xref: /PHP-8.1/ext/standard/browscap.c (revision e1c6a7c4)
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Author: Zeev Suraski <zeev@php.net>                                  |
14    +----------------------------------------------------------------------+
15  */
16 
17 #include "php.h"
18 #include "php_browscap.h"
19 #include "php_ini.h"
20 #include "php_string.h"
21 #include "ext/pcre/php_pcre.h"
22 
23 #include "zend_ini_scanner.h"
24 #include "zend_globals.h"
25 
26 #define BROWSCAP_NUM_CONTAINS 5
27 
28 typedef struct {
29 	zend_string *key;
30 	zend_string *value;
31 } browscap_kv;
32 
33 typedef struct {
34 	zend_string *pattern;
35 	zend_string *parent;
36 	uint32_t kv_start;
37 	uint32_t kv_end;
38 	/* We ensure that the length fits in 16 bits, so this is fine */
39 	uint16_t contains_start[BROWSCAP_NUM_CONTAINS];
40 	uint8_t contains_len[BROWSCAP_NUM_CONTAINS];
41 	uint8_t prefix_len;
42 } browscap_entry;
43 
44 typedef struct {
45 	HashTable *htab;
46 	browscap_kv *kv;
47 	uint32_t kv_used;
48 	uint32_t kv_size;
49 	char filename[MAXPATHLEN];
50 } browser_data;
51 
52 /* browser data defined in startup phase, eagerly loaded in MINIT */
53 static browser_data global_bdata = {0};
54 
55 /* browser data defined in activation phase, lazily loaded in get_browser.
56  * Per request and per thread, if applicable */
ZEND_BEGIN_MODULE_GLOBALS(browscap)57 ZEND_BEGIN_MODULE_GLOBALS(browscap)
58 	browser_data activation_bdata;
59 ZEND_END_MODULE_GLOBALS(browscap)
60 
61 ZEND_DECLARE_MODULE_GLOBALS(browscap)
62 #define BROWSCAP_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(browscap, v)
63 
64 #define DEFAULT_SECTION_NAME "Default Browser Capability Settings"
65 
66 /* OBJECTS_FIXME: This whole extension needs going through. The use of objects looks pretty broken here */
67 
68 static void browscap_entry_dtor(zval *zvalue)
69 {
70 	browscap_entry *entry = Z_PTR_P(zvalue);
71 	zend_string_release_ex(entry->pattern, 0);
72 	if (entry->parent) {
73 		zend_string_release_ex(entry->parent, 0);
74 	}
75 	efree(entry);
76 }
77 
browscap_entry_dtor_persistent(zval * zvalue)78 static void browscap_entry_dtor_persistent(zval *zvalue)
79 {
80 	browscap_entry *entry = Z_PTR_P(zvalue);
81 	zend_string_release_ex(entry->pattern, 1);
82 	if (entry->parent) {
83 		zend_string_release_ex(entry->parent, 1);
84 	}
85 	pefree(entry, 1);
86 }
87 
is_placeholder(char c)88 static inline bool is_placeholder(char c) {
89 	return c == '?' || c == '*';
90 }
91 
92 /* Length of prefix not containing any wildcards */
browscap_compute_prefix_len(zend_string * pattern)93 static uint8_t browscap_compute_prefix_len(zend_string *pattern) {
94 	size_t i;
95 	for (i = 0; i < ZSTR_LEN(pattern); i++) {
96 		if (is_placeholder(ZSTR_VAL(pattern)[i])) {
97 			break;
98 		}
99 	}
100 	return (uint8_t)MIN(i, UINT8_MAX);
101 }
102 
browscap_compute_contains(zend_string * pattern,size_t start_pos,uint16_t * contains_start,uint8_t * contains_len)103 static size_t browscap_compute_contains(
104 		zend_string *pattern, size_t start_pos,
105 		uint16_t *contains_start, uint8_t *contains_len) {
106 	size_t i = start_pos;
107 	/* Find first non-placeholder character after prefix */
108 	for (; i < ZSTR_LEN(pattern); i++) {
109 		if (!is_placeholder(ZSTR_VAL(pattern)[i])) {
110 			/* Skip the case of a single non-placeholder character.
