1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2017 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Original design: Shane Caraveo <shane@caraveo.com> |
16 | Authors: Andi Gutmans <andi@zend.com> |
17 | Zeev Suraski <zeev@zend.com> |
18 +----------------------------------------------------------------------+
19 */
20
21 /* $Id$ */
22
23 #include <ctype.h>
24 #include <sys/stat.h>
25
26 #include "php.h"
27 #include "SAPI.h"
28 #include "php_variables.h"
29 #include "php_ini.h"
30 #include "ext/standard/php_string.h"
31 #include "ext/standard/pageinfo.h"
32 #if (HAVE_PCRE || HAVE_BUNDLED_PCRE) && !defined(COMPILE_DL_PCRE)
33 #include "ext/pcre/php_pcre.h"
34 #endif
35 #ifdef ZTS
36 #include "TSRM.h"
37 #endif
38 #ifdef HAVE_SYS_TIME_H
39 #include <sys/time.h>
40 #elif defined(PHP_WIN32)
41 #include "win32/time.h"
42 #endif
43
44 #include "rfc1867.h"
45
46 #include "php_content_types.h"
47
48 #ifdef ZTS
49 SAPI_API int sapi_globals_id;
50 #else
51 sapi_globals_struct sapi_globals;
52 #endif
53
_type_dtor(zval * zv)54 static void _type_dtor(zval *zv)
55 {
56 free(Z_PTR_P(zv));
57 }
58
sapi_globals_ctor(sapi_globals_struct * sapi_globals)59 static void sapi_globals_ctor(sapi_globals_struct *sapi_globals)
60 {
61 #ifdef ZTS
62 ZEND_TSRMLS_CACHE_UPDATE();
63 #endif
64 memset(sapi_globals, 0, sizeof(*sapi_globals));
65 zend_hash_init_ex(&sapi_globals->known_post_content_types, 8, NULL, _type_dtor, 1, 0);
66 php_setup_sapi_content_types();
67 }
68
sapi_globals_dtor(sapi_globals_struct * sapi_globals)69 static void sapi_globals_dtor(sapi_globals_struct *sapi_globals)
70 {
71 zend_hash_destroy(&sapi_globals->known_post_content_types);
72 }
73
74 /* True globals (no need for thread safety) */
75 SAPI_API sapi_module_struct sapi_module;
76
77
sapi_startup(sapi_module_struct * sf)78 SAPI_API void sapi_startup(sapi_module_struct *sf)
79 {
80 sf->ini_entries = NULL;
81 sapi_module = *sf;
82
83 #ifdef ZTS
84 ts_allocate_id(&sapi_globals_id, sizeof(sapi_globals_struct), (ts_allocate_ctor) sapi_globals_ctor, (ts_allocate_dtor) sapi_globals_dtor);
85 # ifdef PHP_WIN32
86 _configthreadlocale(_ENABLE_PER_THREAD_LOCALE);
87 # endif
88 #else
89 sapi_globals_ctor(&sapi_globals);
90 #endif
91
92 #ifdef PHP_WIN32
93 tsrm_win32_startup();
94 #endif
95
96 reentrancy_startup();
97 }
98
sapi_shutdown(void)99 SAPI_API void sapi_shutdown(void)
100 {
101 #ifdef ZTS
102 ts_free_id(sapi_globals_id);
103 #else
104 sapi_globals_dtor(&sapi_globals);
105 #endif
106
107 reentrancy_shutdown();
108
109 #ifdef PHP_WIN32
110 tsrm_win32_shutdown();
111 #endif
112 }
113
114
sapi_free_header(sapi_header_struct * sapi_header)115 SAPI_API void sapi_free_header(sapi_header_struct *sapi_header)
116 {
117 efree(sapi_header->header);
118 }
119
120 /* {{{ proto bool header_register_callback(mixed callback)
121 call a header function */
PHP_FUNCTION(header_register_callback)122 PHP_FUNCTION(header_register_callback)
123 {
124 zval *callback_func;
125
126 if (zend_parse_parameters(ZEND_NUM_ARGS(), "z", &callback_func) == FAILURE) {
127 return;
128 }
129
130 if (!zend_is_callable(callback_func, 0, NULL)) {
131 RETURN_FALSE;
132 }
133
134 if (Z_TYPE(SG(callback_func)) != IS_UNDEF) {
135 zval_ptr_dtor(&SG(callback_func));
136 SG(fci_cache) = empty_fcall_info_cache;
137 }
138
139 ZVAL_COPY(&SG(callback_func), callback_func);
140
141 RETURN_TRUE;
142 }
143 /* }}} */
144
sapi_run_header_callback(zval * callback)145 static void sapi_run_header_callback(zval *callback)
146 {
147 int error;
148 zend_fcall_info fci;
149 char *callback_error = NULL;
150 zval retval;
151
152 if (zend_fcall_info_init(callback, 0, &fci, &SG(fci_cache), NULL, &callback_error) == SUCCESS) {
153 fci.retval = &retval;
154
155 error = zend_call_function(&fci, &SG(fci_cache));
156 if (error == FAILURE) {
157 goto callback_failed;
158 } else {
159 zval_ptr_dtor(&retval);
160 }
161 } else {
162 callback_failed:
163 php_error_docref(NULL, E_WARNING, "Could not call the sapi_header_callback");
164 }
165
166 if (callback_error) {
167 efree(callback_error);
168 }
169 }
170
sapi_handle_post(void * arg)171 SAPI_API void sapi_handle_post(void *arg)
172 {
173 if (SG(request_info).post_entry && SG(request_info).content_type_dup) {
