1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 5 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2013 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
16 | Zeev Suraski <zeev@zend.com> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* $Id$ */
21
22 #include <stdio.h>
23 #include "php.h"
24 #include "ext/standard/php_standard.h"
25 #include "ext/standard/credits.h"
26 #include "php_variables.h"
27 #include "php_globals.h"
28 #include "php_content_types.h"
29 #include "SAPI.h"
30 #include "php_logos.h"
31 #include "zend_globals.h"
32
33 /* for systems that need to override reading of environment variables */
34 void _php_import_environment_variables(zval *array_ptr TSRMLS_DC);
35 PHPAPI void (*php_import_environment_variables)(zval *array_ptr TSRMLS_DC) = _php_import_environment_variables;
36
php_register_variable(char * var,char * strval,zval * track_vars_array TSRMLS_DC)37 PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array TSRMLS_DC)
38 {
39 php_register_variable_safe(var, strval, strlen(strval), track_vars_array TSRMLS_CC);
40 }
41
42 /* binary-safe version */
php_register_variable_safe(char * var,char * strval,int str_len,zval * track_vars_array TSRMLS_DC)43 PHPAPI void php_register_variable_safe(char *var, char *strval, int str_len, zval *track_vars_array TSRMLS_DC)
44 {
45 zval new_entry;
46 assert(strval != NULL);
47
48 /* Prepare value */
49 Z_STRLEN(new_entry) = str_len;
50 if (PG(magic_quotes_gpc)) {
51 Z_STRVAL(new_entry) = php_addslashes(strval, Z_STRLEN(new_entry), &Z_STRLEN(new_entry), 0 TSRMLS_CC);
52 } else {
53 Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
54 }
55 Z_TYPE(new_entry) = IS_STRING;
56
57 php_register_variable_ex(var, &new_entry, track_vars_array TSRMLS_CC);
58 }
59
php_register_variable_ex(char * var_name,zval * val,zval * track_vars_array TSRMLS_DC)60 PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array TSRMLS_DC)
61 {
62 char *p = NULL;
63 char *ip; /* index pointer */
64 char *index, *escaped_index = NULL;
65 char *var, *var_orig;
66 int var_len, index_len;
67 zval *gpc_element, **gpc_element_p;
68 zend_bool is_array = 0;
69 HashTable *symtable1 = NULL;
70
71 assert(var_name != NULL);
72
73 if (track_vars_array) {
74 symtable1 = Z_ARRVAL_P(track_vars_array);
75 } else if (PG(register_globals)) {
76 if (!EG(active_symbol_table)) {
77 zend_rebuild_symbol_table(TSRMLS_C);
78 }
79 symtable1 = EG(active_symbol_table);
80 }
81 if (!symtable1) {
82 /* Nothing to do */
83 zval_dtor(val);
84 return;
85 }
86
87 /*
88 * Prepare variable name
89 */
90
91 var_orig = estrdup(var_name);
92 var = var_orig;
93 /* ignore leading spaces in the variable name */
94 while (*var && *var==' ') {
95 var++;
96 }
97
98 /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
99 for (p = var; *p; p++) {
100 if (*p == ' ' || *p == '.') {
101 *p='_';
102 } else if (*p == '[') {
103 is_array = 1;
104 ip = p;
105 *p = 0;
106 break;
107 }
108 }
109 var_len = p - var;
110
111 if (var_len==0) { /* empty variable name, or variable name with a space in it */
112 zval_dtor(val);
113 efree(var_orig);
114 return;
115 }
116
117 /* GLOBALS hijack attempt, reject parameter */
118 if (symtable1 == EG(active_symbol_table) &&
119 var_len == sizeof("GLOBALS")-1 &&
120 !memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
121 zval_dtor(val);
122 efree(var_orig);
123 return;
124 }
125
126 index = var;
127 index_len = var_len;
128
129 if (is_array) {
130 int nest_level = 0;
131 while (1) {
132 char *index_s;
