This source file includes following definitions.
- ZEND_DECLARE_MODULE_GLOBALS
- ZEND_TSRMLS_CACHE_DEFINE
- PHP_INI_MH
- PHP_INI_BEGIN
- PHP_MINIT_FUNCTION
- PHP_MSHUTDOWN_FUNCTION
- PHP_RSHUTDOWN_FUNCTION
- PHP_MINFO_FUNCTION
- php_find_filter
- php_sapi_filter_init
- php_zval_filter
- php_sapi_filter
- php_zval_filter_recursive
- php_filter_get_storage
- PHP_FUNCTION
- php_filter_call
- php_filter_array_handler
- PHP_FUNCTION
- PHP_FUNCTION
- PHP_FUNCTION
- PHP_FUNCTION
- PHP_FUNCTION
- PHP_FUNCTION
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27
28 #include "php_filter.h"
29
30 ZEND_DECLARE_MODULE_GLOBALS(filter)
31
32 #include "filter_private.h"
33
34 typedef struct filter_list_entry {
35 const char *name;
36 int id;
37 void (*function)(PHP_INPUT_FILTER_PARAM_DECL);
38 } filter_list_entry;
39
40
41 static const filter_list_entry filter_list[] = {
42 { "int", FILTER_VALIDATE_INT, php_filter_int },
43 { "boolean", FILTER_VALIDATE_BOOLEAN, php_filter_boolean },
44 { "float", FILTER_VALIDATE_FLOAT, php_filter_float },
45
46 { "validate_regexp", FILTER_VALIDATE_REGEXP, php_filter_validate_regexp },
47 { "validate_domain", FILTER_VALIDATE_DOMAIN, php_filter_validate_domain },
48 { "validate_url", FILTER_VALIDATE_URL, php_filter_validate_url },
49 { "validate_email", FILTER_VALIDATE_EMAIL, php_filter_validate_email },
50 { "validate_ip", FILTER_VALIDATE_IP, php_filter_validate_ip },
51 { "validate_mac", FILTER_VALIDATE_MAC, php_filter_validate_mac },
52
53 { "string", FILTER_SANITIZE_STRING, php_filter_string },
54 { "stripped", FILTER_SANITIZE_STRING, php_filter_string },
55 { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
56 { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
57 { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars },
58 { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
59 { "email", FILTER_SANITIZE_EMAIL, php_filter_email },
60 { "url", FILTER_SANITIZE_URL, php_filter_url },
61 { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
62 { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
63 { "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_magic_quotes },
64
65 { "callback", FILTER_CALLBACK, php_filter_callback },
66 };
67
68
69 #ifndef PARSE_ENV
70 #define PARSE_ENV 4
71 #endif
72
73 #ifndef PARSE_SERVER
74 #define PARSE_SERVER 5
75 #endif
76
77 #ifndef PARSE_SESSION
78 #define PARSE_SESSION 6
79 #endif
80
81 static unsigned int php_sapi_filter(int arg, char *var, char **val, size_t val_len, size_t *new_val_len);
82 static unsigned int php_sapi_filter_init(void);
83
84
85 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input, 0, 0, 2)
86 ZEND_ARG_INFO(0, type)
87 ZEND_ARG_INFO(0, variable_name)
88 ZEND_ARG_INFO(0, filter)
89 ZEND_ARG_INFO(0, options)
90 ZEND_END_ARG_INFO()
91
92 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var, 0, 0, 1)
93 ZEND_ARG_INFO(0, variable)
94 ZEND_ARG_INFO(0, filter)
95 ZEND_ARG_INFO(0, options)
96 ZEND_END_ARG_INFO()
97
98 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_input_array, 0, 0, 1)
99 ZEND_ARG_INFO(0, type)
100 ZEND_ARG_INFO(0, definition)
101 ZEND_ARG_INFO(0, add_empty)
102 ZEND_END_ARG_INFO()
103
104 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_var_array, 0, 0, 1)
105 ZEND_ARG_INFO(0, data)
106 ZEND_ARG_INFO(0, definition)
107 ZEND_ARG_INFO(0, add_empty)
108 ZEND_END_ARG_INFO()
109
110 ZEND_BEGIN_ARG_INFO(arginfo_filter_list, 0)
111 ZEND_END_ARG_INFO()
112
113 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_has_var, 0, 0, 2)
114 ZEND_ARG_INFO(0, type)
115 ZEND_ARG_INFO(0, variable_name)
116 ZEND_END_ARG_INFO()
117
