xref: /PHP-8.2/ext/dom/parentnode.c (revision 1e2a2d7d) 
1 /*
2    +----------------------------------------------------------------------+
3    | PHP Version 7                                                        |
4    +----------------------------------------------------------------------+
5    | Copyright (c) The PHP Group                                          |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 3.01 of the PHP license,      |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | https://www.php.net/license/3_01.txt                                 |
11    | If you did not receive a copy of the PHP license and are unable to   |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@php.net so we can mail you a copy immediately.               |
14    +----------------------------------------------------------------------+
15    | Authors: Benjamin Eberlei <beberlei@php.net>                         |
16    +----------------------------------------------------------------------+
17 */
18 
19 #ifdef HAVE_CONFIG_H
20 #include "config.h"
21 #endif
22 
23 #include "php.h"
24 #if defined(HAVE_LIBXML) && defined(HAVE_DOM)
25 #include "php_dom.h"
26 
27 /* {{{ firstElementChild DomParentNode
28 readonly=yes
29 URL: https://www.w3.org/TR/dom/#dom-parentnode-firstelementchild
30 */
dom_parent_node_first_element_child_read(dom_object * obj,zval * retval)31 int dom_parent_node_first_element_child_read(dom_object *obj, zval *retval)
32 {
33 	xmlNode *nodep, *first = NULL;
34 
35 	nodep = dom_object_get_node(obj);
36 
37 	if (nodep == NULL) {
38 		php_dom_throw_error(INVALID_STATE_ERR, 1);
39 		return FAILURE;
40 	}
41 
42 	if (dom_node_children_valid(nodep) == SUCCESS) {
43 		first = nodep->children;
44 
45 		while (first && first->type != XML_ELEMENT_NODE) {
46 			first = first->next;
47 		}
48 	}
49 
50 	if (!first) {
51 		ZVAL_NULL(retval);
52 		return SUCCESS;
53 	}
54 
55 	php_dom_create_object(first, retval, obj);
56 	return SUCCESS;
57 }
58 /* }}} */
59 
60 /* {{{ lastElementChild DomParentNode
61 readonly=yes
62 URL: https://www.w3.org/TR/dom/#dom-parentnode-lastelementchild
63 */
dom_parent_node_last_element_child_read(dom_object * obj,zval * retval)64 int dom_parent_node_last_element_child_read(dom_object *obj, zval *retval)
65 {
66 	xmlNode *nodep, *last = NULL;
67 
68 	nodep = dom_object_get_node(obj);
69 
70 	if (nodep == NULL) {
71 		php_dom_throw_error(INVALID_STATE_ERR, 1);
72 		return FAILURE;
73 	}
74 
75 	if (dom_node_children_valid(nodep) == SUCCESS) {
76 		last = nodep->last;
77 
78 		while (last && last->type != XML_ELEMENT_NODE) {
79 			last = last->prev;
80 		}
81 	}
82 
83 	if (!last) {
84 		ZVAL_NULL(retval);
85 		return SUCCESS;
86 	}
87 
88 	php_dom_create_object(last, retval, obj);
89 	return SUCCESS;
90 }
91 /* }}} */
92 
93 /* {{{ childElementCount DomParentNode
94 readonly=yes
95 https://www.w3.org/TR/dom/#dom-parentnode-childelementcount
96 */
dom_parent_node_child_element_count(dom_object * obj,zval * retval)97 int dom_parent_node_child_element_count(dom_object *obj, zval *retval)
98 {
99 	xmlNode *nodep, *first = NULL;
100 	zend_long count = 0;
101 
102 	nodep = dom_object_get_node(obj);
103 
104 	if (nodep == NULL) {
105 		php_dom_throw_error(INVALID_STATE_ERR, 1);
106 		return FAILURE;
107 	}
108 
109 	if (dom_node_children_valid(nodep) == SUCCESS) {
110 		first = nodep->children;
111 
112 		while (first != NULL) {
113 			if (first->type == XML_ELEMENT_NODE) {
114 				count++;
115 			}
116 
117 			first = first->next;
118 		}
119 	}
120 
121 	ZVAL_LONG(retval, count);
122 
123 	return SUCCESS;
124 }
125 /* }}} */
126 
dom_is_node_in_list(const zval * nodes,int nodesc,const xmlNodePtr node_to_find)127 static bool dom_is_node_in_list(const zval *nodes, int nodesc, const xmlNodePtr node_to_find)
128 {
129 	for (int i = 0; i < nodesc; i++) {
130 		if (Z_TYPE(nodes[i]) == IS_OBJECT) {
131 			const zend_class_entry *ce = Z_OBJCE(nodes[i]);
132 
133 			if (instanceof_function(ce, dom_node_class_entry)) {
134 				if (dom_object_get_node(Z_DOMOBJ_P(nodes + i)) == node_to_find) {
135 					return true;
136 				}
137 			}
138 		}
139 	}
140 
141 	return false;
142 }
143 
dom_doc_from_context_node(xmlNodePtr contextNode)144 static xmlDocPtr dom_doc_from_context_node(xmlNodePtr contextNode)
145 {
146 	if (contextNode->type == XML_DOCUMENT_NODE || contextNode->type == XML_HTML_DOCUMENT_NODE) {
147 		return (xmlDocPtr) contextNode;
148 	} else {
149 		return contextNode->doc;
150 	}
151 }
152 
153 /* Citing from the docs (https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-tree.html#xmlAddChild):
154  * "Add a new node to @parent, at the end of the child (or property) list merging adjacent TEXT nodes (in which case @cur is freed)".
