1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@php.net> |
14 | Derick Rethans <derick@php.net> |
15 | Pierre-A. Joye <pierre@php.net> |
16 | Ilia Alshanetsky <iliaa@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include "php_filter.h"
25 #include "main/php_variables.h"
26 #include "ext/standard/info.h"
27
28 ZEND_DECLARE_MODULE_GLOBALS(filter)
29
30 #include "filter_private.h"
31 #include "filter_arginfo.h"
32
33 typedef struct filter_list_entry {
34 const char *name;
35 int id;
36 void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
37 } filter_list_entry;
38
39 /* {{{ filter_list */
40 static const filter_list_entry filter_list[] = {
41 { "int", FILTER_VALIDATE_INT, php_filter_int },
42 { "boolean", FILTER_VALIDATE_BOOL, php_filter_boolean },
43 { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
44
45 { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
46 { "validate_domain", FILTER_VALIDATE_DOMAIN, php_filter_validate_domain },
47 { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
48 { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
49 { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
50 { "validate_mac", FILTER_VALIDATE_MAC, php_filter_validate_mac },
51
52 { "string", FILTER_SANITIZE_STRING, php_filter_string },
53 { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
54 { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
55 { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
56 { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars },
57 { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
58 { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
59 { "url", FILTER_SANITIZE_URL, php_filter_url },
60 { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
61 { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
62 { "add_slashes", FILTER_SANITIZE_ADD_SLASHES, php_filter_add_slashes },
63
64 { "callback", FILTER_CALLBACK, php_filter_callback },
65 };
66 /* }}} */
67
68 #ifndef PARSE_ENV
69 #define PARSE_ENV 4
70 #endif
71
72 #ifndef PARSE_SERVER
73 #define PARSE_SERVER 5
74 #endif
75
76 static unsigned int php_sapi_filter(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len);
77 static unsigned int php_sapi_filter_init(void);
78
79 /* {{{ filter_module_entry */
80 zend_module_entry filter_module_entry = {
81 STANDARD_MODULE_HEADER,
82 "filter",
83 ext_functions,
84 PHP_MINIT(filter),
85 PHP_MSHUTDOWN(filter),
86 NULL,
87 PHP_RSHUTDOWN(filter),
88 PHP_MINFO(filter),
89 PHP_FILTER_VERSION,
90 STANDARD_MODULE_PROPERTIES
91 };
92 /* }}} */
93
94 #ifdef COMPILE_DL_FILTER
95 #ifdef ZTS
96 ZEND_TSRMLS_CACHE_DEFINE()
97 #endif
ZEND_GET_MODULE(filter)98 ZEND_GET_MODULE(filter)
99 #endif
100
101 static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
102 {
103 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
104
105 for (i = 0; i < size; ++i) {
106 if ((strcasecmp(ZSTR_VAL(new_value), filter_list[i].name) == 0)) {
107 IF_G(default_filter) = filter_list[i].id;
108 if (IF_G(default_filter) != FILTER_DEFAULT) {
109 zend_error(E_DEPRECATED, "The filter.default ini setting is deprecated");
110 }
111 return SUCCESS;
112 }
113 }
114 /* Fallback to the default filter */
115 IF_G(default_filter) = FILTER_DEFAULT;
116 return SUCCESS;
117 }
118 /* }}} */
119
120 /* {{{ PHP_INI */
PHP_INI_MH(OnUpdateFlags)121 static PHP_INI_MH(OnUpdateFlags)
122 {
123 if (!new_value) {
124 IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
125 } else {
126 IF_G(default_filter_flags) = atoi(ZSTR_VAL(new_value));
127 }
128 return SUCCESS;
129 }
130
131 PHP_INI_BEGIN()
132 STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
133 PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
PHP_INI_END()134 PHP_INI_END()
135 /* }}} */
136
137 static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
138 {
139 #if defined(COMPILE_DL_FILTER) && defined(ZTS)
140 ZEND_TSRMLS_CACHE_UPDATE();
141 #endif
142 ZVAL_UNDEF(&filter_globals->post_array);
143 ZVAL_UNDEF(&filter_globals->get_array);
144 ZVAL_UNDEF(&filter_globals->cookie_array);
145 ZVAL_UNDEF(&filter_globals->env_array);
146 ZVAL_UNDEF(&filter_globals->server_array);
147 #if 0
148 ZVAL_UNDEF(&filter_globals->session_array);
149 #endif
150 filter_globals->default_filter = FILTER_DEFAULT;
151 }
152 /* }}} */
153
154 /* {{{ PHP_MINIT_FUNCTION */
PHP_MINIT_FUNCTION(filter)155 PHP_MINIT_FUNCTION(filter)
156 {
157 ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
158
159 REGISTER_INI_ENTRIES();
160
161 register_filter_symbols(module_number);