133 int new_idx_len = 0;
134
135 if(++nest_level > PG(max_input_nesting_level)) {
136 HashTable *ht;
137 /* too many levels of nesting */
138
139 if (track_vars_array) {
140 ht = Z_ARRVAL_P(track_vars_array);
141 zend_symtable_del(ht, var, var_len + 1);
142 } else if (PG(register_globals)) {
143 ht = EG(active_symbol_table);
144 zend_symtable_del(ht, var, var_len + 1);
145 }
146
147 zval_dtor(val);
148
149 /* do not output the error message to the screen,
150 this helps us to to avoid "information disclosure" */
151 if (!PG(display_errors)) {
152 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level exceeded %ld. To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
153 }
154 efree(var_orig);
155 return;
156 }
157
158 ip++;
159 index_s = ip;
160 if (isspace(*ip)) {
161 ip++;
162 }
163 if (*ip==']') {
164 index_s = NULL;
165 } else {
166 ip = strchr(ip, ']');
167 if (!ip) {
168 /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */
169 *(index_s - 1) = '_';
170
171 index_len = 0;
172 if (index) {
173 index_len = strlen(index);
174 }
175 goto plain_var;
176 return;
177 }
178 *ip = 0;
179 new_idx_len = strlen(index_s);
180 }
181
182 if (!index) {
183 MAKE_STD_ZVAL(gpc_element);
184 array_init(gpc_element);
185 if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
186 zval_ptr_dtor(&gpc_element);
187 zval_dtor(val);
188 efree(var_orig);
189 return;
190 }
191 } else {
192 if (PG(magic_quotes_gpc)) {
193 escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
194 } else {
195 escaped_index = index;
196 }
197 if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
198 || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
199 MAKE_STD_ZVAL(gpc_element);
200 array_init(gpc_element);
201 zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
202 }
203 if (index != escaped_index) {
204 efree(escaped_index);
205 }
206 }
207 symtable1 = Z_ARRVAL_PP(gpc_element_p);
208 /* ip pointed to the '[' character, now obtain the key */
209 index = index_s;
210 index_len = new_idx_len;
211
212 ip++;
213 if (*ip == '[') {
214 is_array = 1;
215 *ip = 0;
216 } else {
217 goto plain_var;
218 }
219 }
220 } else {
221 plain_var:
222 MAKE_STD_ZVAL(gpc_element);
223 gpc_element->value = val->value;
224 Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
225 if (!index) {
226 if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
227 zval_ptr_dtor(&gpc_element);
228 }
229 } else {
230 if (PG(magic_quotes_gpc)) {
231 escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC);
232 } else {
233 escaped_index = index;
234 }
235 /*
236 * According to rfc2965, more specific paths are listed above the less specific ones.
237 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
238 * to have the same (plain text) cookie name for the same path and we should not overwrite
239 * more specific cookies with the less specific ones.
240 */
241 if (PG(http_globals)[TRACK_VARS_COOKIE] &&
242 symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) &&
243 zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
244 zval_ptr_dtor(&gpc_element);
245 } else {
246 zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
247 }
248 if (escaped_index != index) {
249 efree(escaped_index);
250 }
251 }
252 }
253 efree(var_orig);
254 }
255
SAPI_POST_HANDLER_FUNC(php_std_post_handler)256 SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
257 {
258 char *var, *val, *e, *s, *p;
259 zval *array_ptr = (zval *) arg;
260 long count = 0;
261
262 if (SG(request_info).post_data == NULL) {
263 return;
264 }
265
