; env != NULL && *env; env += strlen(env) + 1) {
607 import_environment_variable(Z_ARRVAL_P(array_ptr), env);
608 }
609 FreeEnvironmentStringsA(environment);
610 #endif
611
612 tsrm_env_unlock();
613 }
614
php_std_auto_global_callback(char * name,uint32_t name_len)615 zend_bool php_std_auto_global_callback(char *name, uint32_t name_len)
616 {
617 zend_printf("%s\n", name);
618 return 0; /* don't rearm */
619 }
620
621 /* {{{ php_build_argv
622 */
php_build_argv(char * s,zval * track_vars_array)623 PHPAPI void php_build_argv(char *s, zval *track_vars_array)
624 {
625 zval arr, argc, tmp;
626 int count = 0;
627 char *ss, *space;
628
629 if (!(SG(request_info).argc || track_vars_array)) {
630 return;
631 }
632
633 array_init(&arr);
634
635 /* Prepare argv */
636 if (SG(request_info).argc) { /* are we in cli sapi? */
637 int i;
638 for (i = 0; i < SG(request_info).argc; i++) {
639 ZVAL_STRING(&tmp, SG(request_info).argv[i]);
640 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
641 zend_string_efree(Z_STR(tmp));
642 }
643 }
644 } else if (s && *s) {
645 ss = s;
646 while (ss) {
647 space = strchr(ss, '+');
648 if (space) {
649 *space = '\0';
650 }
651 /* auto-type */
652 ZVAL_STRING(&tmp, ss);
653 count++;
654 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
655 zend_string_efree(Z_STR(tmp));
656 }
657 if (space) {
658 *space = '+';
659 ss = space + 1;
660 } else {
661 ss = space;
662 }
663 }
664 }
665
666 /* prepare argc */
667 if (SG(request_info).argc) {
668 ZVAL_LONG(&argc, SG(request_info).argc);
669 } else {
670 ZVAL_LONG(&argc, count);
671 }
672
673 if (SG(request_info).argc) {
674 Z_ADDREF(arr);
675 zend_hash_update(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), &arr);
676 zend_hash_update(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), &argc);
677 }
678 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
679 Z_ADDREF(arr);
680 zend_hash_update(Z_ARRVAL_P(track_vars_array), ZSTR_KNOWN(ZEND_STR_ARGV), &arr);
681 zend_hash_update(Z_ARRVAL_P(track_vars_array), ZSTR_KNOWN(ZEND_STR_ARGC), &argc);
682 }
683 zval_ptr_dtor_nogc(&arr);
684 }
685 /* }}} */
686
687 /* {{{ php_register_server_variables
688 */
php_register_server_variables(void)689 static inline void php_register_server_variables(void)
690 {
691 zval tmp;
692 zval *arr = &PG(http_globals)[TRACK_VARS_SERVER];
693 HashTable *ht;
694
695 zval_ptr_dtor_nogc(arr);
696 array_init(arr);
697
698 /* Server variables */
699 if (sapi_module.register_server_variables) {
700 sapi_module.register_server_variables(arr);
701 }
702 ht = Z_ARRVAL_P(arr);
703
704 /* PHP Authentication support */
705 if (SG(request_info).auth_user) {
706 ZVAL_STRING(&tmp, SG(request_info).auth_user);
707 php_register_variable_quick("PHP_AUTH_USER", sizeof("PHP_AUTH_USER")-1, &tmp, ht);
708 }
709 if (SG(request_info).auth_password) {
710 ZVAL_STRING(&tmp, SG(request_info).auth_password);
711 php_register_variable_quick("PHP_AUTH_PW", sizeof("PHP_AUTH_PW")-1, &tmp, ht);
712 }
713 if (SG(request_info).auth_digest) {
714 ZVAL_STRING(&tmp, SG(request_info).auth_digest);
715 php_register_variable_quick("PHP_AUTH_DIGEST", sizeof("PHP_AUTH_DIGEST")-1, &tmp, ht);
716 }
717
718 /* store request init time */
719 ZVAL_DOUBLE(&tmp, sapi_get_request_time());
720 php_register_variable_quick("REQUEST_TIME_FLOAT", sizeof("REQUEST_TIME_FLOAT")-1, &tmp, ht);
721 ZVAL_LONG(&tmp, zend_dval_to_lval(Z_DVAL(tmp)));
722 php_register_variable_quick("REQUEST_TIME", sizeof("REQUEST_TIME")-1, &tmp, ht);
723 }
724 /* }}} */
725
726 /* {{{ php_autoglobal_merge
727 */
php_autoglobal_merge(HashTable * dest,HashTable * src)728 static void php_autoglobal_merge(HashTable *dest, HashTable *src)
729 {
730 zval *src_entry, *dest_entry;
731 zend_string *string_key;
732 zend_ulong num_key;
733 int globals_check = (dest == (&EG(symbol_table)));
734
735 ZEND_HASH_FOREACH_KEY_VAL(src, num_key, string_key, src_entry) {
736 if (Z_TYPE_P(src_entry) != IS_ARRAY
737 || (string_key && (dest_entry = zend_hash_find(dest, string_key)) == NULL)