162
163 sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
164
165 return SUCCESS;
166 }
167 /* }}} */
168
169 /* {{{ PHP_MSHUTDOWN_FUNCTION */
PHP_MSHUTDOWN_FUNCTION(filter)170 PHP_MSHUTDOWN_FUNCTION(filter)
171 {
172 UNREGISTER_INI_ENTRIES();
173
174 return SUCCESS;
175 }
176 /* }}} */
177
178 /* {{{ PHP_RSHUTDOWN_FUNCTION */
179 #define VAR_ARRAY_COPY_DTOR(a) \
180 if (!Z_ISUNDEF(IF_G(a))) { \
181 zval_ptr_dtor(&IF_G(a)); \
182 ZVAL_UNDEF(&IF_G(a)); \
183 }
184
PHP_RSHUTDOWN_FUNCTION(filter)185 PHP_RSHUTDOWN_FUNCTION(filter)
186 {
187 VAR_ARRAY_COPY_DTOR(get_array)
188 VAR_ARRAY_COPY_DTOR(post_array)
189 VAR_ARRAY_COPY_DTOR(cookie_array)
190 VAR_ARRAY_COPY_DTOR(server_array)
191 VAR_ARRAY_COPY_DTOR(env_array)
192 #if 0
193 VAR_ARRAY_COPY_DTOR(session_array)
194 #endif
195 return SUCCESS;
196 }
197 /* }}} */
198
199 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(filter)200 PHP_MINFO_FUNCTION(filter)
201 {
202 php_info_print_table_start();
203 php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
204 php_info_print_table_end();
205
206 DISPLAY_INI_ENTRIES();
207 }
208 /* }}} */
209
php_find_filter(zend_long id)210 static filter_list_entry php_find_filter(zend_long id) /* {{{ */
211 {
212 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
213
214 for (i = 0; i < size; ++i) {
215 if (filter_list[i].id == id) {
216 return filter_list[i];
217 }
218 }
219 /* Fallback to "string" filter */
220 for (i = 0; i < size; ++i) {
221 if (filter_list[i].id == FILTER_DEFAULT) {
222 return filter_list[i];
223 }
224 }
225 /* To shut up GCC */
226 return filter_list[0];
227 }
228 /* }}} */
229
php_sapi_filter_init(void)230 static unsigned int php_sapi_filter_init(void)
231 {
232 ZVAL_UNDEF(&IF_G(get_array));
233 ZVAL_UNDEF(&IF_G(post_array));
234 ZVAL_UNDEF(&IF_G(cookie_array));
235 ZVAL_UNDEF(&IF_G(server_array));
236 ZVAL_UNDEF(&IF_G(env_array));
237 #if 0
238 ZVAL_UNDEF(&IF_G(session_array));
239 #endif
240 return SUCCESS;
241 }
242
php_zval_filter(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,bool copy)243 static void php_zval_filter(zval *value, zend_long filter, zend_long flags, zval *options, char* charset, bool copy) /* {{{ */
244 {
245 filter_list_entry filter_func;
246
247 filter_func = php_find_filter(filter);
248
249 if (!filter_func.id) {
250 /* Find default filter */
251 filter_func = php_find_filter(FILTER_DEFAULT);
252 }
253
254 /* #49274, fatal error with object without a toString method
255 Fails nicely instead of getting a recovarable fatal error. */
256 if (Z_TYPE_P(value) == IS_OBJECT) {
257 zend_class_entry *ce;
258
259 ce = Z_OBJCE_P(value);
260 if (!ce->__tostring) {
261 zval_ptr_dtor(value);
262 /* #67167: doesn't return null on failure for objects */
263 if (flags & FILTER_NULL_ON_FAILURE) {
264 ZVAL_NULL(value);
265 } else {
266 ZVAL_FALSE(value);
267 }
268 goto handle_default;
269 }
270 }
271
272 /* Here be strings */
273 convert_to_string(value);
274
275 filter_func.function(value, flags, options, charset);
276
277 handle_default:
278 if (options && Z_TYPE_P(options) == IS_ARRAY &&
279 ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_P(value) == IS_NULL) ||
280 (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_P(value) == IS_FALSE))) {
281 zval *tmp;
282 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(options), "default", sizeof("default") - 1)) != NULL) {
283 ZVAL_COPY(value, tmp);
284 }
285 }
286 }
287 /* }}} */
288
php_sapi_filter(int arg,const char * var,char ** val,size_t val_len,size_t * new_val_len)289 static unsigned int php_sapi_filter(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len) /* {{{ */
290 {
291 zval new_var, raw_var;
292 zval *array_ptr = NULL, *orig_array_ptr = NULL;
293 int retval = 0;
294
295 assert(*val != NULL);
296
297 #define PARSE_CASE(s,a,t) \
298 case s: \
299 if (Z_ISUNDEF(IF_G(a))) { \
300 array_init(&IF_G(a)); \
301 } \
302 array_ptr = &IF_G(a); \
303 orig_array_ptr = &PG(http_globals)[t]; \
304 break;
305
306 switch (arg) {
307 PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
308 PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
309 PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
310 PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
311 PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
312
313 case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
314 retval = 1;
315 break;
316 }
317
318 /*
319 * According to rfc2965, more specific paths are listed above the less specific ones.