111 			 * Let's try to find something longer instead. */
112 			if (i + 1 < ZSTR_LEN(pattern) &&
113 					!is_placeholder(ZSTR_VAL(pattern)[i + 1])) {
114 				break;
115 			}
116 		}
117 	}
118 	*contains_start = (uint16_t)i;
119 
120 	/* Find first placeholder character after that */
121 	for (; i < ZSTR_LEN(pattern); i++) {
122 		if (is_placeholder(ZSTR_VAL(pattern)[i])) {
123 			break;
124 		}
125 	}
126 	*contains_len = (uint8_t)MIN(i - *contains_start, UINT8_MAX);
127 	return i;
128 }
129 
130 /* Length of regex, including escapes, anchors, etc. */
browscap_compute_regex_len(zend_string * pattern)131 static size_t browscap_compute_regex_len(zend_string *pattern) {
132 	size_t i, len = ZSTR_LEN(pattern);
133 	for (i = 0; i < ZSTR_LEN(pattern); i++) {
134 		switch (ZSTR_VAL(pattern)[i]) {
135 			case '*':
136 			case '.':
137 			case '\\':
138 			case '(':
139 			case ')':
140 			case '~':
141 			case '+':
142 				len++;
143 				break;
144 		}
145 	}
146 
147 	return len + sizeof("~^$~")-1;
148 }
149 
browscap_convert_pattern(zend_string * pattern,int persistent)150 static zend_string *browscap_convert_pattern(zend_string *pattern, int persistent) /* {{{ */
151 {
152 	size_t i, j=0;
153 	char *t;
154 	zend_string *res;
155 	char *lc_pattern;
156 	ALLOCA_FLAG(use_heap);
157 
158 	res = zend_string_alloc(browscap_compute_regex_len(pattern), persistent);
159 	t = ZSTR_VAL(res);
160 
161 	lc_pattern = do_alloca(ZSTR_LEN(pattern) + 1, use_heap);
162 	zend_str_tolower_copy(lc_pattern, ZSTR_VAL(pattern), ZSTR_LEN(pattern));
163 
164 	t[j++] = '~';
165 	t[j++] = '^';
166 
167 	for (i = 0; i < ZSTR_LEN(pattern); i++, j++) {
168 		switch (lc_pattern[i]) {
169 			case '?':
170 				t[j] = '.';
171 				break;
172 			case '*':
173 				t[j++] = '.';
174 				t[j] = '*';
175 				break;
176 			case '.':
177 				t[j++] = '\\';
178 				t[j] = '.';
179 				break;
180 			case '\\':
181 				t[j++] = '\\';
182 				t[j] = '\\';
183 				break;
184 			case '(':
185 				t[j++] = '\\';
186 				t[j] = '(';
187 				break;
188 			case ')':
189 				t[j++] = '\\';
190 				t[j] = ')';
191 				break;
192 			case '~':
193 				t[j++] = '\\';
194 				t[j] = '~';
195 				break;
196 			case '+':
197 				t[j++] = '\\';
198 				t[j] = '+';
199 				break;
200 			default:
201 				t[j] = lc_pattern[i];
202 				break;
203 		}
204 	}
205 
206 	t[j++] = '$';
207 	t[j++] = '~';
208 	t[j]=0;
209 
210 	ZSTR_LEN(res) = j;
211 	free_alloca(lc_pattern, use_heap);
212 	return res;
213 }
214 /* }}} */
215 
216 typedef struct _browscap_parser_ctx {
217 	browser_data *bdata;
218 	browscap_entry *current_entry;
219 	zend_string *current_section_name;
220 	HashTable str_interned;
221 } browscap_parser_ctx;
222 
browscap_intern_str(browscap_parser_ctx * ctx,zend_string * str,bool persistent)223 static zend_string *browscap_intern_str(
224 		browscap_parser_ctx *ctx, zend_string *str, bool persistent) {
225 	zend_string *interned = zend_hash_find_ptr(&ctx->str_interned, str);
226 	if (interned) {
227 		zend_string_addref(interned);
228 	} else {
