xref: /PHP-7.2/ext/filter/filter.c (revision 47fb17b1)
1 /*
2   +----------------------------------------------------------------------+
3   | PHP Version 7                                                        |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 1997-2018 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt                                  |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Rasmus Lerdorf <rasmus@php.net>                             |
16   |          Derick Rethans <derick@php.net>                             |
17   |          Pierre-A. Joye <pierre@php.net>                             |
18   |          Ilia Alshanetsky <iliaa@php.net>                            |
19   +----------------------------------------------------------------------+
20 */
21 
22 /* $Id: 5a34caaa246b9df197f4b43af8ac66a07464fe4b $ */
23 
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27 
28 #include "php_filter.h"
29 
30 ZEND_DECLARE_MODULE_GLOBALS(filter)
31 
32 #include "filter_private.h"
33 
34 typedef struct filter_list_entry {
35 	const char *name;
36 	int    id;
37 	void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
38 } filter_list_entry;
39 
40 /* {{{ filter_list */
41 static const filter_list_entry filter_list[] = {
42 	{ "int",             FILTER_VALIDATE_INT,           php_filter_int             },
43 	{ "boolean",         FILTER_VALIDATE_BOOLEAN,       php_filter_boolean         },
44 	{ "float",           FILTER_VALIDATE_FLOAT,         php_filter_float           },
45 
46 	{ "validate_regexp", FILTER_VALIDATE_REGEXP,        php_filter_validate_regexp },
47 	{ "validate_domain", FILTER_VALIDATE_DOMAIN,        php_filter_validate_domain },
48 	{ "validate_url",    FILTER_VALIDATE_URL,           php_filter_validate_url    },
49 	{ "validate_email",  FILTER_VALIDATE_EMAIL,         php_filter_validate_email  },
50 	{ "validate_ip",     FILTER_VALIDATE_IP,            php_filter_validate_ip     },
51 	{ "validate_mac",    FILTER_VALIDATE_MAC,           php_filter_validate_mac    },
52 
53 	{ "string",          FILTER_SANITIZE_STRING,        php_filter_string          },
54 	{ "stripped",        FILTER_SANITIZE_STRING,        php_filter_string          },
55 	{ "encoded",         FILTER_SANITIZE_ENCODED,       php_filter_encoded         },
56 	{ "special_chars",   FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars   },
57 	{ "full_special_chars",   FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars   },
58 	{ "unsafe_raw",      FILTER_UNSAFE_RAW,             php_filter_unsafe_raw      },
59 	{ "email",           FILTER_SANITIZE_EMAIL,         php_filter_email           },
60 	{ "url",             FILTER_SANITIZE_URL,           php_filter_url             },
61 	{ "number_int",      FILTER_SANITIZE_NUMBER_INT,    php_filter_number_int      },
62 	{ "number_float",    FILTER_SANITIZE_NUMBER_FLOAT,  php_filter_number_float    },
63 	{ "magic_quotes",    FILTER_SANITIZE_MAGIC_QUOTES,  php_filter_magic_quotes    },
64 
65 	{ "callback",        FILTER_CALLBACK,               php_filter_callback        },
66 };
67 /* }}} */
68 
69 #ifndef PARSE_ENV
70 #define PARSE_ENV 4
71 #endif
72 
73 #ifndef PARSE_SERVER
74 #define PARSE_SERVER 5
75 #endif
76 
77 #ifndef PARSE_SESSION
78 #define PARSE_SESSION 6
79 #endif
80 
81 static unsigned int php_sapi_filter(int arg, char *var, char **val, size_t val_len, size_t *new_val_len);
82 static unsigned int php_sapi_filter_init(void);
83 
84 /* {{{ arginfo */
85 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input, 0, 0, 2)
86 	ZEND_ARG_INFO(0, type)
87 	ZEND_ARG_INFO(0, variable_name)
88 	ZEND_ARG_INFO(0, filter)
89 	ZEND_ARG_INFO(0, options)
90 ZEND_END_ARG_INFO()
91 
92 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var, 0, 0, 1)
93 	ZEND_ARG_INFO(0, variable)
94 	ZEND_ARG_INFO(0, filter)
95 	ZEND_ARG_INFO(0, options)
96 ZEND_END_ARG_INFO()
97 
98 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input_array, 0, 0, 1)
99 	ZEND_ARG_INFO(0, type)
100 	ZEND_ARG_INFO(0, definition)
101 	ZEND_ARG_INFO(0, add_empty)
102 ZEND_END_ARG_INFO()
103 
104 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var_array, 0, 0, 1)
