Add eventual escaping for phpdbg arguments

2024-09-21 18:07:23 +00:00 · 2015-09-18 00:50:08 +02:00 · 2015-09-18 00:50:08 +02:00 · 5b8981f12e
commit 5b8981f12e
parent adcabcc125
3 changed files with 1038 additions and 689 deletions
--- a/sapi/phpdbg/phpdbg_cmd.c
+++ b/sapi/phpdbg/phpdbg_cmd.c
@ -729,8 +729,9 @@ PHPDBG_API int phpdbg_stack_execute(phpdbg_param_t *stack, zend_bool allow_async

 	do {
 		if (top->type == STACK_PARAM) {
-			if (phpdbg_internal_stack_execute(top, allow_async_unsafe) == FAILURE) {
-				return FAILURE;
+			int result;
+			if ((result = phpdbg_internal_stack_execute(top, allow_async_unsafe)) != SUCCESS) {
+				return result;
 			}
 		}
 	} while ((top = top->next));
--- a/sapi/phpdbg/phpdbg_lexer.c
+++ b/sapi/phpdbg/phpdbg_lexer.c
--- a/sapi/phpdbg/phpdbg_lexer.l
+++ b/sapi/phpdbg/phpdbg_lexer.l
@ -37,6 +37,25 @@ void phpdbg_init_lexer (phpdbg_param_t *stack, char *input) {
 	LEX(len) = strlen(input);
 }

+static int unescape_string(char *s) {
+	switch (*s) {
+		case '\'':
+		case '\"': {
+			char start = *s;
+			size_t off = 1;
+			do {
+				if (s[off] == '\\') {
+					off++;
+				}
+				*s = s[off];
+			} while ((++s)[off] != start);
+			return off + 1;
+		}
+	}
+
+	return 0;
+}
+
 int phpdbg_lex (phpdbg_param_t* yylval) {

 restart:
@ -60,10 +79,10 @@ T_RUN_SHORT "r"
 WS          [ \r\t]+
 DIGITS      [-]?[0-9\.]+
 ID          [^ \r\n\t:#\000]+
-GENERIC_ID  ([^ \r\n\t:#\000]|":\\")+
+GENERIC_ID  ([^ \r\n\t:#\000"']|":\\")+|["]([^\n\000"\\]|"\\\\"|"\\"["])+["]|[']([^\n\000'\\]|"\\\\"|"\\"['])+[']
 ADDR        [0][x][a-fA-F0-9]+
 OPCODE      (ZEND_|zend_)([A-Za-z])+
-INPUT       [^\n\000#]+
+INPUT       ([^\n\000#"']|["]([^\n\000"\\]|"\\\\"|"\\"["])+["]|[']([^\n\000'\\]|"\\\\"|"\\"['])+['])+

 <!*> := yyleng = (size_t) YYCURSOR - (size_t) yytext;

@ -141,14 +160,14 @@ INPUT       [^\n\000#]+

 <NORMAL>{GENERIC_ID} {
 	phpdbg_init_param(yylval, STR_PARAM);
-	yylval->str = estrndup(yytext, yyleng);
+	yylval->str = estrndup(yytext, yyleng - unescape_string(yytext));
 	yylval->len = yyleng;
 	return T_ID;
 }

 <RAW>{INPUT} {
 	phpdbg_init_param(yylval, STR_PARAM);
-	yylval->str = estrndup(yytext, yyleng);
+	yylval->str = estrndup(yytext, yyleng - unescape_string(yytext));
 	yylval->len = yyleng;
 	return T_INPUT;
 }