xref: /php-src/ext/filter/filter.c (revision 5322de1b)
1 /*
2   +----------------------------------------------------------------------+
3   | Copyright (c) The PHP Group                                          |
4   +----------------------------------------------------------------------+
5   | This source file is subject to version 3.01 of the PHP license,      |
6   | that is bundled with this package in the file LICENSE, and is        |
7   | available through the world-wide-web at the following url:           |
8   | http://www.php.net/license/3_01.txt                                  |
9   | If you did not receive a copy of the PHP license and are unable to   |
10   | obtain it through the world-wide-web, please send a note to          |
11   | license@php.net so we can mail you a copy immediately.               |
12   +----------------------------------------------------------------------+
13   | Authors: Rasmus Lerdorf <rasmus@php.net>                             |
14   |          Derick Rethans <derick@php.net>                             |
15   |          Pierre-A. Joye <pierre@php.net>                             |
16   |          Ilia Alshanetsky <iliaa@php.net>                            |
17   +----------------------------------------------------------------------+
18 */
19 
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23 
24 #include "php_filter.h"
25 
26 ZEND_DECLARE_MODULE_GLOBALS(filter)
27 
28 #include "filter_private.h"
29 #include "filter_arginfo.h"
30 
31 typedef struct filter_list_entry {
32 	const char *name;
33 	int    id;
34 	void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
35 } filter_list_entry;
36 
37 /* {{{ filter_list */
38 static const filter_list_entry filter_list[] = {
39 	{ "int",             FILTER_VALIDATE_INT,           php_filter_int             },
40 	{ "boolean",         FILTER_VALIDATE_BOOL,          php_filter_boolean         },
41 	{ "float",           FILTER_VALIDATE_FLOAT,         php_filter_float           },
42 
43 	{ "validate_regexp", FILTER_VALIDATE_REGEXP,        php_filter_validate_regexp },
44 	{ "validate_domain", FILTER_VALIDATE_DOMAIN,        php_filter_validate_domain },
45 	{ "validate_url",    FILTER_VALIDATE_URL,           php_filter_validate_url    },
46 	{ "validate_email",  FILTER_VALIDATE_EMAIL,         php_filter_validate_email  },
47 	{ "validate_ip",     FILTER_VALIDATE_IP,            php_filter_validate_ip     },
48 	{ "validate_mac",    FILTER_VALIDATE_MAC,           php_filter_validate_mac    },
49 
50 	{ "string",          FILTER_SANITIZE_STRING,        php_filter_string          },
51 	{ "stripped",        FILTER_SANITIZE_STRING,        php_filter_string          },
52 	{ "encoded",         FILTER_SANITIZE_ENCODED,       php_filter_encoded         },
53 	{ "special_chars",   FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars   },
54 	{ "full_special_chars",   FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars   },
55 	{ "unsafe_raw",      FILTER_UNSAFE_RAW,             php_filter_unsafe_raw      },
56 	{ "email",           FILTER_SANITIZE_EMAIL,         php_filter_email           },
57 	{ "url",             FILTER_SANITIZE_URL,           php_filter_url             },
58 	{ "number_int",      FILTER_SANITIZE_NUMBER_INT,    php_filter_number_int      },
59 	{ "number_float",    FILTER_SANITIZE_NUMBER_FLOAT,  php_filter_number_float    },
60 	{ "add_slashes",     FILTER_SANITIZE_ADD_SLASHES,   php_filter_add_slashes     },
61 
62 	{ "callback",        FILTER_CALLBACK,               php_filter_callback        },
63 };
64 /* }}} */
65 
66 #ifndef PARSE_ENV
67 #define PARSE_ENV 4
68 #endif
69 
70 #ifndef PARSE_SERVER
71 #define PARSE_SERVER 5
72 #endif
73 
74 #ifndef PARSE_SESSION
75 #define PARSE_SESSION 6
76 #endif
77 