105 	ZEND_ARG_INFO(0, data)
106 	ZEND_ARG_INFO(0, definition)
107 	ZEND_ARG_INFO(0, add_empty)
108 ZEND_END_ARG_INFO()
109 
110 ZEND_BEGIN_ARG_INFO(arginfo_filter_list, 0)
111 ZEND_END_ARG_INFO()
112 
113 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_has_var, 0, 0, 2)
114 	ZEND_ARG_INFO(0, type)
115 	ZEND_ARG_INFO(0, variable_name)
116 ZEND_END_ARG_INFO()
117 
118 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_id, 0, 0, 1)
119 	ZEND_ARG_INFO(0, filtername)
120 ZEND_END_ARG_INFO()
121 /* }}} */
122 
123 /* {{{ filter_functions[]
124  */
125 static const zend_function_entry filter_functions[] = {
126 	PHP_FE(filter_input,		arginfo_filter_input)
127 	PHP_FE(filter_var,		arginfo_filter_var)
128 	PHP_FE(filter_input_array,	arginfo_filter_input_array)
129 	PHP_FE(filter_var_array,	arginfo_filter_var_array)
130 	PHP_FE(filter_list,		arginfo_filter_list)
131 	PHP_FE(filter_has_var,		arginfo_filter_has_var)
132 	PHP_FE(filter_id,		arginfo_filter_id)
133 	PHP_FE_END
134 };
135 /* }}} */
136 
137 /* {{{ filter_module_entry
138  */
139 zend_module_entry filter_module_entry = {
140 	STANDARD_MODULE_HEADER,
141 	"filter",
142 	filter_functions,
143 	PHP_MINIT(filter),
144 	PHP_MSHUTDOWN(filter),
145 	NULL,
146 	PHP_RSHUTDOWN(filter),
147 	PHP_MINFO(filter),
148 	PHP_FILTER_VERSION,
149 	STANDARD_MODULE_PROPERTIES
150 };
151 /* }}} */
152 
153 #ifdef COMPILE_DL_FILTER
154 #ifdef ZTS
155 ZEND_TSRMLS_CACHE_DEFINE()
156 #endif
ZEND_GET_MODULE(filter)157 ZEND_GET_MODULE(filter)
158 #endif
159 
160 static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
161 {
162 	int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
163 
164 	for (i = 0; i < size; ++i) {
165 		if ((strcasecmp(ZSTR_VAL(new_value), filter_list[i].name) == 0)) {
166 			IF_G(default_filter) = filter_list[i].id;
167 			return SUCCESS;
168 		}
169 	}
170 	/* Fallback to the default filter */
171 	IF_G(default_filter) = FILTER_DEFAULT;
172 	return SUCCESS;
173 }
174 /* }}} */
175 
176 /* {{{ PHP_INI
177  */
PHP_INI_MH(OnUpdateFlags)178 static PHP_INI_MH(OnUpdateFlags)
179 {
180 	if (!new_value) {
181 		IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
182 	} else {
183 		IF_G(default_filter_flags) = atoi(ZSTR_VAL(new_value));
184 	}
185 	return SUCCESS;
186 }
187 
188 PHP_INI_BEGIN()
189 	STD_PHP_INI_ENTRY("filter.default",   "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
190 	PHP_INI_ENTRY("filter.default_flags", NULL,     PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
PHP_INI_END()191 PHP_INI_END()
192 /* }}} */
193 
194 static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
195 {
196 #if defined(COMPILE_DL_FILTER) && defined(ZTS)
197 ZEND_TSRMLS_CACHE_UPDATE();
198 #endif
199 	ZVAL_UNDEF(&filter_globals->post_array);
200 	ZVAL_UNDEF(&filter_globals->get_array);
201 	ZVAL_UNDEF(&filter_globals->cookie_array);
202 	ZVAL_UNDEF(&filter_globals->env_array);
203 	ZVAL_UNDEF(&filter_globals->server_array);
204 	ZVAL_UNDEF(&filter_globals->session_array);
205 	filter_globals->default_filter = FILTER_DEFAULT;
206 }
207 /* }}} */
208 
209 #define PARSE_REQUEST 99
210 
211 /* {{{ PHP_MINIT_FUNCTION
212  */
PHP_MINIT_FUNCTION(filter)213 PHP_MINIT_FUNCTION(filter)
214 {
215 	ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
216 
217 	REGISTER_INI_ENTRIES();
218 
219 	REGISTER_LONG_CONSTANT("INPUT_POST",	PARSE_POST, 	CONST_CS | CONST_PERSISTENT);
220 	REGISTER_LONG_CONSTANT("INPUT_GET",		PARSE_GET,		CONST_CS | CONST_PERSISTENT);
221 	REGISTER_LONG_CONSTANT("INPUT_COOKIE",	PARSE_COOKIE, 	CONST_CS | CONST_PERSISTENT);
222 	REGISTER_LONG_CONSTANT("INPUT_ENV",		PARSE_ENV,		CONST_CS | CONST_PERSISTENT);
223 	REGISTER_LONG_CONSTANT("INPUT_SERVER",	PARSE_SERVER, 	CONST_CS | CONST_PERSISTENT);
224 	REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION, 	CONST_CS | CONST_PERSISTENT);
225 	REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST, 	CONST_CS | CONST_PERSISTENT);
226 
227 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
228 
229 	REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
230 	REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
231 	REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
