1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | https://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Benjamin Eberlei <beberlei@php.net> |
16 +----------------------------------------------------------------------+
17 */
18
19 #ifdef HAVE_CONFIG_H
20 #include "config.h"
21 #endif
22
23 #include "php.h"
24 #if defined(HAVE_LIBXML) && defined(HAVE_DOM)
25 #include "php_dom.h"
26
27 /* {{{ firstElementChild DomParentNode
28 readonly=yes
29 URL: https://www.w3.org/TR/dom/#dom-parentnode-firstelementchild
30 */
dom_parent_node_first_element_child_read(dom_object * obj,zval * retval)31 int dom_parent_node_first_element_child_read(dom_object *obj, zval *retval)
32 {
33 xmlNode *nodep, *first = NULL;
34
35 nodep = dom_object_get_node(obj);
36
37 if (nodep == NULL) {
38 php_dom_throw_error(INVALID_STATE_ERR, 1);
39 return FAILURE;
40 }
41
42 if (dom_node_children_valid(nodep) == SUCCESS) {
43 first = nodep->children;
44
45 while (first && first->type != XML_ELEMENT_NODE) {
46 first = first->next;
47 }
48 }
49
50 if (!first) {
51 ZVAL_NULL(retval);
52 return SUCCESS;
53 }
54
55 php_dom_create_object(first, retval, obj);
56 return SUCCESS;
57 }
58 /* }}} */
59
60 /* {{{ lastElementChild DomParentNode
61 readonly=yes
62 URL: https://www.w3.org/TR/dom/#dom-parentnode-lastelementchild
63 */
dom_parent_node_last_element_child_read(dom_object * obj,zval * retval)64 int dom_parent_node_last_element_child_read(dom_object *obj, zval *retval)
65 {
66 xmlNode *nodep, *last = NULL;
67
68 nodep = dom_object_get_node(obj);
69
70 if (nodep == NULL) {
71 php_dom_throw_error(INVALID_STATE_ERR, 1);
72 return FAILURE;
73 }
74
75 if (dom_node_children_valid(nodep) == SUCCESS) {
76 last = nodep->last;
77
78 while (last && last->type != XML_ELEMENT_NODE) {
79 last = last->prev;
80 }
81 }
82
83 if (!last) {
84 ZVAL_NULL(retval);
85 return SUCCESS;
86 }
87
88 php_dom_create_object(last, retval, obj);
89 return SUCCESS;
90 }
91 /* }}} */
92
93 /* {{{ childElementCount DomParentNode
94 readonly=yes
95 https://www.w3.org/TR/dom/#dom-parentnode-childelementcount
96 */
dom_parent_node_child_element_count(dom_object * obj,zval * retval)97 int dom_parent_node_child_element_count(dom_object *obj, zval *retval)
98 {
99 xmlNode *nodep, *first = NULL;
100 zend_long count = 0;
101
102 nodep = dom_object_get_node(obj);
103
104 if (nodep == NULL) {
105 php_dom_throw_error(INVALID_STATE_ERR, 1);
106 return FAILURE;
107 }
108
109 if (dom_node_children_valid(nodep) == SUCCESS) {
110 first = nodep->children;
111
112 while (first != NULL) {
113 if (first->type == XML_ELEMENT_NODE) {
114 count++;
115 }
116
117 first = first->next;
118 }
119 }
120
121 ZVAL_LONG(retval, count);
122
123 return SUCCESS;
124 }
125 /* }}} */
126
dom_is_node_in_list(const zval * nodes,uint32_t nodesc,const xmlNodePtr node_to_find)127 static bool dom_is_node_in_list(const zval *nodes, uint32_t nodesc, const xmlNodePtr node_to_find)
128 {
129 for (uint32_t i = 0; i < nodesc; i++) {
130 if (Z_TYPE(nodes[i]) == IS_OBJECT) {
131 if (dom_object_get_node(Z_DOMOBJ_P(nodes + i)) == node_to_find) {
132 return true;
133 }
134 }
135 }
136
137 return false;
138 }
139
dom_doc_from_context_node(xmlNodePtr contextNode)140 static xmlDocPtr dom_doc_from_context_node(xmlNodePtr contextNode)
141 {
142 if (contextNode->type == XML_DOCUMENT_NODE || contextNode->type == XML_HTML_DOCUMENT_NODE) {
143 return (xmlDocPtr) contextNode;
144 } else {
145 return contextNode->doc;
146 }
147 }
148
149 /* Citing from the docs (https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-tree.html#xmlAddChild):
150 * "Add a new node to @parent, at the end of the child (or property) list merging adjacent TEXT nodes (in which case @cur is freed)".
