1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2017 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
16 | Zeev Suraski <zeev@zend.com> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* $Id$ */
21
22 #include <stdio.h>
23 #include "php.h"
24 #include "ext/standard/php_standard.h"
25 #include "ext/standard/credits.h"
26 #include "zend_smart_str.h"
27 #include "php_variables.h"
28 #include "php_globals.h"
29 #include "php_content_types.h"
30 #include "SAPI.h"
31 #include "zend_globals.h"
32 #ifdef PHP_WIN32
33 # include "win32/php_inttypes.h"
34 #endif
35
36 /* for systems that need to override reading of environment variables */
37 void _php_import_environment_variables(zval *array_ptr);
38 PHPAPI void (*php_import_environment_variables)(zval *array_ptr) = _php_import_environment_variables;
39
php_register_variable(char * var,char * strval,zval * track_vars_array)40 PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array)
41 {
42 php_register_variable_safe(var, strval, strlen(strval), track_vars_array);
43 }
44
45 /* binary-safe version */
php_register_variable_safe(char * var,char * strval,size_t str_len,zval * track_vars_array)46 PHPAPI void php_register_variable_safe(char *var, char *strval, size_t str_len, zval *track_vars_array)
47 {
48 zval new_entry;
49 assert(strval != NULL);
50
51 /* Prepare value */
52 ZVAL_NEW_STR(&new_entry, zend_string_init(strval, str_len, 0));
53 php_register_variable_ex(var, &new_entry, track_vars_array);
54 }
55
php_register_variable_ex(char * var_name,zval * val,zval * track_vars_array)56 PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array)
57 {
58 char *p = NULL;
59 char *ip = NULL; /* index pointer */
60 char *index;
61 char *var, *var_orig;
62 size_t var_len, index_len;
63 zval gpc_element, *gpc_element_p;
64 zend_bool is_array = 0;
65 HashTable *symtable1 = NULL;
66 ALLOCA_FLAG(use_heap)
67
68 assert(var_name != NULL);
69
70 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
71 symtable1 = Z_ARRVAL_P(track_vars_array);
72 }
73
74 if (!symtable1) {
75 /* Nothing to do */
76 zval_dtor(val);
77 return;
78 }
79
80
81 /* ignore leading spaces in the variable name */
82 while (*var_name && *var_name==' ') {
83 var_name++;
84 }
85
86 /*
87 * Prepare variable name
88 */
89 var_len = strlen(var_name);
90 var = var_orig = do_alloca(var_len + 1, use_heap);
91 memcpy(var_orig, var_name, var_len + 1);
92
93 /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
94 for (p = var; *p; p++) {
95 if (*p == ' ' || *p == '.') {
96 *p='_';
97 } else if (*p == '[') {
98 is_array = 1;
99 ip = p;
100 *p = 0;
101 break;
102 }
103 }
104 var_len = p - var;
105
106 if (var_len==0) { /* empty variable name, or variable name with a space in it */
107 zval_dtor(val);
108 free_alloca(var_orig, use_heap);
109 return;
110 }
111
112 /* GLOBALS hijack attempt, reject parameter */
113 if (symtable1 == &EG(symbol_table) &&
114 var_len == sizeof("GLOBALS")-1 &&
115 !memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
116 zval_dtor(val);
117 free_alloca(var_orig, use_heap);
118 return;
119 }
120
121 index = var;
122 index_len = var_len;
123
124 if (is_array) {
125 int nest_level = 0;
126 while (1) {
127 char *index_s;
128 size_t new_idx_len = 0;
129
130 if(++nest_level > PG(max_input_nesting_level)) {
131 HashTable *ht;
132 /* too many levels of nesting */
133
134 if (track_vars_array) {
135 ht = Z_ARRVAL_P(track_vars_array);
136 zend_symtable_str_del(ht, var, var_len);
137 }
138
139 zval_dtor(val);
140
141 /* do not output the error message to the screen,
142 this helps us to to avoid "information disclosure" */