155  * So we must use a custom way of adding that does not merge. */
dom_add_child_without_merging(xmlNodePtr parent,xmlNodePtr child)156 static void dom_add_child_without_merging(xmlNodePtr parent, xmlNodePtr child)
157 {
158 	if (parent->children == NULL) {
159 		parent->children = child;
160 	} else {
161 		xmlNodePtr last = parent->last;
162 		last->next = child;
163 		child->prev = last;
164 	}
165 	parent->last = child;
166 	child->parent = parent;
167 }
168 
dom_zvals_to_fragment(php_libxml_ref_obj * document,xmlNode * contextNode,zval * nodes,int nodesc)169 xmlNode* dom_zvals_to_fragment(php_libxml_ref_obj *document, xmlNode *contextNode, zval *nodes, int nodesc)
170 {
171 	int i;
172 	xmlDoc *documentNode;
173 	xmlNode *fragment;
174 	xmlNode *newNode;
175 	dom_object *newNodeObj;
176 
177 	documentNode = dom_doc_from_context_node(contextNode);
178 
179 	fragment = xmlNewDocFragment(documentNode);
180 
181 	if (!fragment) {
182 		return NULL;
183 	}
184 
185 	for (i = 0; i < nodesc; i++) {
186 		if (Z_TYPE(nodes[i]) == IS_OBJECT) {
187 			newNodeObj = Z_DOMOBJ_P(&nodes[i]);
188 			newNode = dom_object_get_node(newNodeObj);
189 
190 			if (newNode->parent != NULL) {
191 				xmlUnlinkNode(newNode);
192 			}
193 
194 			newNodeObj->document = document;
195 			xmlSetTreeDoc(newNode, documentNode);
196 
197 			/* Citing from the docs (https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-tree.html#xmlAddChild):
198 			 * "Add a new node to @parent, at the end of the child (or property) list merging adjacent TEXT nodes (in which case @cur is freed)".
199 			 * So we must take a copy if this situation arises to prevent a use-after-free. */
200 			bool will_free = newNode->type == XML_TEXT_NODE && fragment->last && fragment->last->type == XML_TEXT_NODE;
201 			if (will_free) {
202 				newNode = xmlCopyNode(newNode, 0);
203 			}
204 
205 			if (newNode->type == XML_DOCUMENT_FRAG_NODE) {
206 				/* Unpack document fragment nodes, the behaviour differs for different libxml2 versions. */
207 				newNode = newNode->children;
208 				while (newNode) {
209 					xmlNodePtr next = newNode->next;
210 					xmlUnlinkNode(newNode);
211 					dom_add_child_without_merging(fragment, newNode);
212 					newNode = next;
213 				}
214 			} else if (!xmlAddChild(fragment, newNode)) {
215 				if (will_free) {
216 					xmlFreeNode(newNode);
217 				}
218 				goto err;
219 			}
220 		} else {
221 			ZEND_ASSERT(Z_TYPE(nodes[i]) == IS_STRING);
222 
223 			newNode = xmlNewDocText(documentNode, (xmlChar *) Z_STRVAL(nodes[i]));
224 
225 			xmlSetTreeDoc(newNode, documentNode);
226 
227 			if (!xmlAddChild(fragment, newNode)) {
228 				xmlFreeNode(newNode);
229 				goto err;
230 			}
231 		}
232 	}
233 
234 	return fragment;
235 
236 err:
237 	xmlFreeNode(fragment);
238 	return NULL;
239 }
240 
dom_fragment_assign_parent_node(xmlNodePtr parentNode,xmlNodePtr fragment)241 static void dom_fragment_assign_parent_node(xmlNodePtr parentNode, xmlNodePtr fragment)
242 {
243 	xmlNodePtr node = fragment->children;
244 
245 	while (node != NULL) {
246 		node->parent = parentNode;
247 
248 		if (node == fragment->last) {
249 			break;
250 		}
251 		node = node->next;
252 	}
253 
254 	fragment->children = NULL;
255 	fragment->last = NULL;
256 }
257 
dom_sanity_check_node_list_for_insertion(php_libxml_ref_obj * document,xmlNodePtr parentNode,zval * nodes,int nodesc)258 static zend_result dom_sanity_check_node_list_for_insertion(php_libxml_ref_obj *document, xmlNodePtr parentNode, zval *nodes, int nodesc)
259 {
260 	if (document == NULL) {
261 		php_dom_throw_error(HIERARCHY_REQUEST_ERR, 1);
262 		return FAILURE;
263 	}
264 