151 * So we must use a custom way of adding that does not merge. */
dom_add_child_without_merging(xmlNodePtr parent,xmlNodePtr child)152 static void dom_add_child_without_merging(xmlNodePtr parent, xmlNodePtr child)
153 {
154 if (parent->children == NULL) {
155 parent->children = child;
156 } else {
157 xmlNodePtr last = parent->last;
158 last->next = child;
159 child->prev = last;
160 }
161 parent->last = child;
162 child->parent = parent;
163 }
164
dom_zvals_to_fragment(php_libxml_ref_obj * document,xmlNode * contextNode,zval * nodes,int nodesc)165 xmlNode* dom_zvals_to_fragment(php_libxml_ref_obj *document, xmlNode *contextNode, zval *nodes, int nodesc)
166 {
167 xmlDoc *documentNode;
168 xmlNode *fragment;
169 xmlNode *newNode;
170 dom_object *newNodeObj;
171
172 documentNode = dom_doc_from_context_node(contextNode);
173
174 fragment = xmlNewDocFragment(documentNode);
175
176 if (!fragment) {
177 return NULL;
178 }
179
180 for (uint32_t i = 0; i < nodesc; i++) {
181 if (Z_TYPE(nodes[i]) == IS_OBJECT) {
182 newNodeObj = Z_DOMOBJ_P(&nodes[i]);
183 newNode = dom_object_get_node(newNodeObj);
184
185 if (newNode->parent != NULL) {
186 xmlUnlinkNode(newNode);
187 }
188
189 newNodeObj->document = document;
190 xmlSetTreeDoc(newNode, documentNode);
191
192 /* Citing from the docs (https://gnome.pages.gitlab.gnome.org/libxml2/devhelp/libxml2-tree.html#xmlAddChild):
193 * "Add a new node to @parent, at the end of the child (or property) list merging adjacent TEXT nodes (in which case @cur is freed)".
194 * So we must take a copy if this situation arises to prevent a use-after-free. */
195 bool will_free = newNode->type == XML_TEXT_NODE && fragment->last && fragment->last->type == XML_TEXT_NODE;
196 if (will_free) {
197 newNode = xmlCopyNode(newNode, 0);
198 }
199
200 if (newNode->type == XML_DOCUMENT_FRAG_NODE) {
201 /* Unpack document fragment nodes, the behaviour differs for different libxml2 versions. */
202 newNode = newNode->children;
203 while (newNode) {
204 xmlNodePtr next = newNode->next;
205 xmlUnlinkNode(newNode);
206 dom_add_child_without_merging(fragment, newNode);
207 newNode = next;
208 }
209 } else if (!xmlAddChild(fragment, newNode)) {
210 if (will_free) {
211 xmlFreeNode(newNode);
212 }
213 goto err;
214 }
215 } else {
216 ZEND_ASSERT(Z_TYPE(nodes[i]) == IS_STRING);
217
218 newNode = xmlNewDocText(documentNode, (xmlChar *) Z_STRVAL(nodes[i]));
219
220 if (!xmlAddChild(fragment, newNode)) {
221 xmlFreeNode(newNode);
222 goto err;
223 }
224 }
225 }
226
227 return fragment;
228
229 err:
230 xmlFreeNode(fragment);
231 return NULL;
232 }
233
dom_fragment_assign_parent_node(xmlNodePtr parentNode,xmlNodePtr fragment)234 static void dom_fragment_assign_parent_node(xmlNodePtr parentNode, xmlNodePtr fragment)
235 {
236 xmlNodePtr node = fragment->children;
237
238 while (node != NULL) {
239 node->parent = parentNode;
240
241 if (node == fragment->last) {
242 break;
243 }
244 node = node->next;
245 }
246
247 fragment->children = NULL;
248 fragment->last = NULL;
249 }
250
dom_sanity_check_node_list_for_insertion(php_libxml_ref_obj * document,xmlNodePtr parentNode,zval * nodes,int nodesc)251 static zend_result dom_sanity_check_node_list_for_insertion(php_libxml_ref_obj *document, xmlNodePtr parentNode, zval *nodes, int nodesc)
252 {
253 if (UNEXPECTED(parentNode == NULL)) {
254 /* No error required, this must be a no-op per spec */
255 return FAILURE;
256 }
257
258 xmlDocPtr documentNode = dom_doc_from_context_node(parentNode);
259
260 for (uint32_t i = 0; i < nodesc; i++) {
261 zend_uchar type = Z_TYPE(nodes[i]);
262 if (type == IS_OBJECT) {
263 const zend_class_entry *ce = Z_OBJCE(nodes[i]);
264
265 if (instanceof_function(ce, dom_node_class_entry)) {
266 xmlNodePtr node = dom_object_get_node(Z_DOMOBJ_P(nodes + i));
