1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@php.net> |
14 | Derick Rethans <derick@php.net> |
15 | Pierre-A. Joye <pierre@php.net> |
16 | Ilia Alshanetsky <iliaa@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "php_filter.h"
25
26 ZEND_DECLARE_MODULE_GLOBALS(filter)
27
28 #include "filter_private.h"
29 #include "filter_arginfo.h"
30
31 typedef struct filter_list_entry {
32 const char *name;
33 int id;
34 void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
35 } filter_list_entry;
36
37 /* {{{ filter_list */
38 static const filter_list_entry filter_list[] = {
39 { "int", FILTER_VALIDATE_INT, php_filter_int },
40 { "boolean", FILTER_VALIDATE_BOOL, php_filter_boolean },
41 { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
42
43 { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
44 { "validate_domain", FILTER_VALIDATE_DOMAIN, php_filter_validate_domain },
45 { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
46 { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
47 { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
48 { "validate_mac", FILTER_VALIDATE_MAC, php_filter_validate_mac },
49
50 { "string", FILTER_SANITIZE_STRING, php_filter_string },
51 { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
52 { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
53 { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
54 { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars },
55 { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
56 { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
57 { "url", FILTER_SANITIZE_URL, php_filter_url },
58 { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
59 { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
60 { "add_slashes", FILTER_SANITIZE_ADD_SLASHES, php_filter_add_slashes },
61
62 { "callback", FILTER_CALLBACK, php_filter_callback },
63 };
64 /* }}} */
65
66 #ifndef PARSE_ENV
67 #define PARSE_ENV 4
68 #endif
69
70 #ifndef PARSE_SERVER
71 #define PARSE_SERVER 5
72 #endif
73
74 #ifndef PARSE_SESSION
75 #define PARSE_SESSION 6
76 #endif
77
78 static unsigned int php_sapi_filter(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len);
79 static unsigned int php_sapi_filter_init(void);
80
81 /* {{{ filter_module_entry */
82 zend_module_entry filter_module_entry = {
83 STANDARD_MODULE_HEADER,
84 "filter",
85 ext_functions,
86 PHP_MINIT(filter),
87 PHP_MSHUTDOWN(filter),
88 NULL,
89 PHP_RSHUTDOWN(filter),
90 PHP_MINFO(filter),
91 PHP_FILTER_VERSION,
92 STANDARD_MODULE_PROPERTIES
93 };
94 /* }}} */
95
96 #ifdef COMPILE_DL_FILTER
97 #ifdef ZTS
98 ZEND_TSRMLS_CACHE_DEFINE()
99 #endif
ZEND_GET_MODULE(filter)100 ZEND_GET_MODULE(filter)
101 #endif
102
103 static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
104 {
105 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
106
107 for (i = 0; i < size; ++i) {
108 if ((strcasecmp(ZSTR_VAL(new_value), filter_list[i].name) == 0)) {
109 IF_G(default_filter) = filter_list[i].id;
110 if (IF_G(default_filter) != FILTER_DEFAULT) {
111 zend_error(E_DEPRECATED, "The filter.default ini setting is deprecated");
112 }
113 return SUCCESS;
114 }
115 }
116 /* Fallback to the default filter */
117 IF_G(default_filter) = FILTER_DEFAULT;
118 return SUCCESS;