320 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
321 * to have the same (plain text) cookie name for the same path and we should not overwrite
322 * more specific cookies with the less specific ones.
323 */
324 if (arg == PARSE_COOKIE && orig_array_ptr &&
325 zend_symtable_str_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var))) {
326 return 0;
327 }
328
329 if (array_ptr) {
330 /* Store the RAW variable internally */
331 ZVAL_STRINGL(&raw_var, *val, val_len);
332 php_register_variable_ex(var, &raw_var, array_ptr);
333 }
334
335 if (val_len) {
336 /* Register mangled variable */
337 if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
338 ZVAL_STRINGL(&new_var, *val, val_len);
339 php_zval_filter(&new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL, 0);
340 } else {
341 ZVAL_STRINGL(&new_var, *val, val_len);
342 }
343 } else { /* empty string */
344 ZVAL_EMPTY_STRING(&new_var);
345 }
346
347 if (orig_array_ptr) {
348 php_register_variable_ex(var, &new_var, orig_array_ptr);
349 }
350
351 if (retval) {
352 if (new_val_len) {
353 *new_val_len = Z_STRLEN(new_var);
354 }
355 efree(*val);
356 if (Z_STRLEN(new_var)) {
357 *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
358 } else {
359 *val = estrdup("");
360 }
361 zval_ptr_dtor(&new_var);
362 }
363
364 return retval;
365 }
366 /* }}} */
367
php_zval_filter_recursive(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,bool copy)368 static void php_zval_filter_recursive(zval *value, zend_long filter, zend_long flags, zval *options, char *charset, bool copy) /* {{{ */
369 {
370 if (Z_TYPE_P(value) == IS_ARRAY) {
371 zval *element;
372
373 if (Z_IS_RECURSIVE_P(value)) {
374 return;
375 }
376 Z_PROTECT_RECURSION_P(value);
377
378 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(value), element) {
379 ZVAL_DEREF(element);
380 if (Z_TYPE_P(element) == IS_ARRAY) {
381 SEPARATE_ARRAY(element);
382 php_zval_filter_recursive(element, filter, flags, options, charset, copy);
383 } else {
384 php_zval_filter(element, filter, flags, options, charset, copy);
385 }
386 } ZEND_HASH_FOREACH_END();
387 Z_UNPROTECT_RECURSION_P(value);
388 } else {
389 php_zval_filter(value, filter, flags, options, charset, copy);
390 }
391 }
392 /* }}} */
393
php_filter_get_storage(zend_long arg)394 static zval *php_filter_get_storage(zend_long arg)/* {{{ */
395
396 {
397 zval *array_ptr = NULL;
398
399 switch (arg) {
400 case PARSE_GET:
401 array_ptr = &IF_G(get_array);
402 break;
403 case PARSE_POST:
404 array_ptr = &IF_G(post_array);
405 break;
406 case PARSE_COOKIE:
407 array_ptr = &IF_G(cookie_array);
408 break;
409 case PARSE_SERVER:
410 if (PG(auto_globals_jit)) {
411 zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_SERVER));
412 }
413 array_ptr = &IF_G(server_array);
414 break;
415 case PARSE_ENV:
416 if (PG(auto_globals_jit)) {
417 zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_ENV));
418 }
419 array_ptr = !Z_ISUNDEF(IF_G(env_array)) ? &IF_G(env_array) : &PG(http_globals)[TRACK_VARS_ENV];
420 break;
421 default:
422 zend_argument_value_error(1, "must be an INPUT_* constant");
423 return NULL;
424 }
425
426 if (array_ptr && Z_TYPE_P(array_ptr) != IS_ARRAY) {
427 /* Storage not initialized */
428 return NULL;
