1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | http://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Author: Rui Hirokawa <hirokawa@php.net> |
14 | Moriyoshi Koizumi <moriyoshi@php.net> |
15 +----------------------------------------------------------------------+
16 */
17
18 /* {{{ includes */
19 #include "php.h"
20 #include "php_ini.h"
21 #include "php_variables.h"
22 #include "libmbfl/mbfl/mbfilter_pass.h"
23 #include "mbstring.h"
24 #include "ext/standard/php_string.h"
25 #include "ext/standard/php_mail.h"
26 #include "ext/standard/url.h"
27 #include "main/php_output.h"
28 #include "ext/standard/info.h"
29
30 #include "php_variables.h"
31 #include "php_globals.h"
32 #include "rfc1867.h"
33 #include "php_content_types.h"
34 #include "SAPI.h"
35 #include "TSRM.h"
36
37 #include "mb_gpc.h"
38 /* }}} */
39
ZEND_EXTERN_MODULE_GLOBALS(mbstring)40 ZEND_EXTERN_MODULE_GLOBALS(mbstring)
41
42 /* {{{ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
43 * http input processing */
44 MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
45 {
46 char *res = NULL, *separator=NULL;
47 const char *c_var;
48 zval v_array;
49 int free_buffer=0;
50 const mbfl_encoding *detected;
51 php_mb_encoding_handler_info_t info;
52
53 if (!MBSTRG(encoding_translation)) {
54 php_default_treat_data(arg, str, destArray);
55 return;
56 }
57
58 switch (arg) {
59 case PARSE_POST:
60 case PARSE_GET:
61 case PARSE_COOKIE:
62 array_init(&v_array);
63 switch (arg) {
64 case PARSE_POST:
65 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &v_array);
66 break;
67 case PARSE_GET:
68 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &v_array);
69 break;
70 case PARSE_COOKIE:
71 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &v_array);
72 break;
73 }
74 break;
75 default:
76 ZVAL_COPY_VALUE(&v_array, destArray);
77 break;
78 }
79
80 switch (arg) {
81 case PARSE_POST:
82 sapi_handle_post(&v_array);
83 return;
84 case PARSE_GET: /* GET data */
85 c_var = SG(request_info).query_string;
86 if (c_var && *c_var) {
87 res = (char *) estrdup(c_var);
88 free_buffer = 1;
89 }
90 break;
91 case PARSE_COOKIE: /* Cookie data */
92 c_var = SG(request_info).cookie_data;
93 if (c_var && *c_var) {
94 res = (char *) estrdup(c_var);
95 free_buffer = 1;
96 }
97 break;
98 case PARSE_STRING: /* String data */
99 res = str;
100 free_buffer = 1;
101 break;
102 }
103
104 if (!res) {
105 return;
106 }
107
108 switch (arg) {
109 case PARSE_POST:
110 case PARSE_GET:
111 case PARSE_STRING:
112 separator = (char *) estrdup(PG(arg_separator).input);
113 break;
114 case PARSE_COOKIE:
115 separator = ";\0";
116 break;
117 }
118
119 switch (arg) {
120 case PARSE_POST:
121 MBSTRG(http_input_identify_post) = NULL;
122 break;
123 case PARSE_GET:
124 MBSTRG(http_input_identify_get) = NULL;
125 break;
126 case PARSE_COOKIE:
127 MBSTRG(http_input_identify_cookie) = NULL;
128 break;
129 case PARSE_STRING:
130 MBSTRG(http_input_identify_string) = NULL;
131 break;
132 }
133
134 info.data_type = arg;
135 info.separator = separator;
136 info.report_errors = 0;
137 info.to_encoding = MBSTRG(internal_encoding);
138 info.to_language = MBSTRG(language);
139 info.from_encodings = MBSTRG(http_input_list);
140 info.num_from_encodings = MBSTRG(http_input_list_size);
141 info.from_language = MBSTRG(language);
142
143 MBSTRG(illegalchars) = 0;
144
145 detected = _php_mb_encoding_handler_ex(&info, &v_array, res);
146 MBSTRG(http_input_identify) = detected;
147
148 if (detected) {
149 switch(arg){
150 case PARSE_POST:
151 MBSTRG(http_input_identify_post) = detected;
152 break;
153 case PARSE_GET:
154 MBSTRG(http_input_identify_get) = detected;
155 break;
156 case PARSE_COOKIE:
157 MBSTRG(http_input_identify_cookie) = detected;
158 break;
159 case PARSE_STRING:
160 MBSTRG(http_input_identify_string) = detected;
161 break;
162 }
163 }
164
165 if (arg != PARSE_COOKIE) {
166 efree(separator);
167 }
168
169 if (free_buffer) {
170 efree(res);
171 }
172 }
173 /* }}} */
174
175 /* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */
_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t * info,zval * arg,char * res)176 const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *arg, char *res)
177 {
178 char *var, *val;
179 const char *s1, *s2;
180 char *strtok_buf = NULL, **val_list = NULL;
181 zval *array_ptr = (zval *) arg;
182 size_t n, num, *len_list = NULL;
183 size_t val_len, new_val_len;
184 mbfl_string string, resvar, resval;
185 const mbfl_encoding *from_encoding = NULL;
186 mbfl_encoding_detector *identd = NULL;
187 mbfl_buffer_converter *convd = NULL;
188
189 mbfl_string_init_set(&string, info->to_encoding);
190 mbfl_string_init_set(&resvar, info->to_encoding);
191 mbfl_string_init_set(&resval, info->to_encoding);
192
193 if (!res || *res == '\0') {
194 goto out;
195 }
196
197 /* count the variables(separators) contained in the "res".
198 * separator may contain multiple separator chars.