738 || (string_key == NULL && (dest_entry = zend_hash_index_find(dest, num_key)) == NULL)
739 || Z_TYPE_P(dest_entry) != IS_ARRAY) {
740 Z_TRY_ADDREF_P(src_entry);
741 if (string_key) {
742 if (!globals_check || ZSTR_LEN(string_key) != sizeof("GLOBALS") - 1
743 || memcmp(ZSTR_VAL(string_key), "GLOBALS", sizeof("GLOBALS") - 1)) {
744 zend_hash_update(dest, string_key, src_entry);
745 } else {
746 Z_TRY_DELREF_P(src_entry);
747 }
748 } else {
749 zend_hash_index_update(dest, num_key, src_entry);
750 }
751 } else {
752 SEPARATE_ARRAY(dest_entry);
753 php_autoglobal_merge(Z_ARRVAL_P(dest_entry), Z_ARRVAL_P(src_entry));
754 }
755 } ZEND_HASH_FOREACH_END();
756 }
757 /* }}} */
758
759 /* {{{ php_hash_environment
760 */
php_hash_environment(void)761 PHPAPI int php_hash_environment(void)
762 {
763 memset(PG(http_globals), 0, sizeof(PG(http_globals)));
764 zend_activate_auto_globals();
765 if (PG(register_argc_argv)) {
766 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
767 }
768 return SUCCESS;
769 }
770 /* }}} */
771
php_auto_globals_create_get(zend_string * name)772 static zend_bool php_auto_globals_create_get(zend_string *name)
773 {
774 if (PG(variables_order) && (strchr(PG(variables_order),'G') || strchr(PG(variables_order),'g'))) {
775 sapi_module.treat_data(PARSE_GET, NULL, NULL);
776 } else {
777 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_GET]);
778 array_init(&PG(http_globals)[TRACK_VARS_GET]);
779 }
780
781 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_GET]);
782 Z_ADDREF(PG(http_globals)[TRACK_VARS_GET]);
783
784 return 0; /* don't rearm */
785 }
786
php_auto_globals_create_post(zend_string * name)787 static zend_bool php_auto_globals_create_post(zend_string *name)
788 {
789 if (PG(variables_order) &&
790 (strchr(PG(variables_order),'P') || strchr(PG(variables_order),'p')) &&
791 !SG(headers_sent) &&
792 SG(request_info).request_method &&
793 !strcasecmp(SG(request_info).request_method, "POST")) {
794 sapi_module.treat_data(PARSE_POST, NULL, NULL);
795 } else {
796 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_POST]);
797 array_init(&PG(http_globals)[TRACK_VARS_POST]);
798 }
799
800 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_POST]);
801 Z_ADDREF(PG(http_globals)[TRACK_VARS_POST]);
802
803 return 0; /* don't rearm */
804 }
805
php_auto_globals_create_cookie(zend_string * name)806 static zend_bool php_auto_globals_create_cookie(zend_string *name)
807 {
808 if (PG(variables_order) && (strchr(PG(variables_order),'C') || strchr(PG(variables_order),'c'))) {
809 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL);
810 } else {
811 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_COOKIE]);
812 array_init(&PG(http_globals)[TRACK_VARS_COOKIE]);
813 }
814
815 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_COOKIE]);
816 Z_ADDREF(PG(http_globals)[TRACK_VARS_COOKIE]);
817
818 return 0; /* don't rearm */
819 }
820
php_auto_globals_create_files(zend_string * name)821 static zend_bool php_auto_globals_create_files(zend_string *name)
822 {
823 if (Z_TYPE(PG(http_globals)[TRACK_VARS_FILES]) == IS_UNDEF) {
824 array_init(&PG(http_globals)[TRACK_VARS_FILES]);
825 }
826
827 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_FILES]);
828 Z_ADDREF(PG(http_globals)[TRACK_VARS_FILES]);
829
830 return 0; /* don't rearm */
831 }
832
833 /* Upgly hack to fix HTTP_PROXY issue, see bug #72573 */
check_http_proxy(HashTable * var_table)834 static void check_http_proxy(HashTable *var_table)
835 {
836 if (zend_hash_str_exists(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1)) {
837 char *local_proxy = getenv("HTTP_PROXY");
838
839 if (!local_proxy) {
840 zend_hash_str_del(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1);
841 } else {
842 zval local_zval;
843 ZVAL_STRING(&local_zval, local_proxy);
844 zend_hash_str_update(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1, &local_zval);
845 }
846 }
847 }
848
php_auto_globals_create_server(zend_string * name)849 static zend_bool php_auto_globals_create_server(zend_string *name)