174 SG(request_info).post_entry->post_handler(SG(request_info).content_type_dup, arg);
175 efree(SG(request_info).content_type_dup);
176 SG(request_info).content_type_dup = NULL;
177 }
178 }
179
sapi_read_post_data(void)180 static void sapi_read_post_data(void)
181 {
182 sapi_post_entry *post_entry;
183 uint content_type_length = (uint)strlen(SG(request_info).content_type);
184 char *content_type = estrndup(SG(request_info).content_type, content_type_length);
185 char *p;
186 char oldchar=0;
187 void (*post_reader_func)(void) = NULL;
188
189
190 /* dedicated implementation for increased performance:
191 * - Make the content type lowercase
192 * - Trim descriptive data, stay with the content-type only
193 */
194 for (p=content_type; p<content_type+content_type_length; p++) {
195 switch (*p) {
196 case ';':
197 case ',':
198 case ' ':
199 content_type_length = p-content_type;
200 oldchar = *p;
201 *p = 0;
202 break;
203 default:
204 *p = tolower(*p);
205 break;
206 }
207 }
208
209 /* now try to find an appropriate POST content handler */
210 if ((post_entry = zend_hash_str_find_ptr(&SG(known_post_content_types), content_type,
211 content_type_length)) != NULL) {
212 /* found one, register it for use */
213 SG(request_info).post_entry = post_entry;
214 post_reader_func = post_entry->post_reader;
215 } else {
216 /* fallback */
217 SG(request_info).post_entry = NULL;
218 if (!sapi_module.default_post_reader) {
219 /* no default reader ? */
220 SG(request_info).content_type_dup = NULL;
221 sapi_module.sapi_error(E_WARNING, "Unsupported content type: '%s'", content_type);
222 return;
223 }
224 }
225 if (oldchar) {
226 *(p-1) = oldchar;
227 }
228
229 SG(request_info).content_type_dup = content_type;
230
231 if(post_reader_func) {
232 post_reader_func();
233 }
234
235 if(sapi_module.default_post_reader) {
236 sapi_module.default_post_reader();
237 }
238 }
239
sapi_read_post_block(char * buffer,size_t buflen)240 SAPI_API size_t sapi_read_post_block(char *buffer, size_t buflen)
241 {
242 size_t read_bytes;
243
244 if (!sapi_module.read_post) {
245 return 0;
246 }
247
248 read_bytes = sapi_module.read_post(buffer, buflen);
249
250 if (read_bytes > 0) {
251 /* gogo */
252 SG(read_post_bytes) += read_bytes;
253 }
254 if (read_bytes < buflen) {
255 /* done */
256 SG(post_read) = 1;
257 }
258
259 return read_bytes;
260 }
261
SAPI_POST_READER_FUNC(sapi_read_standard_form_data)262 SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
263 {
264 if ((SG(post_max_size) > 0) && (SG(request_info).content_length > SG(post_max_size))) {
265 php_error_docref(NULL, E_WARNING, "POST Content-Length of %pd bytes exceeds the limit of %pd bytes",
266 SG(request_info).content_length, SG(post_max_size));
267 return;
268 }
269
270
271 SG(request_info).request_body = php_stream_temp_create_ex(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE, PG(upload_tmp_dir));
272
273 if (sapi_module.read_post) {
274 size_t read_bytes;
275
276 for (;;) {
277 char buffer[SAPI_POST_BLOCK_SIZE];
278
279 read_bytes = sapi_read_post_block(buffer, SAPI_POST_BLOCK_SIZE);
280
281 if (read_bytes > 0) {
282 if (php_stream_write(SG(request_info).request_body, buffer, read_bytes) != read_bytes) {
283 /* if parts of the stream can't be written, purge it completely */
284 php_stream_truncate_set_size(SG(request_info).request_body, 0);
285 php_error_docref(NULL, E_WARNING, "POST data can't be buffered; all data discarded");
286 break;
287 }
288 }
289
290 if ((SG(post_max_size) > 0) && (SG(read_post_bytes) > SG(post_max_size))) {
291 php_error_docref(NULL, E_WARNING, "Actual POST length does not match Content-Length, and exceeds " ZEND_LONG_FMT " bytes", SG(post_max_size));
292 break;
293 }
294
295 if (read_bytes < SAPI_POST_BLOCK_SIZE) {
296 /* done */
297 break;
298 }
299 }
300 php_stream_rewind(SG(request_info).request_body);
301 }
302 }
303
304
get_default_content_type(uint prefix_len,uint * len)305 static inline char *get_default_content_type(uint prefix_len, uint *len)
306 {
307 char *mimetype, *charset, *content_type;
308 uint mimetype_len, charset_len;
309
310 if (SG(default_mimetype)) {
311 mimetype = SG(default_mimetype);
