1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@php.net> |
14 | Derick Rethans <derick@php.net> |
15 | Pierre-A. Joye <pierre@php.net> |
16 | Ilia Alshanetsky <iliaa@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "php_filter.h"
25
26 ZEND_DECLARE_MODULE_GLOBALS(filter)
27
28 #include "filter_private.h"
29 #include "filter_arginfo.h"
30
31 typedef struct filter_list_entry {
32 const char *name;
33 int id;
34 void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
35 } filter_list_entry;
36
37 /* {{{ filter_list */
38 static const filter_list_entry filter_list[] = {
39 { "int", FILTER_VALIDATE_INT, php_filter_int },
40 { "boolean", FILTER_VALIDATE_BOOL, php_filter_boolean },
41 { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
42
43 { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
44 { "validate_domain", FILTER_VALIDATE_DOMAIN, php_filter_validate_domain },
45 { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
46 { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
47 { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
48 { "validate_mac", FILTER_VALIDATE_MAC, php_filter_validate_mac },
49
50 { "string", FILTER_SANITIZE_STRING, php_filter_string },
51 { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
52 { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
53 { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
54 { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars },
55 { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
56 { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
57 { "url", FILTER_SANITIZE_URL, php_filter_url },
58 { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
59 { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
60 { "add_slashes", FILTER_SANITIZE_ADD_SLASHES, php_filter_add_slashes },
61
62 { "callback", FILTER_CALLBACK, php_filter_callback },
63 };
64 /* }}} */
65
66 #ifndef PARSE_ENV
67 #define PARSE_ENV 4
68 #endif
69
70 #ifndef PARSE_SERVER
71 #define PARSE_SERVER 5
72 #endif
73
74 static unsigned int php_sapi_filter(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len);
75 static unsigned int php_sapi_filter_init(void);
76
77 /* {{{ filter_module_entry */
78 zend_module_entry filter_module_entry = {
79 STANDARD_MODULE_HEADER,
80 "filter",
81 ext_functions,
82 PHP_MINIT(filter),
83 PHP_MSHUTDOWN(filter),
84 NULL,
85 PHP_RSHUTDOWN(filter),
86 PHP_MINFO(filter),
87 PHP_FILTER_VERSION,
88 STANDARD_MODULE_PROPERTIES
89 };
90 /* }}} */
91
92 #ifdef COMPILE_DL_FILTER
93 #ifdef ZTS
94 ZEND_TSRMLS_CACHE_DEFINE()
95 #endif
ZEND_GET_MODULE(filter)96 ZEND_GET_MODULE(filter)
97 #endif
98
99 static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */
100 {
101 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
102
103 for (i = 0; i < size; ++i) {
104 if ((strcasecmp(ZSTR_VAL(new_value), filter_list[i].name) == 0)) {
105 IF_G(default_filter) = filter_list[i].id;
106 if (IF_G(default_filter) != FILTER_DEFAULT) {
107 zend_error(E_DEPRECATED, "The filter.default ini setting is deprecated");
108 }
109 return SUCCESS;
110 }
111 }
112 /* Fallback to the default filter */
113 IF_G(default_filter) = FILTER_DEFAULT;
114 return SUCCESS;
115 }
116 /* }}} */
117
118 /* {{{ PHP_INI */
PHP_INI_MH(OnUpdateFlags)119 static PHP_INI_MH(OnUpdateFlags)
120 {
121 if (!new_value) {
122 IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
123 } else {
124 IF_G(default_filter_flags) = atoi(ZSTR_VAL(new_value));
125 }
126 return SUCCESS;
127 }
128
129 PHP_INI_BEGIN()
130 STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
131 PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
PHP_INI_END()132 PHP_INI_END()
133 /* }}} */