232 	REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);
233 
234 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
235 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOLEAN, CONST_CS | CONST_PERSISTENT);
236 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);
237 
238 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
239 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_DOMAIN", FILTER_VALIDATE_DOMAIN, CONST_CS | CONST_PERSISTENT);
240 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
241 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
242 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);
243 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_MAC", FILTER_VALIDATE_MAC, CONST_CS | CONST_PERSISTENT);
244 
245 	REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
246 	REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
247 
248 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
249 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
250 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
251 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
252 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_FULL_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
253 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
254 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
255 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
256 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
257 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
258 
259 	REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
260 
261 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
262 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);
263 
264 	REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
265 	REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
266 	REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_BACKTICK", FILTER_FLAG_STRIP_BACKTICK, CONST_CS | CONST_PERSISTENT);
267 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
268 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
269 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
270 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
271 	REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
272 
273 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
274 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
275 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);
276 
277 	REGISTER_LONG_CONSTANT("FILTER_FLAG_SCHEME_REQUIRED", FILTER_FLAG_SCHEME_REQUIRED, CONST_CS | CONST_PERSISTENT);
278 	REGISTER_LONG_CONSTANT("FILTER_FLAG_HOST_REQUIRED", FILTER_FLAG_HOST_REQUIRED, CONST_CS | CONST_PERSISTENT);
279 	REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
280 	REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);
281 
282 	REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
283 	REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
284 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
285 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);
286 
287 	REGISTER_LONG_CONSTANT("FILTER_FLAG_HOSTNAME", FILTER_FLAG_HOSTNAME, CONST_CS | CONST_PERSISTENT);
288 
289 	REGISTER_LONG_CONSTANT("FILTER_FLAG_EMAIL_UNICODE", FILTER_FLAG_EMAIL_UNICODE, CONST_CS | CONST_PERSISTENT);
290 
291 	sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
292 
293 	return SUCCESS;
294 }
295 /* }}} */
296 
297 /* {{{ PHP_MSHUTDOWN_FUNCTION
298  */
PHP_MSHUTDOWN_FUNCTION(filter)299 PHP_MSHUTDOWN_FUNCTION(filter)
300 {
301 	UNREGISTER_INI_ENTRIES();
302 
303 	return SUCCESS;
304 }
305 /* }}} */
306 
307 /* {{{ PHP_RSHUTDOWN_FUNCTION
308  */
309 #define VAR_ARRAY_COPY_DTOR(a)   \
310 	if (!Z_ISUNDEF(IF_G(a))) {   \
311 		zval_ptr_dtor(&IF_G(a)); \
312 		ZVAL_UNDEF(&IF_G(a));    \
313 	}
314 
PHP_RSHUTDOWN_FUNCTION(filter)315 PHP_RSHUTDOWN_FUNCTION(filter)
316 {
317 	VAR_ARRAY_COPY_DTOR(get_array)
318 	VAR_ARRAY_COPY_DTOR(post_array)
319 	VAR_ARRAY_COPY_DTOR(cookie_array)
320 	VAR_ARRAY_COPY_DTOR(server_array)
321 	VAR_ARRAY_COPY_DTOR(env_array)
322 	VAR_ARRAY_COPY_DTOR(session_array)
323 	return SUCCESS;
324 }
325 /* }}} */
326 