429 }
430
431 return array_ptr;
432 }
433 /* }}} */
434
435 /* {{{ Returns true if the variable with the name 'name' exists in source. */
PHP_FUNCTION(filter_has_var)436 PHP_FUNCTION(filter_has_var)
437 {
438 zend_long arg;
439 zend_string *var;
440 zval *array_ptr = NULL;
441
442 if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS", &arg, &var) == FAILURE) {
443 RETURN_THROWS();
444 }
445
446 array_ptr = php_filter_get_storage(arg);
447 if (EG(exception)) {
448 RETURN_THROWS();
449 }
450
451 if (array_ptr && zend_hash_exists(Z_ARRVAL_P(array_ptr), var)) {
452 RETURN_TRUE;
453 }
454
455 RETURN_FALSE;
456 }
457 /* }}} */
458
php_filter_call(zval * filtered,zend_long filter,HashTable * filter_args_ht,zend_long filter_args_long,const int copy,zend_long filter_flags)459 static void php_filter_call(
460 zval *filtered, zend_long filter, HashTable *filter_args_ht, zend_long filter_args_long,
461 const int copy, zend_long filter_flags
462 ) /* {{{ */ {
463 zval *options = NULL;
464 zval *option;
465 char *charset = NULL;
466
467 if (!filter_args_ht) {
468 if (filter != -1) { /* handler for array apply */
469 /* filter_args is the filter_flags */
470 filter_flags = filter_args_long;
471
472 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
473 filter_flags |= FILTER_REQUIRE_SCALAR;
474 }
475 } else {
476 filter = filter_args_long;
477 }
478 } else {
479 if ((option = zend_hash_str_find(filter_args_ht, "filter", sizeof("filter") - 1)) != NULL) {
480 filter = zval_get_long(option);
481 }
482
483 if ((option = zend_hash_str_find_deref(filter_args_ht, "options", sizeof("options") - 1)) != NULL) {
484 if (filter != FILTER_CALLBACK) {
485 if (Z_TYPE_P(option) == IS_ARRAY) {
486 options = option;
487 }
488 } else {
489 options = option;
490 filter_flags = 0;
491 }
492 }
493
494 if ((option = zend_hash_str_find(filter_args_ht, "flags", sizeof("flags") - 1)) != NULL) {
495 filter_flags = zval_get_long(option);
496
497 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
498 filter_flags |= FILTER_REQUIRE_SCALAR;
499 }
500 }
501 }
502
503 if (Z_TYPE_P(filtered) == IS_ARRAY) {
504 if (filter_flags & FILTER_REQUIRE_SCALAR) {
505 zval_ptr_dtor(filtered);
506 if (filter_flags & FILTER_NULL_ON_FAILURE) {
507 ZVAL_NULL(filtered);
508 } else {
509 ZVAL_FALSE(filtered);
510 }
511 return;
512 }
513 php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy);
514 return;
515 }
516 if (filter_flags & FILTER_REQUIRE_ARRAY) {
517 zval_ptr_dtor(filtered);
518 if (filter_flags & FILTER_NULL_ON_FAILURE) {
519 ZVAL_NULL(filtered);
520 } else {
521 ZVAL_FALSE(filtered);
522 }
523 return;
524 }
525
526 php_zval_filter(filtered, filter, filter_flags, options, charset, copy);
527 if (filter_flags & FILTER_FORCE_ARRAY) {
528 zval tmp;
529 ZVAL_COPY_VALUE(&tmp, filtered);
530 array_init(filtered);
531 add_next_index_zval(filtered, &tmp);
532 }
533 }
534 /* }}} */
535
php_filter_array_handler(zval * input,HashTable * op_ht,zend_long op_long,zval * return_value,bool add_empty)536 static void php_filter_array_handler(zval *input, HashTable *op_ht, zend_long op_long,
537 zval *return_value, bool add_empty
538 ) /* {{{ */ {
539 zend_string *arg_key;
540 zval *tmp, *arg_elm;
541
542 if (!op_ht) {
543 ZVAL_DUP(return_value, input);