134
135 static void php_filter_init_globals(zend_filter_globals *filter_globals) /* {{{ */
136 {
137 #if defined(COMPILE_DL_FILTER) && defined(ZTS)
138 ZEND_TSRMLS_CACHE_UPDATE();
139 #endif
140 ZVAL_UNDEF(&filter_globals->post_array);
141 ZVAL_UNDEF(&filter_globals->get_array);
142 ZVAL_UNDEF(&filter_globals->cookie_array);
143 ZVAL_UNDEF(&filter_globals->env_array);
144 ZVAL_UNDEF(&filter_globals->server_array);
145 #if 0
146 ZVAL_UNDEF(&filter_globals->session_array);
147 #endif
148 filter_globals->default_filter = FILTER_DEFAULT;
149 }
150 /* }}} */
151
152 /* {{{ PHP_MINIT_FUNCTION */
PHP_MINIT_FUNCTION(filter)153 PHP_MINIT_FUNCTION(filter)
154 {
155 ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
156
157 REGISTER_INI_ENTRIES();
158
159 register_filter_symbols(module_number);
160
161 sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
162
163 return SUCCESS;
164 }
165 /* }}} */
166
167 /* {{{ PHP_MSHUTDOWN_FUNCTION */
PHP_MSHUTDOWN_FUNCTION(filter)168 PHP_MSHUTDOWN_FUNCTION(filter)
169 {
170 UNREGISTER_INI_ENTRIES();
171
172 return SUCCESS;
173 }
174 /* }}} */
175
176 /* {{{ PHP_RSHUTDOWN_FUNCTION */
177 #define VAR_ARRAY_COPY_DTOR(a) \
178 if (!Z_ISUNDEF(IF_G(a))) { \
179 zval_ptr_dtor(&IF_G(a)); \
180 ZVAL_UNDEF(&IF_G(a)); \
181 }
182
PHP_RSHUTDOWN_FUNCTION(filter)183 PHP_RSHUTDOWN_FUNCTION(filter)
184 {
185 VAR_ARRAY_COPY_DTOR(get_array)
186 VAR_ARRAY_COPY_DTOR(post_array)
187 VAR_ARRAY_COPY_DTOR(cookie_array)
188 VAR_ARRAY_COPY_DTOR(server_array)
189 VAR_ARRAY_COPY_DTOR(env_array)
190 #if 0
191 VAR_ARRAY_COPY_DTOR(session_array)
192 #endif
193 return SUCCESS;
194 }
195 /* }}} */
196
197 /* {{{ PHP_MINFO_FUNCTION */
PHP_MINFO_FUNCTION(filter)198 PHP_MINFO_FUNCTION(filter)
199 {
200 php_info_print_table_start();
201 php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
202 php_info_print_table_end();
203
204 DISPLAY_INI_ENTRIES();
205 }
206 /* }}} */
207
php_find_filter(zend_long id)208 static filter_list_entry php_find_filter(zend_long id) /* {{{ */
209 {
210 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
211
212 for (i = 0; i < size; ++i) {
213 if (filter_list[i].id == id) {
214 return filter_list[i];
215 }
216 }
217 /* Fallback to "string" filter */
218 for (i = 0; i < size; ++i) {
219 if (filter_list[i].id == FILTER_DEFAULT) {
220 return filter_list[i];
221 }
222 }
223 /* To shut up GCC */
224 return filter_list[0];
225 }
226 /* }}} */
227
php_sapi_filter_init(void)228 static unsigned int php_sapi_filter_init(void)
229 {
230 ZVAL_UNDEF(&IF_G(get_array));
231 ZVAL_UNDEF(&IF_G(post_array));
232 ZVAL_UNDEF(&IF_G(cookie_array));
233 ZVAL_UNDEF(&IF_G(server_array));
234 ZVAL_UNDEF(&IF_G(env_array));
235 #if 0
236 ZVAL_UNDEF(&IF_G(session_array));
237 #endif
238 return SUCCESS;
239 }
240
php_zval_filter(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,bool copy)241 static void php_zval_filter(zval *value, zend_long filter, zend_long flags, zval *options, char* charset, bool copy) /* {{{ */
242 {
243 filter_list_entry filter_func;
244
245 filter_func = php_find_filter(filter);
246
247 if (!filter_func.id) {
248 /* Find default filter */
249 filter_func = php_find_filter(FILTER_DEFAULT);
250 }
251
252 /* #49274, fatal error with object without a toString method
253 Fails nicely instead of getting a recovarable fatal error. */
254 if (Z_TYPE_P(value) == IS_OBJECT) {
255 zend_class_entry *ce;
256
257 ce = Z_OBJCE_P(value);
258 if (!ce->__tostring) {
259 zval_ptr_dtor(value);
260 /* #67167: doesn't return null on failure for objects */
261 if (flags & FILTER_NULL_ON_FAILURE) {
262 ZVAL_NULL(value);
263 } else {
264 ZVAL_FALSE(value);
265 }
266 goto handle_default;