119 }
120 /* }}} */
121
122 /* {{{ PHP_INI */
PHP_INI_MH(OnUpdateFlags)123 static PHP_INI_MH(OnUpdateFlags)
124 {
125 if (!new_value) {
126 IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
127 } else {
128 IF_G(default_filter_flags) = atoi(ZSTR_VAL(new_value));
129 }
130 return SUCCESS;
131 }
132
133 PHP_INI_BEGIN()
134 STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
135 PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
PHP_INI_END()136 PHP_INI_END()
137 /* }}} */
138
139 static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
140 {
141 #if defined(COMPILE_DL_FILTER) && defined(ZTS)
142 ZEND_TSRMLS_CACHE_UPDATE();
143 #endif
144 ZVAL_UNDEF(&filter_globals->post_array);
145 ZVAL_UNDEF(&filter_globals->get_array);
146 ZVAL_UNDEF(&filter_globals->cookie_array);
147 ZVAL_UNDEF(&filter_globals->env_array);
148 ZVAL_UNDEF(&filter_globals->server_array);
149 #if 0
150 ZVAL_UNDEF(&filter_globals->session_array);
151 #endif
152 filter_globals->default_filter = FILTER_DEFAULT;
153 }
154 /* }}} */
155
156 #define PARSE_REQUEST 99
157
158 /* {{{ PHP_MINIT_FUNCTION */
PHP_MINIT_FUNCTION(filter)159 PHP_MINIT_FUNCTION(filter)
160 {
161 ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
162
163 REGISTER_INI_ENTRIES();
164
165 register_filter_symbols(module_number);
166
167 sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
168
169 return SUCCESS;
170 }
171 /* }}} */
172
173 /* {{{ PHP_MSHUTDOWN_FUNCTION */
PHP_MSHUTDOWN_FUNCTION(filter)174 PHP_MSHUTDOWN_FUNCTION(filter)
175 {
176 UNREGISTER_INI_ENTRIES();
177
178 return SUCCESS;
179 }
180 /* }}} */
181
182 /* {{{ PHP_RSHUTDOWN_FUNCTION */
183 #define VAR_ARRAY_COPY_DTOR(a) \
184 if (!Z_ISUNDEF(IF_G(a))) { \
185 zval_ptr_dtor(&IF_G(a)); \
186 ZVAL_UNDEF(&IF_G(a)); \
187 }
188
PHP_RSHUTDOWN_FUNCTION(filter)189 PHP_RSHUTDOWN_FUNCTION(filter)
190 {
191 VAR_ARRAY_COPY_DTOR(get_array)
192 VAR_ARRAY_COPY_DTOR(post_array)
193 VAR_ARRAY_COPY_DTOR(cookie_array)
194 VAR_ARRAY_COPY_DTOR(server_array)
195 VAR_ARRAY_COPY_DTOR(env_array)
196 #if 0
197 VAR_ARRAY_COPY_DTOR(session_array)
198 #endif
199 return SUCCESS;
200 }
201 /* }}} */
202
203 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(filter)204 PHP_MINFO_FUNCTION(filter)
205 {
206 php_info_print_table_start();
207 php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
208 php_info_print_table_end();
209
210 DISPLAY_INI_ENTRIES();
211 }
212 /* }}} */
213
php_find_filter(zend_long id)214 static filter_list_entry php_find_filter(zend_long id) /* {{{ */
215 {
216 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
217
218 for (i = 0; i < size; ++i) {
219 if (filter_list[i].id == id) {
220 return filter_list[i];
221 }
222 }
223 /* Fallback to "string" filter */
224 for (i = 0; i < size; ++i) {
225 if (filter_list[i].id == FILTER_DEFAULT) {
226 return filter_list[i];
227 }
228 }
229 /* To shut up GCC */
230 return filter_list[0];
231 }
232 /* }}} */
233
php_sapi_filter_init(void)234 static unsigned int php_sapi_filter_init(void)
235 {
236 ZVAL_UNDEF(&IF_G(get_array));
237 ZVAL_UNDEF(&IF_G(post_array));
238 ZVAL_UNDEF(&IF_G(cookie_array));
239 ZVAL_UNDEF(&IF_G(server_array));
240 ZVAL_UNDEF(&IF_G(env_array));
241 #if 0
242 ZVAL_UNDEF(&IF_G(session_array));
243 #endif
