xref: /PHP-7.1/ext/mbstring/mb_gpc.c (revision 03f3b847)
1 /*
2    +----------------------------------------------------------------------+
3    | PHP Version 7                                                        |
4    +----------------------------------------------------------------------+
5    | Copyright (c) 1997-2018 The PHP Group                                |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 3.01 of the PHP license,      |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.php.net/license/3_01.txt                                  |
11    | If you did not receive a copy of the PHP license and are unable to   |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@php.net so we can mail you a copy immediately.               |
14    +----------------------------------------------------------------------+
15    | Author: Rui Hirokawa <hirokawa@php.net>                              |
16    |         Moriyoshi Koizumi <moriyoshi@php.net>                        |
17    +----------------------------------------------------------------------+
18  */
19 
20 /* $Id$ */
21 
22 /* {{{ includes */
23 #ifdef HAVE_CONFIG_H
24 #include "config.h"
25 #endif
26 
27 #include "php.h"
28 #include "php_ini.h"
29 #include "php_variables.h"
30 #include "libmbfl/mbfl/mbfilter_pass.h"
31 #include "mbstring.h"
32 #include "ext/standard/php_string.h"
33 #include "ext/standard/php_mail.h"
34 #include "ext/standard/url.h"
35 #include "main/php_output.h"
36 #include "ext/standard/info.h"
37 
38 #include "php_variables.h"
39 #include "php_globals.h"
40 #include "rfc1867.h"
41 #include "php_content_types.h"
42 #include "SAPI.h"
43 #include "TSRM.h"
44 
45 #include "mb_gpc.h"
46 /* }}} */
47 
48 #if HAVE_MBSTRING
49 
ZEND_EXTERN_MODULE_GLOBALS(mbstring)50 ZEND_EXTERN_MODULE_GLOBALS(mbstring)
51 
52 /* {{{ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
53  * http input processing */
54 MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
55 {
56 	char *res = NULL, *separator=NULL;
57 	const char *c_var;
58 	zval v_array;
59 	int free_buffer=0;
60 	const mbfl_encoding *detected;
61 	php_mb_encoding_handler_info_t info;
62 
63 	if (arg != PARSE_STRING) {
64 		char *value = MBSTRG(internal_encoding_name);
65 		_php_mb_ini_mbstring_internal_encoding_set(value, value ? strlen(value): 0);
66 	}
67 
68 	if (!MBSTRG(encoding_translation)) {
69 		php_default_treat_data(arg, str, destArray);
70 		return;
71 	}
72 
73 	switch (arg) {
74 		case PARSE_POST:
75 		case PARSE_GET:
76 		case PARSE_COOKIE:
77 			array_init(&v_array);
78 			switch (arg) {
79 				case PARSE_POST:
80 					ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &v_array);
81 					break;
82 				case PARSE_GET:
83 					ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &v_array);
84 					break;
85 				case PARSE_COOKIE:
86 					ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &v_array);
87 					break;
88 			}
89 			break;
90 		default:
91 			ZVAL_COPY_VALUE(&v_array, destArray);
92 			break;
93 	}
94 
95 	if (arg == PARSE_POST) {
96 		sapi_handle_post(&v_array);
97 		return;
98 	}
99 
100 	if (arg == PARSE_GET) {		/* GET data */
101 		c_var = SG(request_info).query_string;
102 		if (c_var && *c_var) {
103 			res = (char *) estrdup(c_var);
104 			free_buffer = 1;
105 		} else {
106 			free_buffer = 0;
107 		}
108 	} else if (arg == PARSE_COOKIE) {		/* Cookie data */
109 		c_var = SG(request_info).cookie_data;
110 		if (c_var && *c_var) {
111 			res = (char *) estrdup(c_var);
112 			free_buffer = 1;
113 		} else {
114 			free_buffer = 0;
115 		}
116 	} else if (arg == PARSE_STRING) {		/* String data */
117 		res = str;
118 		free_buffer = 1;
119 	}
120 
121 	if (!res) {
122 		return;
123 	}
124 
125 	switch (arg) {
126 		case PARSE_POST:
127 		case PARSE_GET:
128 		case PARSE_STRING:
129 			separator = (char *) estrdup(PG(arg_separator).input);
130 			break;
131 		case PARSE_COOKIE:
132 			separator = ";\0";
133 			break;
134 	}
135 
136 	switch (arg) {
137 		case PARSE_POST:
138 			MBSTRG(http_input_identify_post) = NULL;
139 			break;
140 		case PARSE_GET:
141 			MBSTRG(http_input_identify_get) = NULL;
142 			break;
143 		case PARSE_COOKIE:
144 			MBSTRG(http_input_identify_cookie) = NULL;
145 			break;
146 		case PARSE_STRING:
147 			MBSTRG(http_input_identify_string) = NULL;
148 			break;
149 	}
150 
151 	info.data_type              = arg;
152 	info.separator              = separator;
153 	info.report_errors          = 0;
154 	info.to_encoding            = MBSTRG(internal_encoding);
155 	info.to_language            = MBSTRG(language);
156 	info.from_encodings         = MBSTRG(http_input_list);
157 	info.num_from_encodings     = MBSTRG(http_input_list_size);
158 	info.from_language          = MBSTRG(language);
159 
160 	MBSTRG(illegalchars) = 0;
161 
162 	detected = _php_mb_encoding_handler_ex(&info, &v_array, res);
163 	MBSTRG(http_input_identify) = detected;
164 
165 	if (detected) {
166 		switch(arg){
167 		case PARSE_POST:
168 			MBSTRG(http_input_identify_post) = detected;
169 			break;
170 		case PARSE_GET:
171 			MBSTRG(http_input_identify_get) = detected;
172 			break;
173 		case PARSE_COOKIE:
174 			MBSTRG(http_input_identify_cookie) = detected;
175 			break;
176 		case PARSE_STRING:
177 			MBSTRG(http_input_identify_string) = detected;
178 			break;
179 		}
180 	}
181 
182 	if (arg != PARSE_COOKIE) {
183 		efree(separator);
184 	}
185 
186 	if (free_buffer) {
187 		efree(res);
188 	}
189 }
190 /* }}} */
191 
192 /* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */
_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t * info,zval * arg,char * res)193 const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *arg, char *res)
194 {
195 	char *var, *val;
196 	const char *s1, *s2;
197 	char *strtok_buf = NULL, **val_list = NULL;
198 	zval *array_ptr = (zval *) arg;
199 	int n, num, *len_list = NULL;
200 	size_t val_len, new_val_len;
201 	mbfl_string string, resvar, resval;
202 	const mbfl_encoding *from_encoding = NULL;
203 	mbfl_encoding_detector *identd = NULL;
204 	mbfl_buffer_converter *convd = NULL;
205 
206 	mbfl_string_init_set(&string, info->to_language, info->to_encoding->no_encoding);
207 	mbfl_string_init_set(&resvar, info->to_language, info->to_encoding->no_encoding);
208 	mbfl_string_init_set(&resval, info->to_language, info->to_encoding->no_encoding);
209 
210 	if (!res || *res == '\0') {
211 		goto out;
212 	}
213 
214 	/* count the variables(separators) contained in the "res".
215 	 * separator may contain multiple separator chars.
216 	 */
217 	num = 1;
218 	for (s1=res; *s1 != '\0'; s1++) {
219 		for (s2=info->separator; *s2 != '\0'; s2++) {
220 			if (*s1 == *s2) {
221 				num++;
222 			}
223 		}
224 	}
225 	num *= 2; /* need space for variable name and value */
226 
227 	val_list = (char **)ecalloc(num, sizeof(char *));
228 	len_list = (int *)ecalloc(num, sizeof(int));
229 
230 	/* split and decode the query */
231 	n = 0;
232 	strtok_buf = NULL;
233 	var = php_strtok_r(res, info->separator, &strtok_buf);
234 	while (var)  {
235 		val = strchr(var, '=');
236 		if (val) { /* have a value */
237 			len_list[n] = php_url_decode(var, val-var);
238 			val_list[n] = var;
239 			n++;
240 
241 			*val++ = '\0';
242 			val_list[n] = val;
243 			len_list[n] = php_url_decode(val, strlen(val));
244 		} else {
245 			len_list[n] = php_url_decode(var, strlen(var));
246 			val_list[n] = var;
247 			n++;
248 
249 			val_list[n] = "";
250 			len_list[n] = 0;
251 		}
252 		n++;
253 		var = php_strtok_r(NULL, info->separator, &strtok_buf);
254 	}
255 
256 	if (n > (PG(max_input_vars) * 2)) {
257 		php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
258 		goto out;
259 	}
260 
261 	num = n; /* make sure to process initialized vars only */
262 
263 	/* initialize converter */
264 	if (info->num_from_encodings <= 0) {
265 		from_encoding = &mbfl_encoding_pass;
266 	} else if (info->num_from_encodings == 1) {
267 		from_encoding = info->from_encodings[0];
268 	} else {
269 		/* auto detect */
270 		from_encoding = NULL;