118 ZEND_BEGIN_ARG_INFO_EX(arginfo_filter_id, 0, 0, 1)
119 ZEND_ARG_INFO(0, filtername)
120 ZEND_END_ARG_INFO()
121
122
123
124
125 static const zend_function_entry filter_functions[] = {
126 PHP_FE(filter_input, arginfo_filter_input)
127 PHP_FE(filter_var, arginfo_filter_var)
128 PHP_FE(filter_input_array, arginfo_filter_input_array)
129 PHP_FE(filter_var_array, arginfo_filter_var_array)
130 PHP_FE(filter_list, arginfo_filter_list)
131 PHP_FE(filter_has_var, arginfo_filter_has_var)
132 PHP_FE(filter_id, arginfo_filter_id)
133 PHP_FE_END
134 };
135
136
137
138
139 zend_module_entry filter_module_entry = {
140 STANDARD_MODULE_HEADER,
141 "filter",
142 filter_functions,
143 PHP_MINIT(filter),
144 PHP_MSHUTDOWN(filter),
145 NULL,
146 PHP_RSHUTDOWN(filter),
147 PHP_MINFO(filter),
148 PHP_FILTER_VERSION,
149 STANDARD_MODULE_PROPERTIES
150 };
151
152
153 #ifdef COMPILE_DL_FILTER
154 #ifdef ZTS
155 ZEND_TSRMLS_CACHE_DEFINE()
156 #endif
157 ZEND_GET_MODULE(filter)
158 #endif
159
160 static PHP_INI_MH(UpdateDefaultFilter)
161 {
162 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
163
164 for (i = 0; i < size; ++i) {
165 if ((strcasecmp(ZSTR_VAL(new_value), filter_list[i].name) == 0)) {
166 IF_G(default_filter) = filter_list[i].id;
167 return SUCCESS;
168 }
169 }
170
171 IF_G(default_filter) = FILTER_DEFAULT;
172 return SUCCESS;
173 }
174
175
176
177
178 static PHP_INI_MH(OnUpdateFlags)
179 {
180 if (!new_value) {
181 IF_G(default_filter_flags) = FILTER_FLAG_NO_ENCODE_QUOTES;
182 } else {
183 IF_G(default_filter_flags) = atoi(ZSTR_VAL(new_value));
184 }
185 return SUCCESS;
186 }
187
188 PHP_INI_BEGIN()
189 STD_PHP_INI_ENTRY("filter.default", "unsafe_raw", PHP_INI_SYSTEM|PHP_INI_PERDIR, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
190 PHP_INI_ENTRY("filter.default_flags", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateFlags)
191 PHP_INI_END()
192
193
194 static void php_filter_init_globals(zend_filter_globals *filter_globals)
195 {
196 #if defined(COMPILE_DL_FILTER) && defined(ZTS)
197 ZEND_TSRMLS_CACHE_UPDATE();
198 #endif
199 ZVAL_UNDEF(&filter_globals->post_array);
200 ZVAL_UNDEF(&filter_globals->get_array);
201 ZVAL_UNDEF(&filter_globals->cookie_array);
202 ZVAL_UNDEF(&filter_globals->env_array);
203 ZVAL_UNDEF(&filter_globals->server_array);
204 ZVAL_UNDEF(&filter_globals->session_array);
205 filter_globals->default_filter = FILTER_DEFAULT;
206 }
207
208
209 #define PARSE_REQUEST 99
210
211
212
213 PHP_MINIT_FUNCTION(filter)
214 {
215 ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
216
217 REGISTER_INI_ENTRIES();
218
219 REGISTER_LONG_CONSTANT("INPUT_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
220 REGISTER_LONG_CONSTANT("INPUT_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
221 REGISTER_LONG_CONSTANT("INPUT_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
222 REGISTER_LONG_CONSTANT("INPUT_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT);
223 REGISTER_LONG_CONSTANT("INPUT_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT);
224 REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION, CONST_CS | CONST_PERSISTENT);
225 REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT);
226
227 REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
228
229 REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
230 REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
231 REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
232 REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);
233
234 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