267 }
268 }
269
270 /* Here be strings */
271 convert_to_string(value);
272
273 filter_func.function(value, flags, options, charset);
274
275 handle_default:
276 if (options && Z_TYPE_P(options) == IS_ARRAY &&
277 ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_P(value) == IS_NULL) ||
278 (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_P(value) == IS_FALSE))) {
279 zval *tmp;
280 if ((tmp = zend_hash_str_find(Z_ARRVAL_P(options), "default", sizeof("default") - 1)) != NULL) {
281 ZVAL_COPY(value, tmp);
282 }
283 }
284 }
285 /* }}} */
286
php_sapi_filter(int arg,const char * var,char ** val,size_t val_len,size_t * new_val_len)287 static unsigned int php_sapi_filter(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len) /* {{{ */
288 {
289 zval new_var, raw_var;
290 zval *array_ptr = NULL, *orig_array_ptr = NULL;
291 int retval = 0;
292
293 assert(*val != NULL);
294
295 #define PARSE_CASE(s,a,t) \
296 case s: \
297 if (Z_ISUNDEF(IF_G(a))) { \
298 array_init(&IF_G(a)); \
299 } \
300 array_ptr = &IF_G(a); \
301 orig_array_ptr = &PG(http_globals)[t]; \
302 break;
303
304 switch (arg) {
305 PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
306 PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
307 PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
308 PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
309 PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
310
311 case PARSE_STRING: /* PARSE_STRING is used by parse_str() function */
312 retval = 1;
313 break;
314 }
315
316 /*
317 * According to rfc2965, more specific paths are listed above the less specific ones.
318 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
319 * to have the same (plain text) cookie name for the same path and we should not overwrite
320 * more specific cookies with the less specific ones.
321 */
322 if (arg == PARSE_COOKIE && orig_array_ptr &&
323 zend_symtable_str_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var))) {
324 return 0;
325 }
326
327 if (array_ptr) {
328 /* Store the RAW variable internally */
329 ZVAL_STRINGL(&raw_var, *val, val_len);
330 php_register_variable_ex(var, &raw_var, array_ptr);
331 }
332
333 if (val_len) {
334 /* Register mangled variable */
335 if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
336 ZVAL_STRINGL(&new_var, *val, val_len);
337 php_zval_filter(&new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL, 0);
338 } else {
339 ZVAL_STRINGL(&new_var, *val, val_len);
340 }
341 } else { /* empty string */
342 ZVAL_EMPTY_STRING(&new_var);
343 }
344
345 if (orig_array_ptr) {
346 php_register_variable_ex(var, &new_var, orig_array_ptr);
347 }
348
349 if (retval) {
350 if (new_val_len) {
351 *new_val_len = Z_STRLEN(new_var);
352 }
353 efree(*val);
354 if (Z_STRLEN(new_var)) {
355 *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
356 } else {
357 *val = estrdup("");
358 }
359 zval_ptr_dtor(&new_var);
360 }
361
362 return retval;
363 }
364 /* }}} */
365
php_zval_filter_recursive(zval * value,zend_long filter,zend_long flags,zval * options,char * charset,bool copy)366 static void php_zval_filter_recursive(zval *value, zend_long filter, zend_long flags, zval *options, char *charset, bool copy) /* {{{ */
367 {
368 if (Z_TYPE_P(value) == IS_ARRAY) {
369 zval *element;
370
371 if (Z_IS_RECURSIVE_P(value)) {
372 return;
373 }
374 Z_PROTECT_RECURSION_P(value);
375
376 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(value), element) {
377 ZVAL_DEREF(element);
378 if (Z_TYPE_P(element) == IS_ARRAY) {
379 SEPARATE_ARRAY(element);
380 php_zval_filter_recursive(element, filter, flags, options, charset, copy);
381 } else {
