1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | http://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
14 | Zeev Suraski <zeev@php.net> |
15 +----------------------------------------------------------------------+
16 */
17
18 #include <stdio.h>
19 #include "php.h"
20 #include "ext/standard/php_standard.h"
21 #include "ext/standard/credits.h"
22 #include "zend_smart_str.h"
23 #include "php_variables.h"
24 #include "php_globals.h"
25 #include "php_content_types.h"
26 #include "SAPI.h"
27 #include "zend_globals.h"
28
29 /* for systems that need to override reading of environment variables */
30 void _php_import_environment_variables(zval *array_ptr);
31 PHPAPI void (*php_import_environment_variables)(zval *array_ptr) = _php_import_environment_variables;
32
php_register_variable(const char * var,const char * strval,zval * track_vars_array)33 PHPAPI void php_register_variable(const char *var, const char *strval, zval *track_vars_array)
34 {
35 php_register_variable_safe(var, strval, strlen(strval), track_vars_array);
36 }
37
38 /* binary-safe version */
php_register_variable_safe(const char * var,const char * strval,size_t str_len,zval * track_vars_array)39 PHPAPI void php_register_variable_safe(const char *var, const char *strval, size_t str_len, zval *track_vars_array)
40 {
41 zval new_entry;
42 assert(strval != NULL);
43
44 ZVAL_STRINGL_FAST(&new_entry, strval, str_len);
45
46 php_register_variable_ex(var, &new_entry, track_vars_array);
47 }
48
php_register_variable_quick(const char * name,size_t name_len,zval * val,HashTable * ht)49 static zend_always_inline void php_register_variable_quick(const char *name, size_t name_len, zval *val, HashTable *ht)
50 {
51 zend_string *key = zend_string_init_interned(name, name_len, 0);
52
53 zend_hash_update_ind(ht, key, val);
54 zend_string_release_ex(key, 0);
55 }
56
php_register_variable_ex(const char * var_name,zval * val,zval * track_vars_array)57 PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
58 {
59 char *p = NULL;
60 char *ip = NULL; /* index pointer */
61 char *index;
62 char *var, *var_orig;
63 size_t var_len, index_len;
64 zval gpc_element, *gpc_element_p;
65 zend_bool is_array = 0;
66 HashTable *symtable1 = NULL;
67 ALLOCA_FLAG(use_heap)
68
69 assert(var_name != NULL);
70
71 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
72 symtable1 = Z_ARRVAL_P(track_vars_array);
73 }
74
75 if (!symtable1) {
76 /* Nothing to do */
77 zval_ptr_dtor_nogc(val);
78 return;
79 }
80
81
82 /* ignore leading spaces in the variable name */
83 while (*var_name==' ') {
84 var_name++;
85 }
86
87 /*
88 * Prepare variable name
89 */
90 var_len = strlen(var_name);
91 var = var_orig = do_alloca(var_len + 1, use_heap);
92 memcpy(var_orig, var_name, var_len + 1);
93
94 /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
95 for (p = var; *p; p++) {
96 if (*p == ' ' || *p == '.') {
97 *p='_';
98 } else if (*p == '[') {
99 is_array = 1;
100 ip = p;
101 *p = 0;
102 break;
103 }
104 }
105 var_len = p - var;
106
107 /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
108 if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
109 zval_ptr_dtor_nogc(val);
110 free_alloca(var_orig, use_heap);
111 return;
112 }
113
114 /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
115 if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
116 zval_ptr_dtor_nogc(val);
117 free_alloca(var_orig, use_heap);
118 return;
119 }
120
121 if (var_len==0) { /* empty variable name, or variable name with a space in it */
122 zval_ptr_dtor_nogc(val);
123 free_alloca(var_orig, use_heap);
