xref: /PHP-8.1/ext/standard/http.c (revision 01b3fc03)
1 /*
2    +----------------------------------------------------------------------+
3    | Copyright (c) The PHP Group                                          |
4    +----------------------------------------------------------------------+
5    | This source file is subject to version 3.01 of the PHP license,      |
6    | that is bundled with this package in the file LICENSE, and is        |
7    | available through the world-wide-web at the following url:           |
8    | https://www.php.net/license/3_01.txt                                 |
9    | If you did not receive a copy of the PHP license and are unable to   |
10    | obtain it through the world-wide-web, please send a note to          |
11    | license@php.net so we can mail you a copy immediately.               |
12    +----------------------------------------------------------------------+
13    | Authors: Sara Golemon <pollita@php.net>                              |
14    +----------------------------------------------------------------------+
15 */
16 
17 #include "php_http.h"
18 #include "php_ini.h"
19 #include "url.h"
20 
21 #define URL_DEFAULT_ARG_SEP "&"
22 
23 /* {{{ php_url_encode_hash */
php_url_encode_hash_ex(HashTable * ht,smart_str * formstr,const char * num_prefix,size_t num_prefix_len,const char * key_prefix,size_t key_prefix_len,const char * key_suffix,size_t key_suffix_len,zval * type,const char * arg_sep,int enc_type)24 PHPAPI void php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
25 				const char *num_prefix, size_t num_prefix_len,
26 				const char *key_prefix, size_t key_prefix_len,
27 				const char *key_suffix, size_t key_suffix_len,
28 			  zval *type, const char *arg_sep, int enc_type)
29 {
30 	zend_string *key = NULL;
31 	char *newprefix, *p;
32 	const char *prop_name;
33 	size_t arg_sep_len, newprefix_len, prop_len;
34 	zend_ulong idx;
35 	zval *zdata = NULL;
36 	ZEND_ASSERT(ht);
37 
38 	if (GC_IS_RECURSIVE(ht)) {
39 		/* Prevent recursion */
40 		return;
41 	}
42 
43 	if (!arg_sep) {
44 		arg_sep = INI_STR("arg_separator.output");
45 		if (!arg_sep || !strlen(arg_sep)) {
46 			arg_sep = URL_DEFAULT_ARG_SEP;
47 		}
48 	}
49 	arg_sep_len = strlen(arg_sep);
50 
51 	ZEND_HASH_FOREACH_KEY_VAL(ht, idx, key, zdata) {
52 		bool is_dynamic = 1;
53 		if (Z_TYPE_P(zdata) == IS_INDIRECT) {
54 			zdata = Z_INDIRECT_P(zdata);
55 			if (Z_ISUNDEF_P(zdata)) {
56 				continue;
57 			}
58 
59 			is_dynamic = 0;
60 		}
61 
62 		/* handling for private & protected object properties */
63 		if (key) {
64 			prop_name = ZSTR_VAL(key);
65 			prop_len = ZSTR_LEN(key);
66 
67 			if (type != NULL && zend_check_property_access(Z_OBJ_P(type), key, is_dynamic) != SUCCESS) {
68 				/* property not visible in this scope */
69 				continue;
70 			}
71 
72 			if (ZSTR_VAL(key)[0] == '\0' && type != NULL) {
73 				const char *tmp;
74 				zend_unmangle_property_name_ex(key, &tmp, &prop_name, &prop_len);
75 			} else {
76 				prop_name = ZSTR_VAL(key);
77 				prop_len = ZSTR_LEN(key);
78 			}
79 		} else {
80 			prop_name = NULL;
81 			prop_len = 0;
82 		}
83 
84 		ZVAL_DEREF(zdata);
85 		if (Z_TYPE_P(zdata) == IS_ARRAY || Z_TYPE_P(zdata) == IS_OBJECT) {
86 			if (key) {
87 				zend_string *ekey;
88 				if (enc_type == PHP_QUERY_RFC3986) {
89 					ekey = php_raw_url_encode(prop_name, prop_len);
90 				} else {
91 					ekey = php_url_encode(prop_name, prop_len);
92 				}
93 				newprefix_len = key_suffix_len + ZSTR_LEN(ekey) + key_prefix_len + 3 /* %5B */;
94 				newprefix = emalloc(newprefix_len + 1);
95 				p = newprefix;
96 
97 				if (key_prefix) {
98 					memcpy(p, key_prefix, key_prefix_len);
99 					p += key_prefix_len;
100 				}
101 
102 				memcpy(p, ZSTR_VAL(ekey), ZSTR_LEN(ekey));
103 				p += ZSTR_LEN(ekey);
104 				zend_string_free(ekey);
105 
106 				if (key_suffix) {
107 					memcpy(p, key_suffix, key_suffix_len);
108 					p += key_suffix_len;
109 				}
110 				*(p++) = '%';
111 				*(p++) = '5';
112 				*(p++) = 'B';
113 				*p = '\0';
114 			} else {
115 				char *ekey;
116 				size_t ekey_len;
117 				/* Is an integer key */
118 				ekey_len = spprintf(&ekey, 0, ZEND_LONG_FMT, idx);