229 		interned = zend_string_copy(str);
230 		if (persistent) {
231 			interned = zend_new_interned_string(interned);
232 		}
233 		zend_hash_add_new_ptr(&ctx->str_interned, interned, interned);
234 	}
235 
236 	return interned;
237 }
238 
browscap_intern_str_ci(browscap_parser_ctx * ctx,zend_string * str,bool persistent)239 static zend_string *browscap_intern_str_ci(
240 		browscap_parser_ctx *ctx, zend_string *str, bool persistent) {
241 	zend_string *lcname;
242 	zend_string *interned;
243 	ALLOCA_FLAG(use_heap);
244 
245 	ZSTR_ALLOCA_ALLOC(lcname, ZSTR_LEN(str), use_heap);
246 	zend_str_tolower_copy(ZSTR_VAL(lcname), ZSTR_VAL(str), ZSTR_LEN(str));
247 	interned = zend_hash_find_ptr(&ctx->str_interned, lcname);
248 
249 	if (interned) {
250 		zend_string_addref(interned);
251 	} else {
252 		interned = zend_string_init(ZSTR_VAL(lcname), ZSTR_LEN(lcname), persistent);
253 		if (persistent) {
254 			interned = zend_new_interned_string(interned);
255 		}
256 		zend_hash_add_new_ptr(&ctx->str_interned, interned, interned);
257 	}
258 
259 	ZSTR_ALLOCA_FREE(lcname, use_heap);
260 	return interned;
261 }
262 
browscap_add_kv(browser_data * bdata,zend_string * key,zend_string * value,bool persistent)263 static void browscap_add_kv(
264 		browser_data *bdata, zend_string *key, zend_string *value, bool persistent) {
265 	if (bdata->kv_used == bdata->kv_size) {
266 		bdata->kv_size *= 2;
267 		bdata->kv = safe_perealloc(bdata->kv, sizeof(browscap_kv), bdata->kv_size, 0, persistent);
268 	}
269 
270 	bdata->kv[bdata->kv_used].key = key;
271 	bdata->kv[bdata->kv_used].value = value;
272 	bdata->kv_used++;
273 }
274 
browscap_entry_to_array(browser_data * bdata,browscap_entry * entry)275 static HashTable *browscap_entry_to_array(browser_data *bdata, browscap_entry *entry) {
276 	zval tmp;
277 	uint32_t i;
278 
279 	HashTable *ht = zend_new_array(8);
280 
281 	ZVAL_STR(&tmp, browscap_convert_pattern(entry->pattern, 0));
282 	zend_hash_str_add(ht, "browser_name_regex", sizeof("browser_name_regex")-1, &tmp);
283 
284 	ZVAL_STR_COPY(&tmp, entry->pattern);
285 	zend_hash_str_add(ht, "browser_name_pattern", sizeof("browser_name_pattern")-1, &tmp);
286 
287 	if (entry->parent) {
288 		ZVAL_STR_COPY(&tmp, entry->parent);
289 		zend_hash_str_add(ht, "parent", sizeof("parent")-1, &tmp);
290 	}
291 
292 	for (i = entry->kv_start; i < entry->kv_end; i++) {
293 		ZVAL_STR_COPY(&tmp, bdata->kv[i].value);
294 		zend_hash_add(ht, bdata->kv[i].key, &tmp);
295 	}
296 
297 	return ht;
298 }
299 
php_browscap_parser_cb(zval * arg1,zval * arg2,zval * arg3,int callback_type,void * arg)300 static void php_browscap_parser_cb(zval *arg1, zval *arg2, zval *arg3, int callback_type, void *arg) /* {{{ */
301 {
302 	browscap_parser_ctx *ctx = arg;
303 	browser_data *bdata = ctx->bdata;
304 	int persistent = GC_FLAGS(bdata->htab) & IS_ARRAY_PERSISTENT;
305 
306 	if (!arg1) {
307 		return;
308 	}
309 
310 	switch (callback_type) {
311 		case ZEND_INI_PARSER_ENTRY:
312 			if (ctx->current_entry != NULL && arg2) {
313 				zend_string *new_key, *new_value;
