1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 5 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2016 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
16 | Zeev Suraski <zeev@zend.com> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* $Id$ */
21
22 #include <stdio.h>
23 #include "php.h"
24 #include "ext/standard/php_standard.h"
25 #include "ext/standard/credits.h"
26 #include "ext/standard/php_smart_str.h"
27 #include "php_variables.h"
28 #include "php_globals.h"
29 #include "php_content_types.h"
30 #include "SAPI.h"
31 #include "zend_globals.h"
32 #ifdef PHP_WIN32
33 # include "win32/php_inttypes.h"
34 #endif
35
36 /* for systems that need to override reading of environment variables */
37 void _php_import_environment_variables(zval *array_ptr TSRMLS_DC);
38 PHPAPI void (*php_import_environment_variables)(zval *array_ptr TSRMLS_DC) = _php_import_environment_variables;
39
php_register_variable(char * var,char * strval,zval * track_vars_array TSRMLS_DC)40 PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array TSRMLS_DC)
41 {
42 php_register_variable_safe(var, strval, strlen(strval), track_vars_array TSRMLS_CC);
43 }
44
45 /* binary-safe version */
php_register_variable_safe(char * var,char * strval,int str_len,zval * track_vars_array TSRMLS_DC)46 PHPAPI void php_register_variable_safe(char *var, char *strval, int str_len, zval *track_vars_array TSRMLS_DC)
47 {
48 zval new_entry;
49 assert(strval != NULL);
50
51 /* Prepare value */
52 Z_STRLEN(new_entry) = str_len;
53 Z_STRVAL(new_entry) = estrndup(strval, Z_STRLEN(new_entry));
54 Z_TYPE(new_entry) = IS_STRING;
55
56 php_register_variable_ex(var, &new_entry, track_vars_array TSRMLS_CC);
57 }
58
php_register_variable_ex(char * var_name,zval * val,zval * track_vars_array TSRMLS_DC)59 PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array TSRMLS_DC)
60 {
61 char *p = NULL;
62 char *ip = NULL; /* index pointer */
63 char *index;
64 char *var, *var_orig;
65 int var_len, index_len;
66 zval *gpc_element, **gpc_element_p;
67 zend_bool is_array = 0;
68 HashTable *symtable1 = NULL;
69 ALLOCA_FLAG(use_heap)
70
71 assert(var_name != NULL);
72
73 if (track_vars_array) {
74 symtable1 = Z_ARRVAL_P(track_vars_array);
75 }
76
77 if (!symtable1) {
78 /* Nothing to do */
79 zval_dtor(val);
80 return;
81 }
82
83
84 /* ignore leading spaces in the variable name */
85 while (*var_name && *var_name==' ') {
86 var_name++;
87 }
88
89 /*
90 * Prepare variable name
91 */
92 var_len = strlen(var_name);
93 var = var_orig = do_alloca(var_len + 1, use_heap);
94 memcpy(var_orig, var_name, var_len + 1);
95
96 /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
97 for (p = var; *p; p++) {
98 if (*p == ' ' || *p == '.') {
99 *p='_';
100 } else if (*p == '[') {
101 is_array = 1;
102 ip = p;
103 *p = 0;
104 break;
105 }
106 }
107 var_len = p - var;
108
109 if (var_len==0) { /* empty variable name, or variable name with a space in it */
110 zval_dtor(val);
111 free_alloca(var_orig, use_heap);
112 return;
113 }
114
115 /* GLOBALS hijack attempt, reject parameter */
116 if (symtable1 == EG(active_symbol_table) &&
117 var_len == sizeof("GLOBALS")-1 &&
118 !memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
119 zval_dtor(val);
120 free_alloca(var_orig, use_heap);
121 return;
122 }
123
124 index = var;
125 index_len = var_len;
126
127 if (is_array) {
128 int nest_level = 0;
129 while (1) {
130 char *index_s;
131 int new_idx_len = 0;
132
133 if(++nest_level > PG(max_input_nesting_level)) {
134 HashTable *ht;
135 /* too many levels of nesting */
136
137 if (track_vars_array) {