124 return;
125 }
126
127 if (var_len == sizeof("this")-1 && EG(current_execute_data)) {
128 zend_execute_data *ex = EG(current_execute_data);
129
130 while (ex) {
131 if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
132 if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
133 && ex->symbol_table == symtable1) {
134 if (memcmp(var, "this", sizeof("this")-1) == 0) {
135 zend_throw_error(NULL, "Cannot re-assign $this");
136 zval_ptr_dtor_nogc(val);
137 free_alloca(var_orig, use_heap);
138 return;
139 }
140 }
141 break;
142 }
143 ex = ex->prev_execute_data;
144 }
145 }
146
147 /* GLOBALS hijack attempt, reject parameter */
148 if (symtable1 == &EG(symbol_table) &&
149 var_len == sizeof("GLOBALS")-1 &&
150 !memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
151 zval_ptr_dtor_nogc(val);
152 free_alloca(var_orig, use_heap);
153 return;
154 }
155
156 index = var;
157 index_len = var_len;
158
159 if (is_array) {
160 int nest_level = 0;
161 while (1) {
162 char *index_s;
163 size_t new_idx_len = 0;
164
165 if(++nest_level > PG(max_input_nesting_level)) {
166 HashTable *ht;
167 /* too many levels of nesting */
168
169 if (track_vars_array) {
170 ht = Z_ARRVAL_P(track_vars_array);
171 zend_symtable_str_del(ht, var, var_len);
172 }
173
174 zval_ptr_dtor_nogc(val);
175
176 /* do not output the error message to the screen,
177 this helps us to to avoid "information disclosure" */
178 if (!PG(display_errors)) {
179 php_error_docref(NULL, E_WARNING, "Input variable nesting level exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
180 }
181 free_alloca(var_orig, use_heap);
182 return;
183 }
184
185 ip++;
186 index_s = ip;
187 if (isspace(*ip)) {
188 ip++;
189 }
190 if (*ip==']') {
191 index_s = NULL;
192 } else {
193 ip = strchr(ip, ']');
194 if (!ip) {
195 /* not an index; un-terminate the var name */
196 *(index_s - 1) = '_';
197 /* PHP variables cannot contain ' ', '.', '[' in their names, so we replace the characters with a '_' */
198 for (p = index_s; *p; p++) {
199 if (*p == ' ' || *p == '.' || *p == '[') {
200 *p = '_';
201 }
202 }
203
204 index_len = 0;
205 if (index) {
206 index_len = strlen(index);
207 }
208 goto plain_var;
209 return;
210 }
211 *ip = 0;
212 new_idx_len = strlen(index_s);
213 }
214
215 if (!index) {
216 array_init(&gpc_element);
217 if ((gpc_element_p = zend_hash_next_index_insert(symtable1, &gpc_element)) == NULL) {
218 zend_array_destroy(Z_ARR(gpc_element));
219 zval_ptr_dtor_nogc(val);
220 free_alloca(var_orig, use_heap);
221 return;
222 }
223 } else {
224 gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
225 if (!gpc_element_p) {
226 zval tmp;
227 array_init(&tmp);
228 gpc_element_p = zend_symtable_str_update_ind(symtable1, index, index_len, &tmp);
229 } else {
230 if (Z_TYPE_P(gpc_element_p) == IS_INDIRECT) {
231 gpc_element_p = Z_INDIRECT_P(gpc_element_p);
232 }
233 if (Z_TYPE_P(gpc_element_p) != IS_ARRAY) {
234 zval_ptr_dtor_nogc(gpc_element_p);
235 array_init(gpc_element_p);
236 } else {
237 SEPARATE_ARRAY(gpc_element_p);
238 }
239 }
240 }
241 symtable1 = Z_ARRVAL_P(gpc_element_p);
242 /* ip pointed to the '[' character, now obtain the key */
243 index = index_s;
244 index_len = new_idx_len;
245
246 ip++;
247 if (*ip == '[') {
248 is_array = 1;
249 *ip = 0;
250 } else {
251 goto plain_var;
252 }
253 }
254 } else {
255 plain_var:
256 if (!index) {
257 if (zend_hash_next_index_insert(symtable1, val) == NULL) {
258 zval_ptr_dtor_nogc(val);
259 }
260 } else {
261 zend_ulong idx;
262
263 /*
264 * According to rfc2965, more specific paths are listed above the less specific ones.
