1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Author: Rui Hirokawa <hirokawa@php.net> |
14 | Moriyoshi Koizumi <moriyoshi@php.net> |
15 +----------------------------------------------------------------------+
16 */
17
18 /* {{{ includes */
19 #include "php.h"
20 #include "php_ini.h"
21 #include "php_variables.h"
22 #include "libmbfl/mbfl/mbfilter_pass.h"
23 #include "mbstring.h"
24 #include "ext/standard/php_string.h"
25 #include "ext/standard/php_mail.h"
26 #include "ext/standard/url.h"
27 #include "main/php_output.h"
28 #include "ext/standard/info.h"
29
30 #include "php_globals.h"
31 #include "rfc1867.h"
32 #include "php_content_types.h"
33 #include "SAPI.h"
34 #include "TSRM.h"
35
36 #include "mb_gpc.h"
37 /* }}} */
38
ZEND_EXTERN_MODULE_GLOBALS(mbstring)39 ZEND_EXTERN_MODULE_GLOBALS(mbstring)
40
41 /* {{{ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
42 * http input processing */
43 MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_treat_data)
44 {
45 char *res = NULL, *separator=NULL;
46 const char *c_var;
47 zval v_array;
48 int free_buffer=0;
49 const mbfl_encoding *detected;
50 php_mb_encoding_handler_info_t info;
51
52 if (!MBSTRG(encoding_translation)) {
53 php_default_treat_data(arg, str, destArray);
54 return;
55 }
56
57 switch (arg) {
58 case PARSE_POST:
59 case PARSE_GET:
60 case PARSE_COOKIE:
61 array_init(&v_array);
62 switch (arg) {
63 case PARSE_POST:
64 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &v_array);
65 break;
66 case PARSE_GET:
67 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &v_array);
68 break;
69 case PARSE_COOKIE:
70 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &v_array);
71 break;
72 }
73 break;
74 default:
75 ZVAL_COPY_VALUE(&v_array, destArray);
76 break;
77 }
78
79 switch (arg) {
80 case PARSE_POST:
81 sapi_handle_post(&v_array);
82 return;
83 case PARSE_GET: /* GET data */
84 c_var = SG(request_info).query_string;
85 if (c_var && *c_var) {
86 res = (char *) estrdup(c_var);
87 free_buffer = 1;
88 }
89 break;
90 case PARSE_COOKIE: /* Cookie data */
91 c_var = SG(request_info).cookie_data;
92 if (c_var && *c_var) {
93 res = (char *) estrdup(c_var);
94 free_buffer = 1;
95 }
96 break;
97 case PARSE_STRING: /* String data */
98 res = str;
99 free_buffer = 1;
100 break;
101 }
102
103 if (!res) {
104 return;
105 }
106
107 switch (arg) {
108 case PARSE_POST:
109 case PARSE_GET:
110 case PARSE_STRING:
111 separator = (char *) estrdup(PG(arg_separator).input);
112 break;
113 case PARSE_COOKIE:
114 separator = ";\0";
115 break;
116 }
117
118 switch (arg) {
119 case PARSE_POST:
120 MBSTRG(http_input_identify_post) = NULL;
121 break;
122 case PARSE_GET:
123 MBSTRG(http_input_identify_get) = NULL;
124 break;
125 case PARSE_COOKIE:
126 MBSTRG(http_input_identify_cookie) = NULL;
127 break;
128 case PARSE_STRING:
129 MBSTRG(http_input_identify_string) = NULL;
130 break;
131 }
132
133 info.data_type = arg;
134 info.separator = separator;
135 info.report_errors = false;
136 info.to_encoding = MBSTRG(internal_encoding);
137 info.from_encodings = MBSTRG(http_input_list);
138 info.num_from_encodings = MBSTRG(http_input_list_size);
139
140 MBSTRG(illegalchars) = 0;
141
142 detected = _php_mb_encoding_handler_ex(&info, &v_array, res);
143 MBSTRG(http_input_identify) = detected;
144
145 if (detected) {
146 switch(arg){
147 case PARSE_POST:
148 MBSTRG(http_input_identify_post) = detected;
149 break;
150 case PARSE_GET:
151 MBSTRG(http_input_identify_get) = detected;
152 break;
153 case PARSE_COOKIE:
154 MBSTRG(http_input_identify_cookie) = detected;
155 break;
156 case PARSE_STRING:
157 MBSTRG(http_input_identify_string) = detected;
158 break;
159 }
160 }
161
162 if (arg != PARSE_COOKIE) {
163 efree(separator);
164 }
165
166 if (free_buffer) {
167 efree(res);
168 }
169 }
170 /* }}} */
171
172 /* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */
_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t * info,zval * array_ptr,char * res)173 const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *array_ptr, char *res)
174 {
175 char *var, *val;
176 char *strtok_buf = NULL, **val_list = NULL;
177 size_t n, num = 1, *len_list = NULL;
178 size_t new_val_len;
179 const mbfl_encoding *from_encoding = NULL;
180 mbfl_encoding_detector *identd = NULL;
181
182 if (!res || *res == '\0') {
183 goto out;
184 }
185
186 /* count variables contained in `res`.