327 /* {{{ PHP_MINFO_FUNCTION
328  */
PHP_MINFO_FUNCTION(filter)329 PHP_MINFO_FUNCTION(filter)
330 {
331 	php_info_print_table_start();
332 	php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
333 	php_info_print_table_row( 2, "Revision", "$Id: 5a34caaa246b9df197f4b43af8ac66a07464fe4b $");
334 	php_info_print_table_end();
335 
336 	DISPLAY_INI_ENTRIES();
337 }
338 /* }}} */
339 
php_find_filter(zend_long id)340 static filter_list_entry php_find_filter(zend_long id) /* {{{ */
341 {
342 	int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
343 
344 	for (i = 0; i < size; ++i) {
345 		if (filter_list[i].id == id) {
346 			return filter_list[i];
347 		}
348 	}
349 	/* Fallback to "string" filter */
350 	for (i = 0; i < size; ++i) {
351 		if (filter_list[i].id == FILTER_DEFAULT) {
352 			return filter_list[i];
353 		}
354 	}
355 	/* To shut up GCC */
356 	return filter_list[0];
357 }
358 /* }}} */
359 
php_sapi_filter_init(void)360 static unsigned int php_sapi_filter_init(void)
361 {
362 	ZVAL_UNDEF(&IF_G(get_array));
363 	ZVAL_UNDEF(&IF_G(post_array));
364 	ZVAL_UNDEF(&IF_G(cookie_array));
365 	ZVAL_UNDEF(&IF_G(server_array));
366 	ZVAL_UNDEF(&IF_G(env_array));
367 	ZVAL_UNDEF(&IF_G(session_array));
368 	return SUCCESS;
369 }
370 
php_zval_filter(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,zend_bool copy)371 static void php_zval_filter(zval *value, zend_long filter, zend_long flags, zval *options, char* charset, zend_bool copy) /* {{{ */
372 {
373 	filter_list_entry  filter_func;
374 
375 	filter_func = php_find_filter(filter);
376 
377 	if (!filter_func.id) {
378 		/* Find default filter */
379 		filter_func = php_find_filter(FILTER_DEFAULT);
380 	}
381 
382 	if (copy) {
383 		SEPARATE_ZVAL(value);
384 	}
385 
386 	/* #49274, fatal error with object without a toString method
387 	  Fails nicely instead of getting a recovarable fatal error. */
388 	if (Z_TYPE_P(value) == IS_OBJECT) {
389 		zend_class_entry *ce;
390 
391 		ce = Z_OBJCE_P(value);
392 		if (!ce->__tostring) {
393 			zval_ptr_dtor(value);
394 			/* #67167: doesn't return null on failure for objects */
395 			if (flags & FILTER_NULL_ON_FAILURE) {
396 				ZVAL_NULL(value);
397 			} else {
398 				ZVAL_FALSE(value);
399 			}
400 			goto handle_default;
401 		}
402 	}
403 
404 	/* Here be strings */
405 	convert_to_string(value);
406 
407 	filter_func.function(value, flags, options, charset);
408 
409 handle_default:
410 	if (options && (Z_TYPE_P(options) == IS_ARRAY || Z_TYPE_P(options) == IS_OBJECT) &&
411 		((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_P(value) == IS_NULL) ||
412 		(!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_P(value) == IS_FALSE)) &&
413 		zend_hash_str_exists(HASH_OF(options), "default", sizeof("default") - 1)) {
414 		zval *tmp;
415 		if ((tmp = zend_hash_str_find(HASH_OF(options), "default", sizeof("default") - 1)) != NULL) {
416 			ZVAL_COPY(value, tmp);
417 		}
418 	}
419 }
420 /* }}} */
421 
php_sapi_filter(int arg,char * var,char ** val,size_t val_len,size_t * new_val_len)422 static unsigned int php_sapi_filter(int arg, char *var, char **val, size_t val_len, size_t *new_val_len) /* {{{ */
423 {
424 	zval  new_var, raw_var;
425 	zval *array_ptr = NULL, *orig_array_ptr = NULL;
426 	int retval = 0;
427 
428 	assert(*val != NULL);
429 
430 #define PARSE_CASE(s,a,t)                     		\
431 		case s:                               		\
432 			if (Z_ISUNDEF(IF_G(a))) {         		\
433 				array_init(&IF_G(a)); 				\
434 			}										\
435 			array_ptr = &IF_G(a);          			\
436 			orig_array_ptr = &PG(http_globals)[t]; 	\
437 			break;
438 
439 	switch (arg) {
440 		PARSE_CASE(PARSE_POST,    post_array,    TRACK_VARS_POST)
441 		PARSE_CASE(PARSE_GET,     get_array,     TRACK_VARS_GET)
442 		PARSE_CASE(PARSE_COOKIE,  cookie_array,  TRACK_VARS_COOKIE)
443 		PARSE_CASE(PARSE_SERVER,  server_array,  TRACK_VARS_SERVER)
444 		PARSE_CASE(PARSE_ENV,     env_array,     TRACK_VARS_ENV)
445 
446 		case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
447 			retval = 1;
448 			break;
449 	}
450 
451 	/*
452 	 * According to rfc2965, more specific paths are listed above the less specific ones.