265 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
266 * to have the same (plain text) cookie name for the same path and we should not overwrite
267 * more specific cookies with the less specific ones.
268 */
269 if (Z_TYPE(PG(http_globals)[TRACK_VARS_COOKIE]) != IS_UNDEF &&
270 symtable1 == Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]) &&
271 zend_symtable_str_exists(symtable1, index, index_len)) {
272 zval_ptr_dtor_nogc(val);
273 } else if (ZEND_HANDLE_NUMERIC_STR(index, index_len, idx)) {
274 zend_hash_index_update(symtable1, idx, val);
275 } else {
276 php_register_variable_quick(index, index_len, val, symtable1);
277 }
278 }
279 }
280 free_alloca(var_orig, use_heap);
281 }
282
283 typedef struct post_var_data {
284 smart_str str;
285 char *ptr;
286 char *end;
287 uint64_t cnt;
288
289 /* Bytes in ptr that have already been scanned for '&' */
290 size_t already_scanned;
291 } post_var_data_t;
292
add_post_var(zval * arr,post_var_data_t * var,zend_bool eof)293 static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof)
294 {
295 char *start, *ksep, *vsep, *val;
296 size_t klen, vlen;
297 size_t new_vlen;
298
299 if (var->ptr >= var->end) {
300 return 0;
301 }
302
303 start = var->ptr + var->already_scanned;
304 vsep = memchr(start, '&', var->end - start);
305 if (!vsep) {
306 if (!eof) {
307 var->already_scanned = var->end - var->ptr;
308 return 0;
309 } else {
310 vsep = var->end;
311 }
312 }
313
314 ksep = memchr(var->ptr, '=', vsep - var->ptr);
315 if (ksep) {
316 *ksep = '\0';
317 /* "foo=bar&" or "foo=&" */
318 klen = ksep - var->ptr;
319 vlen = vsep - ++ksep;
320 } else {
321 ksep = "";
322 /* "foo&" */
323 klen = vsep - var->ptr;
324 vlen = 0;
325 }
326
327 php_url_decode(var->ptr, klen);
328
329 val = estrndup(ksep, vlen);
330 if (vlen) {
331 vlen = php_url_decode(val, vlen);
332 }
333
334 if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) {
335 php_register_variable_safe(var->ptr, val, new_vlen, arr);
336 }
337 efree(val);
338
339 var->ptr = vsep + (vsep != var->end);
340 var->already_scanned = 0;
341 return 1;
342 }
343
add_post_vars(zval * arr,post_var_data_t * vars,zend_bool eof)344 static inline int add_post_vars(zval *arr, post_var_data_t *vars, zend_bool eof)
345 {
346 uint64_t max_vars = PG(max_input_vars);
347
348 vars->ptr = ZSTR_VAL(vars->str.s);
349 vars->end = ZSTR_VAL(vars->str.s) + ZSTR_LEN(vars->str.s);
350 while (add_post_var(arr, vars, eof)) {
351 if (++vars->cnt > max_vars) {
352 php_error_docref(NULL, E_WARNING,
353 "Input variables exceeded %" PRIu64 ". "
354 "To increase the limit change max_input_vars in php.ini.",
355 max_vars);
356 return FAILURE;
357 }
358 }
359
360 if (!eof && ZSTR_VAL(vars->str.s) != vars->ptr) {
361 memmove(ZSTR_VAL(vars->str.s), vars->ptr, ZSTR_LEN(vars->str.s) = vars->end - vars->ptr);
362 }
363 return SUCCESS;
364 }
365
366 #ifdef PHP_WIN32
367 #define SAPI_POST_HANDLER_BUFSIZ 16384
368 #else
369 # define SAPI_POST_HANDLER_BUFSIZ BUFSIZ
370 #endif
SAPI_POST_HANDLER_FUNC(php_std_post_handler)371 SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
372 {
373 zval *arr = (zval *) arg;
374 php_stream *s = SG(request_info).request_body;
375 post_var_data_t post_data;
376
377 if (s && SUCCESS == php_stream_rewind(s)) {
378 memset(&post_data, 0, sizeof(post_data));
379
380 while (!php_stream_eof(s)) {
381 char buf[SAPI_POST_HANDLER_BUFSIZ] = {0};