235 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOLEAN, CONST_CS | CONST_PERSISTENT);
236 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);
237
238 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
239 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_DOMAIN", FILTER_VALIDATE_DOMAIN, CONST_CS | CONST_PERSISTENT);
240 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
241 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
242 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);
243 REGISTER_LONG_CONSTANT("FILTER_VALIDATE_MAC", FILTER_VALIDATE_MAC, CONST_CS | CONST_PERSISTENT);
244
245 REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
246 REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
247
248 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
249 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
250 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
251 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
252 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_FULL_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
253 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
254 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
255 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
256 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
257 REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
258
259 REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
260
261 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
262 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);
263
264 REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
265 REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
266 REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_BACKTICK", FILTER_FLAG_STRIP_BACKTICK, CONST_CS | CONST_PERSISTENT);
267 REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
268 REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
269 REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
270 REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
271 REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
272
273 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
274 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
275 REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);
276
277 REGISTER_LONG_CONSTANT("FILTER_FLAG_SCHEME_REQUIRED", FILTER_FLAG_SCHEME_REQUIRED, CONST_CS | CONST_PERSISTENT);
278 REGISTER_LONG_CONSTANT("FILTER_FLAG_HOST_REQUIRED", FILTER_FLAG_HOST_REQUIRED, CONST_CS | CONST_PERSISTENT);
279 REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
280 REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);
281
282 REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
283 REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
284 REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
285 REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);
286
287 REGISTER_LONG_CONSTANT("FILTER_FLAG_HOSTNAME", FILTER_FLAG_HOSTNAME, CONST_CS | CONST_PERSISTENT);
288
289 sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);
290
291 return SUCCESS;
292 }
293
294
295
296
297 PHP_MSHUTDOWN_FUNCTION(filter)
298 {
299 UNREGISTER_INI_ENTRIES();
300
301 return SUCCESS;
302 }
303
304
305
306
307 #define VAR_ARRAY_COPY_DTOR(a) \
308 if (!Z_ISUNDEF(IF_G(a))) { \
309 zval_ptr_dtor(&IF_G(a)); \
310 ZVAL_UNDEF(&IF_G(a)); \
311 }
312
313 PHP_RSHUTDOWN_FUNCTION(filter)
314 {
315 VAR_ARRAY_COPY_DTOR(get_array)
316 VAR_ARRAY_COPY_DTOR(post_array)
317 VAR_ARRAY_COPY_DTOR(cookie_array)
318 VAR_ARRAY_COPY_DTOR(server_array)
319 VAR_ARRAY_COPY_DTOR(env_array)
320 VAR_ARRAY_COPY_DTOR(session_array)