312 mimetype_len = (uint)strlen(SG(default_mimetype));
313 } else {
314 mimetype = SAPI_DEFAULT_MIMETYPE;
315 mimetype_len = sizeof(SAPI_DEFAULT_MIMETYPE) - 1;
316 }
317 if (SG(default_charset)) {
318 charset = SG(default_charset);
319 charset_len = (uint)strlen(SG(default_charset));
320 } else {
321 charset = SAPI_DEFAULT_CHARSET;
322 charset_len = sizeof(SAPI_DEFAULT_CHARSET) - 1;
323 }
324
325 if (*charset && strncasecmp(mimetype, "text/", 5) == 0) {
326 char *p;
327
328 *len = prefix_len + mimetype_len + sizeof("; charset=") - 1 + charset_len;
329 content_type = (char*)emalloc(*len + 1);
330 p = content_type + prefix_len;
331 memcpy(p, mimetype, mimetype_len);
332 p += mimetype_len;
333 memcpy(p, "; charset=", sizeof("; charset=") - 1);
334 p += sizeof("; charset=") - 1;
335 memcpy(p, charset, charset_len + 1);
336 } else {
337 *len = prefix_len + mimetype_len;
338 content_type = (char*)emalloc(*len + 1);
339 memcpy(content_type + prefix_len, mimetype, mimetype_len + 1);
340 }
341 return content_type;
342 }
343
344
sapi_get_default_content_type(void)345 SAPI_API char *sapi_get_default_content_type(void)
346 {
347 uint len;
348
349 return get_default_content_type(0, &len);
350 }
351
352
sapi_get_default_content_type_header(sapi_header_struct * default_header)353 SAPI_API void sapi_get_default_content_type_header(sapi_header_struct *default_header)
354 {
355 uint len;
356
357 default_header->header = get_default_content_type(sizeof("Content-type: ")-1, &len);
358 default_header->header_len = len;
359 memcpy(default_header->header, "Content-type: ", sizeof("Content-type: ") - 1);
360 }
361
362 /*
363 * Add charset on content-type header if the MIME type starts with
364 * "text/", the default_charset directive is not empty and
365 * there is not already a charset option in there.
366 *
367 * If "mimetype" is non-NULL, it should point to a pointer allocated
368 * with emalloc(). If a charset is added, the string will be
369 * re-allocated and the new length is returned. If mimetype is
370 * unchanged, 0 is returned.
371 *
372 */
sapi_apply_default_charset(char ** mimetype,size_t len)373 SAPI_API size_t sapi_apply_default_charset(char **mimetype, size_t len)
374 {
375 char *charset, *newtype;
376 size_t newlen;
377 charset = SG(default_charset) ? SG(default_charset) : SAPI_DEFAULT_CHARSET;
378
379 if (*mimetype != NULL) {
380 if (*charset && strncmp(*mimetype, "text/", 5) == 0 && strstr(*mimetype, "charset=") == NULL) {
381 newlen = len + (sizeof(";charset=")-1) + strlen(charset);
382 newtype = emalloc(newlen + 1);
383 PHP_STRLCPY(newtype, *mimetype, newlen + 1, len);
384 strlcat(newtype, ";charset=", newlen + 1);
385 strlcat(newtype, charset, newlen + 1);
386 efree(*mimetype);
387 *mimetype = newtype;
388 return newlen;
389 }
390 }
391 return 0;
392 }
393
sapi_activate_headers_only(void)394 SAPI_API void sapi_activate_headers_only(void)
395 {
396 if (SG(request_info).headers_read == 1)
397 return;
398 SG(request_info).headers_read = 1;
399 zend_llist_init(&SG(sapi_headers).headers, sizeof(sapi_header_struct),
400 (void (*)(void *)) sapi_free_header, 0);
401 SG(sapi_headers).send_default_content_type = 1;
402
403 /* SG(sapi_headers).http_response_code = 200; */
404 SG(sapi_headers).http_status_line = NULL;
405 SG(sapi_headers).mimetype = NULL;
406 SG(read_post_bytes) = 0;
407 SG(request_info).request_body = NULL;
408 SG(request_info).current_user = NULL;
409 SG(request_info).current_user_length = 0;
410 SG(request_info).no_headers = 0;
411 SG(request_info).post_entry = NULL;
412 SG(global_request_time) = 0;
413
414 /*
415 * It's possible to override this general case in the activate() callback,
416 * if necessary.
417 */
418 if (SG(request_info).request_method && !strcmp(SG(request_info).request_method, "HEAD")) {
419 SG(request_info).headers_only = 1;
420 } else {
421 SG(request_info).headers_only = 0;
422 }
423 if (SG(server_context)) {
424 SG(request_info).cookie_data = sapi_module.read_cookies();
425 if (sapi_module.activate) {
426 sapi_module.activate();
427 }
428 }
429 if (sapi_module.input_filter_init ) {
430 sapi_module.input_filter_init();
431 }
432 }
433
434 /*
435 * Called from php_request_startup() for every request.