78 static unsigned int php_sapi_filter(int arg, char *var, char **val, size_t val_len, size_t *new_val_len);
79 static unsigned int php_sapi_filter_init(void);
80 
81 /* {{{ filter_module_entry
82  */
83 zend_module_entry filter_module_entry = {
84 	STANDARD_MODULE_HEADER,
85 	"filter",
86 	ext_functions,
87 	PHP_MINIT(filter),
88 	PHP_MSHUTDOWN(filter),
89 	NULL,
90 	PHP_RSHUTDOWN(filter),
91 	PHP_MINFO(filter),
92 	PHP_FILTER_VERSION,
93 	STANDARD_MODULE_PROPERTIES
94 };
95 /* }}} */
96 
97 #ifdef COMPILE_DL_FILTER
98 #ifdef ZTS
99 ZEND_TSRMLS_CACHE_DEFINE()
100 #endif
ZEND_GET_MODULE(filter)101 ZEND_GET_MODULE(filter)
102 #endif
103 
104 static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
105 {
106 	int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
107 
108 	for (i = 0; i < size; ++i) {
109 		if ((strcasecmp(ZSTR_VAL(new_value), filter_list[i].name) == 0)) {
110 			IF_G(default_filter) = filter_list[i].id;
111 			return SUCCESS;
112 		}
113 	}
114 	/* Fallback to the default filter */
115 	IF_G(default_filter) = FILTER_DEFAULT;
116 	return SUCCESS;
117 }
118 /* }}} */
119 
120 /* {{{ PHP_INI
121  */
PHP_INI_MH(OnUpdateFlags)122 static PHP_INI_MH(OnUpdateFlags)
123 {
124 	if (!new_value) {
125 		IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
126 	} else {
127 		IF_G(default_filter_flags) = atoi(ZSTR_VAL(new_value));
128 	}
129 	return SUCCESS;
130 }
131 
132 PHP_INI_BEGIN()
133 	STD_PHP_INI_ENTRY("filter.default",   "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
134 	PHP_INI_ENTRY("filter.default_flags", NULL,     PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
PHP_INI_END()135 PHP_INI_END()
136 /* }}} */
137 
138 static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
139 {
140 #if defined(COMPILE_DL_FILTER) && defined(ZTS)
141 ZEND_TSRMLS_CACHE_UPDATE();
142 #endif
143 	ZVAL_UNDEF(&filter_globals->post_array);
144 	ZVAL_UNDEF(&filter_globals->get_array);
145 	ZVAL_UNDEF(&filter_globals->cookie_array);
146 	ZVAL_UNDEF(&filter_globals->env_array);
147 	ZVAL_UNDEF(&filter_globals->server_array);
148 #if 0
149 	ZVAL_UNDEF(&filter_globals->session_array);
150 #endif
151 	filter_globals->default_filter = FILTER_DEFAULT;
152 }
153 /* }}} */
154 
155 #define PARSE_REQUEST 99
156 
157 /* {{{ PHP_MINIT_FUNCTION
158  */
PHP_MINIT_FUNCTION(filter)159 PHP_MINIT_FUNCTION(filter)
160 {
161 	ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
162 
163 	REGISTER_INI_ENTRIES();
164 
165 	REGISTER_LONG_CONSTANT("INPUT_POST",	PARSE_POST, 	CONST_CS | CONST_PERSISTENT);
166 	REGISTER_LONG_CONSTANT("INPUT_GET",		PARSE_GET,		CONST_CS | CONST_PERSISTENT);
167 	REGISTER_LONG_CONSTANT("INPUT_COOKIE",	PARSE_COOKIE, 	CONST_CS | CONST_PERSISTENT);
168 	REGISTER_LONG_CONSTANT("INPUT_ENV",		PARSE_ENV,		CONST_CS | CONST_PERSISTENT);
169 	REGISTER_LONG_CONSTANT("INPUT_SERVER",	PARSE_SERVER, 	CONST_CS | CONST_PERSISTENT);
170 
171 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
172 
173 	REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
174 	REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
175 	REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
176 	REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);
177 
178 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
179 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOL, CONST_CS | CONST_PERSISTENT);
180 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOL", FILTER_VALIDATE_BOOL, CONST_CS | CONST_PERSISTENT);
181 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);
182 
183 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
184 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_DOMAIN", FILTER_VALIDATE_DOMAIN, CONST_CS | CONST_PERSISTENT);
185 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