143 if (!PG(display_errors)) {
144 php_error_docref(NULL, E_WARNING, "Input variable nesting level exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
145 }
146 free_alloca(var_orig, use_heap);
147 return;
148 }
149
150 ip++;
151 index_s = ip;
152 if (isspace(*ip)) {
153 ip++;
154 }
155 if (*ip==']') {
156 index_s = NULL;
157 } else {
158 ip = strchr(ip, ']');
159 if (!ip) {
160 /* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */
161 *(index_s - 1) = '_';
162
163 index_len = 0;
164 if (index) {
165 index_len = strlen(index);
166 }
167 goto plain_var;
168 return;
169 }
170 *ip = 0;
171 new_idx_len = strlen(index_s);
172 }
173
174 if (!index) {
175 array_init(&gpc_element);
176 if ((gpc_element_p = zend_hash_next_index_insert(symtable1, &gpc_element)) == NULL) {
177 zval_ptr_dtor(&gpc_element);
178 zval_dtor(val);
179 free_alloca(var_orig, use_heap);
180 return;
181 }
182 } else {
183 gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
184 if (!gpc_element_p) {
185 zval tmp;
186 array_init(&tmp);
187 gpc_element_p = zend_symtable_str_update_ind(symtable1, index, index_len, &tmp);
188 } else {
189 if (Z_TYPE_P(gpc_element_p) == IS_INDIRECT) {
190 gpc_element_p = Z_INDIRECT_P(gpc_element_p);
191 }
192 if (Z_TYPE_P(gpc_element_p) != IS_ARRAY) {
193 zval_ptr_dtor(gpc_element_p);
194 array_init(gpc_element_p);
195 }
196 }
197 }
198 symtable1 = Z_ARRVAL_P(gpc_element_p);
199 /* ip pointed to the '[' character, now obtain the key */
200 index = index_s;
201 index_len = new_idx_len;
202
203 ip++;
204 if (*ip == '[') {
205 is_array = 1;
206 *ip = 0;
207 } else {
208 goto plain_var;
209 }
210 }
211 } else {
212 plain_var:
213 ZVAL_COPY_VALUE(&gpc_element, val);
214 if (!index) {
215 if ((gpc_element_p = zend_hash_next_index_insert(symtable1, &gpc_element)) == NULL) {
216 zval_ptr_dtor(&gpc_element);
217 }
218 } else {
219 /*
220 * According to rfc2965, more specific paths are listed above the less specific ones.
221 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
222 * to have the same (plain text) cookie name for the same path and we should not overwrite
223 * more specific cookies with the less specific ones.
224 */
225 if (Z_TYPE(PG(http_globals)[TRACK_VARS_COOKIE]) != IS_UNDEF &&
226 symtable1 == Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]) &&
227 zend_symtable_str_exists(symtable1, index, index_len)) {
228 zval_ptr_dtor(&gpc_element);
229 } else {
230 gpc_element_p = zend_symtable_str_update_ind(symtable1, index, index_len, &gpc_element);
231 }
232 }
233 }
234 free_alloca(var_orig, use_heap);
235 }
236
237 typedef struct post_var_data {
238 smart_str str;
239 char *ptr;
240 char *end;
241 uint64_t cnt;
242
243 /* Bytes in ptr that have already been scanned for '&' */
244 size_t already_scanned;
245 } post_var_data_t;
246
add_post_var(zval * arr,post_var_data_t * var,zend_bool eof)247 static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof)
248 {
249 char *start, *ksep, *vsep, *val;
250 size_t klen, vlen;
251 size_t new_vlen;
252
253 if (var->ptr >= var->end) {
254 return 0;
255 }
256
257 start = var->ptr + var->already_scanned;
258 vsep = memchr(start, '&', var->end - start);
259 if (!vsep) {
260 if (!eof) {
261 var->already_scanned = var->end - var->ptr;
262 return 0;
263 } else {
264 vsep = var->end;
265 }
266 }
267
268 ksep = memchr(var->ptr, '=', vsep - var->ptr);
269 if (ksep) {
270 *ksep = '\0';
271 /* "foo=bar&" or "foo=&" */
272 klen = ksep - var->ptr;
273 vlen = vsep - ++ksep;
274 } else {
275 ksep = "";
276 /* "foo&" */
277 klen = vsep - var->ptr;
278 vlen = 0;
279 }
280