382 php_zval_filter(element, filter, flags, options, charset, copy);
383 }
384 } ZEND_HASH_FOREACH_END();
385 Z_UNPROTECT_RECURSION_P(value);
386 } else {
387 php_zval_filter(value, filter, flags, options, charset, copy);
388 }
389 }
390 /* }}} */
391
php_filter_get_storage(zend_long arg)392 static zval *php_filter_get_storage(zend_long arg)/* {{{ */
393
394 {
395 zval *array_ptr = NULL;
396
397 switch (arg) {
398 case PARSE_GET:
399 array_ptr = &IF_G(get_array);
400 break;
401 case PARSE_POST:
402 array_ptr = &IF_G(post_array);
403 break;
404 case PARSE_COOKIE:
405 array_ptr = &IF_G(cookie_array);
406 break;
407 case PARSE_SERVER:
408 if (PG(auto_globals_jit)) {
409 zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_SERVER));
410 }
411 array_ptr = &IF_G(server_array);
412 break;
413 case PARSE_ENV:
414 if (PG(auto_globals_jit)) {
415 zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_ENV));
416 }
417 array_ptr = !Z_ISUNDEF(IF_G(env_array)) ? &IF_G(env_array) : &PG(http_globals)[TRACK_VARS_ENV];
418 break;
419 default:
420 zend_argument_value_error(1, "must be an INPUT_* constant");
421 return NULL;
422 }
423
424 if (array_ptr && Z_TYPE_P(array_ptr) != IS_ARRAY) {
425 /* Storage not initialized */
426 return NULL;
427 }
428
429 return array_ptr;
430 }
431 /* }}} */
432
433 /* {{{ Returns true if the variable with the name 'name' exists in source. */
PHP_FUNCTION(filter_has_var)434 PHP_FUNCTION(filter_has_var)
435 {
436 zend_long arg;
437 zend_string *var;
438 zval *array_ptr = NULL;
439
440 if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS", &arg, &var) == FAILURE) {
441 RETURN_THROWS();
442 }
443
444 array_ptr = php_filter_get_storage(arg);
445 if (EG(exception)) {
446 RETURN_THROWS();
447 }
448
449 if (array_ptr && zend_hash_exists(Z_ARRVAL_P(array_ptr), var)) {
450 RETURN_TRUE;
451 }
452
453 RETURN_FALSE;
454 }
455 /* }}} */
456
php_filter_call(zval * filtered,zend_long filter,HashTable * filter_args_ht,zend_long filter_args_long,const int copy,zend_long filter_flags)457 static void php_filter_call(
458 zval *filtered, zend_long filter, HashTable *filter_args_ht, zend_long filter_args_long,
459 const int copy, zend_long filter_flags
460 ) /* {{{ */ {
461 zval *options = NULL;
462 zval *option;
463 char *charset = NULL;
464
465 if (!filter_args_ht) {
466 if (filter != -1) { /* handler for array apply */
467 /* filter_args is the filter_flags */
468 filter_flags = filter_args_long;
469
470 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
471 filter_flags |= FILTER_REQUIRE_SCALAR;
472 }
473 } else {
474 filter = filter_args_long;
475 }
476 } else {
477 if ((option = zend_hash_str_find(filter_args_ht, "filter", sizeof("filter") - 1)) != NULL) {
478 filter = zval_get_long(option);
479 }
480
481 if ((option = zend_hash_str_find_deref(filter_args_ht, "options", sizeof("options") - 1)) != NULL) {
482 if (filter != FILTER_CALLBACK) {
483 if (Z_TYPE_P(option) == IS_ARRAY) {
484 options = option;
485 }
486 } else {
487 options = option;
488 filter_flags = 0;
489 }
490 }
491
492 if ((option = zend_hash_str_find(filter_args_ht, "flags", sizeof("flags") - 1)) != NULL) {
493 filter_flags = zval_get_long(option);
494
495 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
496 filter_flags |= FILTER_REQUIRE_SCALAR;
497 }
498 }
499 }
500
501 if (Z_TYPE_P(filtered) == IS_ARRAY) {
502 if (filter_flags & FILTER_REQUIRE_SCALAR) {
503 zval_ptr_dtor(filtered);
504 if (filter_flags & FILTER_NULL_ON_FAILURE) {
505 ZVAL_NULL(filtered);
506 } else {
507 ZVAL_FALSE(filtered);
508 }
509 return;
510 }
511 php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy);
512 return;
513 }
514 if (filter_flags & FILTER_REQUIRE_ARRAY) {