436 */
437
sapi_activate(void)438 SAPI_API void sapi_activate(void)
439 {
440 zend_llist_init(&SG(sapi_headers).headers, sizeof(sapi_header_struct), (void (*)(void *)) sapi_free_header, 0);
441 SG(sapi_headers).send_default_content_type = 1;
442
443 /*
444 SG(sapi_headers).http_response_code = 200;
445 */
446 SG(sapi_headers).http_status_line = NULL;
447 SG(sapi_headers).mimetype = NULL;
448 SG(headers_sent) = 0;
449 ZVAL_UNDEF(&SG(callback_func));
450 SG(read_post_bytes) = 0;
451 SG(request_info).request_body = NULL;
452 SG(request_info).current_user = NULL;
453 SG(request_info).current_user_length = 0;
454 SG(request_info).no_headers = 0;
455 SG(request_info).post_entry = NULL;
456 SG(request_info).proto_num = 1000; /* Default to HTTP 1.0 */
457 SG(global_request_time) = 0;
458 SG(post_read) = 0;
459 /* It's possible to override this general case in the activate() callback, if necessary. */
460 if (SG(request_info).request_method && !strcmp(SG(request_info).request_method, "HEAD")) {
461 SG(request_info).headers_only = 1;
462 } else {
463 SG(request_info).headers_only = 0;
464 }
465 SG(rfc1867_uploaded_files) = NULL;
466
467 /* Handle request method */
468 if (SG(server_context)) {
469 if (PG(enable_post_data_reading)
470 && SG(request_info).content_type
471 && SG(request_info).request_method
472 && !strcmp(SG(request_info).request_method, "POST")) {
473 /* HTTP POST may contain form data to be processed into variables
474 * depending on given content type */
475 sapi_read_post_data();
476 } else {
477 SG(request_info).content_type_dup = NULL;
478 }
479
480 /* Cookies */
481 SG(request_info).cookie_data = sapi_module.read_cookies();
482
483 if (sapi_module.activate) {
484 sapi_module.activate();
485 }
486 }
487 if (sapi_module.input_filter_init) {
488 sapi_module.input_filter_init();
489 }
490 }
491
492
sapi_send_headers_free(void)493 static void sapi_send_headers_free(void)
494 {
495 if (SG(sapi_headers).http_status_line) {
496 efree(SG(sapi_headers).http_status_line);
497 SG(sapi_headers).http_status_line = NULL;
498 }
499 }
500
sapi_deactivate(void)501 SAPI_API void sapi_deactivate(void)
502 {
503 zend_llist_destroy(&SG(sapi_headers).headers);
504 if (SG(request_info).request_body) {
505 SG(request_info).request_body = NULL;
506 } else if (SG(server_context)) {
507 if (!SG(post_read)) {
508 /* make sure we've consumed all request input data */
509 char dummy[SAPI_POST_BLOCK_SIZE];
510 size_t read_bytes;
511
512 do {
513 read_bytes = sapi_read_post_block(dummy, SAPI_POST_BLOCK_SIZE);
514 } while (SAPI_POST_BLOCK_SIZE == read_bytes);
515 }
516 }
517 if (SG(request_info).auth_user) {
518 efree(SG(request_info).auth_user);
519 }
520 if (SG(request_info).auth_password) {
521 efree(SG(request_info).auth_password);
522 }
523 if (SG(request_info).auth_digest) {
524 efree(SG(request_info).auth_digest);
525 }
526 if (SG(request_info).content_type_dup) {
527 efree(SG(request_info).content_type_dup);
528 }
529 if (SG(request_info).current_user) {
530 efree(SG(request_info).current_user);
531 }
532 if (sapi_module.deactivate) {
533 sapi_module.deactivate();
534 }
535 if (SG(rfc1867_uploaded_files)) {
536 destroy_uploaded_files_hash();
537 }
538 if (SG(sapi_headers).mimetype) {
539 efree(SG(sapi_headers).mimetype);
540 SG(sapi_headers).mimetype = NULL;
541 }
542 sapi_send_headers_free();
543 SG(sapi_started) = 0;
544 SG(headers_sent) = 0;
545 SG(request_info).headers_read = 0;
546 SG(global_request_time) = 0;
547 }
548
549
sapi_initialize_empty_request(void)550 SAPI_API void sapi_initialize_empty_request(void)
551 {
552 SG(server_context) = NULL;
553 SG(request_info).request_method = NULL;
554 SG(request_info).auth_digest = SG(request_info).auth_user = SG(request_info).auth_password = NULL;
555 SG(request_info).content_type_dup = NULL;
556 }
557
558
sapi_extract_response_code(const char * header_line)559 static int sapi_extract_response_code(const char *header_line)
560 {
561 int code = 200;
562 const char *ptr;
563
564 for (ptr = header_line; *ptr; ptr++) {
565 if (*ptr == ' ' && *(ptr + 1) != ' ') {
566 code = atoi(ptr + 1);
567 break;
568 }
569 }
570
571 return code;
572 }
573
574
sapi_update_response_code(int ncode)575 static void sapi_update_response_code(int ncode)
576 {
577 /* if the status code did not change, we do not want
578 to change the status line, and no need to change the code */
579 if (SG(sapi_headers).http_response_code == ncode) {
580 return;
581 }
582
583 if (SG(sapi_headers).http_status_line) {
584 efree(SG(sapi_headers).http_status_line);
585 SG(sapi_headers).http_status_line = NULL;