314 
315 				/* Set proper value for true/false settings */
316 				if (zend_string_equals_literal_ci(Z_STR_P(arg2), "on")
317 					|| zend_string_equals_literal_ci(Z_STR_P(arg2), "yes")
318 					|| zend_string_equals_literal_ci(Z_STR_P(arg2), "true")
319 				) {
320 					new_value = ZSTR_CHAR('1');
321 				} else if (zend_string_equals_literal_ci(Z_STR_P(arg2), "no")
322 					|| zend_string_equals_literal_ci(Z_STR_P(arg2), "off")
323 					|| zend_string_equals_literal_ci(Z_STR_P(arg2), "none")
324 					|| zend_string_equals_literal_ci(Z_STR_P(arg2), "false")
325 				) {
326 					new_value = ZSTR_EMPTY_ALLOC();
327 				} else { /* Other than true/false setting */
328 					new_value = browscap_intern_str(ctx, Z_STR_P(arg2), persistent);
329 				}
330 
331 				if (zend_string_equals_literal_ci(Z_STR_P(arg1), "parent")) {
332 					/* parent entry can not be same as current section -> causes infinite loop! */
333 					if (ctx->current_section_name != NULL &&
334 						zend_string_equals_ci(ctx->current_section_name, Z_STR_P(arg2))
335 					) {
336 						zend_error(E_CORE_ERROR, "Invalid browscap ini file: "
337 							"'Parent' value cannot be same as the section name: %s "
338 							"(in file %s)", ZSTR_VAL(ctx->current_section_name), INI_STR("browscap"));
339 						return;
340 					}
341 
342 					if (ctx->current_entry->parent) {
343 						zend_string_release(ctx->current_entry->parent);
344 					}
345 
346 					ctx->current_entry->parent = new_value;
347 				} else {
348 					new_key = browscap_intern_str_ci(ctx, Z_STR_P(arg1), persistent);
349 					browscap_add_kv(bdata, new_key, new_value, persistent);
350 					ctx->current_entry->kv_end = bdata->kv_used;
351 				}
352 			}
353 			break;
354 		case ZEND_INI_PARSER_SECTION:
355 		{
356 			browscap_entry *entry;
357 			zend_string *pattern = Z_STR_P(arg1);
358 			size_t pos;
359 			int i;
360 
361 			if (ZSTR_LEN(pattern) > UINT16_MAX) {
362 				php_error_docref(NULL, E_WARNING,
363 					"Skipping excessively long pattern of length %zd", ZSTR_LEN(pattern));
364 				break;
365 			}
366 
367 			if (persistent) {
368 				pattern = zend_new_interned_string(zend_string_copy(pattern));
369 				if (ZSTR_IS_INTERNED(pattern)) {
370 					Z_TYPE_FLAGS_P(arg1) = 0;
371 				} else {
372 					zend_string_release(pattern);
373 				}
374 			}
375 
376 			entry = ctx->current_entry
377 				= pemalloc(sizeof(browscap_entry), persistent);
378 			zend_hash_update_ptr(bdata->htab, pattern, entry);
379 
380 			if (ctx->current_section_name) {
381 				zend_string_release(ctx->current_section_name);
382 			}
383 			ctx->current_section_name = zend_string_copy(pattern);
384 
385 			entry->pattern = zend_string_copy(pattern);
386 			entry->kv_end = entry->kv_start = bdata->kv_used;
387 			entry->parent = NULL;
388 
389 			pos = entry->prefix_len = browscap_compute_prefix_len(pattern);
390 			for (i = 0; i < BROWSCAP_NUM_CONTAINS; i++) {
391 				pos = browscap_compute_contains(pattern, pos,
392 					&entry->contains_start[i], &entry->contains_len[i]);