321 return SUCCESS;
322 }
323
324
325
326
327 PHP_MINFO_FUNCTION(filter)
328 {
329 php_info_print_table_start();
330 php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
331 php_info_print_table_row( 2, "Revision", "$Id: 2c8dde9d49ae877877eccaf496c8f5a733b4f1c2 $");
332 php_info_print_table_end();
333
334 DISPLAY_INI_ENTRIES();
335 }
336
337
338 static filter_list_entry php_find_filter(zend_long id)
339 {
340 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
341
342 for (i = 0; i < size; ++i) {
343 if (filter_list[i].id == id) {
344 return filter_list[i];
345 }
346 }
347
348 for (i = 0; i < size; ++i) {
349 if (filter_list[i].id == FILTER_DEFAULT) {
350 return filter_list[i];
351 }
352 }
353
354 return filter_list[0];
355 }
356
357
358 static unsigned int php_sapi_filter_init(void)
359 {
360 ZVAL_UNDEF(&IF_G(get_array));
361 ZVAL_UNDEF(&IF_G(post_array));
362 ZVAL_UNDEF(&IF_G(cookie_array));
363 ZVAL_UNDEF(&IF_G(server_array));
364 ZVAL_UNDEF(&IF_G(env_array));
365 ZVAL_UNDEF(&IF_G(session_array));
366 return SUCCESS;
367 }
368
369 static void php_zval_filter(zval *value, zend_long filter, zend_long flags, zval *options, char* charset, zend_bool copy)
370 {
371 filter_list_entry filter_func;
372
373 filter_func = php_find_filter(filter);
374
375 if (!filter_func.id) {
376
377 filter_func = php_find_filter(FILTER_DEFAULT);
378 }
379
380 if (copy) {
381 SEPARATE_ZVAL(value);
382 }
383
384
385
386 if (Z_TYPE_P(value) == IS_OBJECT) {
387 zend_class_entry *ce;
388
389 ce = Z_OBJCE_P(value);
390 if (!ce->__tostring) {
391 zval_ptr_dtor(value);
392
393 if (flags & FILTER_NULL_ON_FAILURE) {
394 ZVAL_NULL(value);
395 } else {
396 ZVAL_FALSE(value);
397 }
398 return;
399 }
400 }
401
402
403 convert_to_string(value);
404
405 filter_func.function(value, flags, options, charset);
406
407 if (options && (Z_TYPE_P(options) == IS_ARRAY || Z_TYPE_P(options) == IS_OBJECT) &&
408 ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_P(value) == IS_NULL) ||
409 (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_P(value) == IS_FALSE)) &&
410 zend_hash_str_exists(HASH_OF(options), "default", sizeof("default") - 1)) {
411 zval *tmp;
412 if ((tmp = zend_hash_str_find(HASH_OF(options), "default", sizeof("default") - 1)) != NULL) {
413 ZVAL_COPY(value, tmp);
414 }
415 }
416 }
417
418
419 static unsigned int php_sapi_filter(int arg, char *var, char **val, size_t val_len, size_t *new_val_len)
420 {
421 zval new_var, raw_var;
422 zval *array_ptr = NULL, *orig_array_ptr = NULL;
423 int retval = 0;
424
425 assert(*val != NULL);
426
427 #define PARSE_CASE(s,a,t) \
428 case s: \
429 if (Z_ISUNDEF(IF_G(a))) { \
430 array_init(&IF_G(a)); \
431 } \
432 array_ptr = &IF_G(a); \
433 orig_array_ptr = &PG(http_globals)[t]; \
434 break;
435
436 switch (arg) {
437 PARSE_CASE(PARSE_POST, post_array, TRACK_VARS_POST)
438 PARSE_CASE(PARSE_GET, get_array, TRACK_VARS_GET)
439 PARSE_CASE(PARSE_COOKIE, cookie_array, TRACK_VARS_COOKIE)
440 PARSE_CASE(PARSE_SERVER, server_array, TRACK_VARS_SERVER)
441 PARSE_CASE(PARSE_ENV, env_array, TRACK_VARS_ENV)
442
443 case PARSE_STRING:
444 retval = 1;
445 break;
446 }
447
448
449
450
451
452
453
454 if (arg == PARSE_COOKIE && orig_array_ptr &&
455 zend_symtable_str_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var))) {
456 return 0;
457 }
458
459 if (array_ptr) {
460
461 ZVAL_STRINGL(&raw_var, *val, val_len);
462 php_register_variable_ex(var, &raw_var, array_ptr);
463 }
464
465 if (val_len) {
466
467 if (IF_G(default_filter) != FILTER_UNSAFE_RAW) {
468 ZVAL_STRINGL(&new_var, *val, val_len);
469 php_zval_filter(&new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL, 0);