586 }
587 SG(sapi_headers).http_response_code = ncode;
588 }
589
590 /*
591 * since zend_llist_del_element only remove one matched item once,
592 * we should remove them by ourself
593 */
sapi_remove_header(zend_llist * l,char * name,size_t len)594 static void sapi_remove_header(zend_llist *l, char *name, size_t len) {
595 sapi_header_struct *header;
596 zend_llist_element *next;
597 zend_llist_element *current=l->head;
598
599 while (current) {
600 header = (sapi_header_struct *)(current->data);
601 next = current->next;
602 if (header->header_len > len && header->header[len] == ':'
603 && !strncasecmp(header->header, name, len)) {
604 if (current->prev) {
605 current->prev->next = next;
606 } else {
607 l->head = next;
608 }
609 if (next) {
610 next->prev = current->prev;
611 } else {
612 l->tail = current->prev;
613 }
614 sapi_free_header(header);
615 efree(current);
616 --l->count;
617 }
618 current = next;
619 }
620 }
621
sapi_add_header_ex(char * header_line,size_t header_line_len,zend_bool duplicate,zend_bool replace)622 SAPI_API int sapi_add_header_ex(char *header_line, size_t header_line_len, zend_bool duplicate, zend_bool replace)
623 {
624 sapi_header_line ctr = {0};
625 int r;
626
627 ctr.line = header_line;
628 ctr.line_len = header_line_len;
629
630 r = sapi_header_op(replace ? SAPI_HEADER_REPLACE : SAPI_HEADER_ADD,
631 &ctr);
632
633 if (!duplicate)
634 efree(header_line);
635
636 return r;
637 }
638
sapi_header_add_op(sapi_header_op_enum op,sapi_header_struct * sapi_header)639 static void sapi_header_add_op(sapi_header_op_enum op, sapi_header_struct *sapi_header)
640 {
641 if (!sapi_module.header_handler ||
642 (SAPI_HEADER_ADD & sapi_module.header_handler(sapi_header, op, &SG(sapi_headers)))) {
643 if (op == SAPI_HEADER_REPLACE) {
644 char *colon_offset = strchr(sapi_header->header, ':');
645
646 if (colon_offset) {
647 char sav = *colon_offset;
648
649 *colon_offset = 0;
650 sapi_remove_header(&SG(sapi_headers).headers, sapi_header->header, (int)strlen(sapi_header->header));
651 *colon_offset = sav;
652 }
653 }
654 zend_llist_add_element(&SG(sapi_headers).headers, (void *) sapi_header);
655 } else {
656 sapi_free_header(sapi_header);
657 }
658 }
659
sapi_header_op(sapi_header_op_enum op,void * arg)660 SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg)
661 {
662 sapi_header_struct sapi_header;
663 char *colon_offset;
664 char *header_line;
665 size_t header_line_len;
666 int http_response_code;
667
668 if (SG(headers_sent) && !SG(request_info).no_headers) {
669 const char *output_start_filename = php_output_get_start_filename();
670 int output_start_lineno = php_output_get_start_lineno();
671
672 if (output_start_filename) {
673 sapi_module.sapi_error(E_WARNING, "Cannot modify header information - headers already sent by (output started at %s:%d)",
674 output_start_filename, output_start_lineno);
675 } else {
676 sapi_module.sapi_error(E_WARNING, "Cannot modify header information - headers already sent");
677 }
678 return FAILURE;
679 }
680
681 switch (op) {
682 case SAPI_HEADER_SET_STATUS:
683 sapi_update_response_code((int)(zend_intptr_t) arg);
684 return SUCCESS;
685
686 case SAPI_HEADER_ADD:
687 case SAPI_HEADER_REPLACE:
688 case SAPI_HEADER_DELETE: {
689 sapi_header_line *p = arg;
690
691 if (!p->line || !p->line_len) {
692 return FAILURE;
693 }
694 header_line = p->line;
695 header_line_len = p->line_len;
696 http_response_code = p->response_code;
697 break;
698 }
699
700 case SAPI_HEADER_DELETE_ALL:
701 if (sapi_module.header_handler) {
702 sapi_module.header_handler(&sapi_header, op, &SG(sapi_headers));
703 }
704 zend_llist_clean(&SG(sapi_headers).headers);
705 return SUCCESS;
706
707 default:
708 return FAILURE;
709 }
710
711 header_line = estrndup(header_line, header_line_len);
712
713 /* cut off trailing spaces, linefeeds and carriage-returns */
714 if (header_line_len && isspace(header_line[header_line_len-1])) {
715 do {
716 header_line_len--;
717 } while(header_line_len && isspace(header_line[header_line_len-1]));
718 header_line[header_line_len]='\0';
719 }
720
721 if (op == SAPI_HEADER_DELETE) {
722 if (strchr(header_line, ':')) {
723 efree(header_line);
724 sapi_module.sapi_error(E_WARNING, "Header to delete may not contain colon.");
725 return FAILURE;
726 }
727 if (sapi_module.header_handler) {
728 sapi_header.header = header_line;
729 sapi_header.header_len = header_line_len;
730 sapi_module.header_handler(&sapi_header, op, &SG(sapi_headers));
731 }
732 sapi_remove_header(&SG(sapi_headers).headers, header_line, header_line_len);