265 	xmlDocPtr documentNode = dom_doc_from_context_node(parentNode);
266 
267 	for (int i = 0; i < nodesc; i++) {
268 		zend_uchar type = Z_TYPE(nodes[i]);
269 		if (type == IS_OBJECT) {
270 			const zend_class_entry *ce = Z_OBJCE(nodes[i]);
271 
272 			if (instanceof_function(ce, dom_node_class_entry)) {
273 				xmlNodePtr node = dom_object_get_node(Z_DOMOBJ_P(nodes + i));
274 
275 				if (node->doc != documentNode) {
276 					php_dom_throw_error(WRONG_DOCUMENT_ERR, dom_get_strict_error(document));
277 					return FAILURE;
278 				}
279 
280 				if (node->type == XML_ATTRIBUTE_NODE || dom_hierarchy(parentNode, node) != SUCCESS) {
281 					php_dom_throw_error(HIERARCHY_REQUEST_ERR, dom_get_strict_error(document));
282 					return FAILURE;
283 				}
284 			} else {
285 				zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i]));
286 				return FAILURE;
287 			}
288 		} else if (type != IS_STRING) {
289 			zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i]));
290 			return FAILURE;
291 		}
292 	}
293 
294 	return SUCCESS;
295 }
296 
dom_pre_insert(xmlNodePtr insertion_point,xmlNodePtr parentNode,xmlNodePtr newchild,xmlNodePtr fragment)297 static void dom_pre_insert(xmlNodePtr insertion_point, xmlNodePtr parentNode, xmlNodePtr newchild, xmlNodePtr fragment)
298 {
299 	if (!insertion_point) {
300 		/* Place it as last node */
301 		if (parentNode->children) {
302 			/* There are children */
303 			newchild->prev = parentNode->last;
304 			parentNode->last->next = newchild;
305 		} else {
306 			/* No children, because they moved out when they became a fragment */
307 			parentNode->children = newchild;
308 		}
309 		parentNode->last = fragment->last;
310 	} else {
311 		/* Insert fragment before insertion_point */
312 		fragment->last->next = insertion_point;
313 		if (insertion_point->prev) {
314 			insertion_point->prev->next = newchild;
315 			newchild->prev = insertion_point->prev;
316 		}
317 		insertion_point->prev = fragment->last;
318 		if (parentNode->children == insertion_point) {
319 			parentNode->children = newchild;
320 		}
321 	}
322 }
323 
dom_parent_node_append(dom_object * context,zval * nodes,int nodesc)324 void dom_parent_node_append(dom_object *context, zval *nodes, int nodesc)
325 {
326 	xmlNode *parentNode = dom_object_get_node(context);
327 	xmlNodePtr newchild, prevsib;
328 
329 	if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
330 		return;
331 	}
332 
333 	xmlNode *fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
334 
335 	if (fragment == NULL) {
336 		return;
337 	}
338 
339 	newchild = fragment->children;
340 	prevsib = parentNode->last;
341 
342 	if (newchild) {
343 		if (prevsib != NULL) {
344 			prevsib->next = newchild;
345 		} else {
346 			parentNode->children = newchild;
347 		}
348 
349 		xmlNodePtr last = fragment->last;
350 		parentNode->last = last;
351 
352 		newchild->prev = prevsib;
353 
354 		dom_fragment_assign_parent_node(parentNode, fragment);
355 
356 		dom_reconcile_ns_list(parentNode->doc, newchild, last);
357 	}
358 
359 	xmlFree(fragment);
360 }
361 
dom_parent_node_prepend(dom_object * context,zval * nodes,int nodesc)362 void dom_parent_node_prepend(dom_object *context, zval *nodes, int nodesc)
363 {
364 	xmlNode *parentNode = dom_object_get_node(context);
365 
366 	if (parentNode->children == NULL) {
367 		dom_parent_node_append(context, nodes, nodesc);
368 		return;
369 	}
370 
371 	if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
372 		return;
373 	}
374 
375 	xmlNode *fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
376 
377 	if (fragment == NULL) {
378 		return;
379 	}
380 
381 	xmlNode *newchild = fragment->children;
382 
383 	if (newchild) {
384 		xmlNodePtr last = fragment->last;