244 return SUCCESS;
245 }
246
php_zval_filter(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,bool copy)247 static void php_zval_filter(zval *value, zend_long filter, zend_long flags, zval *options, char* charset, bool copy) /* {{{ */
248 {
249 filter_list_entry filter_func;
250
251 filter_func = php_find_filter(filter);
252
253 if (!filter_func.id) {
254 /* Find default filter */
255 filter_func = php_find_filter(FILTER_DEFAULT);
256 }
257
258 /* #49274, fatal error with object without a toString method
259 Fails nicely instead of getting a recovarable fatal error. */
260 if (Z_TYPE_P(value) == IS_OBJECT) {
261 zend_class_entry *ce;
262
263 ce = Z_OBJCE_P(value);
264 if (!ce->__tostring) {
265 zval_ptr_dtor(value);
266 /* #67167: doesn't return null on failure for objects */
267 if (flags & FILTER_NULL_ON_FAILURE) {
268 ZVAL_NULL(value);
269 } else {
270 ZVAL_FALSE(value);
271 }
272 goto handle_default;
273 }
274 }
275
276 /* Here be strings */
277 convert_to_string(value);
278
279 filter_func.function(value, flags, options, charset);
280
281 handle_default:
282 if (options && Z_TYPE_P(options) == IS_ARRAY &&
283 ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_P(value) == IS_NULL) ||
284 (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_P(value) == IS_FALSE))) {
285 zval *tmp;
286 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(options), "default", sizeof("default") - 1)) != NULL) {
287 ZVAL_COPY(value, tmp);
288 }
289 }
290 }
291 /* }}} */
292
php_sapi_filter(int arg,const char * var,char ** val,size_t val_len,size_t * new_val_len)293 static unsigned int php_sapi_filter(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len) /* {{{ */
294 {
295 zval new_var, raw_var;
296 zval *array_ptr = NULL, *orig_array_ptr = NULL;
297 int retval = 0;
298
299 assert(*val != NULL);
300
301 #define PARSE_CASE(s,a,t) \
302 case s: \
303 if (Z_ISUNDEF(IF_G(a))) { \
304 array_init(&IF_G(a)); \
305 } \
306 array_ptr = &IF_G(a); \
307 orig_array_ptr = &PG(http_globals)[t]; \
308 break;
309
310 switch (arg) {
311 PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
312 PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
313 PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
314 PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
315 PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
316
317 case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
318 retval = 1;
319 break;
320 }
321
322 /*
323 * According to rfc2965, more specific paths are listed above the less specific ones.
324 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
325 * to have the same (plain text) cookie name for the same path and we should not overwrite
326 * more specific cookies with the less specific ones.
327 */
328 if (arg == PARSE_COOKIE && orig_array_ptr &&
329 zend_symtable_str_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var))) {
330 return 0;
331 }
332
333 if (array_ptr) {
334 /* Store the RAW variable internally */
335 ZVAL_STRINGL(&raw_var, *val, val_len);
336 php_register_variable_ex(var, &raw_var, array_ptr);
337 }
338
339 if (val_len) {
340 /* Register mangled variable */
341 if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
342 ZVAL_STRINGL(&new_var, *val, val_len);