266 s = SG(request_info).post_data;
267 e = s + SG(request_info).post_data_length;
268
269 while (s < e && (p = memchr(s, '&', (e - s)))) {
270 last_value:
271 if ((val = memchr(s, '=', (p - s)))) { /* have a value */
272 unsigned int val_len, new_val_len;
273
274 if (++count > PG(max_input_vars)) {
275 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
276 return;
277 }
278 var = s;
279
280 php_url_decode(var, (val - s));
281 val++;
282 val_len = php_url_decode(val, (p - val));
283 val = estrndup(val, val_len);
284 if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
285 php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
286 }
287 efree(val);
288 }
289 s = p + 1;
290 }
291 if (s < e) {
292 p = e;
293 goto last_value;
294 }
295 }
296
SAPI_INPUT_FILTER_FUNC(php_default_input_filter)297 SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
298 {
299 /* TODO: check .ini setting here and apply user-defined input filter */
300 if(new_val_len) *new_val_len = val_len;
301 return 1;
302 }
303
SAPI_TREAT_DATA_FUNC(php_default_treat_data)304 SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
305 {
306 char *res = NULL, *var, *val, *separator = NULL;
307 const char *c_var;
308 zval *array_ptr;
309 int free_buffer = 0;
310 char *strtok_buf = NULL;
311 long count = 0;
312
313 switch (arg) {
314 case PARSE_POST:
315 case PARSE_GET:
316 case PARSE_COOKIE:
317 ALLOC_ZVAL(array_ptr);
318 array_init(array_ptr);
319 INIT_PZVAL(array_ptr);
320 switch (arg) {
321 case PARSE_POST:
322 if (PG(http_globals)[TRACK_VARS_POST]) {
323 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
324 }
325 PG(http_globals)[TRACK_VARS_POST] = array_ptr;
326 break;
327 case PARSE_GET:
328 if (PG(http_globals)[TRACK_VARS_GET]) {
329 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
330 }
331 PG(http_globals)[TRACK_VARS_GET] = array_ptr;
332 break;
333 case PARSE_COOKIE:
334 if (PG(http_globals)[TRACK_VARS_COOKIE]) {
335 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
336 }
337 PG(http_globals)[TRACK_VARS_COOKIE] = array_ptr;
338 break;
339 }
340 break;
341 default:
342 array_ptr = destArray;
343 break;
344 }
345
346 if (arg == PARSE_POST) {
347 sapi_handle_post(array_ptr TSRMLS_CC);
348 return;
349 }
350
351 if (arg == PARSE_GET) { /* GET data */
352 c_var = SG(request_info).query_string;
353 if (c_var && *c_var) {
354 res = (char *) estrdup(c_var);
355 free_buffer = 1;
356 } else {
357 free_buffer = 0;
358 }
359 } else if (arg == PARSE_COOKIE) { /* Cookie data */
360 c_var = SG(request_info).cookie_data;
361 if (c_var && *c_var) {
362 res = (char *) estrdup(c_var);
363 free_buffer = 1;
364 } else {
365 free_buffer = 0;
366 }
367 } else if (arg == PARSE_STRING) { /* String data */
368 res = str;
369 free_buffer = 1;
370 }
371
372 if (!res) {
373 return;
374 }
375
376 switch (arg) {
377 case PARSE_GET:
378 case PARSE_STRING:
379 separator = (char *) estrdup(PG(arg_separator).input);
380 break;
381 case PARSE_COOKIE:
382 separator = ";\0";
383 break;
384 }
385
386 var = php_strtok_r(res, separator, &strtok_buf);
387
388 while (var) {
389 val = strchr(var, '=');
390
391 if (arg == PARSE_COOKIE) {
392 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
393 while (isspace(*var)) {
394 var++;
395 }
396 if (var == val || *var == '\0') {
397 goto next_cookie;
398 }
399 }
400
401 if (++count > PG(max_input_vars)) {
402 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
403 break;
404 }
405
406 if (val) { /* have a value */
407 int val_len;
408 unsigned int new_val_len;