138 ht = Z_ARRVAL_P(track_vars_array);
139 zend_symtable_del(ht, var, var_len + 1);
140 }
141
142 zval_dtor(val);
143
144 /* do not output the error message to the screen,
145 this helps us to to avoid "information disclosure" */
146 if (!PG(display_errors)) {
147 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variable nesting level exceeded %ld. To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
148 }
149 free_alloca(var_orig, use_heap);
150 return;
151 }
152
153 ip++;
154 index_s = ip;
155 if (isspace(*ip)) {
156 ip++;
157 }
158 if (*ip==']') {
159 index_s = NULL;
160 } else {
161 ip = strchr(ip, ']');
162 if (!ip) {
163 /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */
164 *(index_s - 1) = '_';
165
166 index_len = 0;
167 if (index) {
168 index_len = strlen(index);
169 }
170 goto plain_var;
171 return;
172 }
173 *ip = 0;
174 new_idx_len = strlen(index_s);
175 }
176
177 if (!index) {
178 MAKE_STD_ZVAL(gpc_element);
179 array_init(gpc_element);
180 if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
181 zval_ptr_dtor(&gpc_element);
182 zval_dtor(val);
183 free_alloca(var_orig, use_heap);
184 return;
185 }
186 } else {
187 if (zend_symtable_find(symtable1, index, index_len + 1, (void **) &gpc_element_p) == FAILURE
188 || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
189 MAKE_STD_ZVAL(gpc_element);
190 array_init(gpc_element);
191 zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
192 }
193 }
194 symtable1 = Z_ARRVAL_PP(gpc_element_p);
195 /* ip pointed to the '[' character, now obtain the key */
196 index = index_s;
197 index_len = new_idx_len;
198
199 ip++;
200 if (*ip == '[') {
201 is_array = 1;
202 *ip = 0;
203 } else {
204 goto plain_var;
205 }
206 }
207 } else {
208 plain_var:
209 MAKE_STD_ZVAL(gpc_element);
210 gpc_element->value = val->value;
211 Z_TYPE_P(gpc_element) = Z_TYPE_P(val);
212 if (!index) {
213 if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) {
214 zval_ptr_dtor(&gpc_element);
215 }
216 } else {
217 /*
218 * According to rfc2965, more specific paths are listed above the less specific ones.
219 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
220 * to have the same (plain text) cookie name for the same path and we should not overwrite
221 * more specific cookies with the less specific ones.
222 */
223 if (PG(http_globals)[TRACK_VARS_COOKIE] &&
224 symtable1 == Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) &&
225 zend_symtable_exists(symtable1, index, index_len + 1)) {
226 zval_ptr_dtor(&gpc_element);
227 } else {
228 zend_symtable_update(symtable1, index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
229 }
230 }
231 }
232 free_alloca(var_orig, use_heap);
233 }
234
235 typedef struct post_var_data {
236 smart_str str;
237 char *ptr;
238 char *end;
239 uint64_t cnt;
240
241 /* Bytes in ptr that have already been scanned for '&' */
242 size_t already_scanned;
243 } post_var_data_t;
244
add_post_var(zval * arr,post_var_data_t * var,zend_bool eof TSRMLS_DC)245 static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSRMLS_DC)
246 {
247 char *start, *ksep, *vsep, *val;
248 size_t klen, vlen;
249 /* FIXME: string-size_t */
250 unsigned int new_vlen;
251
252 if (var->ptr >= var->end) {
253 return 0;
254 }
255
256 start = var->ptr + var->already_scanned;
257 vsep = memchr(start, '&', var->end - start);
258 if (!vsep) {
259 if (!eof) {
260 var->already_scanned = var->end - var->ptr;
261 return 0;
262 } else {
263 vsep = var->end;
264 }
265 }
266
267 ksep = memchr(var->ptr, '=', vsep - var->ptr);
268 if (ksep) {
269 *ksep = '\0';
270 /* "foo=bar&" or "foo=&" */