453 	 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
454 	 * to have the same (plain text) cookie name for the same path and we should not overwrite
455 	 * more specific cookies with the less specific ones.
456 	*/
457 	if (arg == PARSE_COOKIE && orig_array_ptr &&
458 			zend_symtable_str_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var))) {
459 		return 0;
460 	}
461 
462 	if (array_ptr) {
463 		/* Store the RAW variable internally */
464 		ZVAL_STRINGL(&raw_var, *val, val_len);
465 		php_register_variable_ex(var, &raw_var, array_ptr);
466 	}
467 
468 	if (val_len) {
469 		/* Register mangled variable */
470 		if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
471 			ZVAL_STRINGL(&new_var, *val, val_len);
472 			php_zval_filter(&new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL, 0);
473 		} else {
474 			ZVAL_STRINGL(&new_var, *val, val_len);
475 		}
476 	} else { /* empty string */
477 		ZVAL_EMPTY_STRING(&new_var);
478 	}
479 
480 	if (orig_array_ptr) {
481 		php_register_variable_ex(var, &new_var, orig_array_ptr);
482 	}
483 
484 	if (retval) {
485 		if (new_val_len) {
486 			*new_val_len = Z_STRLEN(new_var);
487 		}
488 		efree(*val);
489 		if (Z_STRLEN(new_var)) {
490 			*val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
491 		} else {
492 			*val = estrdup("");
493 		}
494 		zval_ptr_dtor(&new_var);
495 	}
496 
497 	return retval;
498 }
499 /* }}} */
500 
php_zval_filter_recursive(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,zend_bool copy)501 static void php_zval_filter_recursive(zval *value, zend_long filter, zend_long flags, zval *options, char *charset, zend_bool copy) /* {{{ */
502 {
503 	if (Z_TYPE_P(value) == IS_ARRAY) {
504 		zval *element;
505 
506 		if (Z_ARRVAL_P(value)->u.v.nApplyCount > 1) {
507 			return;
508 		}
509 
510 		ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(value), element) {
511 			ZVAL_DEREF(element);
512 			SEPARATE_ZVAL_NOREF(element);
513 			if (Z_TYPE_P(element) == IS_ARRAY) {
514 				Z_ARRVAL_P(element)->u.v.nApplyCount++;
515 				php_zval_filter_recursive(element, filter, flags, options, charset, copy);
516 				Z_ARRVAL_P(element)->u.v.nApplyCount--;
517 			} else {
518 				php_zval_filter(element, filter, flags, options, charset, copy);
519 			}
520 		} ZEND_HASH_FOREACH_END();
521 	} else {
522 		php_zval_filter(value, filter, flags, options, charset, copy);
523 	}
524 }
525 /* }}} */
526 
php_filter_get_storage(zend_long arg)527 static zval *php_filter_get_storage(zend_long arg)/* {{{ */
528 
529 {
530 	zval *array_ptr = NULL;
531 
532 	switch (arg) {
533 		case PARSE_GET:
534 			array_ptr = &IF_G(get_array);
535 			break;
536 		case PARSE_POST:
537 			array_ptr = &IF_G(post_array);
538 			break;
539 		case PARSE_COOKIE:
540 			array_ptr = &IF_G(cookie_array);
541 			break;
542 		case PARSE_SERVER:
543 			if (PG(auto_globals_jit)) {
544 				zend_is_auto_global_str(ZEND_STRL("_SERVER"));
545 			}
546 			array_ptr = &IF_G(server_array);
547 			break;
548 		case PARSE_ENV:
549 			if (PG(auto_globals_jit)) {
550 				zend_is_auto_global_str(ZEND_STRL("_ENV"));
551 			}
552 			array_ptr = !Z_ISUNDEF(IF_G(env_array)) ? &IF_G(env_array) : &PG(http_globals)[TRACK_VARS_ENV];
553 			break;
554 		case PARSE_SESSION:
555 			/* FIXME: Implement session source */
556 			php_error_docref(NULL, E_WARNING, "INPUT_SESSION is not yet implemented");
557 			break;
558 		case PARSE_REQUEST:
559 			/* FIXME: Implement request source */
560 			php_error_docref(NULL, E_WARNING, "INPUT_REQUEST is not yet implemented");
561 			break;
562 	}
563 
564 	return array_ptr;
565 }
566 /* }}} */
567 
568 /* {{{ proto mixed filter_has_var(constant type, string variable_name)
569  * Returns true if the variable with the name 'name' exists in source.