267
268 if (node->doc != documentNode) {
269 php_dom_throw_error(WRONG_DOCUMENT_ERR, dom_get_strict_error(document));
270 return FAILURE;
271 }
272
273 if (node->type == XML_ATTRIBUTE_NODE || dom_hierarchy(parentNode, node) != SUCCESS) {
274 php_dom_throw_error(HIERARCHY_REQUEST_ERR, dom_get_strict_error(document));
275 return FAILURE;
276 }
277 } else {
278 zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i]));
279 return FAILURE;
280 }
281 } else if (type != IS_STRING) {
282 zend_argument_type_error(i + 1, "must be of type DOMNode|string, %s given", zend_zval_type_name(&nodes[i]));
283 return FAILURE;
284 }
285 }
286
287 return SUCCESS;
288 }
289
dom_pre_insert(xmlNodePtr insertion_point,xmlNodePtr parentNode,xmlNodePtr newchild,xmlNodePtr fragment)290 static void dom_pre_insert(xmlNodePtr insertion_point, xmlNodePtr parentNode, xmlNodePtr newchild, xmlNodePtr fragment)
291 {
292 if (!insertion_point) {
293 /* Place it as last node */
294 if (parentNode->children) {
295 /* There are children */
296 newchild->prev = parentNode->last;
297 parentNode->last->next = newchild;
298 } else {
299 /* No children, because they moved out when they became a fragment */
300 parentNode->children = newchild;
301 }
302 parentNode->last = fragment->last;
303 } else {
304 /* Insert fragment before insertion_point */
305 fragment->last->next = insertion_point;
306 if (insertion_point->prev) {
307 insertion_point->prev->next = newchild;
308 newchild->prev = insertion_point->prev;
309 }
310 insertion_point->prev = fragment->last;
311 if (parentNode->children == insertion_point) {
312 parentNode->children = newchild;
313 }
314 }
315 }
316
dom_parent_node_append(dom_object * context,zval * nodes,uint32_t nodesc)317 void dom_parent_node_append(dom_object *context, zval *nodes, uint32_t nodesc)
318 {
319 xmlNode *parentNode = dom_object_get_node(context);
320 xmlNodePtr newchild, prevsib;
321
322 if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
323 return;
324 }
325
326 php_libxml_invalidate_node_list_cache(context->document);
327
328 xmlNode *fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
329
330 if (fragment == NULL) {
331 return;
332 }
333
334 newchild = fragment->children;
335 prevsib = parentNode->last;
336
337 if (newchild) {
338 if (prevsib != NULL) {
339 prevsib->next = newchild;
340 } else {
341 parentNode->children = newchild;
342 }
343
344 xmlNodePtr last = fragment->last;
345 parentNode->last = last;
346
347 newchild->prev = prevsib;
348
349 dom_fragment_assign_parent_node(parentNode, fragment);
350
351 dom_reconcile_ns_list(parentNode->doc, newchild, last);
352 }
353
354 xmlFree(fragment);
355 }
356
dom_parent_node_prepend(dom_object * context,zval * nodes,uint32_t nodesc)357 void dom_parent_node_prepend(dom_object *context, zval *nodes, uint32_t nodesc)
358 {
359 xmlNode *parentNode = dom_object_get_node(context);
360
361 if (parentNode->children == NULL) {
362 dom_parent_node_append(context, nodes, nodesc);
363 return;
364 }
365
366 if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
367 return;
368 }
369
370 php_libxml_invalidate_node_list_cache(context->document);
371
372 xmlNode *fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
373
374 if (fragment == NULL) {
375 return;
376 }
377
378 xmlNode *newchild = fragment->children;
379
380 if (newchild) {
381 xmlNodePtr last = fragment->last;
382
383 dom_pre_insert(parentNode->children, parentNode, newchild, fragment);
384
385 dom_fragment_assign_parent_node(parentNode, fragment);
386
387 dom_reconcile_ns_list(parentNode->doc, newchild, last);
388 }
389
390 xmlFree(fragment);
391 }
392
dom_parent_node_after(dom_object * context,zval * nodes,uint32_t nodesc)393 void dom_parent_node_after(dom_object *context, zval *nodes, uint32_t nodesc)
394 {