409
410 *val++ = '\0';
411 php_url_decode(var, strlen(var));
412 val_len = php_url_decode(val, strlen(val));
413 val = estrndup(val, val_len);
414 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
415 php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
416 }
417 efree(val);
418 } else {
419 int val_len;
420 unsigned int new_val_len;
421
422 php_url_decode(var, strlen(var));
423 val_len = 0;
424 val = estrndup("", val_len);
425 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
426 php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
427 }
428 efree(val);
429 }
430 next_cookie:
431 var = php_strtok_r(NULL, separator, &strtok_buf);
432 }
433
434 if (arg != PARSE_COOKIE) {
435 efree(separator);
436 }
437
438 if (free_buffer) {
439 efree(res);
440 }
441 }
442
_php_import_environment_variables(zval * array_ptr TSRMLS_DC)443 void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
444 {
445 char buf[128];
446 char **env, *p, *t = buf;
447 size_t alloc_size = sizeof(buf);
448 unsigned long nlen; /* ptrdiff_t is not portable */
449
450 /* turn off magic_quotes while importing environment variables */
451 int magic_quotes_gpc = PG(magic_quotes_gpc);
452
453 if (magic_quotes_gpc) {
454 zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
455 }
456
457 for (env = environ; env != NULL && *env != NULL; env++) {
458 p = strchr(*env, '=');
459 if (!p) { /* malformed entry? */
460 continue;
461 }
462 nlen = p - *env;
463 if (nlen >= alloc_size) {
464 alloc_size = nlen + 64;
465 t = (t == buf ? emalloc(alloc_size): erealloc(t, alloc_size));
466 }
467 memcpy(t, *env, nlen);
468 t[nlen] = '\0';
469 php_register_variable(t, p + 1, array_ptr TSRMLS_CC);
470 }
471 if (t != buf && t != NULL) {
472 efree(t);
473 }
474
475 if (magic_quotes_gpc) {
476 zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
477 }
478 }
479
php_std_auto_global_callback(char * name,uint name_len TSRMLS_DC)480 zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
481 {
482 zend_printf("%s\n", name);
483 return 0; /* don't rearm */
484 }
485
486 /* {{{ php_build_argv
487 */
php_build_argv(char * s,zval * track_vars_array TSRMLS_DC)488 static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC)
489 {
490 zval *arr, *argc, *tmp;
491 int count = 0;
492 char *ss, *space;
493
494 if (!(PG(register_globals) || SG(request_info).argc || track_vars_array)) {
495 return;
496 }
497
498 ALLOC_INIT_ZVAL(arr);
499 array_init(arr);
500
501 /* Prepare argv */
502 if (SG(request_info).argc) { /* are we in cli sapi? */
503 int i;
504 for (i = 0; i < SG(request_info).argc; i++) {
505 ALLOC_ZVAL(tmp);
506 Z_TYPE_P(tmp) = IS_STRING;
507 Z_STRLEN_P(tmp) = strlen(SG(request_info).argv[i]);
508 Z_STRVAL_P(tmp) = estrndup(SG(request_info).argv[i], Z_STRLEN_P(tmp));
509 INIT_PZVAL(tmp);
510 if (zend_hash_next_index_insert(Z_ARRVAL_P(arr), &tmp, sizeof(zval *), NULL) == FAILURE) {
511 if (Z_TYPE_P(tmp) == IS_STRING) {
512 efree(Z_STRVAL_P(tmp));
513 }
514 }
515 }
516 } else if (s && *s) {
517 ss = s;
518 while (ss) {
519 space = strchr(ss, '+');
520 if (space) {
521 *space = '\0';
522 }
523 /* auto-type */
524 ALLOC_ZVAL(tmp);
525 Z_TYPE_P(tmp) = IS_STRING;
526 Z_STRLEN_P(tmp) = strlen(ss);
527 Z_STRVAL_P(tmp) = estrndup(ss, Z_STRLEN_P(tmp));
528 INIT_PZVAL(tmp);
529 count++;
530 if (zend_hash_next_index_insert(Z_ARRVAL_P(arr), &tmp, sizeof(zval *), NULL) == FAILURE) {
531 if (Z_TYPE_P(tmp) == IS_STRING) {
532 efree(Z_STRVAL_P(tmp));
533 }
534 }
535 if (space) {
536 *space = '+';
537 ss = space + 1;