281 php_url_decode(var->ptr, klen);
282
283 val = estrndup(ksep, vlen);
284 if (vlen) {
285 vlen = php_url_decode(val, vlen);
286 }
287
288 if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) {
289 php_register_variable_safe(var->ptr, val, new_vlen, arr);
290 }
291 efree(val);
292
293 var->ptr = vsep + (vsep != var->end);
294 var->already_scanned = 0;
295 return 1;
296 }
297
add_post_vars(zval * arr,post_var_data_t * vars,zend_bool eof)298 static inline int add_post_vars(zval *arr, post_var_data_t *vars, zend_bool eof)
299 {
300 uint64_t max_vars = PG(max_input_vars);
301
302 vars->ptr = ZSTR_VAL(vars->str.s);
303 vars->end = ZSTR_VAL(vars->str.s) + ZSTR_LEN(vars->str.s);
304 while (add_post_var(arr, vars, eof)) {
305 if (++vars->cnt > max_vars) {
306 php_error_docref(NULL, E_WARNING,
307 "Input variables exceeded %" PRIu64 ". "
308 "To increase the limit change max_input_vars in php.ini.",
309 max_vars);
310 return FAILURE;
311 }
312 }
313
314 if (!eof && ZSTR_VAL(vars->str.s) != vars->ptr) {
315 memmove(ZSTR_VAL(vars->str.s), vars->ptr, ZSTR_LEN(vars->str.s) = vars->end - vars->ptr);
316 }
317 return SUCCESS;
318 }
319
320 #ifdef PHP_WIN32
321 #define SAPI_POST_HANDLER_BUFSIZ 16384
322 #else
323 # define SAPI_POST_HANDLER_BUFSIZ BUFSIZ
324 #endif
SAPI_POST_HANDLER_FUNC(php_std_post_handler)325 SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
326 {
327 zval *arr = (zval *) arg;
328 php_stream *s = SG(request_info).request_body;
329 post_var_data_t post_data;
330
331 if (s && SUCCESS == php_stream_rewind(s)) {
332 memset(&post_data, 0, sizeof(post_data));
333
334 while (!php_stream_eof(s)) {
335 char buf[SAPI_POST_HANDLER_BUFSIZ] = {0};
336 size_t len = php_stream_read(s, buf, SAPI_POST_HANDLER_BUFSIZ);
337
338 if (len && len != (size_t) -1) {
339 smart_str_appendl(&post_data.str, buf, len);
340
341 if (SUCCESS != add_post_vars(arr, &post_data, 0)) {
342 smart_str_free(&post_data.str);
343 return;
344 }
345 }
346
347 if (len != SAPI_POST_HANDLER_BUFSIZ){
348 break;
349 }
350 }
351
352 if (post_data.str.s) {
353 add_post_vars(arr, &post_data, 1);
354 smart_str_free(&post_data.str);
355 }
356 }
357 }
358 #undef SAPI_POST_HANDLER_BUFSIZ
359
SAPI_INPUT_FILTER_FUNC(php_default_input_filter)360 SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
361 {
362 /* TODO: check .ini setting here and apply user-defined input filter */
363 if(new_val_len) *new_val_len = val_len;
364 return 1;
365 }
366
SAPI_TREAT_DATA_FUNC(php_default_treat_data)367 SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
368 {
369 char *res = NULL, *var, *val, *separator = NULL;
370 const char *c_var;
371 zval array;
372 int free_buffer = 0;
373 char *strtok_buf = NULL;
374 zend_long count = 0;
375
376 ZVAL_UNDEF(&array);
377 switch (arg) {
378 case PARSE_POST:
379 case PARSE_GET:
380 case PARSE_COOKIE:
381 array_init(&array);
382 switch (arg) {
383 case PARSE_POST:
384 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
385 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
386 break;
387 case PARSE_GET:
388 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
389 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
390 break;
391 case PARSE_COOKIE:
392 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
393 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
394 break;
395 }
396 break;
397 default:
398 ZVAL_COPY_VALUE(&array, destArray);
399 break;
400 }
401
402 if (arg == PARSE_POST) {
403 sapi_handle_post(&array);
404 return;
405 }
406
407 if (arg == PARSE_GET) { /* GET data */
408 c_var = SG(request_info).query_string;
409 if (c_var && *c_var) {