382 ssize_t len = php_stream_read(s, buf, SAPI_POST_HANDLER_BUFSIZ);
383
384 if (len > 0) {
385 smart_str_appendl(&post_data.str, buf, len);
386
387 if (SUCCESS != add_post_vars(arr, &post_data, 0)) {
388 smart_str_free(&post_data.str);
389 return;
390 }
391 }
392
393 if (len != SAPI_POST_HANDLER_BUFSIZ){
394 break;
395 }
396 }
397
398 if (post_data.str.s) {
399 add_post_vars(arr, &post_data, 1);
400 smart_str_free(&post_data.str);
401 }
402 }
403 }
404 #undef SAPI_POST_HANDLER_BUFSIZ
405
SAPI_INPUT_FILTER_FUNC(php_default_input_filter)406 SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
407 {
408 /* TODO: check .ini setting here and apply user-defined input filter */
409 if(new_val_len) *new_val_len = val_len;
410 return 1;
411 }
412
SAPI_TREAT_DATA_FUNC(php_default_treat_data)413 SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
414 {
415 char *res = NULL, *var, *val, *separator = NULL;
416 const char *c_var;
417 zval array;
418 int free_buffer = 0;
419 char *strtok_buf = NULL;
420 zend_long count = 0;
421
422 ZVAL_UNDEF(&array);
423 switch (arg) {
424 case PARSE_POST:
425 case PARSE_GET:
426 case PARSE_COOKIE:
427 array_init(&array);
428 switch (arg) {
429 case PARSE_POST:
430 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_POST]);
431 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
432 break;
433 case PARSE_GET:
434 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_GET]);
435 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
436 break;
437 case PARSE_COOKIE:
438 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_COOKIE]);
439 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
440 break;
441 }
442 break;
443 default:
444 ZVAL_COPY_VALUE(&array, destArray);
445 break;
446 }
447
448 if (arg == PARSE_POST) {
449 sapi_handle_post(&array);
450 return;
451 }
452
453 if (arg == PARSE_GET) { /* GET data */
454 c_var = SG(request_info).query_string;
455 if (c_var && *c_var) {
456 res = (char *) estrdup(c_var);
457 free_buffer = 1;
458 } else {
459 free_buffer = 0;
460 }
461 } else if (arg == PARSE_COOKIE) { /* Cookie data */
462 c_var = SG(request_info).cookie_data;
463 if (c_var && *c_var) {
464 res = (char *) estrdup(c_var);
465 free_buffer = 1;
466 } else {
467 free_buffer = 0;
468 }
469 } else if (arg == PARSE_STRING) { /* String data */
470 res = str;
471 free_buffer = 1;
472 }
473
474 if (!res) {
475 return;
476 }
477
478 switch (arg) {
479 case PARSE_GET:
480 case PARSE_STRING:
481 separator = PG(arg_separator).input;
482 break;
483 case PARSE_COOKIE:
484 separator = ";\0";
485 break;
486 }
487
488 var = php_strtok_r(res, separator, &strtok_buf);
489
490 while (var) {
491 size_t val_len;
492 size_t new_val_len;
493
494 val = strchr(var, '=');
495
496 if (arg == PARSE_COOKIE) {
497 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
498 while (isspace(*var)) {
499 var++;
500 }
501 if (var == val || *var == '\0') {
502 goto next_cookie;
503 }
504 }
505
506 if (++count > PG(max_input_vars)) {
507 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
508 break;
509 }
510
511 if (val) { /* have a value */
512
513 *val++ = '\0';
514
515 if (arg == PARSE_COOKIE) {
516 val_len = php_raw_url_decode(val, strlen(val));
517 } else {
518 val_len = php_url_decode(val, strlen(val));
519 }
520 } else {
521 val = "";
522 val_len = 0;
523 }
524
525 val = estrndup(val, val_len);
526 if (arg != PARSE_COOKIE) {
527 php_url_decode(var, strlen(var));
528 }