186 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
187 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);
188 	REGISTER_LONG_CONSTANT("FILTER_VALIDATE_MAC", FILTER_VALIDATE_MAC, CONST_CS | CONST_PERSISTENT);
189 
190 	REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
191 	REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
192 
193 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
194 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
195 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
196 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
197 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_FULL_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
198 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
199 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
200 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
201 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
202 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ADD_SLASHES", FILTER_SANITIZE_ADD_SLASHES, CONST_CS | CONST_PERSISTENT);
203 
204 	REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
205 
206 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
207 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);
208 
209 	REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
210 	REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
211 	REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_BACKTICK", FILTER_FLAG_STRIP_BACKTICK, CONST_CS | CONST_PERSISTENT);
212 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
213 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
214 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
215 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
216 	REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
217 
218 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
219 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
220 	REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);
221 
222 	REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
223 	REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);
224 
225 	REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
226 	REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
227 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
228 	REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);
229 
230 	REGISTER_LONG_CONSTANT("FILTER_FLAG_HOSTNAME", FILTER_FLAG_HOSTNAME, CONST_CS | CONST_PERSISTENT);
231 
232 	REGISTER_LONG_CONSTANT("FILTER_FLAG_EMAIL_UNICODE", FILTER_FLAG_EMAIL_UNICODE, CONST_CS | CONST_PERSISTENT);
233 
234 	sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
235 
236 	return SUCCESS;
237 }
238 /* }}} */
239 
240 /* {{{ PHP_MSHUTDOWN_FUNCTION
241  */
PHP_MSHUTDOWN_FUNCTION(filter)242 PHP_MSHUTDOWN_FUNCTION(filter)
243 {
244 	UNREGISTER_INI_ENTRIES();
245 
246 	return SUCCESS;
247 }
248 /* }}} */
249 
250 /* {{{ PHP_RSHUTDOWN_FUNCTION
251  */
252 #define VAR_ARRAY_COPY_DTOR(a)   \
253 	if (!Z_ISUNDEF(IF_G(a))) {   \
254 		zval_ptr_dtor(&IF_G(a)); \
255 		ZVAL_UNDEF(&IF_G(a));    \
256 	}
257 
PHP_RSHUTDOWN_FUNCTION(filter)258 PHP_RSHUTDOWN_FUNCTION(filter)
259 {
260 	VAR_ARRAY_COPY_DTOR(get_array)
261 	VAR_ARRAY_COPY_DTOR(post_array)
262 	VAR_ARRAY_COPY_DTOR(cookie_array)
263 	VAR_ARRAY_COPY_DTOR(server_array)
264 	VAR_ARRAY_COPY_DTOR(env_array)
265 #if 0
266 	VAR_ARRAY_COPY_DTOR(session_array)
267 #endif
268 	return SUCCESS;
269 }
270 /* }}} */
271 
272 /* {{{ PHP_MINFO_FUNCTION
273  */
PHP_MINFO_FUNCTION(filter)274 PHP_MINFO_FUNCTION(filter)
275 {
276 	php_info_print_table_start();
277 	php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
278 	php_info_print_table_end();
279 
280 	DISPLAY_INI_ENTRIES();
281 }
282 /* }}} */
283 
php_find_filter(zend_long id)284 static filter_list_entry php_find_filter(zend_long id) /* {{{ */