570  */
PHP_FUNCTION(filter_has_var)571 PHP_FUNCTION(filter_has_var)
572 {
573 	zend_long         arg;
574 	zend_string *var;
575 	zval        *array_ptr = NULL;
576 
577 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS", &arg, &var) == FAILURE) {
578 		RETURN_FALSE;
579 	}
580 
581 	array_ptr = php_filter_get_storage(arg);
582 
583 	if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var)) {
584 		RETURN_TRUE;
585 	}
586 
587 	RETURN_FALSE;
588 }
589 /* }}} */
590 
php_filter_call(zval * filtered,zend_long filter,zval * filter_args,const int copy,zend_long filter_flags)591 static void php_filter_call(zval *filtered, zend_long filter, zval *filter_args, const int copy, zend_long filter_flags) /* {{{ */
592 {
593 	zval *options = NULL;
594 	zval *option;
595 	char *charset = NULL;
596 
597 	if (filter_args && Z_TYPE_P(filter_args) != IS_ARRAY) {
598 		zend_long lval = zval_get_long(filter_args);
599 
600 		if (filter != -1) { /* handler for array apply */
601 			/* filter_args is the filter_flags */
602 			filter_flags = lval;
603 
604 			if (!(filter_flags & FILTER_REQUIRE_ARRAY ||  filter_flags & FILTER_FORCE_ARRAY)) {
605 				filter_flags |= FILTER_REQUIRE_SCALAR;
606 			}
607 		} else {
608 			filter = lval;
609 		}
610 	} else if (filter_args) {
611 		if ((option = zend_hash_str_find(HASH_OF(filter_args), "filter", sizeof("filter") - 1)) != NULL) {
612 			filter = zval_get_long(option);
613 		}
614 
615 		if ((option = zend_hash_str_find(HASH_OF(filter_args), "flags", sizeof("flags") - 1)) != NULL) {
616 			filter_flags = zval_get_long(option);
617 
618 			if (!(filter_flags & FILTER_REQUIRE_ARRAY ||  filter_flags & FILTER_FORCE_ARRAY)) {
619 				filter_flags |= FILTER_REQUIRE_SCALAR;
620 			}
621 		}
622 
623 		if ((option = zend_hash_str_find(HASH_OF(filter_args), "options", sizeof("options") - 1)) != NULL) {
624 			/* avoid reference type */
625 			ZVAL_DEREF(option);
626 
627 			if (filter != FILTER_CALLBACK) {
628 				if (Z_TYPE_P(option) == IS_ARRAY) {
629 					options = option;
630 				}
631 			} else {
632 				options = option;
633 				filter_flags = 0;
634 			}
635 		}
636 	}
637 
638 	if (Z_TYPE_P(filtered) == IS_ARRAY) {
639 		if (filter_flags & FILTER_REQUIRE_SCALAR) {
640 			if (copy) {
641 				SEPARATE_ZVAL(filtered);
642 			}
643 			zval_ptr_dtor(filtered);
644 			if (filter_flags & FILTER_NULL_ON_FAILURE) {
645 				ZVAL_NULL(filtered);
646 			} else {
647 				ZVAL_FALSE(filtered);
648 			}
649 			return;
650 		}
651 		php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy);
652 		return;
653 	}
654 	if (filter_flags & FILTER_REQUIRE_ARRAY) {
655 		if (copy) {
656 			SEPARATE_ZVAL(filtered);
657 		}
658 		zval_ptr_dtor(filtered);
659 		if (filter_flags & FILTER_NULL_ON_FAILURE) {
660 			ZVAL_NULL(filtered);
661 		} else {
662 			ZVAL_FALSE(filtered);
663 		}
664 		return;
665 	}
666 
667 	php_zval_filter(filtered, filter, filter_flags, options, charset, copy);
668 	if (filter_flags & FILTER_FORCE_ARRAY) {
669 		zval tmp;
670 		ZVAL_COPY_VALUE(&tmp, filtered);
671 		array_init(filtered);
672 		add_next_index_zval(filtered, &tmp);
673 	}
674 }
675 /* }}} */
676 
php_filter_array_handler(zval * input,zval * op,zval * return_value,zend_bool add_empty)677 static void php_filter_array_handler(zval *input, zval *op, zval *return_value, zend_bool add_empty) /* {{{ */
678 {
679 	zend_string *arg_key;
680 	zval *tmp, *arg_elm;
681 
682 	if (!op) {
683 		zval_ptr_dtor(return_value);
684 		ZVAL_DUP(return_value, input);
685 		php_filter_call(return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY);