529 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
530 php_register_variable_safe(var, val, new_val_len, &array);
531 }
532 efree(val);
533 next_cookie:
534 var = php_strtok_r(NULL, separator, &strtok_buf);
535 }
536
537 if (free_buffer) {
538 efree(res);
539 }
540 }
541
valid_environment_name(const char * name,const char * end)542 static zend_always_inline int valid_environment_name(const char *name, const char *end)
543 {
544 const char *s;
545
546 for (s = name; s < end; s++) {
547 if (*s == ' ' || *s == '.' || *s == '[') {
548 return 0;
549 }
550 }
551 return 1;
552 }
553
import_environment_variable(HashTable * ht,char * env)554 static zend_always_inline void import_environment_variable(HashTable *ht, char *env)
555 {
556 char *p;
557 size_t name_len, len;
558 zval val;
559 zend_ulong idx;
560
561 p = strchr(env, '=');
562 if (!p
563 || p == env
564 || !valid_environment_name(env, p)) {
565 /* malformed entry? */
566 return;
567 }
568 name_len = p - env;
569 p++;
570 len = strlen(p);
571 ZVAL_STRINGL_FAST(&val, p, len);
572 if (ZEND_HANDLE_NUMERIC_STR(env, name_len, idx)) {
573 zend_hash_index_update(ht, idx, &val);
574 } else {
575 php_register_variable_quick(env, name_len, &val, ht);
576 }
577 }
578
_php_import_environment_variables(zval * array_ptr)579 void _php_import_environment_variables(zval *array_ptr)
580 {
581 tsrm_env_lock();
582
583 #ifndef PHP_WIN32
584 for (char **env = environ; env != NULL && *env != NULL; env++) {
585 import_environment_variable(Z_ARRVAL_P(array_ptr), *env);
586 }
587 #else
588 wchar_t *environmentw = GetEnvironmentStringsW();
589 for (wchar_t *envw = environmentw; envw != NULL && *envw; envw += wcslen(envw) + 1) {
590 char *env = php_win32_cp_w_to_any(envw);
591 if (env != NULL) {
592 import_environment_variable(Z_ARRVAL_P(array_ptr), env);
593 free(env);
594 }
595 }
596 FreeEnvironmentStringsW(environmentw);
597 #endif
598
599 tsrm_env_unlock();
600 }
601
php_std_auto_global_callback(char * name,uint32_t name_len)602 zend_bool php_std_auto_global_callback(char *name, uint32_t name_len)
603 {
604 zend_printf("%s\n", name);
605 return 0; /* don't rearm */
606 }
607
608 /* {{{ php_build_argv */
php_build_argv(const char * s,zval * track_vars_array)609 PHPAPI void php_build_argv(const char *s, zval *track_vars_array)
610 {
611 zval arr, argc, tmp;
612 int count = 0;
613
614 if (!(SG(request_info).argc || track_vars_array)) {
615 return;
616 }
617
618 array_init(&arr);
619
620 /* Prepare argv */
621 if (SG(request_info).argc) { /* are we in cli sapi? */
622 int i;
623 for (i = 0; i < SG(request_info).argc; i++) {
624 ZVAL_STRING(&tmp, SG(request_info).argv[i]);
625 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
626 zend_string_efree(Z_STR(tmp));
627 }
628 }
629 } else if (s && *s) {
630 while (1) {
631 const char *space = strchr(s, '+');
632 /* auto-type */
633 ZVAL_STRINGL(&tmp, s, space ? space - s : strlen(s));
634 count++;
635 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
636 zend_string_efree(Z_STR(tmp));
637 }
638 if (!space) {
639 break;
640 }
641 s = space + 1;
642 }
643 }
644
645 /* prepare argc */
646 if (SG(request_info).argc) {
647 ZVAL_LONG(&argc, SG(request_info).argc);
648 } else {
649 ZVAL_LONG(&argc, count);
650 }
651
652 if (SG(request_info).argc) {
653 Z_ADDREF(arr);
654 zend_hash_update(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), &arr);