470 } else {
471 ZVAL_STRINGL(&new_var, *val, val_len);
472 }
473 } else {
474 ZVAL_EMPTY_STRING(&new_var);
475 }
476
477 if (orig_array_ptr) {
478 php_register_variable_ex(var, &new_var, orig_array_ptr);
479 }
480
481 if (retval) {
482 if (new_val_len) {
483 *new_val_len = Z_STRLEN(new_var);
484 }
485 efree(*val);
486 if (Z_STRLEN(new_var)) {
487 *val = estrndup(Z_STRVAL(new_var), Z_STRLEN(new_var));
488 } else {
489 *val = estrdup("");
490 }
491 zval_ptr_dtor(&new_var);
492 }
493
494 return retval;
495 }
496
497
498 static void php_zval_filter_recursive(zval *value, zend_long filter, zend_long flags, zval *options, char *charset, zend_bool copy)
499 {
500 if (Z_TYPE_P(value) == IS_ARRAY) {
501 zval *element;
502
503 if (Z_ARRVAL_P(value)->u.v.nApplyCount > 1) {
504 return;
505 }
506
507 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(value), element) {
508 ZVAL_DEREF(element);
509 SEPARATE_ZVAL_NOREF(element);
510 if (Z_TYPE_P(element) == IS_ARRAY) {
511 Z_ARRVAL_P(element)->u.v.nApplyCount++;
512 php_zval_filter_recursive(element, filter, flags, options, charset, copy);
513 Z_ARRVAL_P(element)->u.v.nApplyCount--;
514 } else {
515 php_zval_filter(element, filter, flags, options, charset, copy);
516 }
517 } ZEND_HASH_FOREACH_END();
518 } else {
519 php_zval_filter(value, filter, flags, options, charset, copy);
520 }
521 }
522
523
524 static zval *php_filter_get_storage(zend_long arg)
525
526 {
527 zval *array_ptr = NULL;
528
529 switch (arg) {
530 case PARSE_GET:
531 array_ptr = &IF_G(get_array);
532 break;
533 case PARSE_POST:
534 array_ptr = &IF_G(post_array);
535 break;
536 case PARSE_COOKIE:
537 array_ptr = &IF_G(cookie_array);
538 break;
539 case PARSE_SERVER:
540 if (PG(auto_globals_jit)) {
541 zend_is_auto_global_str(ZEND_STRL("_SERVER"));
542 }
543 array_ptr = &IF_G(server_array);
544 break;
545 case PARSE_ENV:
546 if (PG(auto_globals_jit)) {
547 zend_is_auto_global_str(ZEND_STRL("_ENV"));
548 }
549 array_ptr = !Z_ISUNDEF(IF_G(env_array)) ? &IF_G(env_array) : &PG(http_globals)[TRACK_VARS_ENV];
550 break;
551 case PARSE_SESSION:
552
553 php_error_docref(NULL, E_WARNING, "INPUT_SESSION is not yet implemented");
554 break;
555 case PARSE_REQUEST:
556
557 php_error_docref(NULL, E_WARNING, "INPUT_REQUEST is not yet implemented");
558 break;
559 }
560
561 return array_ptr;
562 }
563
564
565
566
567
568 PHP_FUNCTION(filter_has_var)
569 {
570 zend_long arg;
571 zend_string *var;
572 zval *array_ptr = NULL;
573
574 if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS", &arg, &var) == FAILURE) {
575 RETURN_FALSE;
576 }
577
578 array_ptr = php_filter_get_storage(arg);
579
580 if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var)) {
581 RETURN_TRUE;
582 }
583
584 RETURN_FALSE;
585 }
586
587
588 static void php_filter_call(zval *filtered, zend_long filter, zval *filter_args, const int copy, zend_long filter_flags)
589 {
590 zval *options = NULL;
591 zval *option;
592 char *charset = NULL;
593
594 if (filter_args && Z_TYPE_P(filter_args) != IS_ARRAY) {
595 zend_long lval = zval_get_long(filter_args);
596
597 if (filter != -1) {
598
599 filter_flags = lval;
600
601 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
602 filter_flags |= FILTER_REQUIRE_SCALAR;
603 }
604 } else {
605 filter = lval;
606 }
607 } else if (filter_args) {
608 if ((option = zend_hash_str_find(HASH_OF(filter_args), "filter", sizeof("filter") - 1)) != NULL) {
609 filter = zval_get_long(option);
610 }
611
612 if ((option = zend_hash_str_find(HASH_OF(filter_args), "flags", sizeof("flags") - 1)) != NULL) {