271 klen = ksep - var->ptr;
272 vlen = vsep - ++ksep;
273 } else {
274 ksep = "";
275 /* "foo&" */
276 klen = vsep - var->ptr;
277 vlen = 0;
278 }
279
280 php_url_decode(var->ptr, klen);
281
282 val = estrndup(ksep, vlen);
283 if (vlen) {
284 vlen = php_url_decode(val, vlen);
285 }
286
287 if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen TSRMLS_CC)) {
288 php_register_variable_safe(var->ptr, val, new_vlen, arr TSRMLS_CC);
289 }
290 efree(val);
291
292 var->ptr = vsep + (vsep != var->end);
293 var->already_scanned = 0;
294 return 1;
295 }
296
add_post_vars(zval * arr,post_var_data_t * vars,zend_bool eof TSRMLS_DC)297 static inline int add_post_vars(zval *arr, post_var_data_t *vars, zend_bool eof TSRMLS_DC)
298 {
299 uint64_t max_vars = PG(max_input_vars);
300
301 vars->ptr = vars->str.c;
302 vars->end = vars->str.c + vars->str.len;
303 while (add_post_var(arr, vars, eof TSRMLS_CC)) {
304 if (++vars->cnt > max_vars) {
305 php_error_docref(NULL TSRMLS_CC, E_WARNING,
306 "Input variables exceeded %" PRIu64 ". "
307 "To increase the limit change max_input_vars in php.ini.",
308 max_vars);
309 return FAILURE;
310 }
311 }
312
313 if (!eof && vars->str.c != vars->ptr) {
314 memmove(vars->str.c, vars->ptr, vars->str.len = vars->end - vars->ptr);
315 }
316 return SUCCESS;
317 }
318
319 #ifdef PHP_WIN32
320 #define SAPI_POST_HANDLER_BUFSIZ 16384
321 #else
322 # define SAPI_POST_HANDLER_BUFSIZ BUFSIZ
323 #endif
SAPI_POST_HANDLER_FUNC(php_std_post_handler)324 SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
325 {
326 zval *arr = (zval *) arg;
327 php_stream *s = SG(request_info).request_body;
328 post_var_data_t post_data;
329
330 if (s && SUCCESS == php_stream_rewind(s)) {
331 memset(&post_data, 0, sizeof(post_data));
332
333 while (!php_stream_eof(s)) {
334 char buf[SAPI_POST_HANDLER_BUFSIZ] = {0};
335 size_t len = php_stream_read(s, buf, SAPI_POST_HANDLER_BUFSIZ);
336
337 if (len && len != (size_t) -1) {
338 smart_str_appendl(&post_data.str, buf, len);
339
340 if (SUCCESS != add_post_vars(arr, &post_data, 0 TSRMLS_CC)) {
341 if (post_data.str.c) {
342 efree(post_data.str.c);
343 }
344 return;
345 }
346 }
347
348 if (len != SAPI_POST_HANDLER_BUFSIZ){
349 break;
350 }
351 }
352
353 add_post_vars(arr, &post_data, 1 TSRMLS_CC);
354 if (post_data.str.c) {
355 efree(post_data.str.c);
356 }
357 }
358 }
359 #undef SAPI_POST_HANDLER_BUFSIZ
360
SAPI_INPUT_FILTER_FUNC(php_default_input_filter)361 SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
362 {
363 /* TODO: check .ini setting here and apply user-defined input filter */
364 if(new_val_len) *new_val_len = val_len;
365 return 1;
366 }
367
SAPI_TREAT_DATA_FUNC(php_default_treat_data)368 SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
369 {
370 char *res = NULL, *var, *val, *separator = NULL;
371 const char *c_var;
372 zval *array_ptr;
373 int free_buffer = 0;
374 char *strtok_buf = NULL;
375 long count = 0;
376
377 switch (arg) {
378 case PARSE_POST:
379 case PARSE_GET:
380 case PARSE_COOKIE:
381 ALLOC_ZVAL(array_ptr);
382 array_init(array_ptr);
383 INIT_PZVAL(array_ptr);
384 switch (arg) {
385 case PARSE_POST:
386 if (PG(http_globals)[TRACK_VARS_POST]) {
387 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
388 }
389 PG(http_globals)[TRACK_VARS_POST] = array_ptr;
390 break;
391 case PARSE_GET:
392 if (PG(http_globals)[TRACK_VARS_GET]) {
393 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
394 }
395 PG(http_globals)[TRACK_VARS_GET] = array_ptr;
396 break;
397 case PARSE_COOKIE:
398 if (PG(http_globals)[TRACK_VARS_COOKIE]) {
399 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