393 			}
394 			break;
395 		}
396 	}
397 }
398 /* }}} */
399 
browscap_read_file(char * filename,browser_data * browdata,int persistent)400 static int browscap_read_file(char *filename, browser_data *browdata, int persistent) /* {{{ */
401 {
402 	zend_file_handle fh;
403 	browscap_parser_ctx ctx = {0};
404 	FILE *fp;
405 
406 	if (filename == NULL || filename[0] == '\0') {
407 		return FAILURE;
408 	}
409 
410 	fp = VCWD_FOPEN(filename, "r");
411 	if (!fp) {
412 		zend_error(E_CORE_WARNING, "Cannot open \"%s\" for reading", filename);
413 		return FAILURE;
414 	}
415 	zend_stream_init_fp(&fh, fp, filename);
416 
417 	browdata->htab = pemalloc(sizeof *browdata->htab, persistent);
418 	zend_hash_init(browdata->htab, 0, NULL,
419 		persistent ? browscap_entry_dtor_persistent : browscap_entry_dtor, persistent);
420 
421 	browdata->kv_size = 16 * 1024;
422 	browdata->kv_used = 0;
423 	browdata->kv = pemalloc(sizeof(browscap_kv) * browdata->kv_size, persistent);
424 
425 	/* Create parser context */
426 	ctx.bdata = browdata;
427 	ctx.current_entry = NULL;
428 	ctx.current_section_name = NULL;
429 	/* No dtor because we don't inc the refcount for the reference stored within the hash table's entry value
430 	 * as the hash table is only temporary anyway. */
431 	zend_hash_init(&ctx.str_interned, 8, NULL, NULL, persistent);
432 
433 	zend_parse_ini_file(&fh, persistent, ZEND_INI_SCANNER_RAW,
434 			(zend_ini_parser_cb_t) php_browscap_parser_cb, &ctx);
435 
436 	/* Destroy parser context */
437 	if (ctx.current_section_name) {
438 		zend_string_release(ctx.current_section_name);
439 	}
440 	zend_hash_destroy(&ctx.str_interned);
441 	zend_destroy_file_handle(&fh);
442 
443 	return SUCCESS;
444 }
445 /* }}} */
446 
447 #ifdef ZTS
browscap_globals_ctor(zend_browscap_globals * browscap_globals)448 static void browscap_globals_ctor(zend_browscap_globals *browscap_globals) /* {{{ */
449 {
450 	browscap_globals->activation_bdata.htab = NULL;
451 	browscap_globals->activation_bdata.kv = NULL;
452 	browscap_globals->activation_bdata.filename[0] = '\0';
453 }
454 /* }}} */
455 #endif
456 
browscap_bdata_dtor(browser_data * bdata,int persistent)457 static void browscap_bdata_dtor(browser_data *bdata, int persistent) /* {{{ */
458 {
459 	if (bdata->htab != NULL) {
460 		uint32_t i;
461 
462 		zend_hash_destroy(bdata->htab);
463 		pefree(bdata->htab, persistent);
464 		bdata->htab = NULL;
465 
466 		for (i = 0; i < bdata->kv_used; i++) {
467 			zend_string_release(bdata->kv[i].key);
468 			zend_string_release(bdata->kv[i].value);
469 		}
470 		pefree(bdata->kv, persistent);
471 		bdata->kv = NULL;
472 	}
473 	bdata->filename[0] = '\0';
474 }
475 /* }}} */
476 
477 /* {{{ PHP_INI_MH */
PHP_INI_MH(OnChangeBrowscap)478 PHP_INI_MH(OnChangeBrowscap)
479 {
480 	if (stage == PHP_INI_STAGE_STARTUP) {
481 		/* value handled in browscap.c's MINIT */
482 		return SUCCESS;
483 	} else if (stage == PHP_INI_STAGE_ACTIVATE) {
484 		browser_data *bdata = &BROWSCAP_G(activation_bdata);
485 		if (bdata->filename[0] != '\0') {