343 php_zval_filter(&new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL, 0);
344 } else {
345 ZVAL_STRINGL(&new_var, *val, val_len);
346 }
347 } else { /* empty string */
348 ZVAL_EMPTY_STRING(&new_var);
349 }
350
351 if (orig_array_ptr) {
352 php_register_variable_ex(var, &new_var, orig_array_ptr);
353 }
354
355 if (retval) {
356 if (new_val_len) {
357 *new_val_len = Z_STRLEN(new_var);
358 }
359 efree(*val);
360 if (Z_STRLEN(new_var)) {
361 *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
362 } else {
363 *val = estrdup("");
364 }
365 zval_ptr_dtor(&new_var);
366 }
367
368 return retval;
369 }
370 /* }}} */
371
php_zval_filter_recursive(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,bool copy)372 static void php_zval_filter_recursive(zval *value, zend_long filter, zend_long flags, zval *options, char *charset, bool copy) /* {{{ */
373 {
374 if (Z_TYPE_P(value) == IS_ARRAY) {
375 zval *element;
376
377 if (Z_IS_RECURSIVE_P(value)) {
378 return;
379 }
380 Z_PROTECT_RECURSION_P(value);
381
382 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(value), element) {
383 ZVAL_DEREF(element);
384 if (Z_TYPE_P(element) == IS_ARRAY) {
385 SEPARATE_ARRAY(element);
386 php_zval_filter_recursive(element, filter, flags, options, charset, copy);
387 } else {
388 php_zval_filter(element, filter, flags, options, charset, copy);
389 }
390 } ZEND_HASH_FOREACH_END();
391 Z_UNPROTECT_RECURSION_P(value);
392 } else {
393 php_zval_filter(value, filter, flags, options, charset, copy);
394 }
395 }
396 /* }}} */
397
php_filter_get_storage(zend_long arg)398 static zval *php_filter_get_storage(zend_long arg)/* {{{ */
399
400 {
401 zval *array_ptr = NULL;
402
403 switch (arg) {
404 case PARSE_GET:
405 array_ptr = &IF_G(get_array);
406 break;
407 case PARSE_POST:
408 array_ptr = &IF_G(post_array);
409 break;
410 case PARSE_COOKIE:
411 array_ptr = &IF_G(cookie_array);
412 break;
413 case PARSE_SERVER:
414 if (PG(auto_globals_jit)) {
415 zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_SERVER));
416 }
417 array_ptr = &IF_G(server_array);
418 break;
419 case PARSE_ENV:
420 if (PG(auto_globals_jit)) {
421 zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_ENV));
422 }
423 array_ptr = !Z_ISUNDEF(IF_G(env_array)) ? &IF_G(env_array) : &PG(http_globals)[TRACK_VARS_ENV];
424 break;
425 default:
426 zend_argument_value_error(1, "must be an INPUT_* constant");
427 return NULL;
428 }
429
430 if (array_ptr && Z_TYPE_P(array_ptr) != IS_ARRAY) {
431 /* Storage not initialized */
432 return NULL;
433 }
434
435 return array_ptr;
436 }
437 /* }}} */
438
439 /* {{{ Returns true if the variable with the name 'name' exists in source. */
PHP_FUNCTION(filter_has_var)440 PHP_FUNCTION(filter_has_var)
441 {
442 zend_long arg;
443 zend_string *var;
444 zval *array_ptr = NULL;
445
446 if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS", &arg, &var) == FAILURE) {
447 RETURN_THROWS();
448 }
449
450 array_ptr = php_filter_get_storage(arg);
451 if (EG(exception)) {
452 RETURN_THROWS();
453 }
454
455 if (array_ptr && zend_hash_exists(Z_ARRVAL_P(array_ptr), var)) {
456 RETURN_TRUE;
457 }
458
459 RETURN_FALSE;
460 }
461 /* }}} */
462