410 res = (char *) estrdup(c_var);
411 free_buffer = 1;
412 } else {
413 free_buffer = 0;
414 }
415 } else if (arg == PARSE_COOKIE) { /* Cookie data */
416 c_var = SG(request_info).cookie_data;
417 if (c_var && *c_var) {
418 res = (char *) estrdup(c_var);
419 free_buffer = 1;
420 } else {
421 free_buffer = 0;
422 }
423 } else if (arg == PARSE_STRING) { /* String data */
424 res = str;
425 free_buffer = 1;
426 }
427
428 if (!res) {
429 return;
430 }
431
432 switch (arg) {
433 case PARSE_GET:
434 case PARSE_STRING:
435 separator = (char *) estrdup(PG(arg_separator).input);
436 break;
437 case PARSE_COOKIE:
438 separator = ";\0";
439 break;
440 }
441
442 var = php_strtok_r(res, separator, &strtok_buf);
443
444 while (var) {
445 val = strchr(var, '=');
446
447 if (arg == PARSE_COOKIE) {
448 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
449 while (isspace(*var)) {
450 var++;
451 }
452 if (var == val || *var == '\0') {
453 goto next_cookie;
454 }
455 }
456
457 if (++count > PG(max_input_vars)) {
458 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
459 break;
460 }
461
462 if (val) { /* have a value */
463 size_t val_len;
464 size_t new_val_len;
465
466 *val++ = '\0';
467 php_url_decode(var, strlen(var));
468 val_len = php_url_decode(val, strlen(val));
469 val = estrndup(val, val_len);
470 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
471 php_register_variable_safe(var, val, new_val_len, &array);
472 }
473 efree(val);
474 } else {
475 size_t val_len;
476 size_t new_val_len;
477
478 php_url_decode(var, strlen(var));
479 val_len = 0;
480 val = estrndup("", val_len);
481 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
482 php_register_variable_safe(var, val, new_val_len, &array);
483 }
484 efree(val);
485 }
486 next_cookie:
487 var = php_strtok_r(NULL, separator, &strtok_buf);
488 }
489
490 if (arg != PARSE_COOKIE) {
491 efree(separator);
492 }
493
494 if (free_buffer) {
495 efree(res);
496 }
497 }
498
_php_import_environment_variables(zval * array_ptr)499 void _php_import_environment_variables(zval *array_ptr)
500 {
501 char buf[128];
502 char **env, *p, *t = buf;
503 size_t alloc_size = sizeof(buf);
504 unsigned long nlen; /* ptrdiff_t is not portable */
505
506 for (env = environ; env != NULL && *env != NULL; env++) {
507 p = strchr(*env, '=');
508 if (!p) { /* malformed entry? */
509 continue;
510 }
511 nlen = p - *env;
512 if (nlen >= alloc_size) {
513 alloc_size = nlen + 64;
514 t = (t == buf ? emalloc(alloc_size): erealloc(t, alloc_size));
515 }
516 memcpy(t, *env, nlen);
517 t[nlen] = '\0';
518 php_register_variable(t, p + 1, array_ptr);
519 }
520 if (t != buf && t != NULL) {
521 efree(t);
522 }
523 }
524
php_std_auto_global_callback(char * name,uint name_len)525 zend_bool php_std_auto_global_callback(char *name, uint name_len)
526 {
527 zend_printf("%s\n", name);
528 return 0; /* don't rearm */
529 }
530
531 /* {{{ php_build_argv
532 */
php_build_argv(char * s,zval * track_vars_array)533 PHPAPI void php_build_argv(char *s, zval *track_vars_array)
534 {
535 zval arr, argc, tmp;
536 int count = 0;
537 char *ss, *space;
538
539 if (!(SG(request_info).argc || track_vars_array)) {
540 return;
541 }
542
543 array_init(&arr);
544
545 /* Prepare argv */
546 if (SG(request_info).argc) { /* are we in cli sapi? */
547 int i;
548 for (i = 0; i < SG(request_info).argc; i++) {
549 ZVAL_STRING(&tmp, SG(request_info).argv[i]);
550 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
551 zend_string_free(Z_STR(tmp));
552 }
553 }
554 } else if (s && *s) {
555 ss = s;
556 while (ss) {
557 space = strchr(ss, '+');