285 {
286 	int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
287 
288 	for (i = 0; i < size; ++i) {
289 		if (filter_list[i].id == id) {
290 			return filter_list[i];
291 		}
292 	}
293 	/* Fallback to "string" filter */
294 	for (i = 0; i < size; ++i) {
295 		if (filter_list[i].id == FILTER_DEFAULT) {
296 			return filter_list[i];
297 		}
298 	}
299 	/* To shut up GCC */
300 	return filter_list[0];
301 }
302 /* }}} */
303 
php_sapi_filter_init(void)304 static unsigned int php_sapi_filter_init(void)
305 {
306 	ZVAL_UNDEF(&IF_G(get_array));
307 	ZVAL_UNDEF(&IF_G(post_array));
308 	ZVAL_UNDEF(&IF_G(cookie_array));
309 	ZVAL_UNDEF(&IF_G(server_array));
310 	ZVAL_UNDEF(&IF_G(env_array));
311 #if 0
312 	ZVAL_UNDEF(&IF_G(session_array));
313 #endif
314 	return SUCCESS;
315 }
316 
php_zval_filter(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,zend_bool copy)317 static void php_zval_filter(zval *value, zend_long filter, zend_long flags, zval *options, char* charset, zend_bool copy) /* {{{ */
318 {
319 	filter_list_entry  filter_func;
320 
321 	filter_func = php_find_filter(filter);
322 
323 	if (!filter_func.id) {
324 		/* Find default filter */
325 		filter_func = php_find_filter(FILTER_DEFAULT);
326 	}
327 
328 	/* #49274, fatal error with object without a toString method
329 	  Fails nicely instead of getting a recovarable fatal error. */
330 	if (Z_TYPE_P(value) == IS_OBJECT) {
331 		zend_class_entry *ce;
332 
333 		ce = Z_OBJCE_P(value);
334 		if (!ce->__tostring) {
335 			zval_ptr_dtor(value);
336 			/* #67167: doesn't return null on failure for objects */
337 			if (flags & FILTER_NULL_ON_FAILURE) {
338 				ZVAL_NULL(value);
339 			} else {
340 				ZVAL_FALSE(value);
341 			}
342 			goto handle_default;
343 		}
344 	}
345 
346 	/* Here be strings */
347 	convert_to_string(value);
348 
349 	filter_func.function(value, flags, options, charset);
350 
351 handle_default:
352 	if (options && Z_TYPE_P(options) == IS_ARRAY &&
353 		((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_P(value) == IS_NULL) ||
354 		(!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_P(value) == IS_FALSE))) {
355 		zval *tmp;
356 		if ((tmp = zend_hash_str_find(Z_ARRVAL_P(options), "default", sizeof("default") - 1)) != NULL) {
357 			ZVAL_COPY(value, tmp);
358 		}
359 	}
360 }
361 /* }}} */
362 
php_sapi_filter(int arg,char * var,char ** val,size_t val_len,size_t * new_val_len)363 static unsigned int php_sapi_filter(int arg, char *var, char **val, size_t val_len, size_t *new_val_len) /* {{{ */
364 {
365 	zval  new_var, raw_var;
366 	zval *array_ptr = NULL, *orig_array_ptr = NULL;
367 	int retval = 0;
368 
369 	assert(*val != NULL);
370 
371 #define PARSE_CASE(s,a,t)                     		\
372 		case s:                               		\
373 			if (Z_ISUNDEF(IF_G(a))) {         		\
374 				array_init(&IF_G(a)); 				\
375 			}										\
376 			array_ptr = &IF_G(a);          			\
377 			orig_array_ptr = &PG(http_globals)[t]; 	\
378 			break;
379 
380 	switch (arg) {
381 		PARSE_CASE(PARSE_POST,    post_array,    TRACK_VARS_POST)
382 		PARSE_CASE(PARSE_GET,     get_array,     TRACK_VARS_GET)
383 		PARSE_CASE(PARSE_COOKIE,  cookie_array,  TRACK_VARS_COOKIE)
384 		PARSE_CASE(PARSE_SERVER,  server_array,  TRACK_VARS_SERVER)
385 		PARSE_CASE(PARSE_ENV,     env_array,     TRACK_VARS_ENV)
386 
387 		case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
388 			retval = 1;
389 			break;
390 	}
391 
392 	/*
393 	 * According to rfc2965, more specific paths are listed above the less specific ones.
394 	 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
395 	 * to have the same (plain text) cookie name for the same path and we should not overwrite
396 	 * more specific cookies with the less specific ones.