395 /* Spec link: https://dom.spec.whatwg.org/#dom-childnode-after */
396
397 xmlNode *prevsib = dom_object_get_node(context);
398 xmlNodePtr newchild, parentNode;
399 xmlNode *fragment;
400 xmlDoc *doc;
401
402 /* Spec step 1 */
403 parentNode = prevsib->parent;
404
405 /* Sanity check for fragment, includes spec step 2 */
406 if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
407 return;
408 }
409
410 /* Spec step 3: find first following child not in nodes; otherwise null */
411 xmlNodePtr viable_next_sibling = prevsib->next;
412 while (viable_next_sibling) {
413 if (!dom_is_node_in_list(nodes, nodesc, viable_next_sibling)) {
414 break;
415 }
416 viable_next_sibling = viable_next_sibling->next;
417 }
418
419 doc = prevsib->doc;
420
421 php_libxml_invalidate_node_list_cache(context->document);
422
423 /* Spec step 4: convert nodes into fragment */
424 fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
425
426 if (fragment == NULL) {
427 return;
428 }
429
430 newchild = fragment->children;
431
432 if (newchild) {
433 xmlNodePtr last = fragment->last;
434
435 /* Step 5: place fragment into the parent before viable_next_sibling */
436 dom_pre_insert(viable_next_sibling, parentNode, newchild, fragment);
437
438 dom_fragment_assign_parent_node(parentNode, fragment);
439 dom_reconcile_ns_list(doc, newchild, last);
440 }
441
442 xmlFree(fragment);
443 }
444
dom_parent_node_before(dom_object * context,zval * nodes,uint32_t nodesc)445 void dom_parent_node_before(dom_object *context, zval *nodes, uint32_t nodesc)
446 {
447 /* Spec link: https://dom.spec.whatwg.org/#dom-childnode-before */
448
449 xmlNode *nextsib = dom_object_get_node(context);
450 xmlNodePtr newchild, parentNode;
451 xmlNode *fragment;
452 xmlDoc *doc;
453
454 /* Spec step 1 */
455 parentNode = nextsib->parent;
456
457 /* Sanity check for fragment, includes spec step 2 */
458 if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
459 return;
460 }
461
462 /* Spec step 3: find first following child not in nodes; otherwise null */
463 xmlNodePtr viable_previous_sibling = nextsib->prev;
464 while (viable_previous_sibling) {
465 if (!dom_is_node_in_list(nodes, nodesc, viable_previous_sibling)) {
466 break;
467 }
468 viable_previous_sibling = viable_previous_sibling->prev;
469 }
470
471 doc = nextsib->doc;
472
473 php_libxml_invalidate_node_list_cache(context->document);
474
475 /* Spec step 4: convert nodes into fragment */
476 fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
477
478 if (fragment == NULL) {
479 return;
480 }
481
482 newchild = fragment->children;
483
484 if (newchild) {
485 xmlNodePtr last = fragment->last;
486
487 /* Step 5: if viable_previous_sibling is null, set it to the parent's first child, otherwise viable_previous_sibling's next sibling */
488 if (!viable_previous_sibling) {
489 viable_previous_sibling = parentNode->children;
490 } else {
491 viable_previous_sibling = viable_previous_sibling->next;
492 }
493 /* Step 6: place fragment into the parent after viable_previous_sibling */
494 dom_pre_insert(viable_previous_sibling, parentNode, newchild, fragment);
495
496 dom_fragment_assign_parent_node(parentNode, fragment);
497 dom_reconcile_ns_list(doc, newchild, last);
498 }
499
500 xmlFree(fragment);
501 }
502
dom_child_removal_preconditions(const xmlNodePtr child,int stricterror)503 static zend_result dom_child_removal_preconditions(const xmlNodePtr child, int stricterror)
504 {
505 if (dom_node_is_read_only(child) == SUCCESS ||
506 (child->parent != NULL && dom_node_is_read_only(child->parent) == SUCCESS)) {
507 php_dom_throw_error(NO_MODIFICATION_ALLOWED_ERR, stricterror);
508 return FAILURE;
509 }
510
511 if (!child->parent) {
512 php_dom_throw_error(NOT_FOUND_ERR, stricterror);
513 return FAILURE;
514 }
515