733 efree(header_line);
734 return SUCCESS;
735 } else {
736 /* new line/NUL character safety check */
737 uint i;
738 for (i = 0; i < header_line_len; i++) {
739 /* RFC 7230 ch. 3.2.4 deprecates folding support */
740 if (header_line[i] == '\n' || header_line[i] == '\r') {
741 efree(header_line);
742 sapi_module.sapi_error(E_WARNING, "Header may not contain "
743 "more than a single header, new line detected");
744 return FAILURE;
745 }
746 if (header_line[i] == '\0') {
747 efree(header_line);
748 sapi_module.sapi_error(E_WARNING, "Header may not contain NUL bytes");
749 return FAILURE;
750 }
751 }
752 }
753
754 sapi_header.header = header_line;
755 sapi_header.header_len = header_line_len;
756
757 /* Check the header for a few cases that we have special support for in SAPI */
758 if (header_line_len>=5
759 && !strncasecmp(header_line, "HTTP/", 5)) {
760 /* filter out the response code */
761 sapi_update_response_code(sapi_extract_response_code(header_line));
762 /* sapi_update_response_code doesn't free the status line if the code didn't change */
763 if (SG(sapi_headers).http_status_line) {
764 efree(SG(sapi_headers).http_status_line);
765 }
766 SG(sapi_headers).http_status_line = header_line;
767 return SUCCESS;
768 } else {
769 colon_offset = strchr(header_line, ':');
770 if (colon_offset) {
771 *colon_offset = 0;
772 if (!strcasecmp(header_line, "Content-Type")) {
773 char *ptr = colon_offset+1, *mimetype = NULL, *newheader;
774 size_t len = header_line_len - (ptr - header_line), newlen;
775 while (*ptr == ' ') {
776 ptr++;
777 len--;
778 }
779
780 /* Disable possible output compression for images */
781 if (!strncmp(ptr, "image/", sizeof("image/")-1)) {
782 zend_string *key = zend_string_init("zlib.output_compression", sizeof("zlib.output_compression")-1, 0);
783 zend_alter_ini_entry_chars(key, "0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
784 zend_string_release(key);
785 }
786
787 mimetype = estrdup(ptr);
788 newlen = sapi_apply_default_charset(&mimetype, len);
789 if (!SG(sapi_headers).mimetype){
790 SG(sapi_headers).mimetype = estrdup(mimetype);
791 }
792
793 if (newlen != 0) {
794 newlen += sizeof("Content-type: ");
795 newheader = emalloc(newlen);
796 PHP_STRLCPY(newheader, "Content-type: ", newlen, sizeof("Content-type: ")-1);
797 strlcat(newheader, mimetype, newlen);
798 sapi_header.header = newheader;
799 sapi_header.header_len = (uint)(newlen - 1);
800 efree(header_line);
801 }
802 efree(mimetype);
803 SG(sapi_headers).send_default_content_type = 0;
804 } else if (!strcasecmp(header_line, "Content-Length")) {
805 /* Script is setting Content-length. The script cannot reasonably
806 * know the size of the message body after compression, so it's best
807 * do disable compression altogether. This contributes to making scripts
808 * portable between setups that have and don't have zlib compression
809 * enabled globally. See req #44164 */
810 zend_string *key = zend_string_init("zlib.output_compression", sizeof("zlib.output_compression")-1, 0);
811 zend_alter_ini_entry_chars(key,
812 "0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
813 zend_string_release(key);
814 } else if (!strcasecmp(header_line, "Location")) {
815 if ((SG(sapi_headers).http_response_code < 300 ||
816 SG(sapi_headers).http_response_code > 399) &&
817 SG(sapi_headers).http_response_code != 201) {
818 /* Return a Found Redirect if one is not already specified */
819 if (http_response_code) { /* user specified redirect code */
820 sapi_update_response_code(http_response_code);
821 } else if (SG(request_info).proto_num > 1000 &&
822 SG(request_info).request_method &&
823 strcmp(SG(request_info).request_method, "HEAD") &&
824 strcmp(SG(request_info).request_method, "GET")) {
825 sapi_update_response_code(303);
826 } else {
827 sapi_update_response_code(302);
828 }
829 }
830 } else if (!strcasecmp(header_line, "WWW-Authenticate")) { /* HTTP Authentication */
831 sapi_update_response_code(401); /* authentication-required */
832 }
833 if (sapi_header.header==header_line) {
834 *colon_offset = ':';
835 }
836 }
837 }
838 if (http_response_code) {
839 sapi_update_response_code(http_response_code);
840 }
841 sapi_header_add_op(op, &sapi_header);
842 return SUCCESS;
843 }
844
845
sapi_send_headers(void)846 SAPI_API int sapi_send_headers(void)
847 {
848 int retval;
849 int ret = FAILURE;
850
851 if (SG(headers_sent) || SG(request_info).no_headers) {
852 return SUCCESS;
853 }
854
855 /* Success-oriented. We set headers_sent to 1 here to avoid an infinite loop
856 * in case of an error situation.