538 } else {
539 ss = space;
540 }
541 }
542 }
543
544 /* prepare argc */
545 ALLOC_INIT_ZVAL(argc);
546 if (SG(request_info).argc) {
547 Z_LVAL_P(argc) = SG(request_info).argc;
548 } else {
549 Z_LVAL_P(argc) = count;
550 }
551 Z_TYPE_P(argc) = IS_LONG;
552
553 if (PG(register_globals) || SG(request_info).argc) {
554 Z_ADDREF_P(arr);
555 Z_ADDREF_P(argc);
556 zend_hash_update(&EG(symbol_table), "argv", sizeof("argv"), &arr, sizeof(zval *), NULL);
557 zend_hash_add(&EG(symbol_table), "argc", sizeof("argc"), &argc, sizeof(zval *), NULL);
558 }
559 if (track_vars_array) {
560 Z_ADDREF_P(arr);
561 Z_ADDREF_P(argc);
562 zend_hash_update(Z_ARRVAL_P(track_vars_array), "argv", sizeof("argv"), &arr, sizeof(zval *), NULL);
563 zend_hash_update(Z_ARRVAL_P(track_vars_array), "argc", sizeof("argc"), &argc, sizeof(zval *), NULL);
564 }
565 zval_ptr_dtor(&arr);
566 zval_ptr_dtor(&argc);
567 }
568 /* }}} */
569
570 /* {{{ php_handle_special_queries
571 */
php_handle_special_queries(TSRMLS_D)572 PHPAPI int php_handle_special_queries(TSRMLS_D)
573 {
574 if (PG(expose_php) && SG(request_info).query_string && SG(request_info).query_string[0] == '=') {
575 if (php_info_logos(SG(request_info).query_string + 1 TSRMLS_CC)) {
576 return 1;
577 } else if (!strcmp(SG(request_info).query_string + 1, PHP_CREDITS_GUID)) {
578 php_print_credits(PHP_CREDITS_ALL TSRMLS_CC);
579 return 1;
580 }
581 }
582 return 0;
583 }
584 /* }}} */
585
586 /* {{{ php_register_server_variables
587 */
php_register_server_variables(TSRMLS_D)588 static inline void php_register_server_variables(TSRMLS_D)
589 {
590 zval *array_ptr = NULL;
591 /* turn off magic_quotes while importing server variables */
592 int magic_quotes_gpc = PG(magic_quotes_gpc);
593
594 ALLOC_ZVAL(array_ptr);
595 array_init(array_ptr);
596 INIT_PZVAL(array_ptr);
597 if (PG(http_globals)[TRACK_VARS_SERVER]) {
598 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
599 }
600 PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
601 if (magic_quotes_gpc) {
602 zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "0", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
603 }
604
605 /* Server variables */
606 if (sapi_module.register_server_variables) {
607 sapi_module.register_server_variables(array_ptr TSRMLS_CC);
608 }
609
610 /* PHP Authentication support */
611 if (SG(request_info).auth_user) {
612 php_register_variable("PHP_AUTH_USER", SG(request_info).auth_user, array_ptr TSRMLS_CC);
613 }
614 if (SG(request_info).auth_password) {
615 php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password, array_ptr TSRMLS_CC);
616 }
617 if (SG(request_info).auth_digest) {
618 php_register_variable("PHP_AUTH_DIGEST", SG(request_info).auth_digest, array_ptr TSRMLS_CC);
619 }
620 /* store request init time */
621 {
622 zval new_entry;
623 Z_TYPE(new_entry) = IS_LONG;
624 Z_LVAL(new_entry) = sapi_get_request_time(TSRMLS_C);
625 php_register_variable_ex("REQUEST_TIME", &new_entry, array_ptr TSRMLS_CC);
626 }
627
628 if (magic_quotes_gpc) {
629 zend_alter_ini_entry_ex("magic_quotes_gpc", sizeof("magic_quotes_gpc"), "1", 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1 TSRMLS_CC);
630 }
631 }
632 /* }}} */
633
634 /* {{{ php_autoglobal_merge
635 */
php_autoglobal_merge(HashTable * dest,HashTable * src TSRMLS_DC)636 static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
637 {
638 zval **src_entry, **dest_entry;
639 char *string_key;
640 uint string_key_len;
641 ulong num_key;
642 HashPosition pos;
643 int key_type;