119 				newprefix_len = key_prefix_len + num_prefix_len + ekey_len + key_suffix_len + 3 /* %5B */;
120 				newprefix = emalloc(newprefix_len + 1);
121 				p = newprefix;
122 
123 				if (key_prefix) {
124 					memcpy(p, key_prefix, key_prefix_len);
125 					p += key_prefix_len;
126 				}
127 
128 				if (num_prefix) {
129 					memcpy(p, num_prefix, num_prefix_len);
130 					p += num_prefix_len;
131 				}
132 
133 				memcpy(p, ekey, ekey_len);
134 				p += ekey_len;
135 				efree(ekey);
136 
137 				if (key_suffix) {
138 					memcpy(p, key_suffix, key_suffix_len);
139 					p += key_suffix_len;
140 				}
141 				*(p++) = '%';
142 				*(p++) = '5';
143 				*(p++) = 'B';
144 				*p = '\0';
145 			}
146 			GC_TRY_PROTECT_RECURSION(ht);
147 			php_url_encode_hash_ex(HASH_OF(zdata), formstr, NULL, 0, newprefix, newprefix_len, "%5D", 3, (Z_TYPE_P(zdata) == IS_OBJECT ? zdata : NULL), arg_sep, enc_type);
148 			GC_TRY_UNPROTECT_RECURSION(ht);
149 			efree(newprefix);
150 		} else if (Z_TYPE_P(zdata) == IS_NULL || Z_TYPE_P(zdata) == IS_RESOURCE) {
151 			/* Skip these types */
152 			continue;
153 		} else {
154 			if (formstr->s) {
155 				smart_str_appendl(formstr, arg_sep, arg_sep_len);
156 			}
157 			/* Simple key=value */
158 			if (key_prefix) {
159 				smart_str_appendl(formstr, key_prefix, key_prefix_len);
160 			}
161 			if (key) {
162 				zend_string *ekey;
163 				if (enc_type == PHP_QUERY_RFC3986) {
164 					ekey = php_raw_url_encode(prop_name, prop_len);
165 				} else {
166 					ekey = php_url_encode(prop_name, prop_len);
167 				}
168 				smart_str_append(formstr, ekey);
169 				zend_string_free(ekey);
170 			} else {
171 				/* Numeric key */
172 				if (num_prefix) {
173 					smart_str_appendl(formstr, num_prefix, num_prefix_len);
174 				}
175 				smart_str_append_long(formstr, idx);
176 			}
177 			if (key_suffix) {
178 				smart_str_appendl(formstr, key_suffix, key_suffix_len);
179 			}
180 			smart_str_appendl(formstr, "=", 1);
181 			switch (Z_TYPE_P(zdata)) {
182 				case IS_STRING: {
183 						zend_string *ekey;
184 						if (enc_type == PHP_QUERY_RFC3986) {
185 							ekey = php_raw_url_encode(Z_STRVAL_P(zdata), Z_STRLEN_P(zdata));
186 						} else {
187 							ekey = php_url_encode(Z_STRVAL_P(zdata), Z_STRLEN_P(zdata));
188 						}
189 						smart_str_append(formstr, ekey);
190 						zend_string_free(ekey);
191 					}
192 					break;
193 				case IS_LONG:
194 					smart_str_append_long(formstr, Z_LVAL_P(zdata));
195 					break;
196 				case IS_FALSE:
197 					smart_str_appendl(formstr, "0", sizeof("0")-1);
198 					break;
199 				case IS_TRUE:
200 					smart_str_appendl(formstr, "1", sizeof("1")-1);
201 					break;
202 				default:
203 					{
204 						zend_string *ekey;
205 						zend_string *tmp;
206 						zend_string *str= zval_get_tmp_string(zdata, &tmp);
207 						if (enc_type == PHP_QUERY_RFC3986) {
208 							ekey = php_raw_url_encode(ZSTR_VAL(str), ZSTR_LEN(str));
209 						} else {
210 							ekey = php_url_encode(ZSTR_VAL(str), ZSTR_LEN(str));
211 						}
212 						smart_str_append(formstr, ekey);
213 						zend_tmp_string_release(tmp);
214 						zend_string_free(ekey);
215 					}
216 			}
217 		}
218 	} ZEND_HASH_FOREACH_END();
219 }
220 /* }}} */
221 
222 /* {{{ Generates a form-encoded query string from an associative array or object. */
PHP_FUNCTION(http_build_query)223 PHP_FUNCTION(http_build_query)
224 {
225 	zval *formdata;
226 	char *prefix = NULL, *arg_sep=NULL;
227 	size_t arg_sep_len = 0, prefix_len = 0;
228 	smart_str formstr = {0};
229 	zend_long enc_type = PHP_QUERY_RFC1738;
230 
231 	ZEND_PARSE_PARAMETERS_START(1, 4)
232 		Z_PARAM_ARRAY_OR_OBJECT(formdata)
233 		Z_PARAM_OPTIONAL
234 		Z_PARAM_STRING(prefix, prefix_len)
235 		Z_PARAM_STRING_OR_NULL(arg_sep, arg_sep_len)
236 		Z_PARAM_LONG(enc_type)
237 	ZEND_PARSE_PARAMETERS_END();
238 
239 	php_url_encode_hash_ex(HASH_OF(formdata), &formstr, prefix, prefix_len, NULL, 0, NULL, 0, (Z_TYPE_P(formdata) == IS_OBJECT ? formdata : NULL), arg_sep, (int)enc_type);
240 
241 	if (!formstr.s) {
242 		RETURN_EMPTY_STRING();
243 	}
244 
245 	smart_str_0(&formstr);
246 
247 	RETURN_NEW_STR(formstr.s);
248 }
249 /* }}} */
250