php_filter_call(zval * filtered,zend_long filter,HashTable * filter_args_ht,zend_long filter_args_long,const int copy,zend_long filter_flags)463 static void php_filter_call(
464 zval *filtered, zend_long filter, HashTable *filter_args_ht, zend_long filter_args_long,
465 const int copy, zend_long filter_flags
466 ) /* {{{ */ {
467 zval *options = NULL;
468 zval *option;
469 char *charset = NULL;
470
471 if (!filter_args_ht) {
472 if (filter != -1) { /* handler for array apply */
473 /* filter_args is the filter_flags */
474 filter_flags = filter_args_long;
475
476 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
477 filter_flags |= FILTER_REQUIRE_SCALAR;
478 }
479 } else {
480 filter = filter_args_long;
481 }
482 } else {
483 if ((option = zend_hash_str_find(filter_args_ht, "filter", sizeof("filter") - 1)) != NULL) {
484 filter = zval_get_long(option);
485 }
486
487 if ((option = zend_hash_str_find_deref(filter_args_ht, "options", sizeof("options") - 1)) != NULL) {
488 if (filter != FILTER_CALLBACK) {
489 if (Z_TYPE_P(option) == IS_ARRAY) {
490 options = option;
491 }
492 } else {
493 options = option;
494 filter_flags = 0;
495 }
496 }
497
498 if ((option = zend_hash_str_find(filter_args_ht, "flags", sizeof("flags") - 1)) != NULL) {
499 filter_flags = zval_get_long(option);
500
501 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
502 filter_flags |= FILTER_REQUIRE_SCALAR;
503 }
504 }
505 }
506
507 if (Z_TYPE_P(filtered) == IS_ARRAY) {
508 if (filter_flags & FILTER_REQUIRE_SCALAR) {
509 zval_ptr_dtor(filtered);
510 if (filter_flags & FILTER_NULL_ON_FAILURE) {
511 ZVAL_NULL(filtered);
512 } else {
513 ZVAL_FALSE(filtered);
514 }
515 return;
516 }
517 php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy);
518 return;
519 }
520 if (filter_flags & FILTER_REQUIRE_ARRAY) {
521 zval_ptr_dtor(filtered);
522 if (filter_flags & FILTER_NULL_ON_FAILURE) {
523 ZVAL_NULL(filtered);
524 } else {
525 ZVAL_FALSE(filtered);
526 }
527 return;
528 }
529
530 php_zval_filter(filtered, filter, filter_flags, options, charset, copy);
531 if (filter_flags & FILTER_FORCE_ARRAY) {
532 zval tmp;
533 ZVAL_COPY_VALUE(&tmp, filtered);
534 array_init(filtered);
535 add_next_index_zval(filtered, &tmp);
536 }
537 }
538 /* }}} */
539
php_filter_array_handler(zval * input,HashTable * op_ht,zend_long op_long,zval * return_value,bool add_empty)540 static void php_filter_array_handler(zval *input, HashTable *op_ht, zend_long op_long,
541 zval *return_value, bool add_empty
542 ) /* {{{ */ {
543 zend_string *arg_key;
544 zval *tmp, *arg_elm;
545
546 if (!op_ht) {
547 ZVAL_DUP(return_value, input);
548 php_filter_call(return_value, -1, NULL, op_long, 0, FILTER_REQUIRE_ARRAY);
549 } else {
550 array_init(return_value);
551
552 ZEND_HASH_FOREACH_STR_KEY_VAL(op_ht, arg_key, arg_elm) {
553 if (arg_key == NULL) {
554 zend_argument_type_error(2, "must contain only string keys");
555 RETURN_THROWS();
556 }
557 if (ZSTR_LEN(arg_key) == 0) {
558 zend_argument_value_error(2, "cannot contain empty keys");
559 RETURN_THROWS();
560 }
561 if ((tmp = zend_hash_find(Z_ARRVAL_P(input), arg_key)) == NULL) {
562 if (add_empty) {
563 add_assoc_null_ex(return_value, ZSTR_VAL(arg_key), ZSTR_LEN(arg_key));
564 }
565 } else {
566 zval nval;
567 ZVAL_DEREF(tmp);
568 ZVAL_DUP(&nval, tmp);