486 			browscap_bdata_dtor(bdata, 0);
487 		}
488 		if (VCWD_REALPATH(ZSTR_VAL(new_value), bdata->filename) == NULL) {
489 			return FAILURE;
490 		}
491 		return SUCCESS;
492 	}
493 
494 	return FAILURE;
495 }
496 /* }}} */
497 
PHP_MINIT_FUNCTION(browscap)498 PHP_MINIT_FUNCTION(browscap) /* {{{ */
499 {
500 	char *browscap = INI_STR("browscap");
501 
502 #ifdef ZTS
503 	ts_allocate_id(&browscap_globals_id, sizeof(browser_data), (ts_allocate_ctor) browscap_globals_ctor, NULL);
504 #endif
505 	/* ctor call not really needed for non-ZTS */
506 
507 	if (browscap && browscap[0]) {
508 		if (browscap_read_file(browscap, &global_bdata, 1) == FAILURE) {
509 			return FAILURE;
510 		}
511 	}
512 
513 	return SUCCESS;
514 }
515 /* }}} */
516 
PHP_RSHUTDOWN_FUNCTION(browscap)517 PHP_RSHUTDOWN_FUNCTION(browscap) /* {{{ */
518 {
519 	browser_data *bdata = &BROWSCAP_G(activation_bdata);
520 	if (bdata->filename[0] != '\0') {
521 		browscap_bdata_dtor(bdata, 0);
522 	}
523 
524 	return SUCCESS;
525 }
526 /* }}} */
527 
PHP_MSHUTDOWN_FUNCTION(browscap)528 PHP_MSHUTDOWN_FUNCTION(browscap) /* {{{ */
529 {
530 	browscap_bdata_dtor(&global_bdata, 1);
531 
532 	return SUCCESS;
533 }
534 /* }}} */
535 
browscap_get_minimum_length(browscap_entry * entry)536 static inline size_t browscap_get_minimum_length(browscap_entry *entry) {
537 	size_t len = entry->prefix_len;
538 	int i;
539 	for (i = 0; i < BROWSCAP_NUM_CONTAINS; i++) {
540 		len += entry->contains_len[i];
541 	}
542 	return len;
543 }
544 
browser_reg_compare(browscap_entry * entry,zend_string * agent_name,browscap_entry ** found_entry_ptr)545 static int browser_reg_compare(browscap_entry *entry, zend_string *agent_name, browscap_entry **found_entry_ptr) /* {{{ */
546 {
547 	browscap_entry *found_entry = *found_entry_ptr;
548 	ALLOCA_FLAG(use_heap)
549 	zend_string *pattern_lc, *regex;
550 	const char *cur;
551 	int i;
552 
553 	pcre2_code *re;
554 	pcre2_match_data *match_data;
555 	uint32_t capture_count;
556 	int rc;
557 
558 	/* Agent name too short */
559 	if (ZSTR_LEN(agent_name) < browscap_get_minimum_length(entry)) {
560 		return 0;
561 	}
562 
563 	/* Quickly discard patterns where the prefix doesn't match. */
564 	if (zend_binary_strcasecmp(
565 			ZSTR_VAL(agent_name), entry->prefix_len,
566 			ZSTR_VAL(entry->pattern), entry->prefix_len) != 0) {
567 		return 0;
568 	}
569 
570 	/* Lowercase the pattern, the agent name is already lowercase */
571 	ZSTR_ALLOCA_ALLOC(pattern_lc, ZSTR_LEN(entry->pattern), use_heap);
572 	zend_str_tolower_copy(ZSTR_VAL(pattern_lc), ZSTR_VAL(entry->pattern), ZSTR_LEN(entry->pattern));
573 
574 	/* Check if the agent contains the "contains" portions */
575 	cur = ZSTR_VAL(agent_name) + entry->prefix_len;
576 	for (i = 0; i < BROWSCAP_NUM_CONTAINS; i++) {
577 		if (entry->contains_len[i] != 0) {
578 			cur = zend_memnstr(cur,
579 				ZSTR_VAL(pattern_lc) + entry->contains_start[i],
580 				entry->contains_len[i],
581 				ZSTR_VAL(agent_name) + ZSTR_LEN(agent_name));
582 			if (!cur) {
583 				ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