857 */
858 if (SG(sapi_headers).send_default_content_type && sapi_module.send_headers) {
859 uint len = 0;
860 char *default_mimetype = get_default_content_type(0, &len);
861
862 if (default_mimetype && len) {
863 sapi_header_struct default_header;
864
865 SG(sapi_headers).mimetype = default_mimetype;
866
867 default_header.header_len = sizeof("Content-type: ") - 1 + len;
868 default_header.header = emalloc(default_header.header_len + 1);
869
870 memcpy(default_header.header, "Content-type: ", sizeof("Content-type: ") - 1);
871 memcpy(default_header.header + sizeof("Content-type: ") - 1, SG(sapi_headers).mimetype, len + 1);
872
873 sapi_header_add_op(SAPI_HEADER_ADD, &default_header);
874 } else {
875 efree(default_mimetype);
876 }
877 SG(sapi_headers).send_default_content_type = 0;
878 }
879
880 if (Z_TYPE(SG(callback_func)) != IS_UNDEF) {
881 zval cb;
882 ZVAL_COPY_VALUE(&cb, &SG(callback_func));
883 ZVAL_UNDEF(&SG(callback_func));
884 sapi_run_header_callback(&cb);
885 zval_ptr_dtor(&cb);
886 }
887
888 SG(headers_sent) = 1;
889
890 if (sapi_module.send_headers) {
891 retval = sapi_module.send_headers(&SG(sapi_headers));
892 } else {
893 retval = SAPI_HEADER_DO_SEND;
894 }
895
896 switch (retval) {
897 case SAPI_HEADER_SENT_SUCCESSFULLY:
898 ret = SUCCESS;
899 break;
900 case SAPI_HEADER_DO_SEND: {
901 sapi_header_struct http_status_line;
902 char buf[255];
903
904 if (SG(sapi_headers).http_status_line) {
905 http_status_line.header = SG(sapi_headers).http_status_line;
906 http_status_line.header_len = (uint)strlen(SG(sapi_headers).http_status_line);
907 } else {
908 http_status_line.header = buf;
909 http_status_line.header_len = slprintf(buf, sizeof(buf), "HTTP/1.0 %d X", SG(sapi_headers).http_response_code);
910 }
911 sapi_module.send_header(&http_status_line, SG(server_context));
912 }
913 zend_llist_apply_with_argument(&SG(sapi_headers).headers, (llist_apply_with_arg_func_t) sapi_module.send_header, SG(server_context));
914 if(SG(sapi_headers).send_default_content_type) {
915 sapi_header_struct default_header;
916
917 sapi_get_default_content_type_header(&default_header);
918 sapi_module.send_header(&default_header, SG(server_context));
919 sapi_free_header(&default_header);
920 }
921 sapi_module.send_header(NULL, SG(server_context));
922 ret = SUCCESS;
923 break;
924 case SAPI_HEADER_SEND_FAILED:
925 SG(headers_sent) = 0;
926 ret = FAILURE;
927 break;
928 }
929
930 sapi_send_headers_free();
931
932 return ret;
933 }
934
935
sapi_register_post_entries(sapi_post_entry * post_entries)936 SAPI_API int sapi_register_post_entries(sapi_post_entry *post_entries)
937 {
938 sapi_post_entry *p=post_entries;
939
940 while (p->content_type) {
941 if (sapi_register_post_entry(p) == FAILURE) {
942 return FAILURE;
943 }
944 p++;
945 }
946 return SUCCESS;
947 }
948
949
sapi_register_post_entry(sapi_post_entry * post_entry)950 SAPI_API int sapi_register_post_entry(sapi_post_entry *post_entry)
951 {
952 if (SG(sapi_started) && EG(current_execute_data)) {
953 return FAILURE;
954 }
955 return zend_hash_str_add_mem(&SG(known_post_content_types),
956 post_entry->content_type, post_entry->content_type_len,
957 (void *) post_entry, sizeof(sapi_post_entry)) ? SUCCESS : FAILURE;
958 }
959
sapi_unregister_post_entry(sapi_post_entry * post_entry)960 SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry)
961 {
962 if (SG(sapi_started) && EG(current_execute_data)) {
963 return;
964 }
965 zend_hash_str_del(&SG(known_post_content_types), post_entry->content_type,
966 post_entry->content_type_len);
967 }
968
969
sapi_register_default_post_reader(void (* default_post_reader)(void))970 SAPI_API int sapi_register_default_post_reader(void (*default_post_reader)(void))
971 {
972 if (SG(sapi_started) && EG(current_execute_data)) {
973 return FAILURE;
974 }