686 	} else if (Z_TYPE_P(op) == IS_LONG) {
687 		zval_ptr_dtor(return_value);
688 		ZVAL_DUP(return_value, input);
689 		php_filter_call(return_value, Z_LVAL_P(op), NULL, 0, FILTER_REQUIRE_ARRAY);
690 	} else if (Z_TYPE_P(op) == IS_ARRAY) {
691 		array_init(return_value);
692 
693 		ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(op), arg_key, arg_elm) {
694 			if (arg_key == NULL) {
695 				php_error_docref(NULL, E_WARNING, "Numeric keys are not allowed in the definition array");
696 				zval_ptr_dtor(return_value);
697 				RETURN_FALSE;
698 	 		}
699 			if (ZSTR_LEN(arg_key) == 0) {
700 				php_error_docref(NULL, E_WARNING, "Empty keys are not allowed in the definition array");
701 				zval_ptr_dtor(return_value);
702 				RETURN_FALSE;
703 			}
704 			if ((tmp = zend_hash_find(Z_ARRVAL_P(input), arg_key)) == NULL) {
705 				if (add_empty) {
706 					add_assoc_null_ex(return_value, ZSTR_VAL(arg_key), ZSTR_LEN(arg_key));
707 				}
708 			} else {
709 				zval nval;
710 				ZVAL_DEREF(tmp);
711 				ZVAL_DUP(&nval, tmp);
712 				php_filter_call(&nval, -1, arg_elm, 0, FILTER_REQUIRE_SCALAR);
713 				zend_hash_update(Z_ARRVAL_P(return_value), arg_key, &nval);
714 			}
715 		} ZEND_HASH_FOREACH_END();
716 	} else {
717 		RETURN_FALSE;
718 	}
719 }
720 /* }}} */
721 
722 /* {{{ proto mixed filter_input(constant type, string variable_name [, long filter [, mixed options]])
723  * Returns the filtered variable 'name'* from source `type`.
724  */
PHP_FUNCTION(filter_input)725 PHP_FUNCTION(filter_input)
726 {
727 	zend_long fetch_from, filter = FILTER_DEFAULT;
728 	zval *filter_args = NULL, *tmp;
729 	zval *input = NULL;
730 	zend_string *var;
731 
732 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS|lz", &fetch_from, &var, &filter, &filter_args) == FAILURE) {
733 		return;
734 	}
735 
736 	if (!PHP_FILTER_ID_EXISTS(filter)) {
737 		RETURN_FALSE;
738 	}
739 
740 	input = php_filter_get_storage(fetch_from);
741 
742 	if (!input || !HASH_OF(input) || (tmp = zend_hash_find(HASH_OF(input), var)) == NULL) {
743 		zend_long filter_flags = 0;
744 		zval *option, *opt, *def;
745 		if (filter_args) {
746 			if (Z_TYPE_P(filter_args) == IS_LONG) {
747 				filter_flags = Z_LVAL_P(filter_args);
748 			} else if (Z_TYPE_P(filter_args) == IS_ARRAY && (option = zend_hash_str_find(HASH_OF(filter_args), "flags", sizeof("flags") - 1)) != NULL) {
749 				filter_flags = zval_get_long(option);
750 			}
751 			if (Z_TYPE_P(filter_args) == IS_ARRAY &&
752 				(opt = zend_hash_str_find(HASH_OF(filter_args), "options", sizeof("options") - 1)) != NULL &&
753 				Z_TYPE_P(opt) == IS_ARRAY &&
754 				(def = zend_hash_str_find(HASH_OF(opt), "default", sizeof("default") - 1)) != NULL) {
755 				ZVAL_COPY(return_value, def);
756 				return;
757 			}
758 		}
759 
760 		/* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
761 		 * the function: normally when validation fails false is returned, and
762 		 * when the input value doesn't exist NULL is returned. With the flag
763 		 * set, NULL and false should be returned, respectively. Ergo, although
764 		 * the code below looks incorrect, it's actually right. */
765 		if (filter_flags & FILTER_NULL_ON_FAILURE) {
766 			RETURN_FALSE;
767 		} else {
768 			RETURN_NULL();
769 		}
770 	}
771 
772 	ZVAL_DUP(return_value, tmp);
773 
774 	php_filter_call(return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR);
775 }
776 /* }}} */
777 
778 /* {{{ proto mixed filter_var(mixed variable [, long filter [, mixed options]])
779  * Returns the filtered version of the variable.