644 int globals_check = (PG(register_globals) && (dest == (&EG(symbol_table))));
645
646 zend_hash_internal_pointer_reset_ex(src, &pos);
647 while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
648 key_type = zend_hash_get_current_key_ex(src, &string_key, &string_key_len, &num_key, 0, &pos);
649 if (Z_TYPE_PP(src_entry) != IS_ARRAY
650 || (key_type == HASH_KEY_IS_STRING && zend_hash_find(dest, string_key, string_key_len, (void **) &dest_entry) != SUCCESS)
651 || (key_type == HASH_KEY_IS_LONG && zend_hash_index_find(dest, num_key, (void **)&dest_entry) != SUCCESS)
652 || Z_TYPE_PP(dest_entry) != IS_ARRAY
653 ) {
654 Z_ADDREF_PP(src_entry);
655 if (key_type == HASH_KEY_IS_STRING) {
656 /* if register_globals is on and working with main symbol table, prevent overwriting of GLOBALS */
657 if (!globals_check || string_key_len != sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
658 zend_hash_update(dest, string_key, string_key_len, src_entry, sizeof(zval *), NULL);
659 } else {
660 Z_DELREF_PP(src_entry);
661 }
662 } else {
663 zend_hash_index_update(dest, num_key, src_entry, sizeof(zval *), NULL);
664 }
665 } else {
666 SEPARATE_ZVAL(dest_entry);
667 php_autoglobal_merge(Z_ARRVAL_PP(dest_entry), Z_ARRVAL_PP(src_entry) TSRMLS_CC);
668 }
669 zend_hash_move_forward_ex(src, &pos);
670 }
671 }
672 /* }}} */
673
674 static zend_bool php_auto_globals_create_server(char *name, uint name_len TSRMLS_DC);
675 static zend_bool php_auto_globals_create_env(char *name, uint name_len TSRMLS_DC);
676 static zend_bool php_auto_globals_create_request(char *name, uint name_len TSRMLS_DC);
677
678 /* {{{ php_hash_environment
679 */
php_hash_environment(TSRMLS_D)680 int php_hash_environment(TSRMLS_D)
681 {
682 char *p;
683 unsigned char _gpc_flags[5] = {0, 0, 0, 0, 0};
684 zend_bool jit_initialization = (PG(auto_globals_jit) && !PG(register_globals) && !PG(register_long_arrays));
685 struct auto_global_record {
686 char *name;
687 uint name_len;
688 char *long_name;
689 uint long_name_len;
690 zend_bool jit_initialization;
691 } auto_global_records[] = {
692 { "_POST", sizeof("_POST"), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), 0 },
693 { "_GET", sizeof("_GET"), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), 0 },
694 { "_COOKIE", sizeof("_COOKIE"), "HTTP_COOKIE_VARS", sizeof("HTTP_COOKIE_VARS"), 0 },
695 { "_SERVER", sizeof("_SERVER"), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), 1 },
696 { "_ENV", sizeof("_ENV"), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), 1 },
697 { "_FILES", sizeof("_FILES"), "HTTP_POST_FILES", sizeof("HTTP_POST_FILES"), 0 },
698 };
699 size_t num_track_vars = sizeof(auto_global_records)/sizeof(struct auto_global_record);
700 size_t i;
701
702 /* jit_initialization = 0; */
703 for (i=0; i<num_track_vars; i++) {
704 PG(http_globals)[i] = NULL;
705 }
706
707 for (p=PG(variables_order); p && *p; p++) {
708 switch(*p) {
709 case 'p':
710 case 'P':
711 if (!_gpc_flags[0] && !SG(headers_sent) && SG(request_info).request_method && !strcasecmp(SG(request_info).request_method, "POST")) {
712 sapi_module.treat_data(PARSE_POST, NULL, NULL TSRMLS_CC); /* POST Data */
713 _gpc_flags[0] = 1;
714 if (PG(register_globals)) {
715 php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
716 }
717 }
718 break;
719 case 'c':
720 case 'C':
721 if (!_gpc_flags[1]) {
722 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL TSRMLS_CC); /* Cookie Data */
723 _gpc_flags[1] = 1;
724 if (PG(register_globals)) {