385 
386 		dom_pre_insert(parentNode->children, parentNode, newchild, fragment);
387 
388 		dom_fragment_assign_parent_node(parentNode, fragment);
389 
390 		dom_reconcile_ns_list(parentNode->doc, newchild, last);
391 	}
392 
393 	xmlFree(fragment);
394 }
395 
dom_parent_node_after(dom_object * context,zval * nodes,int nodesc)396 void dom_parent_node_after(dom_object *context, zval *nodes, int nodesc)
397 {
398 	/* Spec link: https://dom.spec.whatwg.org/#dom-childnode-after */
399 
400 	xmlNode *prevsib = dom_object_get_node(context);
401 	xmlNodePtr newchild, parentNode;
402 	xmlNode *fragment;
403 	xmlDoc *doc;
404 
405 	/* Spec step 1 */
406 	parentNode = prevsib->parent;
407 	/* Spec step 2 */
408 	if (!parentNode) {
409 		int stricterror = dom_get_strict_error(context->document);
410 		php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror);
411 		return;
412 	}
413 
414 	/* Spec step 3: find first following child not in nodes; otherwise null */
415 	xmlNodePtr viable_next_sibling = prevsib->next;
416 	while (viable_next_sibling) {
417 		if (!dom_is_node_in_list(nodes, nodesc, viable_next_sibling)) {
418 			break;
419 		}
420 		viable_next_sibling = viable_next_sibling->next;
421 	}
422 
423 	doc = prevsib->doc;
424 
425 	if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
426 		return;
427 	}
428 
429 	/* Spec step 4: convert nodes into fragment */
430 	fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
431 
432 	if (fragment == NULL) {
433 		return;
434 	}
435 
436 	newchild = fragment->children;
437 
438 	if (newchild) {
439 		xmlNodePtr last = fragment->last;
440 
441 		/* Step 5: place fragment into the parent before viable_next_sibling */
442 		dom_pre_insert(viable_next_sibling, parentNode, newchild, fragment);
443 
444 		dom_fragment_assign_parent_node(parentNode, fragment);
445 		dom_reconcile_ns_list(doc, newchild, last);
446 	}
447 
448 	xmlFree(fragment);
449 }
450 
dom_parent_node_before(dom_object * context,zval * nodes,int nodesc)451 void dom_parent_node_before(dom_object *context, zval *nodes, int nodesc)
452 {
453 	/* Spec link: https://dom.spec.whatwg.org/#dom-childnode-before */
454 
455 	xmlNode *nextsib = dom_object_get_node(context);
456 	xmlNodePtr newchild, parentNode;
457 	xmlNode *fragment;
458 	xmlDoc *doc;
459 
460 	/* Spec step 1 */
461 	parentNode = nextsib->parent;
462 	/* Spec step 2 */
463 	if (!parentNode) {
464 		int stricterror = dom_get_strict_error(context->document);
465 		php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror);
466 		return;
467 	}
468 
469 	/* Spec step 3: find first following child not in nodes; otherwise null */
470 	xmlNodePtr viable_previous_sibling = nextsib->prev;
471 	while (viable_previous_sibling) {
472 		if (!dom_is_node_in_list(nodes, nodesc, viable_previous_sibling)) {
473 			break;
474 		}
475 		viable_previous_sibling = viable_previous_sibling->prev;
476 	}
477 
478 	doc = nextsib->doc;
479 
480 	if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
481 		return;
482 	}
483 
484 	/* Spec step 4: convert nodes into fragment */
485 	fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
486 
487 	if (fragment == NULL) {
488 		return;
489 	}
490 
491 	newchild = fragment->children;
492 
493 	if (newchild) {
494 		xmlNodePtr last = fragment->last;
495 
496 		/* Step 5: if viable_previous_sibling is null, set it to the parent's first child, otherwise viable_previous_sibling's next sibling */
497 		if (!viable_previous_sibling) {
498 			viable_previous_sibling = parentNode->children;
499 		} else {
500 			viable_previous_sibling = viable_previous_sibling->next;
501 		}
502 		/* Step 6: place fragment into the parent after viable_previous_sibling */