400 }
401 PG(http_globals)[TRACK_VARS_COOKIE] = array_ptr;
402 break;
403 }
404 break;
405 default:
406 array_ptr = destArray;
407 break;
408 }
409
410 if (arg == PARSE_POST) {
411 sapi_handle_post(array_ptr TSRMLS_CC);
412 return;
413 }
414
415 if (arg == PARSE_GET) { /* GET data */
416 c_var = SG(request_info).query_string;
417 if (c_var && *c_var) {
418 res = (char *) estrdup(c_var);
419 free_buffer = 1;
420 } else {
421 free_buffer = 0;
422 }
423 } else if (arg == PARSE_COOKIE) { /* Cookie data */
424 c_var = SG(request_info).cookie_data;
425 if (c_var && *c_var) {
426 res = (char *) estrdup(c_var);
427 free_buffer = 1;
428 } else {
429 free_buffer = 0;
430 }
431 } else if (arg == PARSE_STRING) { /* String data */
432 res = str;
433 free_buffer = 1;
434 }
435
436 if (!res) {
437 return;
438 }
439
440 switch (arg) {
441 case PARSE_GET:
442 case PARSE_STRING:
443 separator = (char *) estrdup(PG(arg_separator).input);
444 break;
445 case PARSE_COOKIE:
446 separator = ";\0";
447 break;
448 }
449
450 var = php_strtok_r(res, separator, &strtok_buf);
451
452 while (var) {
453 val = strchr(var, '=');
454
455 if (arg == PARSE_COOKIE) {
456 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
457 while (isspace(*var)) {
458 var++;
459 }
460 if (var == val || *var == '\0') {
461 goto next_cookie;
462 }
463 }
464
465 if (++count > PG(max_input_vars)) {
466 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
467 break;
468 }
469
470 if (val) { /* have a value */
471 int val_len;
472 unsigned int new_val_len;
473
474 *val++ = '\0';
475 php_url_decode(var, strlen(var));
476 val_len = php_url_decode(val, strlen(val));
477 val = estrndup(val, val_len);
478 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
479 php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
480 }
481 efree(val);
482 } else {
483 int val_len;
484 unsigned int new_val_len;
485
486 php_url_decode(var, strlen(var));
487 val_len = 0;
488 val = estrndup("", val_len);
489 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len TSRMLS_CC)) {
490 php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
491 }
492 efree(val);
493 }
494 next_cookie:
495 var = php_strtok_r(NULL, separator, &strtok_buf);
496 }
497
498 if (arg != PARSE_COOKIE) {
499 efree(separator);
500 }
501
502 if (free_buffer) {
503 efree(res);
504 }
505 }
506
_php_import_environment_variables(zval * array_ptr TSRMLS_DC)507 void _php_import_environment_variables(zval *array_ptr TSRMLS_DC)
508 {
509 char buf[128];
510 char **env, *p, *t = buf;
511 size_t alloc_size = sizeof(buf);
512 unsigned long nlen; /* ptrdiff_t is not portable */
513
514 for (env = environ; env != NULL && *env != NULL; env++) {
515 p = strchr(*env, '=');
516 if (!p) { /* malformed entry? */
517 continue;
518 }
519 nlen = p - *env;
520 if (nlen >= alloc_size) {
521 alloc_size = nlen + 64;
522 t = (t == buf ? emalloc(alloc_size): erealloc(t, alloc_size));
523 }
524 memcpy(t, *env, nlen);
525 t[nlen] = '\0';
526 php_register_variable(t, p + 1, array_ptr TSRMLS_CC);
527 }
528 if (t != buf && t != NULL) {
529 efree(t);
530 }
531 }
532
php_std_auto_global_callback(char * name,uint name_len TSRMLS_DC)533 zend_bool php_std_auto_global_callback(char *name, uint name_len TSRMLS_DC)
534 {
535 zend_printf("%s\n", name);
536 return 0; /* don't rearm */
537 }
538
539 /* {{{ php_build_argv
540 */
php_build_argv(char * s,zval * track_vars_array TSRMLS_DC)541 static void php_build_argv(char *s, zval *track_vars_array TSRMLS_DC)
542 {
543 zval *arr, *argc, *tmp;
544 int count = 0;
545 char *ss, *space;
546