515 zval_ptr_dtor(filtered);
516 if (filter_flags & FILTER_NULL_ON_FAILURE) {
517 ZVAL_NULL(filtered);
518 } else {
519 ZVAL_FALSE(filtered);
520 }
521 return;
522 }
523
524 php_zval_filter(filtered, filter, filter_flags, options, charset, copy);
525 if (filter_flags & FILTER_FORCE_ARRAY) {
526 zval tmp;
527 ZVAL_COPY_VALUE(&tmp, filtered);
528 array_init(filtered);
529 add_next_index_zval(filtered, &tmp);
530 }
531 }
532 /* }}} */
533
php_filter_array_handler(zval * input,HashTable * op_ht,zend_long op_long,zval * return_value,bool add_empty)534 static void php_filter_array_handler(zval *input, HashTable *op_ht, zend_long op_long,
535 zval *return_value, bool add_empty
536 ) /* {{{ */ {
537 zend_string *arg_key;
538 zval *tmp, *arg_elm;
539
540 if (!op_ht) {
541 ZVAL_DUP(return_value, input);
542 php_filter_call(return_value, -1, NULL, op_long, 0, FILTER_REQUIRE_ARRAY);
543 } else {
544 array_init(return_value);
545
546 ZEND_HASH_FOREACH_STR_KEY_VAL(op_ht, arg_key, arg_elm) {
547 if (arg_key == NULL) {
548 zend_argument_type_error(2, "must contain only string keys");
549 RETURN_THROWS();
550 }
551 if (ZSTR_LEN(arg_key) == 0) {
552 zend_argument_value_error(2, "cannot contain empty keys");
553 RETURN_THROWS();
554 }
555 if ((tmp = zend_hash_find(Z_ARRVAL_P(input), arg_key)) == NULL) {
556 if (add_empty) {
557 add_assoc_null_ex(return_value, ZSTR_VAL(arg_key), ZSTR_LEN(arg_key));
558 }
559 } else {
560 zval nval;
561 ZVAL_DEREF(tmp);
562 ZVAL_DUP(&nval, tmp);
563 php_filter_call(&nval, -1,
564 Z_TYPE_P(arg_elm) == IS_ARRAY ? Z_ARRVAL_P(arg_elm) : NULL,
565 Z_TYPE_P(arg_elm) == IS_ARRAY ? 0 : zval_get_long(arg_elm),
566 0, FILTER_REQUIRE_SCALAR
567 );
568 zend_hash_update(Z_ARRVAL_P(return_value), arg_key, &nval);
569 }
570 } ZEND_HASH_FOREACH_END();
571 }
572 }
573 /* }}} */
574
575 /* {{{ Returns the filtered variable 'name'* from source `type`. */
PHP_FUNCTION(filter_input)576 PHP_FUNCTION(filter_input)
577 {
578 zend_long fetch_from, filter = FILTER_DEFAULT;
579 zval *input = NULL, *tmp;
580 zend_string *var;
581 HashTable *filter_args_ht = NULL;
582 zend_long filter_args_long = 0;
583
584 ZEND_PARSE_PARAMETERS_START(2, 4)
585 Z_PARAM_LONG(fetch_from)
586 Z_PARAM_STR(var)
587 Z_PARAM_OPTIONAL
588 Z_PARAM_LONG(filter)
589 Z_PARAM_ARRAY_HT_OR_LONG(filter_args_ht, filter_args_long)
590 ZEND_PARSE_PARAMETERS_END();
591
592 if (!PHP_FILTER_ID_EXISTS(filter)) {
593 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, filter);
594 RETURN_FALSE;
595 }
596
597 input = php_filter_get_storage(fetch_from);
598 if (EG(exception)) {
599 RETURN_THROWS();
600 }
601
602 if (!input || (tmp = zend_hash_find(Z_ARRVAL_P(input), var)) == NULL) {
603 zend_long filter_flags = 0;
604 zval *option, *opt, *def;
605 if (!filter_args_ht) {
606 filter_flags = filter_args_long;
607 } else {
608 if ((option = zend_hash_str_find(filter_args_ht, "flags", sizeof("flags") - 1)) != NULL) {
609 filter_flags = zval_get_long(option);
610 }
611
612 if ((opt = zend_hash_str_find_deref(filter_args_ht, "options", sizeof("options") - 1)) != NULL &&
613 Z_TYPE_P(opt) == IS_ARRAY &&
614 (def = zend_hash_str_find_deref(Z_ARRVAL_P(opt), "default", sizeof("default") - 1)) != NULL
615 ) {
616 ZVAL_COPY(return_value, def);
617 return;
618 }
619 }
620
621 /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
622 * the function: normally when validation fails false is returned, and
623 * when the input value doesn't exist NULL is returned. With the flag
624 * set, NULL and false should be returned, respectively. Ergo, although
625 * the code below looks incorrect, it's actually right. */
626 if (filter_flags & FILTER_NULL_ON_FAILURE) {