584 				return 0;
585 			}
586 			cur += entry->contains_len[i];
587 		}
588 	}
589 
590 	/* See if we have an exact match, if so, we're done... */
591 	if (zend_string_equals(agent_name, pattern_lc)) {
592 		*found_entry_ptr = entry;
593 		ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
594 		return 1;
595 	}
596 
597 	regex = browscap_convert_pattern(entry->pattern, 0);
598 	re = pcre_get_compiled_regex(regex, &capture_count);
599 	if (re == NULL) {
600 		ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
601 		zend_string_release(regex);
602 		return 0;
603 	}
604 
605 	match_data = php_pcre_create_match_data(capture_count, re);
606 	if (!match_data) {
607 		ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
608 		zend_string_release(regex);
609 		return 0;
610 	}
611 	rc = pcre2_match(re, (PCRE2_SPTR)ZSTR_VAL(agent_name), ZSTR_LEN(agent_name), 0, 0, match_data, php_pcre_mctx());
612 	php_pcre_free_match_data(match_data);
613 	if (rc >= 0) {
614 		/* If we've found a possible browser, we need to do a comparison of the
615 		   number of characters changed in the user agent being checked versus
616 		   the previous match found and the current match. */
617 		if (found_entry) {
618 			size_t i, prev_len = 0, curr_len = 0;
619 			zend_string *previous_match = found_entry->pattern;
620 			zend_string *current_match = entry->pattern;
621 
622 			for (i = 0; i < ZSTR_LEN(previous_match); i++) {
623 				switch (ZSTR_VAL(previous_match)[i]) {
624 					case '?':
625 					case '*':
626 						/* do nothing, ignore these characters in the count */
627 					break;
628 
629 					default:
630 						++prev_len;
631 				}
632 			}
633 
634 			for (i = 0; i < ZSTR_LEN(current_match); i++) {
635 				switch (ZSTR_VAL(current_match)[i]) {
636 					case '?':
637 					case '*':
638 						/* do nothing, ignore these characters in the count */
639 					break;
640 
641 					default:
642 						++curr_len;
643 				}
644 			}
645 
646 			/* Pick which browser pattern replaces the least amount of
647 			   characters when compared to the original user agent string... */
648 			if (prev_len < curr_len) {
649 				*found_entry_ptr = entry;
650 			}
651 		} else {
652 			*found_entry_ptr = entry;
653 		}
654 	}
655 
656 	ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
657 	zend_string_release(regex);
658 	return 0;
659 }
660 /* }}} */
661 
browscap_zval_copy_ctor(zval * p)662 static void browscap_zval_copy_ctor(zval *p) /* {{{ */
663 {
664 	if (Z_REFCOUNTED_P(p)) {
665 		zend_string *str;
666 
667 		ZEND_ASSERT(Z_TYPE_P(p) == IS_STRING);
668 		str = Z_STR_P(p);
669 		if (!(GC_FLAGS(str) & GC_PERSISTENT)) {
670 			GC_ADDREF(str);
671 		} else {
672 			ZVAL_NEW_STR(p, zend_string_init(ZSTR_VAL(str), ZSTR_LEN(str), 0));
673 		}
674 	}
675 }
676 /* }}} */
677 
678 /* {{{ Get information about the capabilities of a browser. If browser_name is omitted or null, HTTP_USER_AGENT is used. Returns an object by default; if return_array is true, returns an array. */