547 if (!(SG(request_info).argc || track_vars_array)) {
548 return;
549 }
550
551 ALLOC_INIT_ZVAL(arr);
552 array_init(arr);
553
554 /* Prepare argv */
555 if (SG(request_info).argc) { /* are we in cli sapi? */
556 int i;
557 for (i = 0; i < SG(request_info).argc; i++) {
558 ALLOC_ZVAL(tmp);
559 Z_TYPE_P(tmp) = IS_STRING;
560 Z_STRLEN_P(tmp) = strlen(SG(request_info).argv[i]);
561 Z_STRVAL_P(tmp) = estrndup(SG(request_info).argv[i], Z_STRLEN_P(tmp));
562 INIT_PZVAL(tmp);
563 if (zend_hash_next_index_insert(Z_ARRVAL_P(arr), &tmp, sizeof(zval *), NULL) == FAILURE) {
564 if (Z_TYPE_P(tmp) == IS_STRING) {
565 efree(Z_STRVAL_P(tmp));
566 }
567 }
568 }
569 } else if (s && *s) {
570 ss = s;
571 while (ss) {
572 space = strchr(ss, '+');
573 if (space) {
574 *space = '\0';
575 }
576 /* auto-type */
577 ALLOC_ZVAL(tmp);
578 Z_TYPE_P(tmp) = IS_STRING;
579 Z_STRLEN_P(tmp) = strlen(ss);
580 Z_STRVAL_P(tmp) = estrndup(ss, Z_STRLEN_P(tmp));
581 INIT_PZVAL(tmp);
582 count++;
583 if (zend_hash_next_index_insert(Z_ARRVAL_P(arr), &tmp, sizeof(zval *), NULL) == FAILURE) {
584 if (Z_TYPE_P(tmp) == IS_STRING) {
585 efree(Z_STRVAL_P(tmp));
586 }
587 }
588 if (space) {
589 *space = '+';
590 ss = space + 1;
591 } else {
592 ss = space;
593 }
594 }
595 }
596
597 /* prepare argc */
598 ALLOC_INIT_ZVAL(argc);
599 if (SG(request_info).argc) {
600 Z_LVAL_P(argc) = SG(request_info).argc;
601 } else {
602 Z_LVAL_P(argc) = count;
603 }
604 Z_TYPE_P(argc) = IS_LONG;
605
606 if (SG(request_info).argc) {
607 Z_ADDREF_P(arr);
608 Z_ADDREF_P(argc);
609 zend_hash_update(&EG(symbol_table), "argv", sizeof("argv"), &arr, sizeof(zval *), NULL);
610 zend_hash_update(&EG(symbol_table), "argc", sizeof("argc"), &argc, sizeof(zval *), NULL);
611 }
612 if (track_vars_array) {
613 Z_ADDREF_P(arr);
614 Z_ADDREF_P(argc);
615 zend_hash_update(Z_ARRVAL_P(track_vars_array), "argv", sizeof("argv"), &arr, sizeof(zval *), NULL);
616 zend_hash_update(Z_ARRVAL_P(track_vars_array), "argc", sizeof("argc"), &argc, sizeof(zval *), NULL);
617 }
618 zval_ptr_dtor(&arr);
619 zval_ptr_dtor(&argc);
620 }
621 /* }}} */
622
623 /* {{{ php_register_server_variables
624 */
php_register_server_variables(TSRMLS_D)625 static inline void php_register_server_variables(TSRMLS_D)
626 {
627 zval *array_ptr = NULL;
628
629 ALLOC_ZVAL(array_ptr);
630 array_init(array_ptr);
631 INIT_PZVAL(array_ptr);
632 if (PG(http_globals)[TRACK_VARS_SERVER]) {
633 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
634 }
635 PG(http_globals)[TRACK_VARS_SERVER] = array_ptr;
636
637 /* Server variables */
638 if (sapi_module.register_server_variables) {
639 sapi_module.register_server_variables(array_ptr TSRMLS_CC);
640 }
641
642 /* PHP Authentication support */
643 if (SG(request_info).auth_user) {
644 php_register_variable("PHP_AUTH_USER", SG(request_info).auth_user, array_ptr TSRMLS_CC);
645 }
646 if (SG(request_info).auth_password) {
647 php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password, array_ptr TSRMLS_CC);
648 }
649 if (SG(request_info).auth_digest) {
650 php_register_variable("PHP_AUTH_DIGEST", SG(request_info).auth_digest, array_ptr TSRMLS_CC);
651 }
652 /* store request init time */
653 {
654 zval request_time_float, request_time_long;
655 Z_TYPE(request_time_float) = IS_DOUBLE;
656 Z_DVAL(request_time_float) = sapi_get_request_time(TSRMLS_C);
657 php_register_variable_ex("REQUEST_TIME_FLOAT", &request_time_float, array_ptr TSRMLS_CC);
658 Z_TYPE(request_time_long) = IS_LONG;
659 Z_LVAL(request_time_long) = zend_dval_to_lval(Z_DVAL(request_time_float));
660 php_register_variable_ex("REQUEST_TIME", &request_time_long, array_ptr TSRMLS_CC);