271 		identd = mbfl_encoding_detector_new2(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection));
272 		if (identd != NULL) {
273 			n = 0;
274 			while (n < num) {
275 				string.val = (unsigned char *)val_list[n];
276 				string.len = len_list[n];
277 				if (mbfl_encoding_detector_feed(identd, &string)) {
278 					break;
279 				}
280 				n++;
281 			}
282 			from_encoding = mbfl_encoding_detector_judge2(identd);
283 			mbfl_encoding_detector_delete(identd);
284 		}
285 		if (!from_encoding) {
286 			if (info->report_errors) {
287 				php_error_docref(NULL, E_WARNING, "Unable to detect encoding");
288 			}
289 			from_encoding = &mbfl_encoding_pass;
290 		}
291 	}
292 
293 	convd = NULL;
294 	if (from_encoding != &mbfl_encoding_pass) {
295 		convd = mbfl_buffer_converter_new2(from_encoding, info->to_encoding, 0);
296 		if (convd != NULL) {
297 			mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode));
298 			mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar));
299 		} else {
300 			if (info->report_errors) {
301 				php_error_docref(NULL, E_WARNING, "Unable to create converter");
302 			}
303 			goto out;
304 		}
305 	}
306 
307 	/* convert encoding */
308 	string.no_encoding = from_encoding->no_encoding;
309 
310 	n = 0;
311 	while (n < num) {
312 		string.val = (unsigned char *)val_list[n];
313 		string.len = len_list[n];
314 		if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resvar) != NULL) {
315 			var = (char *)resvar.val;
316 		} else {
317 			var = val_list[n];
318 		}
319 		n++;
320 		string.val = (unsigned char *)val_list[n];
321 		string.len = len_list[n];
322 		if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resval) != NULL) {
323 			val = (char *)resval.val;
324 			val_len = resval.len;
325 		} else {
326 			val = val_list[n];
327 			val_len = len_list[n];
328 		}
329 		n++;
330 		/* we need val to be emalloc()ed */
331 		val = estrndup(val, val_len);
332 		if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len)) {
333 			/* add variable to symbol table */
334 			php_register_variable_safe(var, val, new_val_len, array_ptr);
335 		}
336 		efree(val);
337 
338 		if (convd != NULL){
339 			mbfl_string_clear(&resvar);
340 			mbfl_string_clear(&resval);
341 		}
342 	}
343 
344 out:
345 	if (convd != NULL) {
346 		MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
347 		mbfl_buffer_converter_delete(convd);
348 	}
349 	if (val_list != NULL) {
350 		efree((void *)val_list);
351 	}
352 	if (len_list != NULL) {
353 		efree((void *)len_list);
354 	}
355 
356 	return from_encoding;
357 }
358 /* }}} */
359 
360 /* {{{ SAPI_POST_HANDLER_FUNC(php_mb_post_handler) */
SAPI_POST_HANDLER_FUNC(php_mb_post_handler)361 SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
362 {
363 	const mbfl_encoding *detected;
364 	php_mb_encoding_handler_info_t info;
365 	zend_string *post_data_str = NULL;
366 
367 	MBSTRG(http_input_identify_post) = NULL;
368 
369 	info.data_type              = PARSE_POST;
370 	info.separator              = "&";
371 	info.report_errors          = 0;
372 	info.to_encoding            = MBSTRG(internal_encoding);
373 	info.to_language            = MBSTRG(language);
374 	info.from_encodings         = MBSTRG(http_input_list);
375 	info.num_from_encodings     = MBSTRG(http_input_list_size);
376 	info.from_language          = MBSTRG(language);
377 
378 	php_stream_rewind(SG(request_info).request_body);
379 	post_data_str = php_stream_copy_to_mem(SG(request_info).request_body, PHP_STREAM_COPY_ALL, 0);
380 	detected = _php_mb_encoding_handler_ex(&info, arg, post_data_str ? ZSTR_VAL(post_data_str) : NULL);
381 	if (post_data_str) {
382 		zend_string_release(post_data_str);
383 	}
384 
385 	MBSTRG(http_input_identify) = detected;
386 	if (detected) {
387 		MBSTRG(http_input_identify_post) = detected;
388 	}
389 }
390 /* }}} */
391 
392 #endif /* HAVE_MBSTRING */
393 
394 /*
395  * Local variables:
396  * tab-width: 4
397  * c-basic-offset: 4
398  * End:
399  * vim600: fdm=marker
400  * vim: noet sw=4 ts=4
401  */
402