558 if (space) {
559 *space = '\0';
560 }
561 /* auto-type */
562 ZVAL_STRING(&tmp, ss);
563 count++;
564 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
565 zend_string_free(Z_STR(tmp));
566 }
567 if (space) {
568 *space = '+';
569 ss = space + 1;
570 } else {
571 ss = space;
572 }
573 }
574 }
575
576 /* prepare argc */
577 if (SG(request_info).argc) {
578 ZVAL_LONG(&argc, SG(request_info).argc);
579 } else {
580 ZVAL_LONG(&argc, count);
581 }
582
583 if (SG(request_info).argc) {
584 Z_ADDREF(arr);
585 zend_hash_str_update(&EG(symbol_table), "argv", sizeof("argv")-1, &arr);
586 zend_hash_str_add(&EG(symbol_table), "argc", sizeof("argc")-1, &argc);
587 }
588 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
589 Z_ADDREF(arr);
590 zend_hash_str_update(Z_ARRVAL_P(track_vars_array), "argv", sizeof("argv")-1, &arr);
591 zend_hash_str_update(Z_ARRVAL_P(track_vars_array), "argc", sizeof("argc")-1, &argc);
592 }
593 zval_ptr_dtor(&arr);
594 }
595 /* }}} */
596
597 /* {{{ php_register_server_variables
598 */
php_register_server_variables(void)599 static inline void php_register_server_variables(void)
600 {
601 zval request_time_float, request_time_long;
602
603 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
604 array_init(&PG(http_globals)[TRACK_VARS_SERVER]);
605
606 /* Server variables */
607 if (sapi_module.register_server_variables) {
608 sapi_module.register_server_variables(&PG(http_globals)[TRACK_VARS_SERVER]);
609 }
610
611 /* PHP Authentication support */
612 if (SG(request_info).auth_user) {
613 php_register_variable("PHP_AUTH_USER", SG(request_info).auth_user, &PG(http_globals)[TRACK_VARS_SERVER]);
614 }
615 if (SG(request_info).auth_password) {
616 php_register_variable("PHP_AUTH_PW", SG(request_info).auth_password, &PG(http_globals)[TRACK_VARS_SERVER]);
617 }
618 if (SG(request_info).auth_digest) {
619 php_register_variable("PHP_AUTH_DIGEST", SG(request_info).auth_digest, &PG(http_globals)[TRACK_VARS_SERVER]);
620 }
621
622 /* store request init time */
623 ZVAL_DOUBLE(&request_time_float, sapi_get_request_time());
624 php_register_variable_ex("REQUEST_TIME_FLOAT", &request_time_float, &PG(http_globals)[TRACK_VARS_SERVER]);
625 ZVAL_LONG(&request_time_long, zend_dval_to_lval(Z_DVAL(request_time_float)));
626 php_register_variable_ex("REQUEST_TIME", &request_time_long, &PG(http_globals)[TRACK_VARS_SERVER]);
627 }
628 /* }}} */
629
630 /* {{{ php_autoglobal_merge
631 */
php_autoglobal_merge(HashTable * dest,HashTable * src)632 static void php_autoglobal_merge(HashTable *dest, HashTable *src)
633 {
634 zval *src_entry, *dest_entry;
635 zend_string *string_key;
636 zend_ulong num_key;
637 int globals_check = (dest == (&EG(symbol_table)));
638
639 ZEND_HASH_FOREACH_KEY_VAL(src, num_key, string_key, src_entry) {
640 if (Z_TYPE_P(src_entry) != IS_ARRAY
641 || (string_key && (dest_entry = zend_hash_find(dest, string_key)) == NULL)
642 || (string_key == NULL && (dest_entry = zend_hash_index_find(dest, num_key)) == NULL)
643 || Z_TYPE_P(dest_entry) != IS_ARRAY) {
644 if (Z_REFCOUNTED_P(src_entry)) {
645 Z_ADDREF_P(src_entry);
646 }
647 if (string_key) {
648 if (!globals_check || ZSTR_LEN(string_key) != sizeof("GLOBALS") - 1
649 || memcmp(ZSTR_VAL(string_key), "GLOBALS", sizeof("GLOBALS") - 1)) {
650 zend_hash_update(dest, string_key, src_entry);
651 } else if (Z_REFCOUNTED_P(src_entry)) {
652 Z_DELREF_P(src_entry);
653 }
654 } else {
655 zend_hash_index_update(dest, num_key, src_entry);
656 }
657 } else {
658 SEPARATE_ARRAY(dest_entry);
659 php_autoglobal_merge(Z_ARRVAL_P(dest_entry), Z_ARRVAL_P(src_entry));
660 }