397 	*/
398 	if (arg == PARSE_COOKIE && orig_array_ptr &&
399 			zend_symtable_str_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var))) {
400 		return 0;
401 	}
402 
403 	if (array_ptr) {
404 		/* Store the RAW variable internally */
405 		ZVAL_STRINGL(&raw_var, *val, val_len);
406 		php_register_variable_ex(var, &raw_var, array_ptr);
407 	}
408 
409 	if (val_len) {
410 		/* Register mangled variable */
411 		if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
412 			ZVAL_STRINGL(&new_var, *val, val_len);
413 			php_zval_filter(&new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL, 0);
414 		} else {
415 			ZVAL_STRINGL(&new_var, *val, val_len);
416 		}
417 	} else { /* empty string */
418 		ZVAL_EMPTY_STRING(&new_var);
419 	}
420 
421 	if (orig_array_ptr) {
422 		php_register_variable_ex(var, &new_var, orig_array_ptr);
423 	}
424 
425 	if (retval) {
426 		if (new_val_len) {
427 			*new_val_len = Z_STRLEN(new_var);
428 		}
429 		efree(*val);
430 		if (Z_STRLEN(new_var)) {
431 			*val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
432 		} else {
433 			*val = estrdup("");
434 		}
435 		zval_ptr_dtor(&new_var);
436 	}
437 
438 	return retval;
439 }
440 /* }}} */
441 
php_zval_filter_recursive(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,zend_bool copy)442 static void php_zval_filter_recursive(zval *value, zend_long filter, zend_long flags, zval *options, char *charset, zend_bool copy) /* {{{ */
443 {
444 	if (Z_TYPE_P(value) == IS_ARRAY) {
445 		zval *element;
446 
447 		if (Z_IS_RECURSIVE_P(value)) {
448 			return;
449 		}
450 		Z_PROTECT_RECURSION_P(value);
451 
452 		ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(value), element) {
453 			ZVAL_DEREF(element);
454 			if (Z_TYPE_P(element) == IS_ARRAY) {
455 				SEPARATE_ARRAY(element);
456 				php_zval_filter_recursive(element, filter, flags, options, charset, copy);
457 			} else {
458 				php_zval_filter(element, filter, flags, options, charset, copy);
459 			}
460 		} ZEND_HASH_FOREACH_END();
461 		Z_UNPROTECT_RECURSION_P(value);
462 	} else {
463 		php_zval_filter(value, filter, flags, options, charset, copy);
464 	}
465 }
466 /* }}} */
467 
php_filter_get_storage(zend_long arg)468 static zval *php_filter_get_storage(zend_long arg)/* {{{ */
469 
470 {
471 	zval *array_ptr = NULL;
472 
473 	switch (arg) {
474 		case PARSE_GET:
475 			array_ptr = &IF_G(get_array);
476 			break;
477 		case PARSE_POST:
478 			array_ptr = &IF_G(post_array);
479 			break;
480 		case PARSE_COOKIE:
481 			array_ptr = &IF_G(cookie_array);
482 			break;
483 		case PARSE_SERVER:
484 			if (PG(auto_globals_jit)) {
485 				zend_is_auto_global_str(ZEND_STRL("_SERVER"));
486 			}
487 			array_ptr = &IF_G(server_array);
488 			break;
489 		case PARSE_ENV:
490 			if (PG(auto_globals_jit)) {
491 				zend_is_auto_global_str(ZEND_STRL("_ENV"));
492 			}
493 			array_ptr = !Z_ISUNDEF(IF_G(env_array)) ? &IF_G(env_array) : &PG(http_globals)[TRACK_VARS_ENV];
494 			break;
495 		default:
496 			php_error_docref(NULL, E_WARNING, "Unknown source");
497 			break;
498 	}
499 
500 	if (array_ptr && Z_TYPE_P(array_ptr) != IS_ARRAY) {
501 		/* Storage not initialized */
502 		return NULL;
503 	}
504 
505 	return array_ptr;
506 }
507 /* }}} */
508 
509 /* {{{ proto mixed filter_has_var(constant type, string variable_name)
510  * Returns true if the variable with the name 'name' exists in source.