661 }
662
663 }
664 /* }}} */
665
666 /* {{{ php_autoglobal_merge
667 */
php_autoglobal_merge(HashTable * dest,HashTable * src TSRMLS_DC)668 static void php_autoglobal_merge(HashTable *dest, HashTable *src TSRMLS_DC)
669 {
670 zval **src_entry, **dest_entry;
671 char *string_key;
672 uint string_key_len;
673 ulong num_key;
674 HashPosition pos;
675 int key_type;
676 int globals_check = (dest == (&EG(symbol_table)));
677
678 zend_hash_internal_pointer_reset_ex(src, &pos);
679 while (zend_hash_get_current_data_ex(src, (void **)&src_entry, &pos) == SUCCESS) {
680 key_type = zend_hash_get_current_key_ex(src, &string_key, &string_key_len, &num_key, 0, &pos);
681 if (Z_TYPE_PP(src_entry) != IS_ARRAY
682 || (key_type == HASH_KEY_IS_STRING && zend_hash_find(dest, string_key, string_key_len, (void **) &dest_entry) != SUCCESS)
683 || (key_type == HASH_KEY_IS_LONG && zend_hash_index_find(dest, num_key, (void **)&dest_entry) != SUCCESS)
684 || Z_TYPE_PP(dest_entry) != IS_ARRAY
685 ) {
686 Z_ADDREF_PP(src_entry);
687 if (key_type == HASH_KEY_IS_STRING) {
688 if (!globals_check || string_key_len != sizeof("GLOBALS") || memcmp(string_key, "GLOBALS", sizeof("GLOBALS") - 1)) {
689 zend_hash_update(dest, string_key, string_key_len, src_entry, sizeof(zval *), NULL);
690 } else {
691 Z_DELREF_PP(src_entry);
692 }
693 } else {
694 zend_hash_index_update(dest, num_key, src_entry, sizeof(zval *), NULL);
695 }
696 } else {
697 SEPARATE_ZVAL(dest_entry);
698 php_autoglobal_merge(Z_ARRVAL_PP(dest_entry), Z_ARRVAL_PP(src_entry) TSRMLS_CC);
699 }
700 zend_hash_move_forward_ex(src, &pos);
701 }
702 }
703 /* }}} */
704
705 static zend_bool php_auto_globals_create_server(const char *name, uint name_len TSRMLS_DC);
706 static zend_bool php_auto_globals_create_env(const char *name, uint name_len TSRMLS_DC);
707 static zend_bool php_auto_globals_create_request(const char *name, uint name_len TSRMLS_DC);
708
709 /* {{{ php_hash_environment
710 */
php_hash_environment(TSRMLS_D)711 PHPAPI int php_hash_environment(TSRMLS_D)
712 {
713 memset(PG(http_globals), 0, sizeof(PG(http_globals)));
714 zend_activate_auto_globals(TSRMLS_C);
715 if (PG(register_argc_argv)) {
716 php_build_argv(SG(request_info).query_string, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
717 }
718 return SUCCESS;
719 }
720 /* }}} */
721
php_auto_globals_create_get(const char * name,uint name_len TSRMLS_DC)722 static zend_bool php_auto_globals_create_get(const char *name, uint name_len TSRMLS_DC)
723 {
724 zval *vars;
725
726 if (PG(variables_order) && (strchr(PG(variables_order),'G') || strchr(PG(variables_order),'g'))) {
727 sapi_module.treat_data(PARSE_GET, NULL, NULL TSRMLS_CC);
728 vars = PG(http_globals)[TRACK_VARS_GET];
729 } else {
730 ALLOC_ZVAL(vars);
731 array_init(vars);
732 INIT_PZVAL(vars);
733 if (PG(http_globals)[TRACK_VARS_GET]) {
734 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
735 }
736 PG(http_globals)[TRACK_VARS_GET] = vars;
737 }
738
739 zend_hash_update(&EG(symbol_table), name, name_len + 1, &vars, sizeof(zval *), NULL);
740 Z_ADDREF_P(vars);
741
742 return 0; /* don't rearm */
743 }
744
php_auto_globals_create_post(const char * name,uint name_len TSRMLS_DC)745 static zend_bool php_auto_globals_create_post(const char *name, uint name_len TSRMLS_DC)
746 {
747 zval *vars;
748
749 if (PG(variables_order) &&
750 (strchr(PG(variables_order),'P') || strchr(PG(variables_order),'p')) &&
751 SG(request_info).request_method &&
752 !strcasecmp(SG(request_info).request_method, "POST")) {
753 sapi_module.treat_data(PARSE_POST, NULL, NULL TSRMLS_CC);