199 */
200 num = 1;
201 for (s1=res; *s1 != '\0'; s1++) {
202 for (s2=info->separator; *s2 != '\0'; s2++) {
203 if (*s1 == *s2) {
204 num++;
205 }
206 }
207 }
208 num *= 2; /* need space for variable name and value */
209
210 val_list = (char **)ecalloc(num, sizeof(char *));
211 len_list = (size_t *)ecalloc(num, sizeof(size_t));
212
213 /* split and decode the query */
214 n = 0;
215 strtok_buf = NULL;
216 var = php_strtok_r(res, info->separator, &strtok_buf);
217 while (var) {
218 val = strchr(var, '=');
219 if (val) { /* have a value */
220 len_list[n] = php_url_decode(var, val-var);
221 val_list[n] = var;
222 n++;
223
224 *val++ = '\0';
225 val_list[n] = val;
226 len_list[n] = php_url_decode(val, strlen(val));
227 } else {
228 len_list[n] = php_url_decode(var, strlen(var));
229 val_list[n] = var;
230 n++;
231
232 val_list[n] = "";
233 len_list[n] = 0;
234 }
235 n++;
236 var = php_strtok_r(NULL, info->separator, &strtok_buf);
237 }
238
239 if (ZEND_SIZE_T_GT_ZEND_LONG(n, (PG(max_input_vars) * 2))) {
240 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
241 goto out;
242 }
243
244 num = n; /* make sure to process initialized vars only */
245
246 /* initialize converter */
247 if (info->num_from_encodings == 0) {
248 from_encoding = &mbfl_encoding_pass;
249 } else if (info->num_from_encodings == 1) {
250 from_encoding = info->from_encodings[0];
251 } else {
252 /* auto detect */
253 from_encoding = NULL;
254 identd = mbfl_encoding_detector_new(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection));
255 if (identd != NULL) {
256 n = 0;
257 while (n < num) {
258 string.val = (unsigned char *)val_list[n];
259 string.len = len_list[n];
260 if (mbfl_encoding_detector_feed(identd, &string)) {
261 break;
262 }
263 n++;
264 }
265 from_encoding = mbfl_encoding_detector_judge(identd);
266 mbfl_encoding_detector_delete(identd);
267 }
268 if (!from_encoding) {
269 if (info->report_errors) {
270 php_error_docref(NULL, E_WARNING, "Unable to detect encoding");
271 }
272 from_encoding = &mbfl_encoding_pass;
273 }
274 }
275
276 convd = NULL;
277 if (from_encoding != &mbfl_encoding_pass) {
278 convd = mbfl_buffer_converter_new(from_encoding, info->to_encoding, 0);
279 if (convd != NULL) {
280 mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode));
281 mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar));
282 } else {
283 if (info->report_errors) {
284 php_error_docref(NULL, E_WARNING, "Unable to create converter");
285 }
286 goto out;
287 }
288 }
289
290 /* convert encoding */
291 string.encoding = from_encoding;
292
293 n = 0;
294 while (n < num) {
295 string.val = (unsigned char *)val_list[n];
296 string.len = len_list[n];
297 if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resvar) != NULL) {
298 var = (char *)resvar.val;
299 } else {
300 var = val_list[n];
301 }
302 n++;
303 string.val = (unsigned char *)val_list[n];
304 string.len = len_list[n];
305 if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resval) != NULL) {
306 val = (char *)resval.val;
307 val_len = resval.len;
308 } else {
309 val = val_list[n];
310 val_len = len_list[n];
311 }
312 n++;
313 /* we need val to be emalloc()ed */
314 val = estrndup(val, val_len);
315 if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len)) {
316 /* add variable to symbol table */
317 php_register_variable_safe(var, val, new_val_len, array_ptr);
318 }
319 efree(val);
320
321 if (convd != NULL){
322 mbfl_string_clear(&resvar);
323 mbfl_string_clear(&resval);
324 }
325 }
326
327 out:
328 if (convd != NULL) {
329 MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
330 mbfl_buffer_converter_delete(convd);
331 }
332 if (val_list != NULL) {
333 efree((void *)val_list);
334 }
335 if (len_list != NULL) {
336 efree((void *)len_list);
337 }
338
339 return from_encoding;
340 }
341 /* }}} */
342
343 /* {{{ SAPI_POST_HANDLER_FUNC(php_mb_post_handler) */
SAPI_POST_HANDLER_FUNC(php_mb_post_handler)344 SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
345 {
346 const mbfl_encoding *detected;
347 php_mb_encoding_handler_info_t info;
348 zend_string *post_data_str = NULL;
349
350 MBSTRG(http_input_identify_post) = NULL;
351
352 info.data_type = PARSE_POST;
353 info.separator = "&";
354 info.report_errors = 0;
355 info.to_encoding = MBSTRG(internal_encoding);
356 info.to_language = MBSTRG(language);
357 info.from_encodings = MBSTRG(http_input_list);
358 info.num_from_encodings = MBSTRG(http_input_list_size);
359 info.from_language = MBSTRG(language);
360
361 php_stream_rewind(SG(request_info).request_body);
362 post_data_str = php_stream_copy_to_mem(SG(request_info).request_body, PHP_STREAM_COPY_ALL, 0);
363 detected = _php_mb_encoding_handler_ex(&info, arg, post_data_str ? ZSTR_VAL(post_data_str) : NULL);
364 if (post_data_str) {
365 zend_string_release_ex(post_data_str, 0);
366 }
367
368 MBSTRG(http_input_identify) = detected;
369 if (detected) {
370 MBSTRG(http_input_identify_post) = detected;
371 }
372 }
373 /* }}} */
374