975 sapi_module.default_post_reader = default_post_reader;
976 return SUCCESS;
977 }
978
979
sapi_register_treat_data(void (* treat_data)(int arg,char * str,zval * destArray))980 SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zval *destArray))
981 {
982 if (SG(sapi_started) && EG(current_execute_data)) {
983 return FAILURE;
984 }
985 sapi_module.treat_data = treat_data;
986 return SUCCESS;
987 }
988
sapi_register_input_filter(unsigned int (* input_filter)(int arg,char * var,char ** val,size_t val_len,size_t * new_val_len),unsigned int (* input_filter_init)(void))989 SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, size_t val_len, size_t *new_val_len), unsigned int (*input_filter_init)(void))
990 {
991 if (SG(sapi_started) && EG(current_execute_data)) {
992 return FAILURE;
993 }
994 sapi_module.input_filter = input_filter;
995 sapi_module.input_filter_init = input_filter_init;
996 return SUCCESS;
997 }
998
sapi_flush(void)999 SAPI_API int sapi_flush(void)
1000 {
1001 if (sapi_module.flush) {
1002 sapi_module.flush(SG(server_context));
1003 return SUCCESS;
1004 } else {
1005 return FAILURE;
1006 }
1007 }
1008
sapi_get_stat(void)1009 SAPI_API zend_stat_t *sapi_get_stat(void)
1010 {
1011 if (sapi_module.get_stat) {
1012 return sapi_module.get_stat();
1013 } else {
1014 if (!SG(request_info).path_translated || (VCWD_STAT(SG(request_info).path_translated, &SG(global_stat)) == -1)) {
1015 return NULL;
1016 }
1017 return &SG(global_stat);
1018 }
1019 }
1020
sapi_getenv(char * name,size_t name_len)1021 SAPI_API char *sapi_getenv(char *name, size_t name_len)
1022 {
1023 if (!strncasecmp(name, "HTTP_PROXY", name_len)) {
1024 /* Ugly fix for HTTP_PROXY issue, see bug #72573 */
1025 return NULL;
1026 }
1027 if (sapi_module.getenv) {
1028 char *value, *tmp = sapi_module.getenv(name, name_len);
1029 if (tmp) {
1030 value = estrdup(tmp);
1031 } else {
1032 return NULL;
1033 }
1034 if (sapi_module.input_filter) {
1035 sapi_module.input_filter(PARSE_STRING, name, &value, strlen(value), NULL);
1036 }
1037 return value;
1038 }
1039 return NULL;
1040 }
1041
sapi_get_fd(int * fd)1042 SAPI_API int sapi_get_fd(int *fd)
1043 {
1044 if (sapi_module.get_fd) {
1045 return sapi_module.get_fd(fd);
1046 } else {
1047 return FAILURE;
1048 }
1049 }
1050
sapi_force_http_10(void)1051 SAPI_API int sapi_force_http_10(void)
1052 {
1053 if (sapi_module.force_http_10) {
1054 return sapi_module.force_http_10();
1055 } else {
1056 return FAILURE;
1057 }
1058 }
1059
1060
sapi_get_target_uid(uid_t * obj)1061 SAPI_API int sapi_get_target_uid(uid_t *obj)
1062 {
1063 if (sapi_module.get_target_uid) {
1064 return sapi_module.get_target_uid(obj);
1065 } else {
1066 return FAILURE;
1067 }
1068 }
1069
sapi_get_target_gid(gid_t * obj)1070 SAPI_API int sapi_get_target_gid(gid_t *obj)
1071 {
1072 if (sapi_module.get_target_gid) {
1073 return sapi_module.get_target_gid(obj);
1074 } else {
1075 return FAILURE;
1076 }
1077 }
1078
sapi_get_request_time(void)1079 SAPI_API double sapi_get_request_time(void)
1080 {
1081 if(SG(global_request_time)) return SG(global_request_time);
1082
1083 if (sapi_module.get_request_time && SG(server_context)) {
1084 SG(global_request_time) = sapi_module.get_request_time();
1085 } else {
1086 struct timeval tp = {0};
1087 if (!gettimeofday(&tp, NULL)) {
1088 SG(global_request_time) = (double)(tp.tv_sec + tp.tv_usec / 1000000.00);
1089 } else {
1090 SG(global_request_time) = (double)time(0);
1091 }
1092 }
1093 return SG(global_request_time);
1094 }
1095
sapi_terminate_process(void)1096 SAPI_API void sapi_terminate_process(void) {
1097 if (sapi_module.terminate_process) {
1098 sapi_module.terminate_process();
1099 }
1100 }
1101
1102 /*
1103 * Local variables:
1104 * tab-width: 4
1105 * c-basic-offset: 4
1106 * End:
1107 * vim600: sw=4 ts=4 fdm=marker
1108 * vim<600: sw=4 ts=4
1109 */
1110