754 vars = PG(http_globals)[TRACK_VARS_POST];
755 } else {
756 ALLOC_ZVAL(vars);
757 array_init(vars);
758 INIT_PZVAL(vars);
759 if (PG(http_globals)[TRACK_VARS_POST]) {
760 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
761 }
762 PG(http_globals)[TRACK_VARS_POST] = vars;
763 }
764
765 zend_hash_update(&EG(symbol_table), name, name_len + 1, &vars, sizeof(zval *), NULL);
766 Z_ADDREF_P(vars);
767
768 return 0; /* don't rearm */
769 }
770
php_auto_globals_create_cookie(const char * name,uint name_len TSRMLS_DC)771 static zend_bool php_auto_globals_create_cookie(const char *name, uint name_len TSRMLS_DC)
772 {
773 zval *vars;
774
775 if (PG(variables_order) && (strchr(PG(variables_order),'C') || strchr(PG(variables_order),'c'))) {
776 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL TSRMLS_CC);
777 vars = PG(http_globals)[TRACK_VARS_COOKIE];
778 } else {
779 ALLOC_ZVAL(vars);
780 array_init(vars);
781 INIT_PZVAL(vars);
782 if (PG(http_globals)[TRACK_VARS_COOKIE]) {
783 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
784 }
785 PG(http_globals)[TRACK_VARS_COOKIE] = vars;
786 }
787
788 zend_hash_update(&EG(symbol_table), name, name_len + 1, &vars, sizeof(zval *), NULL);
789 Z_ADDREF_P(vars);
790
791 return 0; /* don't rearm */
792 }
793
php_auto_globals_create_files(const char * name,uint name_len TSRMLS_DC)794 static zend_bool php_auto_globals_create_files(const char *name, uint name_len TSRMLS_DC)
795 {
796 zval *vars;
797
798 if (PG(http_globals)[TRACK_VARS_FILES]) {
799 vars = PG(http_globals)[TRACK_VARS_FILES];
800 } else {
801 ALLOC_ZVAL(vars);
802 array_init(vars);
803 INIT_PZVAL(vars);
804 PG(http_globals)[TRACK_VARS_FILES] = vars;
805 }
806
807 zend_hash_update(&EG(symbol_table), name, name_len + 1, &vars, sizeof(zval *), NULL);
808 Z_ADDREF_P(vars);
809
810 return 0; /* don't rearm */
811 }
812
813 /* Upgly hack to fix HTTP_PROXY issue, see bug #72573 */
check_http_proxy(HashTable * var_table)814 static void check_http_proxy(HashTable *var_table)
815 {
816 if (zend_hash_exists(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY"))) {
817 char *local_proxy = getenv("HTTP_PROXY");
818
819 if (!local_proxy) {
820 zend_hash_del(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY"));
821 } else {
822 zval *local_zval;
823 ALLOC_INIT_ZVAL(local_zval);
824 ZVAL_STRING(local_zval, local_proxy, 1);
825 zend_hash_update(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY"), &local_zval, sizeof(zval **), NULL);
826 }
827 }
828 }
829
php_auto_globals_create_server(const char * name,uint name_len TSRMLS_DC)830 static zend_bool php_auto_globals_create_server(const char *name, uint name_len TSRMLS_DC)
831 {
832 if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
833 php_register_server_variables(TSRMLS_C);
834
835 if (PG(register_argc_argv)) {
836 if (SG(request_info).argc) {
837 zval **argc, **argv;
838
839 if (zend_hash_find(&EG(symbol_table), "argc", sizeof("argc"), (void**)&argc) == SUCCESS &&
840 zend_hash_find(&EG(symbol_table), "argv", sizeof("argv"), (void**)&argv) == SUCCESS) {
841 Z_ADDREF_PP(argc);
842 Z_ADDREF_PP(argv);
843 zend_hash_update(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "argv", sizeof("argv"), argv, sizeof(zval *), NULL);
844 zend_hash_update(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]), "argc", sizeof("argc"), argc, sizeof(zval *), NULL);
845 }
846 } else {
847 php_build_argv(SG(request_info).query_string, PG(http_globals)[TRACK_VARS_SERVER] TSRMLS_CC);
848 }
849 }
850
851 } else {
852 zval *server_vars=NULL;
853 ALLOC_ZVAL(server_vars);
854 array_init(server_vars);