187 * separator may contain multiple separator chars; ANY of them demarcate variables */
188 for (char *s1 = res; *s1; s1++) {
189 for (const char *s2 = info->separator; *s2; s2++) {
190 if (*s1 == *s2) {
191 num++;
192 }
193 }
194 }
195 num *= 2; /* need space for variable name and value */
196
197 val_list = (char **)ecalloc(num, sizeof(char *));
198 len_list = (size_t *)ecalloc(num, sizeof(size_t));
199
200 /* split and decode the query */
201 n = 0;
202 var = php_strtok_r(res, info->separator, &strtok_buf);
203 while (var) {
204 val = strchr(var, '=');
205 if (val) { /* have a value */
206 len_list[n] = php_url_decode(var, val-var);
207 val_list[n] = var;
208 n++;
209
210 *val++ = '\0';
211 val_list[n] = val;
212 len_list[n] = php_url_decode(val, strlen(val));
213 } else {
214 len_list[n] = php_url_decode(var, strlen(var));
215 val_list[n] = var;
216 n++;
217
218 val_list[n] = "";
219 len_list[n] = 0;
220 }
221 n++;
222 var = php_strtok_r(NULL, info->separator, &strtok_buf);
223 }
224
225 if (ZEND_SIZE_T_GT_ZEND_LONG(n, (PG(max_input_vars) * 2))) {
226 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
227 goto out;
228 }
229
230 num = n; /* make sure to process initialized vars only */
231
232 /* initialize converter */
233 if (info->num_from_encodings == 0) {
234 from_encoding = &mbfl_encoding_pass;
235 } else if (info->num_from_encodings == 1) {
236 from_encoding = info->from_encodings[0];
237 } else {
238 /* auto detect */
239 from_encoding = NULL;
240 identd = mbfl_encoding_detector_new(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection));
241 if (identd != NULL) {
242 n = 0;
243 while (n < num) {
244 mbfl_string string;
245 string.val = (unsigned char *)val_list[n];
246 string.len = len_list[n];
247 if (mbfl_encoding_detector_feed(identd, &string)) {
248 break;
249 }
250 n++;
251 }
252 from_encoding = mbfl_encoding_detector_judge(identd);
253 mbfl_encoding_detector_delete(identd);
254 }
255 if (!from_encoding) {
256 if (info->report_errors) {
257 php_error_docref(NULL, E_WARNING, "Unable to detect encoding");
258 }
259 from_encoding = &mbfl_encoding_pass;
260 }
261 }
262
263 /* convert encoding */
264 n = 0;
265 while (n < num) {
266 if (from_encoding != &mbfl_encoding_pass && info->to_encoding != &mbfl_encoding_pass) {
267 unsigned int num_errors = 0;
268 zend_string *converted_var = mb_fast_convert((unsigned char*)val_list[n], len_list[n], from_encoding, info->to_encoding, MBSTRG(current_filter_illegal_substchar), MBSTRG(current_filter_illegal_mode), &num_errors);
269 MBSTRG(illegalchars) += num_errors;
270 n++;
271
272 num_errors = 0;
273 zend_string *converted_val = mb_fast_convert((unsigned char*)val_list[n], len_list[n], from_encoding, info->to_encoding, MBSTRG(current_filter_illegal_substchar), MBSTRG(current_filter_illegal_mode), &num_errors);
274 MBSTRG(illegalchars) += num_errors;
275 n++;
276
277 /* `val` must be a pointer returned by `emalloc` */
278 val = estrndup(ZSTR_VAL(converted_val), ZSTR_LEN(converted_val));
279 if (sapi_module.input_filter(info->data_type, ZSTR_VAL(converted_var), &val, ZSTR_LEN(converted_val), &new_val_len)) {
280 /* add variable to symbol table */
281 php_register_variable_safe(ZSTR_VAL(converted_var), val, new_val_len, array_ptr);
282 }
283 zend_string_free(converted_var);
284 zend_string_free(converted_val);
285 } else {
286 var = val_list[n++];
287 val = estrndup(val_list[n], len_list[n]);
288 if (sapi_module.input_filter(info->data_type, var, &val, len_list[n], &new_val_len)) {
289 php_register_variable_safe(var, val, new_val_len, array_ptr);
290 }
291 n++;
292 }
293 efree(val);
294 }
295
296 out:
297 if (val_list != NULL) {
298 efree((void *)val_list);
299 }
300 if (len_list != NULL) {
301 efree((void *)len_list);
302 }
303
304 return from_encoding;
305 }
306 /* }}} */
307
308 /* {{{ SAPI_POST_HANDLER_FUNC(php_mb_post_handler) */
SAPI_POST_HANDLER_FUNC(php_mb_post_handler)309 SAPI_POST_HANDLER_FUNC(php_mb_post_handler)
310 {
311 const mbfl_encoding *detected;
312 php_mb_encoding_handler_info_t info;
313 zend_string *post_data_str = NULL;
314
315 MBSTRG(http_input_identify_post) = NULL;
316
317 info.data_type = PARSE_POST;
318 info.separator = "&";
319 info.report_errors = false;
320 info.to_encoding = MBSTRG(internal_encoding);
321 info.from_encodings = MBSTRG(http_input_list);
322 info.num_from_encodings = MBSTRG(http_input_list_size);
323
324 php_stream_rewind(SG(request_info).request_body);
325 post_data_str = php_stream_copy_to_mem(SG(request_info).request_body, PHP_STREAM_COPY_ALL, 0);
326 detected = _php_mb_encoding_handler_ex(&info, arg, post_data_str ? ZSTR_VAL(post_data_str) : NULL);
327 if (post_data_str) {
328 zend_string_release_ex(post_data_str, 0);
329 }
330
331 MBSTRG(http_input_identify) = detected;
332 if (detected) {
333 MBSTRG(http_input_identify_post) = detected;
334 }
335 }
336 /* }}} */
337