725 php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
726 }
727 }
728 break;
729 case 'g':
730 case 'G':
731 if (!_gpc_flags[2]) {
732 sapi_module.treat_data(PARSE_GET, NULL, NULL TSRMLS_CC); /* GET Data */
733 _gpc_flags[2] = 1;
734 if (PG(register_globals)) {
735 php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
736 }
737 }
738 break;
739 case 'e':
740 case 'E':
741 if (!jit_initialization && !_gpc_flags[3]) {
742 zend_auto_global_disable_jit("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
743 php_auto_globals_create_env("_ENV", sizeof("_ENV")-1 TSRMLS_CC);
744 _gpc_flags[3] = 1;
745 if (PG(register_globals)) {
746 php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC);
747 }
748 }
749 break;
750 case 's':
751 case 'S':
752 if (!jit_initialization && !_gpc_flags[4]) {
753 zend_auto_global_disable_jit("_SERVER", sizeof("_SERVER")-1 TSRMLS_CC);
754 php_register_server_variables(TSRMLS_C);
755 _gpc_flags[4] = 1;
756 if (PG(register_globals)) {
757 php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]) TSRMLS_CC);
758 }
759 }
760 break;
761 }
762 }
763
764 /* argv/argc support */
765 if (PG(register_argc_argv)) {
766 php_build_argv(SG(request_info).query_string, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
767 }
768
769 for (i=0; i<num_track_vars; i++) {
770 if (jit_initialization && auto_global_records[i].jit_initialization) {
771 continue;
772 }
773 if (!PG(http_globals)[i]) {
774 ALLOC_ZVAL(PG(http_globals)[i]);
775 array_init(PG(http_globals)[i]);
776 INIT_PZVAL(PG(http_globals)[i]);
777 }
778
779 Z_ADDREF_P(PG(http_globals)[i]);
780 zend_hash_update(&EG(symbol_table), auto_global_records[i].name, auto_global_records[i].name_len, &PG(http_globals)[i], sizeof(zval *), NULL);
781 if (PG(register_long_arrays)) {
782 zend_hash_update(&EG(symbol_table), auto_global_records[i].long_name, auto_global_records[i].long_name_len, &PG(http_globals)[i], sizeof(zval *), NULL);
783 Z_ADDREF_P(PG(http_globals)[i]);
784 }
785 }
786
787 /* Create _REQUEST */
788 if (!jit_initialization) {
789 zend_auto_global_disable_jit("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
790 php_auto_globals_create_request("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
791 }
792
793 return SUCCESS;
794 }
795 /* }}} */
796
php_auto_globals_create_server(char * name,uint name_len TSRMLS_DC)797 static zend_bool php_auto_globals_create_server(char *name, uint name_len TSRMLS_DC)
798 {
799 if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
800 php_register_server_variables(TSRMLS_C);
801
802 if (PG(register_argc_argv)) {
803 if (SG(request_info).argc) {
804 zval **argc, **argv;
805
806 if (zend_hash_find(&EG(symbol_table), "argc", sizeof("argc"), (void**)&argc) == SUCCESS &&
807 zend_hash_find(&EG(symbol_table), "argv", sizeof("argv"), (void**)&argv) == SUCCESS) {
808 Z_ADDREF_PP(argc);
809 Z_ADDREF_PP(argv);
810 zend_hash_update(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "argv", sizeof("argv"), argv, sizeof(zval *), NULL);
811 zend_hash_update(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "argc", sizeof("argc"), argc, sizeof(zval *), NULL);
812 }
813 } else {
814 php_build_argv(SG(request_info).query_string, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
815 }
816 }
817
818 } else {
819 zval *server_vars=NULL;
820 ALLOC_ZVAL(server_vars);
821 array_init(server_vars);
822 INIT_PZVAL(server_vars);
823 if (PG(http_globals)[TRACK_VARS_SERVER]) {
824 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
825 }
826 PG(http_globals)[TRACK_VARS_SERVER] = server_vars;