PHP_FUNCTION(get_browser)679 PHP_FUNCTION(get_browser)
680 {
681 	zend_string *agent_name = NULL, *lookup_browser_name;
682 	bool return_array = 0;
683 	browser_data *bdata;
684 	browscap_entry *found_entry = NULL;
685 	HashTable *agent_ht;
686 
687 	ZEND_PARSE_PARAMETERS_START(0, 2)
688 		Z_PARAM_OPTIONAL
689 		Z_PARAM_STR_OR_NULL(agent_name)
690 		Z_PARAM_BOOL(return_array)
691 	ZEND_PARSE_PARAMETERS_END();
692 
693 	if (BROWSCAP_G(activation_bdata).filename[0] != '\0') {
694 		bdata = &BROWSCAP_G(activation_bdata);
695 		if (bdata->htab == NULL) { /* not initialized yet */
696 			if (browscap_read_file(bdata->filename, bdata, 0) == FAILURE) {
697 				RETURN_FALSE;
698 			}
699 		}
700 	} else {
701 		if (!global_bdata.htab) {
702 			php_error_docref(NULL, E_WARNING, "browscap ini directive not set");
703 			RETURN_FALSE;
704 		}
705 		bdata = &global_bdata;
706 	}
707 
708 	if (agent_name == NULL) {
709 		zval *http_user_agent = NULL;
710 		if (Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY
711 				|| zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_SERVER))) {
712 			http_user_agent = zend_hash_str_find(
713 				Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
714 				"HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT")-1);
715 		}
716 		if (http_user_agent == NULL) {
717 			php_error_docref(NULL, E_WARNING, "HTTP_USER_AGENT variable is not set, cannot determine user agent name");
718 			RETURN_FALSE;
719 		}
720 		agent_name = Z_STR_P(http_user_agent);
721 	}
722 
723 	lookup_browser_name = zend_string_tolower(agent_name);
724 	found_entry = zend_hash_find_ptr(bdata->htab, lookup_browser_name);
725 	if (found_entry == NULL) {
726 		browscap_entry *entry;
727 
728 		ZEND_HASH_FOREACH_PTR(bdata->htab, entry) {
729 			if (browser_reg_compare(entry, lookup_browser_name, &found_entry)) {
730 				break;
731 			}
732 		} ZEND_HASH_FOREACH_END();
733 
734 		if (found_entry == NULL) {
735 			found_entry = zend_hash_str_find_ptr(bdata->htab,
736 				DEFAULT_SECTION_NAME, sizeof(DEFAULT_SECTION_NAME)-1);
737 			if (found_entry == NULL) {
738 				zend_string_release(lookup_browser_name);
739 				RETURN_FALSE;
740 			}
741 		}
742 	}
743 
744 	agent_ht = browscap_entry_to_array(bdata, found_entry);
745 
746 	if (return_array) {
747 		RETVAL_ARR(agent_ht);
748 	} else {
749 		object_and_properties_init(return_value, zend_standard_class_def, agent_ht);
750 	}
751 
752 	while (found_entry->parent) {
753 		found_entry = zend_hash_find_ptr(bdata->htab, found_entry->parent);
754 		if (found_entry == NULL) {
755 			break;
756 		}
757 
758 		agent_ht = browscap_entry_to_array(bdata, found_entry);
759 		if (return_array) {
760 			zend_hash_merge(Z_ARRVAL_P(return_value), agent_ht, (copy_ctor_func_t) browscap_zval_copy_ctor, 0);
761 		} else {
762 			zend_hash_merge(Z_OBJPROP_P(return_value), agent_ht, (copy_ctor_func_t) browscap_zval_copy_ctor, 0);
763 		}
764 
765 		zend_hash_destroy(agent_ht);
766 		efree(agent_ht);
767 	}
768 
769 	zend_string_release_ex(lookup_browser_name, 0);
770 }
771 /* }}} */
772