627 RETURN_FALSE;
628 } else {
629 RETURN_NULL();
630 }
631 }
632
633 ZVAL_DUP(return_value, tmp);
634
635 php_filter_call(return_value, filter, filter_args_ht, filter_args_long, 1, FILTER_REQUIRE_SCALAR);
636 }
637 /* }}} */
638
639 /* {{{ Returns the filtered version of the variable. */
PHP_FUNCTION(filter_var)640 PHP_FUNCTION(filter_var)
641 {
642 zend_long filter = FILTER_DEFAULT;
643 zval *data;
644 HashTable *filter_args_ht = NULL;
645 zend_long filter_args_long = 0;
646
647 ZEND_PARSE_PARAMETERS_START(1, 3)
648 Z_PARAM_ZVAL(data)
649 Z_PARAM_OPTIONAL
650 Z_PARAM_LONG(filter)
651 Z_PARAM_ARRAY_HT_OR_LONG(filter_args_ht, filter_args_long)
652 ZEND_PARSE_PARAMETERS_END();
653
654 if (!PHP_FILTER_ID_EXISTS(filter)) {
655 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, filter);
656 RETURN_FALSE;
657 }
658
659 ZVAL_DUP(return_value, data);
660
661 php_filter_call(return_value, filter, filter_args_ht, filter_args_long, 1, FILTER_REQUIRE_SCALAR);
662 }
663 /* }}} */
664
665 /* {{{ Returns an array with all arguments defined in 'definition'. */
PHP_FUNCTION(filter_input_array)666 PHP_FUNCTION(filter_input_array)
667 {
668 zend_long fetch_from;
669 zval *array_input = NULL;
670 bool add_empty = 1;
671 HashTable *op_ht = NULL;
672 zend_long op_long = FILTER_DEFAULT;
673
674 ZEND_PARSE_PARAMETERS_START(1, 3)
675 Z_PARAM_LONG(fetch_from)
676 Z_PARAM_OPTIONAL
677 Z_PARAM_ARRAY_HT_OR_LONG(op_ht, op_long)
678 Z_PARAM_BOOL(add_empty)
679 ZEND_PARSE_PARAMETERS_END();
680
681 if (!op_ht && !PHP_FILTER_ID_EXISTS(op_long)) {
682 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, op_long);
683 RETURN_FALSE;
684 }
685
686 array_input = php_filter_get_storage(fetch_from);
687
688 if (EG(exception)) {
689 RETURN_THROWS();
690 }
691
692 if (!array_input) {
693 RETURN_NULL();
694 }
695
696 php_filter_array_handler(array_input, op_ht, op_long, return_value, add_empty);
697 }
698 /* }}} */
699
700 /* {{{ Returns an array with all arguments defined in 'definition'. */
PHP_FUNCTION(filter_var_array)701 PHP_FUNCTION(filter_var_array)
702 {
703 zval *array_input = NULL;
704 bool add_empty = 1;
705 HashTable *op_ht = NULL;
706 zend_long op_long = FILTER_DEFAULT;
707
708 ZEND_PARSE_PARAMETERS_START(1, 3)
709 Z_PARAM_ARRAY(array_input)
710 Z_PARAM_OPTIONAL
711 Z_PARAM_ARRAY_HT_OR_LONG(op_ht, op_long)
712 Z_PARAM_BOOL(add_empty)
713 ZEND_PARSE_PARAMETERS_END();
714
715 if (!op_ht && !PHP_FILTER_ID_EXISTS(op_long)) {
716 php_error_docref(NULL, E_WARNING, "Unknown filter with ID " ZEND_LONG_FMT, op_long);
717 RETURN_FALSE;
718 }
719
720 php_filter_array_handler(array_input, op_ht, op_long, return_value, add_empty);
721 }
722 /* }}} */
723
724 /* {{{ Returns a list of all supported filters */
PHP_FUNCTION(filter_list)725 PHP_FUNCTION(filter_list)
726 {
727 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
728
729 if (zend_parse_parameters_none() == FAILURE) {
730 RETURN_THROWS();
731 }
732
733 array_init(return_value);
734 for (i = 0; i < size; ++i) {
735 add_next_index_string(return_value, (char *)filter_list[i].name);
736 }
737 }
738 /* }}} */
739
740 /* {{{ Returns the filter ID belonging to a named filter */
PHP_FUNCTION(filter_id)741 PHP_FUNCTION(filter_id)
742 {
743 int i;
744 size_t filter_len;
745 int size = sizeof(filter_list) / sizeof(filter_list_entry);
746 char *filter;
747
748 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filter, &filter_len) == FAILURE) {
749 RETURN_THROWS();
750 }
751
752 for (i = 0; i < size; ++i) {
753 if (strcmp(filter_list[i].name, filter) == 0) {
754 RETURN_LONG(filter_list[i].id);
755 }
756 }
757
758 RETURN_FALSE;
759 }
760 /* }}} */
761