655 zend_hash_update(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), &argc);
656 }
657 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
658 Z_ADDREF(arr);
659 zend_hash_update(Z_ARRVAL_P(track_vars_array), ZSTR_KNOWN(ZEND_STR_ARGV), &arr);
660 zend_hash_update(Z_ARRVAL_P(track_vars_array), ZSTR_KNOWN(ZEND_STR_ARGC), &argc);
661 }
662 zval_ptr_dtor_nogc(&arr);
663 }
664 /* }}} */
665
666 /* {{{ php_register_server_variables */
php_register_server_variables(void)667 static inline void php_register_server_variables(void)
668 {
669 zval tmp;
670 zval *arr = &PG(http_globals)[TRACK_VARS_SERVER];
671 HashTable *ht;
672
673 zval_ptr_dtor_nogc(arr);
674 array_init(arr);
675
676 /* Server variables */
677 if (sapi_module.register_server_variables) {
678 sapi_module.register_server_variables(arr);
679 }
680 ht = Z_ARRVAL_P(arr);
681
682 /* PHP Authentication support */
683 if (SG(request_info).auth_user) {
684 ZVAL_STRING(&tmp, SG(request_info).auth_user);
685 php_register_variable_quick("PHP_AUTH_USER", sizeof("PHP_AUTH_USER")-1, &tmp, ht);
686 }
687 if (SG(request_info).auth_password) {
688 ZVAL_STRING(&tmp, SG(request_info).auth_password);
689 php_register_variable_quick("PHP_AUTH_PW", sizeof("PHP_AUTH_PW")-1, &tmp, ht);
690 }
691 if (SG(request_info).auth_digest) {
692 ZVAL_STRING(&tmp, SG(request_info).auth_digest);
693 php_register_variable_quick("PHP_AUTH_DIGEST", sizeof("PHP_AUTH_DIGEST")-1, &tmp, ht);
694 }
695
696 /* store request init time */
697 ZVAL_DOUBLE(&tmp, sapi_get_request_time());
698 php_register_variable_quick("REQUEST_TIME_FLOAT", sizeof("REQUEST_TIME_FLOAT")-1, &tmp, ht);
699 ZVAL_LONG(&tmp, zend_dval_to_lval(Z_DVAL(tmp)));
700 php_register_variable_quick("REQUEST_TIME", sizeof("REQUEST_TIME")-1, &tmp, ht);
701 }
702 /* }}} */
703
704 /* {{{ php_autoglobal_merge */
php_autoglobal_merge(HashTable * dest,HashTable * src)705 static void php_autoglobal_merge(HashTable *dest, HashTable *src)
706 {
707 zval *src_entry, *dest_entry;
708 zend_string *string_key;
709 zend_ulong num_key;
710 int globals_check = (dest == (&EG(symbol_table)));
711
712 ZEND_HASH_FOREACH_KEY_VAL(src, num_key, string_key, src_entry) {
713 if (Z_TYPE_P(src_entry) != IS_ARRAY
714 || (string_key && (dest_entry = zend_hash_find(dest, string_key)) == NULL)
715 || (string_key == NULL && (dest_entry = zend_hash_index_find(dest, num_key)) == NULL)
716 || Z_TYPE_P(dest_entry) != IS_ARRAY) {
717 Z_TRY_ADDREF_P(src_entry);
718 if (string_key) {
719 if (!globals_check || ZSTR_LEN(string_key) != sizeof("GLOBALS") - 1
720 || memcmp(ZSTR_VAL(string_key), "GLOBALS", sizeof("GLOBALS") - 1)) {
721 zend_hash_update(dest, string_key, src_entry);
722 } else {
723 Z_TRY_DELREF_P(src_entry);
724 }
725 } else {
726 zend_hash_index_update(dest, num_key, src_entry);
727 }
728 } else {
729 SEPARATE_ARRAY(dest_entry);
730 php_autoglobal_merge(Z_ARRVAL_P(dest_entry), Z_ARRVAL_P(src_entry));
731 }
732 } ZEND_HASH_FOREACH_END();
733 }
734 /* }}} */
735
736 /* {{{ php_hash_environment */
php_hash_environment(void)737 PHPAPI int php_hash_environment(void)
738 {
739 memset(PG(http_globals), 0, sizeof(PG(http_globals)));
740 zend_activate_auto_globals();
741 if (PG(register_argc_argv)) {
742 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
743 }
744 return SUCCESS;
745 }
746 /* }}} */
747
php_auto_globals_create_get(zend_string * name)748 static zend_bool php_auto_globals_create_get(zend_string *name)
749 {