661 } ZEND_HASH_FOREACH_END();
662 }
663 /* }}} */
664
665 /* {{{ php_hash_environment
666 */
php_hash_environment(void)667 PHPAPI int php_hash_environment(void)
668 {
669 memset(PG(http_globals), 0, sizeof(PG(http_globals)));
670 zend_activate_auto_globals();
671 if (PG(register_argc_argv)) {
672 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
673 }
674 return SUCCESS;
675 }
676 /* }}} */
677
php_auto_globals_create_get(zend_string * name)678 static zend_bool php_auto_globals_create_get(zend_string *name)
679 {
680 if (PG(variables_order) && (strchr(PG(variables_order),'G') || strchr(PG(variables_order),'g'))) {
681 sapi_module.treat_data(PARSE_GET, NULL, NULL);
682 } else {
683 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
684 array_init(&PG(http_globals)[TRACK_VARS_GET]);
685 }
686
687 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_GET]);
688 Z_ADDREF(PG(http_globals)[TRACK_VARS_GET]);
689
690 return 0; /* don't rearm */
691 }
692
php_auto_globals_create_post(zend_string * name)693 static zend_bool php_auto_globals_create_post(zend_string *name)
694 {
695 if (PG(variables_order) &&
696 (strchr(PG(variables_order),'P') || strchr(PG(variables_order),'p')) &&
697 !SG(headers_sent) &&
698 SG(request_info).request_method &&
699 !strcasecmp(SG(request_info).request_method, "POST")) {
700 sapi_module.treat_data(PARSE_POST, NULL, NULL);
701 } else {
702 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
703 array_init(&PG(http_globals)[TRACK_VARS_POST]);
704 }
705
706 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_POST]);
707 Z_ADDREF(PG(http_globals)[TRACK_VARS_POST]);
708
709 return 0; /* don't rearm */
710 }
711
php_auto_globals_create_cookie(zend_string * name)712 static zend_bool php_auto_globals_create_cookie(zend_string *name)
713 {
714 if (PG(variables_order) && (strchr(PG(variables_order),'C') || strchr(PG(variables_order),'c'))) {
715 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL);
716 } else {
717 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
718 array_init(&PG(http_globals)[TRACK_VARS_COOKIE]);
719 }
720
721 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_COOKIE]);
722 Z_ADDREF(PG(http_globals)[TRACK_VARS_COOKIE]);
723
724 return 0; /* don't rearm */
725 }
726
php_auto_globals_create_files(zend_string * name)727 static zend_bool php_auto_globals_create_files(zend_string *name)
728 {
729 if (Z_TYPE(PG(http_globals)[TRACK_VARS_FILES]) == IS_UNDEF) {
730 array_init(&PG(http_globals)[TRACK_VARS_FILES]);
731 }
732
733 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_FILES]);
734 Z_ADDREF(PG(http_globals)[TRACK_VARS_FILES]);
735
736 return 0; /* don't rearm */
737 }
738
739 /* Upgly hack to fix HTTP_PROXY issue, see bug #72573 */
check_http_proxy(HashTable * var_table)740 static void check_http_proxy(HashTable *var_table)
741 {
742 if (zend_hash_str_exists(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1)) {
743 char *local_proxy = getenv("HTTP_PROXY");
744
745 if (!local_proxy) {
746 zend_hash_str_del(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1);
747 } else {
748 zval local_zval;
749 ZVAL_STRING(&local_zval, local_proxy);
750 zend_hash_str_update(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1, &local_zval);
751 }
752 }
753 }
754
php_auto_globals_create_server(zend_string * name)755 static zend_bool php_auto_globals_create_server(zend_string *name)
756 {
757 if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
758 php_register_server_variables();
759
760 if (PG(register_argc_argv)) {
761 if (SG(request_info).argc) {
762 zval *argc, *argv;
763