613 filter_flags = zval_get_long(option);
614
615 if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) {
616 filter_flags |= FILTER_REQUIRE_SCALAR;
617 }
618 }
619
620 if ((option = zend_hash_str_find(HASH_OF(filter_args), "options", sizeof("options") - 1)) != NULL) {
621 if (filter != FILTER_CALLBACK) {
622 if (Z_TYPE_P(option) == IS_ARRAY) {
623 options = option;
624 }
625 } else {
626 options = option;
627 filter_flags = 0;
628 }
629 }
630 }
631
632 if (Z_TYPE_P(filtered) == IS_ARRAY) {
633 if (filter_flags & FILTER_REQUIRE_SCALAR) {
634 if (copy) {
635 SEPARATE_ZVAL(filtered);
636 }
637 zval_ptr_dtor(filtered);
638 if (filter_flags & FILTER_NULL_ON_FAILURE) {
639 ZVAL_NULL(filtered);
640 } else {
641 ZVAL_FALSE(filtered);
642 }
643 return;
644 }
645 php_zval_filter_recursive(filtered, filter, filter_flags, options, charset, copy);
646 return;
647 }
648 if (filter_flags & FILTER_REQUIRE_ARRAY) {
649 if (copy) {
650 SEPARATE_ZVAL(filtered);
651 }
652 zval_ptr_dtor(filtered);
653 if (filter_flags & FILTER_NULL_ON_FAILURE) {
654 ZVAL_NULL(filtered);
655 } else {
656 ZVAL_FALSE(filtered);
657 }
658 return;
659 }
660
661 php_zval_filter(filtered, filter, filter_flags, options, charset, copy);
662 if (filter_flags & FILTER_FORCE_ARRAY) {
663 zval tmp;
664 ZVAL_COPY_VALUE(&tmp, filtered);
665 array_init(filtered);
666 add_next_index_zval(filtered, &tmp);
667 }
668 }
669
670
671 static void php_filter_array_handler(zval *input, zval *op, zval *return_value, zend_bool add_empty)
672 {
673 zend_string *arg_key;
674 zval *tmp, *arg_elm;
675
676 if (!op) {
677 zval_ptr_dtor(return_value);
678 ZVAL_DUP(return_value, input);
679 php_filter_call(return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY);
680 } else if (Z_TYPE_P(op) == IS_LONG) {
681 zval_ptr_dtor(return_value);
682 ZVAL_DUP(return_value, input);
683 php_filter_call(return_value, Z_LVAL_P(op), NULL, 0, FILTER_REQUIRE_ARRAY);
684 } else if (Z_TYPE_P(op) == IS_ARRAY) {
685 array_init(return_value);
686
687 ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(op), arg_key, arg_elm) {
688 if (arg_key == NULL) {
689 php_error_docref(NULL, E_WARNING, "Numeric keys are not allowed in the definition array");
690 zval_ptr_dtor(return_value);
691 RETURN_FALSE;
692 }
693 if (ZSTR_LEN(arg_key) == 0) {
694 php_error_docref(NULL, E_WARNING, "Empty keys are not allowed in the definition array");
695 zval_ptr_dtor(return_value);
696 RETURN_FALSE;
697 }
698 if ((tmp = zend_hash_find(Z_ARRVAL_P(input), arg_key)) == NULL) {
699 if (add_empty) {
700 add_assoc_null_ex(return_value, ZSTR_VAL(arg_key), ZSTR_LEN(arg_key));
701 }
702 } else {
703 zval nval;
704 ZVAL_DEREF(tmp);
705 ZVAL_DUP(&nval, tmp);
706 php_filter_call(&nval, -1, arg_elm, 0, FILTER_REQUIRE_SCALAR);
707 zend_hash_update(Z_ARRVAL_P(return_value), arg_key, &nval);
708 }
709 } ZEND_HASH_FOREACH_END();
710 } else {
711 RETURN_FALSE;
712 }
713 }
714
715
716
717
718
719 PHP_FUNCTION(filter_input)
720 {
721 zend_long fetch_from, filter = FILTER_DEFAULT;
722 zval *filter_args = NULL, *tmp;
723 zval *input = NULL;
724 zend_string *var;
725
726 if (zend_parse_parameters(ZEND_NUM_ARGS(), "lS|lz", &fetch_from, &var, &filter, &filter_args) == FAILURE) {
727 return;
728 }
729
730 if (!PHP_FILTER_ID_EXISTS(filter)) {
731 RETURN_FALSE;
732 }
733
734 input = php_filter_get_storage(fetch_from);
735
736 if (!input || !HASH_OF(input) || (tmp = zend_hash_find(HASH_OF(input), var)) == NULL) {
737 zend_long filter_flags = 0;
738 zval *option, *opt, *def;
739 if (filter_args) {
740 if (Z_TYPE_P(filter_args) == IS_LONG) {
741 filter_flags = Z_LVAL_P(filter_args);