511  */
PHP_FUNCTION(filter_has_var)512 PHP_FUNCTION(filter_has_var)
513 {
514 	zend_long         arg;
515 	zend_string *var;
516 	zval        *array_ptr = NULL;
517 
518 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS", &arg, &var) == FAILURE) {
519 		RETURN_THROWS();
520 	}
521 
522 	array_ptr = php_filter_get_storage(arg);
523 
524 	if (array_ptr && zend_hash_exists(Z_ARRVAL_P(array_ptr), var)) {
525 		RETURN_TRUE;
526 	}
527 
528 	RETURN_FALSE;
529 }
530 /* }}} */
531 
php_filter_call(zval * filtered,zend_long filter,zval * filter_args,const int copy,zend_long filter_flags)532 static void php_filter_call(zval *filtered, zend_long filter, zval *filter_args, const int copy, zend_long filter_flags) /* {{{ */
533 {
534 	zval *options = NULL;
535 	zval *option;
536 	char *charset = NULL;
537 
538 	if (filter_args && Z_TYPE_P(filter_args) != IS_ARRAY) {
539 		zend_long lval = zval_get_long(filter_args);
540 
541 		if (filter != -1) { /* handler for array apply */
542 			/* filter_args is the filter_flags */
543 			filter_flags = lval;
544 
545 			if (!(filter_flags & FILTER_REQUIRE_ARRAY ||  filter_flags & FILTER_FORCE_ARRAY)) {
546 				filter_flags |= FILTER_REQUIRE_SCALAR;
547 			}
548 		} else {
549 			filter = lval;
550 		}
551 	} else if (filter_args) {
552 		if ((option = zend_hash_str_find(Z_ARRVAL_P(filter_args), "filter", sizeof("filter") - 1)) != NULL) {
553 			filter = zval_get_long(option);
554 		}
555 
556 		if ((option = zend_hash_str_find(Z_ARRVAL_P(filter_args), "flags", sizeof("flags") - 1)) != NULL) {
557 			filter_flags = zval_get_long(option);
558 
559 			if (!(filter_flags & FILTER_REQUIRE_ARRAY ||  filter_flags & FILTER_FORCE_ARRAY)) {
560 				filter_flags |= FILTER_REQUIRE_SCALAR;
561 			}
562 		}
563 
564 		if ((option = zend_hash_str_find_deref(Z_ARRVAL_P(filter_args), "options", sizeof("options") - 1)) != NULL) {
565 			if (filter != FILTER_CALLBACK) {
566 				if (Z_TYPE_P(option) == IS_ARRAY) {
567 					options = option;
568 				}
569 			} else {
570 				options = option;
571 				filter_flags = 0;
572 			}
573 		}
574 	}
575 
576 	if (Z_TYPE_P(filtered) == IS_ARRAY) {
577 		if (filter_flags & FILTER_REQUIRE_SCALAR) {
578 			zval_ptr_dtor(filtered);
579 			if (filter_flags & FILTER_NULL_ON_FAILURE) {
580 				ZVAL_NULL(filtered);
581 			} else {
582 				ZVAL_FALSE(filtered);
583 			}
584 			return;
585 		}
586 		php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy);
587 		return;
588 	}
589 	if (filter_flags & FILTER_REQUIRE_ARRAY) {
590 		zval_ptr_dtor(filtered);
591 		if (filter_flags & FILTER_NULL_ON_FAILURE) {
592 			ZVAL_NULL(filtered);
593 		} else {
594 			ZVAL_FALSE(filtered);
595 		}
596 		return;
597 	}
598 
599 	php_zval_filter(filtered, filter, filter_flags, options, charset, copy);
600 	if (filter_flags & FILTER_FORCE_ARRAY) {
601 		zval tmp;
602 		ZVAL_COPY_VALUE(&tmp, filtered);
603 		array_init(filtered);
604 		add_next_index_zval(filtered, &tmp);
605 	}
606 }
607 /* }}} */
608 
php_filter_array_handler(zval * input,zval * op,zval * return_value,zend_bool add_empty)609 static void php_filter_array_handler(zval *input, zval *op, zval *return_value, zend_bool add_empty) /* {{{ */
610 {
611 	zend_string *arg_key;
612 	zval *tmp, *arg_elm;
613 
614 	if (!op) {
615 		ZVAL_DUP(return_value, input);
616 		php_filter_call(return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY);
617 	} else if (Z_TYPE_P(op) == IS_LONG) {
618 		ZVAL_DUP(return_value, input);
619 		php_filter_call(return_value, Z_LVAL_P(op), NULL, 0, FILTER_REQUIRE_ARRAY);
620 	} else if (Z_TYPE_P(op) == IS_ARRAY) {
621 		array_init(return_value);
622 
623 		ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(op), arg_key, arg_elm) {
624 			if (arg_key == NULL) {
625 				php_error_docref(NULL, E_WARNING, "Numeric keys are not allowed in the definition array");
626 				zval_ptr_dtor(return_value);
627 				RETURN_FALSE;
628 	 		}
629 			if (ZSTR_LEN(arg_key) == 0) {
630 				php_error_docref(NULL, E_WARNING, "Empty keys are not allowed in the definition array");
631 				zval_ptr_dtor(return_value);
632 				RETURN_FALSE;
633 			}
634 			if ((tmp = zend_hash_find(Z_ARRVAL_P(input), arg_key)) == NULL) {
635 				if (add_empty) {
636 					add_assoc_null_ex(return_value, ZSTR_VAL(arg_key), ZSTR_LEN(arg_key));
637 				}
638 			} else {
639 				zval nval;
640 				ZVAL_DEREF(tmp);
641 				ZVAL_DUP(&nval, tmp);
642 				php_filter_call(&nval, -1, arg_elm, 0, FILTER_REQUIRE_SCALAR);
643 				zend_hash_update(Z_ARRVAL_P(return_value), arg_key, &nval);
644 			}
645 		} ZEND_HASH_FOREACH_END();
646 	} else {
647 		RETURN_FALSE;
648 	}
649 }
650 /* }}} */
651 
652 /* {{{ proto mixed filter_input(constant type, string variable_name [, int filter [, mixed options]])
653  * Returns the filtered variable 'name'* from source `type`.