750 if (PG(variables_order) && (strchr(PG(variables_order),'G') || strchr(PG(variables_order),'g'))) {
751 sapi_module.treat_data(PARSE_GET, NULL, NULL);
752 } else {
753 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_GET]);
754 array_init(&PG(http_globals)[TRACK_VARS_GET]);
755 }
756
757 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_GET]);
758 Z_ADDREF(PG(http_globals)[TRACK_VARS_GET]);
759
760 return 0; /* don't rearm */
761 }
762
php_auto_globals_create_post(zend_string * name)763 static zend_bool php_auto_globals_create_post(zend_string *name)
764 {
765 if (PG(variables_order) &&
766 (strchr(PG(variables_order),'P') || strchr(PG(variables_order),'p')) &&
767 !SG(headers_sent) &&
768 SG(request_info).request_method &&
769 !strcasecmp(SG(request_info).request_method, "POST")) {
770 sapi_module.treat_data(PARSE_POST, NULL, NULL);
771 } else {
772 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_POST]);
773 array_init(&PG(http_globals)[TRACK_VARS_POST]);
774 }
775
776 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_POST]);
777 Z_ADDREF(PG(http_globals)[TRACK_VARS_POST]);
778
779 return 0; /* don't rearm */
780 }
781
php_auto_globals_create_cookie(zend_string * name)782 static zend_bool php_auto_globals_create_cookie(zend_string *name)
783 {
784 if (PG(variables_order) && (strchr(PG(variables_order),'C') || strchr(PG(variables_order),'c'))) {
785 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL);
786 } else {
787 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_COOKIE]);
788 array_init(&PG(http_globals)[TRACK_VARS_COOKIE]);
789 }
790
791 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_COOKIE]);
792 Z_ADDREF(PG(http_globals)[TRACK_VARS_COOKIE]);
793
794 return 0; /* don't rearm */
795 }
796
php_auto_globals_create_files(zend_string * name)797 static zend_bool php_auto_globals_create_files(zend_string *name)
798 {
799 if (Z_TYPE(PG(http_globals)[TRACK_VARS_FILES]) == IS_UNDEF) {
800 array_init(&PG(http_globals)[TRACK_VARS_FILES]);
801 }
802
803 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_FILES]);
804 Z_ADDREF(PG(http_globals)[TRACK_VARS_FILES]);
805
806 return 0; /* don't rearm */
807 }
808
809 /* Upgly hack to fix HTTP_PROXY issue, see bug #72573 */
check_http_proxy(HashTable * var_table)810 static void check_http_proxy(HashTable *var_table)
811 {
812 if (zend_hash_str_exists(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1)) {
813 char *local_proxy = getenv("HTTP_PROXY");
814
815 if (!local_proxy) {
816 zend_hash_str_del(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1);
817 } else {
818 zval local_zval;
819 ZVAL_STRING(&local_zval, local_proxy);
820 zend_hash_str_update(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1, &local_zval);
821 }
822 }
823 }
824
php_auto_globals_create_server(zend_string * name)825 static zend_bool php_auto_globals_create_server(zend_string *name)
826 {
827 if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
828 php_register_server_variables();
829
830 if (PG(register_argc_argv)) {
831 if (SG(request_info).argc) {
832 zval *argc, *argv;
833
834 if ((argc = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), 1)) != NULL &&
835 (argv = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), 1)) != NULL) {
836 Z_ADDREF_P(argv);
837 zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGV), argv);
838 zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGC), argc);
839 }