850 {
851 if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
852 php_register_server_variables();
853
854 if (PG(register_argc_argv)) {
855 if (SG(request_info).argc) {
856 zval *argc, *argv;
857
858 if ((argc = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), 1)) != NULL &&
859 (argv = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), 1)) != NULL) {
860 Z_ADDREF_P(argv);
861 zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGV), argv);
862 zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGC), argc);
863 }
864 } else {
865 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
866 }
867 }
868
869 } else {
870 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_SERVER]);
871 array_init(&PG(http_globals)[TRACK_VARS_SERVER]);
872 }
873
874 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
875 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_SERVER]);
876 Z_ADDREF(PG(http_globals)[TRACK_VARS_SERVER]);
877
878 /* TODO: TRACK_VARS_SERVER is modified in a number of places (e.g. phar) past this point,
879 * where rc>1 due to the $_SERVER global. Ideally this shouldn't happen, but for now we
880 * ignore this issue, as it would probably require larger changes. */
881 HT_ALLOW_COW_VIOLATION(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
882
883 return 0; /* don't rearm */
884 }
885
php_auto_globals_create_env(zend_string * name)886 static zend_bool php_auto_globals_create_env(zend_string *name)
887 {
888 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_ENV]);
889 array_init(&PG(http_globals)[TRACK_VARS_ENV]);
890
891 if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) {
892 php_import_environment_variables(&PG(http_globals)[TRACK_VARS_ENV]);
893 }
894
895 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_ENV]));
896 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_ENV]);
897 Z_ADDREF(PG(http_globals)[TRACK_VARS_ENV]);
898
899 return 0; /* don't rearm */
900 }
901
php_auto_globals_create_request(zend_string * name)902 static zend_bool php_auto_globals_create_request(zend_string *name)
903 {
904 zval form_variables;
905 unsigned char _gpc_flags[3] = {0, 0, 0};
906 char *p;
907
908 array_init(&form_variables);
909
910 if (PG(request_order) != NULL) {
911 p = PG(request_order);
912 } else {
913 p = PG(variables_order);
914 }
915
916 for (; p && *p; p++) {
917 switch (*p) {
918 case 'g':
919 case 'G':
920 if (!_gpc_flags[0]) {
921 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_GET]));
922 _gpc_flags[0] = 1;
923 }
924 break;
925 case 'p':
926 case 'P':
927 if (!_gpc_flags[1]) {
928 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_POST]));
929 _gpc_flags[1] = 1;
930 }
931 break;
932 case 'c':
933 case 'C':
934 if (!_gpc_flags[2]) {
935 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]));
936 _gpc_flags[2] = 1;
937 }
938 break;
939 }
940 }
941
942 zend_hash_update(&EG(symbol_table), name, &form_variables);
943 return 0;
944 }
945
php_startup_auto_globals(void)946 void php_startup_auto_globals(void)
947 {
948 zend_register_auto_global(zend_string_init_interned("_GET", sizeof("_GET")-1, 1), 0, php_auto_globals_create_get);
949 zend_register_auto_global(zend_string_init_interned("_POST", sizeof("_POST")-1, 1), 0, php_auto_globals_create_post);
950 zend_register_auto_global(zend_string_init_interned("_COOKIE", sizeof("_COOKIE")-1, 1), 0, php_auto_globals_create_cookie);
951 zend_register_auto_global(zend_string_init_interned("_SERVER", sizeof("_SERVER")-1, 1), PG(auto_globals_jit), php_auto_globals_create_server);
952 zend_register_auto_global(zend_string_init_interned("_ENV", sizeof("_ENV")-1, 1), PG(auto_globals_jit), php_auto_globals_create_env);
953 zend_register_auto_global(zend_string_init_interned("_REQUEST", sizeof("_REQUEST")-1, 1), PG(auto_globals_jit), php_auto_globals_create_request);
954 zend_register_auto_global(zend_string_init_interned("_FILES", sizeof("_FILES")-1, 1), 0, php_auto_globals_create_files);
955 }
956