569 php_filter_call(&nval, -1,
570 Z_TYPE_P(arg_elm) == IS_ARRAY ? Z_ARRVAL_P(arg_elm) : NULL,
571 Z_TYPE_P(arg_elm) == IS_ARRAY ? 0 : zval_get_long(arg_elm),
572 0, FILTER_REQUIRE_SCALAR
573 );
574 zend_hash_update(Z_ARRVAL_P(return_value), arg_key, &nval);
575 }
576 } ZEND_HASH_FOREACH_END();
577 }
578 }
579 /* }}} */
580
581 /* {{{ Returns the filtered variable 'name'* from source `type`. */
PHP_FUNCTION(filter_input)582 PHP_FUNCTION(filter_input)
583 {
584 zend_long fetch_from, filter = FILTER_DEFAULT;
585 zval *input = NULL, *tmp;
586 zend_string *var;
587 HashTable *filter_args_ht = NULL;
588 zend_long filter_args_long = 0;
589
590 ZEND_PARSE_PARAMETERS_START(2, 4)
591 Z_PARAM_LONG(fetch_from)
592 Z_PARAM_STR(var)
593 Z_PARAM_OPTIONAL
594 Z_PARAM_LONG(filter)
595 Z_PARAM_ARRAY_HT_OR_LONG(filter_args_ht, filter_args_long)
596 ZEND_PARSE_PARAMETERS_END();
597
598 if (!PHP_FILTER_ID_EXISTS(filter)) {
599 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, filter);
600 RETURN_FALSE;
601 }
602
603 input = php_filter_get_storage(fetch_from);
604 if (EG(exception)) {
605 RETURN_THROWS();
606 }
607
608 if (!input || (tmp = zend_hash_find(Z_ARRVAL_P(input), var)) == NULL) {
609 zend_long filter_flags = 0;
610 zval *option, *opt, *def;
611 if (!filter_args_ht) {
612 filter_flags = filter_args_long;
613 } else {
614 if ((option = zend_hash_str_find(filter_args_ht, "flags", sizeof("flags") - 1)) != NULL) {
615 filter_flags = zval_get_long(option);
616 }
617
618 if ((opt = zend_hash_str_find_deref(filter_args_ht, "options", sizeof("options") - 1)) != NULL &&
619 Z_TYPE_P(opt) == IS_ARRAY &&
620 (def = zend_hash_str_find_deref(Z_ARRVAL_P(opt), "default", sizeof("default") - 1)) != NULL
621 ) {
622 ZVAL_COPY(return_value, def);
623 return;
624 }
625 }
626
627 /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
628 * the function: normally when validation fails false is returned, and
629 * when the input value doesn't exist NULL is returned. With the flag
630 * set, NULL and false should be returned, respectively. Ergo, although
631 * the code below looks incorrect, it's actually right. */
632 if (filter_flags & FILTER_NULL_ON_FAILURE) {
633 RETURN_FALSE;
634 } else {
635 RETURN_NULL();
636 }
637 }
638
639 ZVAL_DUP(return_value, tmp);
640
641 php_filter_call(return_value, filter, filter_args_ht, filter_args_long, 1, FILTER_REQUIRE_SCALAR);
642 }
643 /* }}} */
644
645 /* {{{ Returns the filtered version of the variable. */
PHP_FUNCTION(filter_var)646 PHP_FUNCTION(filter_var)
647 {
648 zend_long filter = FILTER_DEFAULT;
649 zval *data;
650 HashTable *filter_args_ht = NULL;
651 zend_long filter_args_long = 0;
652
653 ZEND_PARSE_PARAMETERS_START(1, 3)
654 Z_PARAM_ZVAL(data)
655 Z_PARAM_OPTIONAL
656 Z_PARAM_LONG(filter)
657 Z_PARAM_ARRAY_HT_OR_LONG(filter_args_ht, filter_args_long)
658 ZEND_PARSE_PARAMETERS_END();
659
660 if (!PHP_FILTER_ID_EXISTS(filter)) {
661 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, filter);
662 RETURN_FALSE;
663 }
664
665 ZVAL_DUP(return_value, data);
666
667 php_filter_call(return_value, filter, filter_args_ht, filter_args_long, 1, FILTER_REQUIRE_SCALAR);
668 }
669 /* }}} */
670
671 /* {{{ Returns an array with all arguments defined in 'definition'. */