544 php_filter_call(return_value, -1, NULL, op_long, 0, FILTER_REQUIRE_ARRAY);
545 } else {
546 array_init(return_value);
547
548 ZEND_HASH_FOREACH_STR_KEY_VAL(op_ht, arg_key, arg_elm) {
549 if (arg_key == NULL) {
550 zend_argument_type_error(2, "must contain only string keys");
551 RETURN_THROWS();
552 }
553 if (ZSTR_LEN(arg_key) == 0) {
554 zend_argument_value_error(2, "cannot contain empty keys");
555 RETURN_THROWS();
556 }
557 if ((tmp = zend_hash_find(Z_ARRVAL_P(input), arg_key)) == NULL) {
558 if (add_empty) {
559 add_assoc_null_ex(return_value, ZSTR_VAL(arg_key), ZSTR_LEN(arg_key));
560 }
561 } else {
562 zval nval;
563 ZVAL_DEREF(tmp);
564 ZVAL_DUP(&nval, tmp);
565 php_filter_call(&nval, -1,
566 Z_TYPE_P(arg_elm) == IS_ARRAY ? Z_ARRVAL_P(arg_elm) : NULL,
567 Z_TYPE_P(arg_elm) == IS_ARRAY ? 0 : zval_get_long(arg_elm),
568 0, FILTER_REQUIRE_SCALAR
569 );
570 zend_hash_update(Z_ARRVAL_P(return_value), arg_key, &nval);
571 }
572 } ZEND_HASH_FOREACH_END();
573 }
574 }
575 /* }}} */
576
577 /* {{{ Returns the filtered variable 'name'* from source `type`. */
PHP_FUNCTION(filter_input)578 PHP_FUNCTION(filter_input)
579 {
580 zend_long fetch_from, filter = FILTER_DEFAULT;
581 zval *input = NULL, *tmp;
582 zend_string *var;
583 HashTable *filter_args_ht = NULL;
584 zend_long filter_args_long = 0;
585
586 ZEND_PARSE_PARAMETERS_START(2, 4)
587 Z_PARAM_LONG(fetch_from)
588 Z_PARAM_STR(var)
589 Z_PARAM_OPTIONAL
590 Z_PARAM_LONG(filter)
591 Z_PARAM_ARRAY_HT_OR_LONG(filter_args_ht, filter_args_long)
592 ZEND_PARSE_PARAMETERS_END();
593
594 if (!PHP_FILTER_ID_EXISTS(filter)) {
595 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, filter);
596 RETURN_FALSE;
597 }
598
599 input = php_filter_get_storage(fetch_from);
600 if (EG(exception)) {
601 RETURN_THROWS();
602 }
603
604 if (!input || (tmp = zend_hash_find(Z_ARRVAL_P(input), var)) == NULL) {
605 zend_long filter_flags = 0;
606 zval *option, *opt, *def;
607 if (!filter_args_ht) {
608 filter_flags = filter_args_long;
609 } else {
610 if ((option = zend_hash_str_find(filter_args_ht, "flags", sizeof("flags") - 1)) != NULL) {
611 filter_flags = zval_get_long(option);
612 }
613
614 if ((opt = zend_hash_str_find_deref(filter_args_ht, "options", sizeof("options") - 1)) != NULL &&
615 Z_TYPE_P(opt) == IS_ARRAY &&
616 (def = zend_hash_str_find_deref(Z_ARRVAL_P(opt), "default", sizeof("default") - 1)) != NULL
617 ) {
618 ZVAL_COPY(return_value, def);
619 return;
620 }
621 }
622
623 /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
624 * the function: normally when validation fails false is returned, and
625 * when the input value doesn't exist NULL is returned. With the flag
626 * set, NULL and false should be returned, respectively. Ergo, although
627 * the code below looks incorrect, it's actually right. */
628 if (filter_flags & FILTER_NULL_ON_FAILURE) {
629 RETURN_FALSE;
630 } else {
631 RETURN_NULL();
632 }
633 }
634
635 ZVAL_DUP(return_value, tmp);
636
637 php_filter_call(return_value, filter, filter_args_ht, filter_args_long, 1, FILTER_REQUIRE_SCALAR);
638 }
639 /* }}} */
640
641 /* {{{ Returns the filtered version of the variable. */
PHP_FUNCTION(filter_var)642 PHP_FUNCTION(filter_var)
643 {
644 zend_long filter = FILTER_DEFAULT;