840 } else {
841 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
842 }
843 }
844
845 } else {
846 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_SERVER]);
847 array_init(&PG(http_globals)[TRACK_VARS_SERVER]);
848 }
849
850 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
851 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_SERVER]);
852 Z_ADDREF(PG(http_globals)[TRACK_VARS_SERVER]);
853
854 /* TODO: TRACK_VARS_SERVER is modified in a number of places (e.g. phar) past this point,
855 * where rc>1 due to the $_SERVER global. Ideally this shouldn't happen, but for now we
856 * ignore this issue, as it would probably require larger changes. */
857 HT_ALLOW_COW_VIOLATION(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
858
859 return 0; /* don't rearm */
860 }
861
php_auto_globals_create_env(zend_string * name)862 static zend_bool php_auto_globals_create_env(zend_string *name)
863 {
864 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_ENV]);
865 array_init(&PG(http_globals)[TRACK_VARS_ENV]);
866
867 if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) {
868 php_import_environment_variables(&PG(http_globals)[TRACK_VARS_ENV]);
869 }
870
871 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_ENV]));
872 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_ENV]);
873 Z_ADDREF(PG(http_globals)[TRACK_VARS_ENV]);
874
875 return 0; /* don't rearm */
876 }
877
php_auto_globals_create_request(zend_string * name)878 static zend_bool php_auto_globals_create_request(zend_string *name)
879 {
880 zval form_variables;
881 unsigned char _gpc_flags[3] = {0, 0, 0};
882 char *p;
883
884 array_init(&form_variables);
885
886 if (PG(request_order) != NULL) {
887 p = PG(request_order);
888 } else {
889 p = PG(variables_order);
890 }
891
892 for (; p && *p; p++) {
893 switch (*p) {
894 case 'g':
895 case 'G':
896 if (!_gpc_flags[0]) {
897 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_GET]));
898 _gpc_flags[0] = 1;
899 }
900 break;
901 case 'p':
902 case 'P':
903 if (!_gpc_flags[1]) {
904 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_POST]));
905 _gpc_flags[1] = 1;
906 }
907 break;
908 case 'c':
909 case 'C':
910 if (!_gpc_flags[2]) {
911 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]));
912 _gpc_flags[2] = 1;
913 }
914 break;
915 }
916 }
917
918 zend_hash_update(&EG(symbol_table), name, &form_variables);
919 return 0;
920 }
921
php_startup_auto_globals(void)922 void php_startup_auto_globals(void)
923 {
924 zend_register_auto_global(zend_string_init_interned("_GET", sizeof("_GET")-1, 1), 0, php_auto_globals_create_get);
925 zend_register_auto_global(zend_string_init_interned("_POST", sizeof("_POST")-1, 1), 0, php_auto_globals_create_post);
926 zend_register_auto_global(zend_string_init_interned("_COOKIE", sizeof("_COOKIE")-1, 1), 0, php_auto_globals_create_cookie);
927 zend_register_auto_global(zend_string_init_interned("_SERVER", sizeof("_SERVER")-1, 1), PG(auto_globals_jit), php_auto_globals_create_server);
928 zend_register_auto_global(zend_string_init_interned("_ENV", sizeof("_ENV")-1, 1), PG(auto_globals_jit), php_auto_globals_create_env);
929 zend_register_auto_global(zend_string_init_interned("_REQUEST", sizeof("_REQUEST")-1, 1), PG(auto_globals_jit), php_auto_globals_create_request);
930 zend_register_auto_global(zend_string_init_interned("_FILES", sizeof("_FILES")-1, 1), 0, php_auto_globals_create_files);
931 }
932