503 		dom_pre_insert(viable_previous_sibling, parentNode, newchild, fragment);
504 
505 		dom_fragment_assign_parent_node(parentNode, fragment);
506 		dom_reconcile_ns_list(doc, newchild, last);
507 	}
508 
509 	xmlFree(fragment);
510 }
511 
dom_child_removal_preconditions(const xmlNodePtr child,int stricterror)512 static zend_result dom_child_removal_preconditions(const xmlNodePtr child, int stricterror)
513 {
514 	if (dom_node_is_read_only(child) == SUCCESS ||
515 		(child->parent != NULL && dom_node_is_read_only(child->parent) == SUCCESS)) {
516 		php_dom_throw_error(NO_MODIFICATION_ALLOWED_ERR, stricterror);
517 		return FAILURE;
518 	}
519 
520 	if (!child->parent) {
521 		php_dom_throw_error(NOT_FOUND_ERR, stricterror);
522 		return FAILURE;
523 	}
524 
525 	if (dom_node_children_valid(child->parent) == FAILURE) {
526 		return FAILURE;
527 	}
528 
529 	xmlNodePtr children = child->parent->children;
530 	if (!children) {
531 		php_dom_throw_error(NOT_FOUND_ERR, stricterror);
532 		return FAILURE;
533 	}
534 
535 	return SUCCESS;
536 }
537 
dom_child_node_remove(dom_object * context)538 void dom_child_node_remove(dom_object *context)
539 {
540 	xmlNode *child = dom_object_get_node(context);
541 	xmlNodePtr children;
542 	int stricterror;
543 
544 	stricterror = dom_get_strict_error(context->document);
545 
546 	if (UNEXPECTED(dom_child_removal_preconditions(child, stricterror) != SUCCESS)) {
547 		return;
548 	}
549 
550 	children = child->parent->children;
551 	while (children) {
552 		if (children == child) {
553 			xmlUnlinkNode(child);
554 			return;
555 		}
556 		children = children->next;
557 	}
558 
559 	php_dom_throw_error(NOT_FOUND_ERR, stricterror);
560 }
561 
dom_child_replace_with(dom_object * context,zval * nodes,int nodesc)562 void dom_child_replace_with(dom_object *context, zval *nodes, int nodesc)
563 {
564 	/* Spec link: https://dom.spec.whatwg.org/#dom-childnode-replacewith */
565 
566 	xmlNodePtr child = dom_object_get_node(context);
567 
568 	/* Spec step 1 */
569 	xmlNodePtr parentNode = child->parent;
570 	/* Spec step 2 */
571 	if (!parentNode) {
572 		int stricterror = dom_get_strict_error(context->document);
573 		php_dom_throw_error(HIERARCHY_REQUEST_ERR, stricterror);
574 		return;
575 	}
576 
577 	int stricterror = dom_get_strict_error(context->document);
578 	if (UNEXPECTED(dom_child_removal_preconditions(child, stricterror) != SUCCESS)) {
579 		return;
580 	}
581 
582 	/* Spec step 3: find first following child not in nodes; otherwise null */
583 	xmlNodePtr viable_next_sibling = child->next;
584 	while (viable_next_sibling) {
585 		if (!dom_is_node_in_list(nodes, nodesc, viable_next_sibling)) {
586 			break;
587 		}
588 		viable_next_sibling = viable_next_sibling->next;
589 	}
590 
591 	if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
592 		return;
593 	}
594 
595 	/* Spec step 4: convert nodes into fragment */
596 	xmlNodePtr fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
597 	if (UNEXPECTED(fragment == NULL)) {
598 		return;
599 	}
600 
601 	/* Spec step 5: perform the replacement */
602 
603 	xmlNodePtr newchild = fragment->children;
604 	xmlDocPtr doc = parentNode->doc;
605 
606 	/* Unlink and free it unless it became a part of the fragment. */
607 	if (child->parent != fragment) {
608 		xmlUnlinkNode(child);
609 	}
610 
611 	if (newchild) {
612 		xmlNodePtr last = fragment->last;
613 
614 		dom_pre_insert(viable_next_sibling, parentNode, newchild, fragment);
615 
616 		dom_fragment_assign_parent_node(parentNode, fragment);
617 		dom_reconcile_ns_list(doc, newchild, last);
618 	}
619 
620 	xmlFree(fragment);
621 }
622 
623 #endif
624