645 zval *data;
646 HashTable *filter_args_ht = NULL;
647 zend_long filter_args_long = 0;
648
649 ZEND_PARSE_PARAMETERS_START(1, 3)
650 Z_PARAM_ZVAL(data)
651 Z_PARAM_OPTIONAL
652 Z_PARAM_LONG(filter)
653 Z_PARAM_ARRAY_HT_OR_LONG(filter_args_ht, filter_args_long)
654 ZEND_PARSE_PARAMETERS_END();
655
656 if (!PHP_FILTER_ID_EXISTS(filter)) {
657 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, filter);
658 RETURN_FALSE;
659 }
660
661 ZVAL_DUP(return_value, data);
662
663 php_filter_call(return_value, filter, filter_args_ht, filter_args_long, 1, FILTER_REQUIRE_SCALAR);
664 }
665 /* }}} */
666
667 /* {{{ Returns an array with all arguments defined in 'definition'. */
PHP_FUNCTION(filter_input_array)668 PHP_FUNCTION(filter_input_array)
669 {
670 zend_long fetch_from;
671 zval *array_input = NULL;
672 bool add_empty = 1;
673 HashTable *op_ht = NULL;
674 zend_long op_long = FILTER_DEFAULT;
675
676 ZEND_PARSE_PARAMETERS_START(1, 3)
677 Z_PARAM_LONG(fetch_from)
678 Z_PARAM_OPTIONAL
679 Z_PARAM_ARRAY_HT_OR_LONG(op_ht, op_long)
680 Z_PARAM_BOOL(add_empty)
681 ZEND_PARSE_PARAMETERS_END();
682
683 if (!op_ht && !PHP_FILTER_ID_EXISTS(op_long)) {
684 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, op_long);
685 RETURN_FALSE;
686 }
687
688 array_input = php_filter_get_storage(fetch_from);
689
690 if (EG(exception)) {
691 RETURN_THROWS();
692 }
693
694 if (!array_input) {
695 RETURN_NULL();
696 }
697
698 php_filter_array_handler(array_input, op_ht, op_long, return_value, add_empty);
699 }
700 /* }}} */
701
702 /* {{{ Returns an array with all arguments defined in 'definition'. */
PHP_FUNCTION(filter_var_array)703 PHP_FUNCTION(filter_var_array)
704 {
705 zval *array_input = NULL;
706 bool add_empty = 1;
707 HashTable *op_ht = NULL;
708 zend_long op_long = FILTER_DEFAULT;
709
710 ZEND_PARSE_PARAMETERS_START(1, 3)
711 Z_PARAM_ARRAY(array_input)
712 Z_PARAM_OPTIONAL
713 Z_PARAM_ARRAY_HT_OR_LONG(op_ht, op_long)
714 Z_PARAM_BOOL(add_empty)
715 ZEND_PARSE_PARAMETERS_END();
716
717 if (!op_ht && !PHP_FILTER_ID_EXISTS(op_long)) {
718 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, op_long);
719 RETURN_FALSE;
720 }
721
722 php_filter_array_handler(array_input, op_ht, op_long, return_value, add_empty);
723 }
724 /* }}} */
725
726 /* {{{ Returns a list of all supported filters */
PHP_FUNCTION(filter_list)727 PHP_FUNCTION(filter_list)
728 {
729 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
730
731 if (zend_parse_parameters_none() == FAILURE) {
732 RETURN_THROWS();
733 }
734
735 array_init(return_value);
736 for (i = 0; i < size; ++i) {
737 add_next_index_string(return_value, (char *)filter_list[i].name);
738 }
739 }
740 /* }}} */
741
742 /* {{{ Returns the filter ID belonging to a named filter */
PHP_FUNCTION(filter_id)743 PHP_FUNCTION(filter_id)
744 {
745 int i;
746 size_t filter_len;
747 int size = sizeof(filter_list) / sizeof(filter_list_entry);
748 char *filter;
749
750 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filter, &filter_len) == FAILURE) {
751 RETURN_THROWS();
752 }
753
754 for (i = 0; i < size; ++i) {
755 if (strcmp(filter_list[i].name, filter) == 0) {
756 RETURN_LONG(filter_list[i].id);
757 }
758 }
759
760 RETURN_FALSE;
761 }
762 /* }}} */
763