742 } else if (Z_TYPE_P(filter_args) == IS_ARRAY && (option = zend_hash_str_find(HASH_OF(filter_args), "flags", sizeof("flags") - 1)) != NULL) {
743 filter_flags = zval_get_long(option);
744 }
745 if (Z_TYPE_P(filter_args) == IS_ARRAY &&
746 (opt = zend_hash_str_find(HASH_OF(filter_args), "options", sizeof("options") - 1)) != NULL &&
747 Z_TYPE_P(opt) == IS_ARRAY &&
748 (def = zend_hash_str_find(HASH_OF(opt), "default", sizeof("default") - 1)) != NULL) {
749 ZVAL_COPY(return_value, def);
750 return;
751 }
752 }
753
754
755
756
757
758
759 if (filter_flags & FILTER_NULL_ON_FAILURE) {
760 RETURN_FALSE;
761 } else {
762 RETURN_NULL();
763 }
764 }
765
766 ZVAL_DUP(return_value, tmp);
767
768 php_filter_call(return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR);
769 }
770
771
772
773
774
775 PHP_FUNCTION(filter_var)
776 {
777 zend_long filter = FILTER_DEFAULT;
778 zval *filter_args = NULL, *data;
779
780 if (zend_parse_parameters(ZEND_NUM_ARGS(), "z/|lz", &data, &filter, &filter_args) == FAILURE) {
781 return;
782 }
783
784 if (!PHP_FILTER_ID_EXISTS(filter)) {
785 RETURN_FALSE;
786 }
787
788 ZVAL_DUP(return_value, data);
789
790 php_filter_call(return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR);
791 }
792
793
794
795
796
797 PHP_FUNCTION(filter_input_array)
798 {
799 zend_long fetch_from;
800 zval *array_input = NULL, *op = NULL;
801 zend_bool add_empty = 1;
802
803 if (zend_parse_parameters(ZEND_NUM_ARGS(), "l|zb", &fetch_from, &op, &add_empty) == FAILURE) {
804 return;
805 }
806
807 if (op && (Z_TYPE_P(op) != IS_ARRAY) && !(Z_TYPE_P(op) == IS_LONG && PHP_FILTER_ID_EXISTS(Z_LVAL_P(op)))) {
808 RETURN_FALSE;
809 }
810
811 array_input = php_filter_get_storage(fetch_from);
812
813 if (!array_input || !HASH_OF(array_input)) {
814 zend_long filter_flags = 0;
815 zval *option;
816 if (op) {
817 if (Z_TYPE_P(op) == IS_LONG) {
818 filter_flags = Z_LVAL_P(op);
819 } else if (Z_TYPE_P(op) == IS_ARRAY && (option = zend_hash_str_find(HASH_OF(op), "flags", sizeof("flags") - 1)) != NULL) {
820 filter_flags = zval_get_long(option);
821 }
822 }
823
824
825
826
827
828
829 if (filter_flags & FILTER_NULL_ON_FAILURE) {
830 RETURN_FALSE;
831 } else {
832 RETURN_NULL();
833 }
834 }
835
836 php_filter_array_handler(array_input, op, return_value, add_empty);
837 }
838
839
840
841
842
843 PHP_FUNCTION(filter_var_array)
844 {
845 zval *array_input = NULL, *op = NULL;
846 zend_bool add_empty = 1;
847
848 if (zend_parse_parameters(ZEND_NUM_ARGS(), "a|zb", &array_input, &op, &add_empty) == FAILURE) {
849 return;
850 }
851
852 if (op && (Z_TYPE_P(op) != IS_ARRAY) && !(Z_TYPE_P(op) == IS_LONG && PHP_FILTER_ID_EXISTS(Z_LVAL_P(op)))) {
853 RETURN_FALSE;
854 }
855
856 php_filter_array_handler(array_input, op, return_value, add_empty);
857 }
858
859
860
861
862 PHP_FUNCTION(filter_list)
863 {
864 int i, size = sizeof(filter_list) / sizeof(filter_list_entry);
865
866 if (zend_parse_parameters_none() == FAILURE) {
867 return;
868 }
869
870 array_init(return_value);
871 for (i = 0; i < size; ++i) {
872 add_next_index_string(return_value, (char *)filter_list[i].name);
873 }
874 }
875
876
877
878
879 PHP_FUNCTION(filter_id)
880 {
881 int i;
882 size_t filter_len;
883 int size = sizeof(filter_list) / sizeof(filter_list_entry);
884 char *filter;
885
886 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s", &filter, &filter_len) == FAILURE) {
887 return;
888 }
889
890 for (i = 0; i < size; ++i) {
891 if (strcmp(filter_list[i].name, filter) == 0) {
892 RETURN_LONG(filter_list[i].id);
893 }
894 }
895
896 RETURN_FALSE;
897 }
898
899
900
901
902
903
904
905
906
907