780  */
PHP_FUNCTION(filter_var)781 PHP_FUNCTION(filter_var)
782 {
783 	zend_long filter = FILTER_DEFAULT;
784 	zval *filter_args = NULL, *data;
785 
786 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "z/|lz", &data, &filter, &filter_args) == FAILURE) {
787 		return;
788 	}
789 
790 	if (!PHP_FILTER_ID_EXISTS(filter)) {
791 		RETURN_FALSE;
792 	}
793 
794 	ZVAL_DUP(return_value, data);
795 
796 	php_filter_call(return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR);
797 }
798 /* }}} */
799 
800 /* {{{ proto mixed filter_input_array(constant type, [, mixed options [, bool add_empty]]])
801  * Returns an array with all arguments defined in 'definition'.
802  */
PHP_FUNCTION(filter_input_array)803 PHP_FUNCTION(filter_input_array)
804 {
805 	zend_long    fetch_from;
806 	zval   *array_input = NULL, *op = NULL;
807 	zend_bool add_empty = 1;
808 
809 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "l|zb",  &fetch_from, &op, &add_empty) == FAILURE) {
810 		return;
811 	}
812 
813 	if (op && (Z_TYPE_P(op) != IS_ARRAY) && !(Z_TYPE_P(op) == IS_LONG && PHP_FILTER_ID_EXISTS(Z_LVAL_P(op)))) {
814 		RETURN_FALSE;
815 	}
816 
817 	array_input = php_filter_get_storage(fetch_from);
818 
819 	if (!array_input || !HASH_OF(array_input)) {
820 		zend_long filter_flags = 0;
821 		zval *option;
822 		if (op) {
823 			if (Z_TYPE_P(op) == IS_LONG) {
824 				filter_flags = Z_LVAL_P(op);
825 			} else if (Z_TYPE_P(op) == IS_ARRAY && (option = zend_hash_str_find(HASH_OF(op), "flags", sizeof("flags") - 1)) != NULL) {
826 				filter_flags = zval_get_long(option);
827 			}
828 		}
829 
830 		/* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
831 		 * the function: normally when validation fails false is returned, and
832 		 * when the input value doesn't exist NULL is returned. With the flag
833 		 * set, NULL and false should be returned, respectively. Ergo, although
834 		 * the code below looks incorrect, it's actually right. */
835 		if (filter_flags & FILTER_NULL_ON_FAILURE) {
836 			RETURN_FALSE;
837 		} else {
838 			RETURN_NULL();
839 		}
840 	}
841 
842 	php_filter_array_handler(array_input, op, return_value, add_empty);
843 }
844 /* }}} */
845 
846 /* {{{ proto mixed filter_var_array(array data, [, mixed options [, bool add_empty]]])
847  * Returns an array with all arguments defined in 'definition'.
848  */
PHP_FUNCTION(filter_var_array)849 PHP_FUNCTION(filter_var_array)
850 {
851 	zval *array_input = NULL, *op = NULL;
852 	zend_bool add_empty = 1;
853 
854 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "a|zb",  &array_input, &op, &add_empty) == FAILURE) {
855 		return;
856 	}
857 
858 	if (op && (Z_TYPE_P(op) != IS_ARRAY) && !(Z_TYPE_P(op) == IS_LONG && PHP_FILTER_ID_EXISTS(Z_LVAL_P(op)))) {
859 		RETURN_FALSE;
860 	}
861 
862 	php_filter_array_handler(array_input, op, return_value, add_empty);
863 }
864 /* }}} */
865 
866 /* {{{ proto filter_list()
867  * Returns a list of all supported filters */
PHP_FUNCTION(filter_list)868 PHP_FUNCTION(filter_list)
869 {
870 	int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
871 
872 	if (zend_parse_parameters_none() == FAILURE) {
873 		return;
874 	}
875 
876 	array_init(return_value);
877 	for (i = 0; i < size; ++i) {
878 		add_next_index_string(return_value, (char *)filter_list[i].name);
879 	}
880 }
881 /* }}} */
882 
883 /* {{{ proto filter_id(string filtername)
884  * Returns the filter ID belonging to a named filter */
PHP_FUNCTION(filter_id)885 PHP_FUNCTION(filter_id)
886 {
887 	int i;
888 	size_t filter_len;
889 	int size = sizeof(filter_list) / sizeof(filter_list_entry);
890 	char *filter;
891 
892 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filter, &filter_len) == FAILURE) {
893 		return;
894 	}
895 
896 	for (i = 0; i < size; ++i) {
897 		if (strcmp(filter_list[i].name, filter) == 0) {
898 			RETURN_LONG(filter_list[i].id);
899 		}
900 	}
901 
902 	RETURN_FALSE;
903 }
904 /* }}} */
905 
906 /*
907  * Local variables:
908  * tab-width: 4
909  * c-basic-offset: 4
910  * End:
911  * vim600: noet sw=4 ts=4 fdm=marker
912  * vim<600: noet sw=4 ts=4
913  */
914