654  */
PHP_FUNCTION(filter_input)655 PHP_FUNCTION(filter_input)
656 {
657 	zend_long fetch_from, filter = FILTER_DEFAULT;
658 	zval *filter_args = NULL, *tmp;
659 	zval *input = NULL;
660 	zend_string *var;
661 
662 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS|lz", &fetch_from, &var, &filter, &filter_args) == FAILURE) {
663 		RETURN_THROWS();
664 	}
665 
666 	if (!PHP_FILTER_ID_EXISTS(filter)) {
667 		RETURN_FALSE;
668 	}
669 
670 	input = php_filter_get_storage(fetch_from);
671 
672 	if (!input || (tmp = zend_hash_find(Z_ARRVAL_P(input), var)) == NULL) {
673 		zend_long filter_flags = 0;
674 		zval *option, *opt, *def;
675 		if (filter_args) {
676 			if (Z_TYPE_P(filter_args) == IS_LONG) {
677 				filter_flags = Z_LVAL_P(filter_args);
678 			} else if (Z_TYPE_P(filter_args) == IS_ARRAY && (option = zend_hash_str_find(Z_ARRVAL_P(filter_args), "flags", sizeof("flags") - 1)) != NULL) {
679 				filter_flags = zval_get_long(option);
680 			}
681 			if (Z_TYPE_P(filter_args) == IS_ARRAY &&
682 				(opt = zend_hash_str_find_deref(Z_ARRVAL_P(filter_args), "options", sizeof("options") - 1)) != NULL &&
683 				Z_TYPE_P(opt) == IS_ARRAY &&
684 				(def = zend_hash_str_find_deref(Z_ARRVAL_P(opt), "default", sizeof("default") - 1)) != NULL) {
685 				ZVAL_COPY(return_value, def);
686 				return;
687 			}
688 		}
689 
690 		/* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
691 		 * the function: normally when validation fails false is returned, and
692 		 * when the input value doesn't exist NULL is returned. With the flag
693 		 * set, NULL and false should be returned, respectively. Ergo, although
694 		 * the code below looks incorrect, it's actually right. */
695 		if (filter_flags & FILTER_NULL_ON_FAILURE) {
696 			RETURN_FALSE;
697 		} else {
698 			RETURN_NULL();
699 		}
700 	}
701 
702 	ZVAL_DUP(return_value, tmp);
703 
704 	php_filter_call(return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR);
705 }
706 /* }}} */
707 
708 /* {{{ proto mixed filter_var(mixed variable [, int filter [, mixed options]])
709  * Returns the filtered version of the variable.
710  */
PHP_FUNCTION(filter_var)711 PHP_FUNCTION(filter_var)
712 {
713 	zend_long filter = FILTER_DEFAULT;
714 	zval *filter_args = NULL, *data;
715 
716 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "z|lz", &data, &filter, &filter_args) == FAILURE) {
717 		RETURN_THROWS();
718 	}
719 
720 	if (!PHP_FILTER_ID_EXISTS(filter)) {
721 		RETURN_FALSE;
722 	}
723 
724 	ZVAL_DUP(return_value, data);
725 
726 	php_filter_call(return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR);
727 }
728 /* }}} */
729 
730 /* {{{ proto mixed filter_input_array(constant type, [, mixed options [, bool add_empty]]])
731  * Returns an array with all arguments defined in 'definition'.