PHP_FUNCTION(filter_input_array)672 PHP_FUNCTION(filter_input_array)
673 {
674 zend_long fetch_from;
675 zval *array_input = NULL;
676 bool add_empty = 1;
677 HashTable *op_ht = NULL;
678 zend_long op_long = FILTER_DEFAULT;
679
680 ZEND_PARSE_PARAMETERS_START(1, 3)
681 Z_PARAM_LONG(fetch_from)
682 Z_PARAM_OPTIONAL
683 Z_PARAM_ARRAY_HT_OR_LONG(op_ht, op_long)
684 Z_PARAM_BOOL(add_empty)
685 ZEND_PARSE_PARAMETERS_END();
686
687 if (!op_ht && !PHP_FILTER_ID_EXISTS(op_long)) {
688 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, op_long);
689 RETURN_FALSE;
690 }
691
692 array_input = php_filter_get_storage(fetch_from);
693 if (EG(exception)) {
694 RETURN_THROWS();
695 }
696
697 if (!array_input) {
698 zend_long filter_flags = 0;
699 zval *option;
700 if (op_long) {
701 filter_flags = op_long;
702 } else if (op_ht && (option = zend_hash_str_find(op_ht, "flags", sizeof("flags") - 1)) != NULL) {
703 filter_flags = zval_get_long(option);
704 }
705
706 /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
707 * the function: normally when validation fails false is returned, and
708 * when the input value doesn't exist NULL is returned. With the flag
709 * set, NULL and false should be returned, respectively. Ergo, although
710 * the code below looks incorrect, it's actually right. */
711 if (filter_flags & FILTER_NULL_ON_FAILURE) {
712 RETURN_FALSE;
713 } else {
714 RETURN_NULL();
715 }
716 }
717
718 php_filter_array_handler(array_input, op_ht, op_long, return_value, add_empty);
719 }
720 /* }}} */
721
722 /* {{{ Returns an array with all arguments defined in 'definition'. */
PHP_FUNCTION(filter_var_array)723 PHP_FUNCTION(filter_var_array)
724 {
725 zval *array_input = NULL;
726 bool add_empty = 1;
727 HashTable *op_ht = NULL;
728 zend_long op_long = FILTER_DEFAULT;
729
730 ZEND_PARSE_PARAMETERS_START(1, 3)
731 Z_PARAM_ARRAY(array_input)
732 Z_PARAM_OPTIONAL
733 Z_PARAM_ARRAY_HT_OR_LONG(op_ht, op_long)
734 Z_PARAM_BOOL(add_empty)
735 ZEND_PARSE_PARAMETERS_END();
736
737 if (!op_ht && !PHP_FILTER_ID_EXISTS(op_long)) {
738 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, op_long);
739 RETURN_FALSE;
740 }
741
742 php_filter_array_handler(array_input, op_ht, op_long, return_value, add_empty);
743 }
744 /* }}} */
745
746 /* {{{ Returns a list of all supported filters */
PHP_FUNCTION(filter_list)747 PHP_FUNCTION(filter_list)
748 {
749 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
750
751 if (zend_parse_parameters_none() == FAILURE) {
752 RETURN_THROWS();
753 }
754
755 array_init(return_value);
756 for (i = 0; i < size; ++i) {
757 add_next_index_string(return_value, (char *)filter_list[i].name);
758 }
759 }
760 /* }}} */
761
762 /* {{{ Returns the filter ID belonging to a named filter */
PHP_FUNCTION(filter_id)763 PHP_FUNCTION(filter_id)
764 {
765 int i;
766 size_t filter_len;
767 int size = sizeof(filter_list) / sizeof(filter_list_entry);
768 char *filter;
769
770 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filter, &filter_len) == FAILURE) {
771 RETURN_THROWS();
772 }
773
774 for (i = 0; i < size; ++i) {
775 if (strcmp(filter_list[i].name, filter) == 0) {
776 RETURN_LONG(filter_list[i].id);
777 }
778 }
779
780 RETURN_FALSE;
781 }
782 /* }}} */
783