516 if (dom_node_children_valid(child->parent) == FAILURE) {
517 return FAILURE;
518 }
519
520 xmlNodePtr children = child->parent->children;
521 if (!children) {
522 php_dom_throw_error(NOT_FOUND_ERR, stricterror);
523 return FAILURE;
524 }
525
526 return SUCCESS;
527 }
528
dom_child_node_remove(dom_object * context)529 void dom_child_node_remove(dom_object *context)
530 {
531 xmlNode *child = dom_object_get_node(context);
532 int stricterror;
533
534 stricterror = dom_get_strict_error(context->document);
535
536 if (UNEXPECTED(dom_child_removal_preconditions(child, stricterror) != SUCCESS)) {
537 return;
538 }
539
540 php_libxml_invalidate_node_list_cache(context->document);
541
542 xmlUnlinkNode(child);
543 }
544
dom_child_replace_with(dom_object * context,zval * nodes,uint32_t nodesc)545 void dom_child_replace_with(dom_object *context, zval *nodes, uint32_t nodesc)
546 {
547 /* Spec link: https://dom.spec.whatwg.org/#dom-childnode-replacewith */
548
549 xmlNodePtr child = dom_object_get_node(context);
550
551 /* Spec step 1 */
552 xmlNodePtr parentNode = child->parent;
553
554 /* Sanity check for fragment, includes spec step 2 */
555 if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, parentNode, nodes, nodesc) != SUCCESS)) {
556 return;
557 }
558
559 int stricterror = dom_get_strict_error(context->document);
560 if (UNEXPECTED(dom_child_removal_preconditions(child, stricterror) != SUCCESS)) {
561 return;
562 }
563
564 /* Spec step 3: find first following child not in nodes; otherwise null */
565 xmlNodePtr viable_next_sibling = child->next;
566 while (viable_next_sibling) {
567 if (!dom_is_node_in_list(nodes, nodesc, viable_next_sibling)) {
568 break;
569 }
570 viable_next_sibling = viable_next_sibling->next;
571 }
572
573 xmlDocPtr doc = parentNode->doc;
574 php_libxml_invalidate_node_list_cache(context->document);
575
576 /* Spec step 4: convert nodes into fragment */
577 xmlNodePtr fragment = dom_zvals_to_fragment(context->document, parentNode, nodes, nodesc);
578 if (UNEXPECTED(fragment == NULL)) {
579 return;
580 }
581
582 /* Spec step 5: perform the replacement */
583
584 xmlNodePtr newchild = fragment->children;
585
586 /* Unlink it unless it became a part of the fragment.
587 * Freeing will be taken care of by the lifetime of the returned dom object. */
588 if (child->parent != fragment) {
589 xmlUnlinkNode(child);
590 }
591
592 if (newchild) {
593 xmlNodePtr last = fragment->last;
594
595 dom_pre_insert(viable_next_sibling, parentNode, newchild, fragment);
596
597 dom_fragment_assign_parent_node(parentNode, fragment);
598 dom_reconcile_ns_list(doc, newchild, last);
599 }
600
601 xmlFree(fragment);
602 }
603
dom_parent_node_replace_children(dom_object * context,zval * nodes,uint32_t nodesc)604 void dom_parent_node_replace_children(dom_object *context, zval *nodes, uint32_t nodesc)
605 {
606 /* Spec link: https://dom.spec.whatwg.org/#dom-parentnode-replacechildren */
607
608 xmlNodePtr thisp = dom_object_get_node(context);
609 /* Note: Only rule 2 of pre-insertion validity can be broken */
610 if (UNEXPECTED(dom_sanity_check_node_list_for_insertion(context->document, thisp, nodes, nodesc) != SUCCESS)) {
611 return;
612 }
613
614 xmlNodePtr fragment = dom_zvals_to_fragment(context->document, thisp, nodes, nodesc);
615 if (UNEXPECTED(fragment == NULL)) {
616 return;
617 }
618
619 php_libxml_invalidate_node_list_cache(context->document);
620
621 dom_remove_all_children(thisp);
622
623 xmlNodePtr newchild = fragment->children;
624 if (newchild) {
625 xmlNodePtr last = fragment->last;
626
627 dom_pre_insert(NULL, thisp, newchild, fragment);
628
629 dom_fragment_assign_parent_node(thisp, fragment);
630 dom_reconcile_ns_list(thisp->doc, newchild, last);
631 }
632
633 xmlFree(fragment);
634 }
635
636 #endif
637