732  */
PHP_FUNCTION(filter_input_array)733 PHP_FUNCTION(filter_input_array)
734 {
735 	zend_long    fetch_from;
736 	zval   *array_input = NULL, *op = NULL;
737 	zend_bool add_empty = 1;
738 
739 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "l|zb",  &fetch_from, &op, &add_empty) == FAILURE) {
740 		RETURN_THROWS();
741 	}
742 
743 	if (op && (Z_TYPE_P(op) != IS_ARRAY) && !(Z_TYPE_P(op) == IS_LONG && PHP_FILTER_ID_EXISTS(Z_LVAL_P(op)))) {
744 		RETURN_FALSE;
745 	}
746 
747 	array_input = php_filter_get_storage(fetch_from);
748 
749 	if (!array_input) {
750 		zend_long filter_flags = 0;
751 		zval *option;
752 		if (op) {
753 			if (Z_TYPE_P(op) == IS_LONG) {
754 				filter_flags = Z_LVAL_P(op);
755 			} else if (Z_TYPE_P(op) == IS_ARRAY && (option = zend_hash_str_find(Z_ARRVAL_P(op), "flags", sizeof("flags") - 1)) != NULL) {
756 				filter_flags = zval_get_long(option);
757 			}
758 		}
759 
760 		/* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
761 		 * the function: normally when validation fails false is returned, and
762 		 * when the input value doesn't exist NULL is returned. With the flag
763 		 * set, NULL and false should be returned, respectively. Ergo, although
764 		 * the code below looks incorrect, it's actually right. */
765 		if (filter_flags & FILTER_NULL_ON_FAILURE) {
766 			RETURN_FALSE;
767 		} else {
768 			RETURN_NULL();
769 		}
770 	}
771 
772 	php_filter_array_handler(array_input, op, return_value, add_empty);
773 }
774 /* }}} */
775 
776 /* {{{ proto mixed filter_var_array(array data, [, mixed options [, bool add_empty]]])
777  * Returns an array with all arguments defined in 'definition'.
778  */
PHP_FUNCTION(filter_var_array)779 PHP_FUNCTION(filter_var_array)
780 {
781 	zval *array_input = NULL, *op = NULL;
782 	zend_bool add_empty = 1;
783 
784 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "a|zb",  &array_input, &op, &add_empty) == FAILURE) {
785 		RETURN_THROWS();
786 	}
787 
788 	if (op && (Z_TYPE_P(op) != IS_ARRAY) && !(Z_TYPE_P(op) == IS_LONG && PHP_FILTER_ID_EXISTS(Z_LVAL_P(op)))) {
789 		RETURN_FALSE;
790 	}
791 
792 	php_filter_array_handler(array_input, op, return_value, add_empty);
793 }
794 /* }}} */
795 
796 /* {{{ proto filter_list()
797  * Returns a list of all supported filters */
PHP_FUNCTION(filter_list)798 PHP_FUNCTION(filter_list)
799 {
800 	int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
801 
802 	if (zend_parse_parameters_none() == FAILURE) {
803 		RETURN_THROWS();
804 	}
805 
806 	array_init(return_value);
807 	for (i = 0; i < size; ++i) {
808 		add_next_index_string(return_value, (char *)filter_list[i].name);
809 	}
810 }
811 /* }}} */
812 
813 /* {{{ proto filter_id(string filtername)
814  * Returns the filter ID belonging to a named filter */
PHP_FUNCTION(filter_id)815 PHP_FUNCTION(filter_id)
816 {
817 	int i;
818 	size_t filter_len;
819 	int size = sizeof(filter_list) / sizeof(filter_list_entry);
820 	char *filter;
821 
822 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filter, &filter_len) == FAILURE) {
823 		RETURN_THROWS();
824 	}
825 
826 	for (i = 0; i < size; ++i) {
827 		if (strcmp(filter_list[i].name, filter) == 0) {
828 			RETURN_LONG(filter_list[i].id);
829 		}
830 	}
831 
832 	RETURN_FALSE;
833 }
834 /* }}} */
835