855 INIT_PZVAL(server_vars);
856 if (PG(http_globals)[TRACK_VARS_SERVER]) {
857 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
858 }
859 PG(http_globals)[TRACK_VARS_SERVER] = server_vars;
860 }
861
862 check_http_proxy(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]));
863 zend_hash_update(&EG(symbol_table), name, name_len + 1, &PG(http_globals)[TRACK_VARS_SERVER], sizeof(zval *), NULL);
864 Z_ADDREF_P(PG(http_globals)[TRACK_VARS_SERVER]);
865
866 return 0; /* don't rearm */
867 }
868
php_auto_globals_create_env(const char * name,uint name_len TSRMLS_DC)869 static zend_bool php_auto_globals_create_env(const char *name, uint name_len TSRMLS_DC)
870 {
871 zval *env_vars = NULL;
872 ALLOC_ZVAL(env_vars);
873 array_init(env_vars);
874 INIT_PZVAL(env_vars);
875 if (PG(http_globals)[TRACK_VARS_ENV]) {
876 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_ENV]);
877 }
878 PG(http_globals)[TRACK_VARS_ENV] = env_vars;
879
880 if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) {
881 php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC);
882 }
883
884 check_http_proxy(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]));
885 zend_hash_update(&EG(symbol_table), name, name_len + 1, &PG(http_globals)[TRACK_VARS_ENV], sizeof(zval *), NULL);
886 Z_ADDREF_P(PG(http_globals)[TRACK_VARS_ENV]);
887
888 return 0; /* don't rearm */
889 }
890
php_auto_globals_create_request(const char * name,uint name_len TSRMLS_DC)891 static zend_bool php_auto_globals_create_request(const char *name, uint name_len TSRMLS_DC)
892 {
893 zval *form_variables;
894 unsigned char _gpc_flags[3] = {0, 0, 0};
895 char *p;
896
897 ALLOC_ZVAL(form_variables);
898 array_init(form_variables);
899 INIT_PZVAL(form_variables);
900
901 if (PG(request_order) != NULL) {
902 p = PG(request_order);
903 } else {
904 p = PG(variables_order);
905 }
906
907 for (; p && *p; p++) {
908 switch (*p) {
909 case 'g':
910 case 'G':
911 if (!_gpc_flags[0]) {
912 php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_GET]) TSRMLS_CC);
913 _gpc_flags[0] = 1;
914 }
915 break;
916 case 'p':
917 case 'P':
918 if (!_gpc_flags[1]) {
919 php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_POST]) TSRMLS_CC);
920 _gpc_flags[1] = 1;
921 }
922 break;
923 case 'c':
924 case 'C':
925 if (!_gpc_flags[2]) {
926 php_autoglobal_merge(Z_ARRVAL_P(form_variables), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_COOKIE]) TSRMLS_CC);
927 _gpc_flags[2] = 1;
928 }
929 break;
930 }
931 }
932
933 zend_hash_update(&EG(symbol_table), name, name_len + 1, &form_variables, sizeof(zval *), NULL);
934 return 0;
935 }
936
php_startup_auto_globals(TSRMLS_D)937 void php_startup_auto_globals(TSRMLS_D)
938 {
939 zend_register_auto_global(ZEND_STRL("_GET"), 0, php_auto_globals_create_get TSRMLS_CC);
940 zend_register_auto_global(ZEND_STRL("_POST"), 0, php_auto_globals_create_post TSRMLS_CC);
941 zend_register_auto_global(ZEND_STRL("_COOKIE"), 0, php_auto_globals_create_cookie TSRMLS_CC);
942 zend_register_auto_global(ZEND_STRL("_SERVER"), PG(auto_globals_jit), php_auto_globals_create_server TSRMLS_CC);
943 zend_register_auto_global(ZEND_STRL("_ENV"), PG(auto_globals_jit), php_auto_globals_create_env TSRMLS_CC);
944 zend_register_auto_global(ZEND_STRL("_REQUEST"), PG(auto_globals_jit), php_auto_globals_create_request TSRMLS_CC);
945 zend_register_auto_global(ZEND_STRL("_FILES"), 0, php_auto_globals_create_files TSRMLS_CC);
946 }
947
948 /*
949 * Local variables:
950 * tab-width: 4
951 * c-basic-offset: 4
952 * End:
953 * vim600: sw=4 ts=4 fdm=marker
954 * vim<600: sw=4 ts=4
955 */
956