764 if ((argc = zend_hash_str_find_ind(&EG(symbol_table), "argc", sizeof("argc")-1)) != NULL &&
765 (argv = zend_hash_str_find_ind(&EG(symbol_table), "argv", sizeof("argv")-1)) != NULL) {
766 Z_ADDREF_P(argv);
767 zend_hash_str_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "argv", sizeof("argv")-1, argv);
768 zend_hash_str_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), "argc", sizeof("argc")-1, argc);
769 }
770 } else {
771 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
772 }
773 }
774
775 } else {
776 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_SERVER]);
777 array_init(&PG(http_globals)[TRACK_VARS_SERVER]);
778 }
779
780 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
781 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_SERVER]);
782 Z_ADDREF(PG(http_globals)[TRACK_VARS_SERVER]);
783
784 return 0; /* don't rearm */
785 }
786
php_auto_globals_create_env(zend_string * name)787 static zend_bool php_auto_globals_create_env(zend_string *name)
788 {
789 zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_ENV]);
790 array_init(&PG(http_globals)[TRACK_VARS_ENV]);
791
792 if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) {
793 php_import_environment_variables(&PG(http_globals)[TRACK_VARS_ENV]);
794 }
795
796 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_ENV]));
797 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_ENV]);
798 Z_ADDREF(PG(http_globals)[TRACK_VARS_ENV]);
799
800 return 0; /* don't rearm */
801 }
802
php_auto_globals_create_request(zend_string * name)803 static zend_bool php_auto_globals_create_request(zend_string *name)
804 {
805 zval form_variables;
806 unsigned char _gpc_flags[3] = {0, 0, 0};
807 char *p;
808
809 array_init(&form_variables);
810
811 if (PG(request_order) != NULL) {
812 p = PG(request_order);
813 } else {
814 p = PG(variables_order);
815 }
816
817 for (; p && *p; p++) {
818 switch (*p) {
819 case 'g':
820 case 'G':
821 if (!_gpc_flags[0]) {
822 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_GET]));
823 _gpc_flags[0] = 1;
824 }
825 break;
826 case 'p':
827 case 'P':
828 if (!_gpc_flags[1]) {
829 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_POST]));
830 _gpc_flags[1] = 1;
831 }
832 break;
833 case 'c':
834 case 'C':
835 if (!_gpc_flags[2]) {
836 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]));
837 _gpc_flags[2] = 1;
838 }
839 break;
840 }
841 }
842
843 zend_hash_update(&EG(symbol_table), name, &form_variables);
844 return 0;
845 }
846
php_startup_auto_globals(void)847 void php_startup_auto_globals(void)
848 {
849 zend_register_auto_global(zend_string_init("_GET", sizeof("_GET")-1, 1), 0, php_auto_globals_create_get);
850 zend_register_auto_global(zend_string_init("_POST", sizeof("_POST")-1, 1), 0, php_auto_globals_create_post);
851 zend_register_auto_global(zend_string_init("_COOKIE", sizeof("_COOKIE")-1, 1), 0, php_auto_globals_create_cookie);
852 zend_register_auto_global(zend_string_init("_SERVER", sizeof("_SERVER")-1, 1), PG(auto_globals_jit), php_auto_globals_create_server);
853 zend_register_auto_global(zend_string_init("_ENV", sizeof("_ENV")-1, 1), PG(auto_globals_jit), php_auto_globals_create_env);
854 zend_register_auto_global(zend_string_init("_REQUEST", sizeof("_REQUEST")-1, 1), PG(auto_globals_jit), php_auto_globals_create_request);
855 zend_register_auto_global(zend_string_init("_FILES", sizeof("_FILES")-1, 1), 0, php_auto_globals_create_files);
856 }
857
858 /*
859 * Local variables:
860 * tab-width: 4
861 * c-basic-offset: 4
862 * End:
863 * vim600: sw=4 ts=4 fdm=marker
864 * vim<600: sw=4 ts=4
865 */
866