827 }
828
829 zend_hash_update(&EG(symbol_table), name, name_len + 1, &PG(http_globals)[TRACK_VARS_SERVER], sizeof(zval *), NULL);
830 Z_ADDREF_P(PG(http_globals)[TRACK_VARS_SERVER]);
831
832 if (PG(register_long_arrays)) {
833 zend_hash_update(&EG(symbol_table), "HTTP_SERVER_VARS", sizeof("HTTP_SERVER_VARS"), &PG(http_globals)[TRACK_VARS_SERVER], sizeof(zval *), NULL);
834 Z_ADDREF_P(PG(http_globals)[TRACK_VARS_SERVER]);
835 }
836
837 return 0; /* don't rearm */
838 }
839
php_auto_globals_create_env(char * name,uint name_len TSRMLS_DC)840 static zend_bool php_auto_globals_create_env(char *name, uint name_len TSRMLS_DC)
841 {
842 zval *env_vars = NULL;
843 ALLOC_ZVAL(env_vars);
844 array_init(env_vars);
845 INIT_PZVAL(env_vars);
846 if (PG(http_globals)[TRACK_VARS_ENV]) {
847 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_ENV]);
848 }
849 PG(http_globals)[TRACK_VARS_ENV] = env_vars;
850
851 if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) {
852 php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC);
853 }
854
855 zend_hash_update(&EG(symbol_table), name, name_len + 1, &PG(http_globals)[TRACK_VARS_ENV], sizeof(zval *), NULL);
856 Z_ADDREF_P(PG(http_globals)[TRACK_VARS_ENV]);
857
858 if (PG(register_long_arrays)) {
859 zend_hash_update(&EG(symbol_table), "HTTP_ENV_VARS", sizeof("HTTP_ENV_VARS"), &PG(http_globals)[TRACK_VARS_ENV], sizeof(zval *), NULL);
860 Z_ADDREF_P(PG(http_globals)[TRACK_VARS_ENV]);
861 }
862
863 return 0; /* don't rearm */
864 }
865
php_auto_globals_create_request(char * name,uint name_len TSRMLS_DC)866 static zend_bool php_auto_globals_create_request(char *name, uint name_len TSRMLS_DC)
867 {
868 zval *form_variables;
869 unsigned char _gpc_flags[3] = {0, 0, 0};
870 char *p;
871
872 ALLOC_ZVAL(form_variables);
873 array_init(form_variables);
874 INIT_PZVAL(form_variables);
875
876 if(PG(request_order) != NULL) {
877 p = PG(request_order);
878 } else {
879 p = PG(variables_order);
880 }
881
882 for (; p && *p; p++) {
883 switch (*p) {
884 case 'g':
885 case 'G':
886 if (!_gpc_flags[0]) {
887 php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
888 _gpc_flags[0] = 1;
889 }
890 break;
891 case 'p':
892 case 'P':
893 if (!_gpc_flags[1]) {
894 php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
895 _gpc_flags[1] = 1;
896 }
897 break;
898 case 'c':
899 case 'C':
900 if (!_gpc_flags[2]) {
901 php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
902 _gpc_flags[2] = 1;
903 }
904 break;
905 }
906 }
907
908 zend_hash_update(&EG(symbol_table), "_REQUEST", sizeof("_REQUEST"), &form_variables, sizeof(zval *), NULL);
909 return 0;
910 }
911
php_startup_auto_globals(TSRMLS_D)912 void php_startup_auto_globals(TSRMLS_D)
913 {
914 zend_register_auto_global("_GET", sizeof("_GET")-1, NULL TSRMLS_CC);
915 zend_register_auto_global("_POST", sizeof("_POST")-1, NULL TSRMLS_CC);
916 zend_register_auto_global("_COOKIE", sizeof("_COOKIE")-1, NULL TSRMLS_CC);
917 zend_register_auto_global("_SERVER", sizeof("_SERVER")-1, php_auto_globals_create_server TSRMLS_CC);
918 zend_register_auto_global("_ENV", sizeof("_ENV")-1, php_auto_globals_create_env TSRMLS_CC);
919 zend_register_auto_global("_REQUEST", sizeof("_REQUEST")-1, php_auto_globals_create_request TSRMLS_CC);
920 zend_register_auto_global("_FILES", sizeof("_FILES")-1, NULL TSRMLS_CC);
921 }
922
923 /*
924 * Local variables:
925 * tab-width: 4
926 * c-basic-offset: 4
927 * End:
928 * vim600: sw=4 ts=4 fdm=marker
929 * vim<600: sw=4 ts=4
930 */
931
