/* $Id$ */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include "php.h" #include "php_ini.h" #include "ext/standard/info.h" #include "ext/standard/php_string.h" #include "php_variables.h" #include "filter.h" ZEND_DECLARE_MODULE_GLOBALS(filter) #ifndef PARSE_ENV #define PARSE_ENV 4 #endif #ifndef PARSE_SERVER #define PARSE_SERVER 5 #endif /* {{{ filter_functions[] */ function_entry filter_functions[] = { PHP_FE(filter, NULL) {NULL, NULL, NULL} }; /* }}} */ /* {{{ filter_module_entry */ zend_module_entry filter_module_entry = { #if ZEND_MODULE_API_NO >= 20010901 STANDARD_MODULE_HEADER, #endif "filter", filter_functions, PHP_MINIT(filter), PHP_MSHUTDOWN(filter), NULL, PHP_RSHUTDOWN(filter), PHP_MINFO(filter), "0.1", STANDARD_MODULE_PROPERTIES }; /* }}} */ #ifdef COMPILE_DL_FILTER ZEND_GET_MODULE(filter) #endif /* {{{ UpdateDefaultFilter */ static PHP_INI_MH(UpdateDefaultFilter) { if(!strcasecmp(new_value, "notags")) { IF_G(default_filter) = NOTAGS; } else if(!strcasecmp(new_value, "raw")) { IF_G(default_filter) = F_UNSAFE_RAW; } return SUCCESS; } /* }}} */ /* {{{ PHP_INI */ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("filter.default", "notags", PHP_INI_ALL, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals) PHP_INI_END() /* }}} */ /* {{{ php_filter_init_globals */ static void php_filter_init_globals(zend_filter_globals *filter_globals) { filter_globals->post_array = NULL; filter_globals->get_array = NULL; filter_globals->cookie_array = NULL; filter_globals->env_array = NULL; filter_globals->server_array = NULL; filter_globals->default_filter = NOTAGS; } /* }}} */ #define PARSE_REQUEST 99 /* {{{ PHP_MINIT_FUNCTION */ PHP_MINIT_FUNCTION(filter) { ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL); REGISTER_INI_ENTRIES(); REGISTER_LONG_CONSTANT("FILTER_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_COOK_LOW", FILTER_FLAG_COOK_LOW, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_COOK_HIGH", FILTER_FLAG_COOK_HIGH, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SIGN", FILTER_FLAG_ALLOW_SIGN, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_HTML_NO_TAGS", FILTER_HTML_NO_TAGS, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", F_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_STRIPPED", F_STRIPPED, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_COOKED", F_COOKED, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_HTML", F_HTML, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_EMAIL", F_EMAIL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_URL", F_URL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_NUMBER", F_NUMBER, CONST_CS | CONST_PERSISTENT); sapi_register_input_filter(php_sapi_filter); return SUCCESS; } /* }}} */ /* {{{ PHP_MSHUTDOWN_FUNCTION */ PHP_MSHUTDOWN_FUNCTION(filter) { UNREGISTER_INI_ENTRIES(); return SUCCESS; } /* }}} */ /* {{{ PHP_RSHUTDOWN_FUNCTION */ PHP_RSHUTDOWN_FUNCTION(filter) { if(IF_G(get_array)) { zval_ptr_dtor(&IF_G(get_array)); IF_G(get_array) = NULL; } if(IF_G(post_array)) { zval_ptr_dtor(&IF_G(post_array)); IF_G(post_array) = NULL; } if(IF_G(cookie_array)) { zval_ptr_dtor(&IF_G(cookie_array)); IF_G(cookie_array) = NULL; } if(IF_G(env_array)) { zval_ptr_dtor(&IF_G(env_array)); IF_G(env_array) = NULL; } if(IF_G(server_array)) { zval_ptr_dtor(&IF_G(server_array)); IF_G(server_array) = NULL; } return SUCCESS; } /* }}} */ /* {{{ PHP_MINFO_FUNCTION */ PHP_MINFO_FUNCTION(filter) { char tmp[256]; php_info_print_table_start(); php_info_print_table_row( 2, "PHP extension for Input Validation and Filtering", "enabled" ); php_info_print_table_row( 2, "Revision", "$Revision$"); sprintf(tmp, "%d",IF_G(default_filter)); php_info_print_table_row( 2, "default_filter", tmp); php_info_print_table_end(); DISPLAY_INI_ENTRIES(); } /* }}} */ /* {{{ php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned *new_val_len) */ unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC) { zval new_var; zval *array_ptr = NULL; char *raw_var, *out; int var_len, res, ol, out_len; assert(*val != NULL); if(IF_G(default_filter)==F_UNSAFE_RAW) return(val_len); switch(arg) { case PARSE_GET: if(!IF_G(get_array)) { ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); IF_G(get_array) = array_ptr; } else { array_ptr = IF_G(get_array); } break; case PARSE_POST: if(!IF_G(post_array)) { ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); IF_G(post_array) = array_ptr; } else { array_ptr = IF_G(post_array); } break; case PARSE_COOKIE: if(!IF_G(cookie_array)) { ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); IF_G(cookie_array) = array_ptr; } else { array_ptr = IF_G(cookie_array); } break; case PARSE_ENV: if(!IF_G(env_array)) { ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); IF_G(env_array) = array_ptr; } else { array_ptr = IF_G(env_array); } break; case PARSE_SERVER: if(!IF_G(server_array)) { ALLOC_ZVAL(array_ptr); array_init(array_ptr); INIT_PZVAL(array_ptr); IF_G(server_array) = array_ptr; } else { array_ptr = IF_G(server_array); } break; } Z_STRLEN(new_var) = val_len; Z_STRVAL(new_var) = estrndup(*val, val_len); Z_TYPE(new_var) = IS_STRING; var_len = strlen(var); raw_var = emalloc(var_len+5); /* RAW_ and a \0 */ strcpy(raw_var, "RAW_"); strlcat(raw_var,var,var_len+5); php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC); ol = 0; out_len = val_len * 2; if(!out_len) out = estrdup(""); else out = emalloc(out_len); while((res = php_filter_get_html(*val, val_len, out, &out_len, FILTER_HTML_NO_TAGS, FILTER_FLAG_ENCODE_AMP, NULL)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; /* Just in case we don't actually get the right out_len for some reason */ out = emalloc(out_len); } *val = out; #if PHP_API_VERSION > 20041224 if(new_val_len) *new_val_len = out_len?out_len-1:0; #endif return(out_len?out_len-1:0); } /* }}} */ /* {{{ static void filter_recursive(zval *array, long filter, long flags, char *charset TSRMLS_DC) */ static void filter_recursive(zval *array, long filter, long flags, char *charset TSRMLS_DC) { zval **element; HashPosition pos; int out_len, res, ol=0; /* Yes, ol should start at 0 here because the filter returns the right length */ char *out; if (Z_TYPE_P(array) == IS_ARRAY) { for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(array), &pos); zend_hash_get_current_data_ex(Z_ARRVAL_P(array), (void **) &element, &pos) == SUCCESS; zend_hash_move_forward_ex(Z_ARRVAL_P(array), &pos)) { filter_recursive(*element, filter, flags, charset TSRMLS_CC); } } else if(Z_STRLEN_P(array)) { switch(filter) { case F_STRIPPED: out_len = Z_STRLEN_P(array) + 1; out = emalloc(out_len); while((res = php_filter_get_stripped(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; out = emalloc(out_len); } efree(Z_STRVAL_P(array)); Z_STRVAL_P(array) = out; Z_STRLEN_P(array) = out_len - 1; break; case F_COOKED: out_len = Z_STRLEN_P(array) * 2; out = emalloc(out_len); while((res = php_filter_get_cooked(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; out = emalloc(out_len); } efree(Z_STRVAL_P(array)); Z_STRVAL_P(array) = out; Z_STRLEN_P(array) = out_len - 1; break; case F_EMAIL: out_len = Z_STRLEN_P(array) + 1; out = emalloc(out_len); while((res = php_filter_get_email(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; out = emalloc(out_len); } if(res==FILTER_RESULT_BAD_IN) { Z_TYPE_P(array) = IS_BOOL; Z_LVAL_P(array) = 0; } else { efree(Z_STRVAL_P(array)); Z_STRVAL_P(array) = out; Z_STRLEN_P(array) = out_len - 1; } break; case F_URL: out_len = Z_STRLEN_P(array) + 1; out = emalloc(out_len); while((res = php_filter_get_url(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; out = emalloc(out_len); } if(res==FILTER_RESULT_BAD_IN) { Z_TYPE_P(array) = IS_BOOL; Z_LVAL_P(array) = 0; } else { efree(Z_STRVAL_P(array)); Z_STRVAL_P(array) = out; Z_STRLEN_P(array) = out_len - 1; } break; case F_NUMBER: out_len = Z_STRLEN_P(array) + 1; out = emalloc(out_len); while((res = php_filter_get_number(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; out = emalloc(out_len); } if(res==FILTER_RESULT_BAD_IN) { Z_TYPE_P(array) = IS_BOOL; Z_LVAL_P(array) = 0; } else { efree(Z_STRVAL_P(array)); Z_STRVAL_P(array) = out; Z_STRLEN_P(array) = out_len - 1; } break; case F_NOTAGS: default: out_len = Z_STRLEN_P(array) + 1; out = emalloc(out_len); while((res = php_filter_get_html(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, FILTER_HTML_NO_TAGS, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) { efree(out); ol++; out_len *= ol; out = emalloc(out_len); } efree(Z_STRVAL_P(array)); Z_STRVAL_P(array) = out; Z_STRLEN_P(array) = out_len - 1; } } } /* }}} */ /* {{{ filter(constant type, string variable_name [, int filter [, int flags [, string charset]]]) */ PHP_FUNCTION(filter) { long arg, filter = F_NOTAGS, flags = 0; char *var; int var_len, charset_len, found = 0; int argc = ZEND_NUM_ARGS(); zval **tmp; zval *array_ptr = NULL, *array_ptr2 = NULL, *array_ptr3 = NULL; HashTable *hash_ptr; char *raw_var, *charset = NULL; if(zend_parse_parameters(argc TSRMLS_CC, "ls|lls", &arg, &var, &var_len, &filter, &flags, &charset, &charset_len) == FAILURE) { return; } switch(arg) { case PARSE_GET: if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(get_array); else array_ptr = PG(http_globals)[TRACK_VARS_GET]; break; case PARSE_POST: if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(post_array); else array_ptr = PG(http_globals)[TRACK_VARS_POST]; break; case PARSE_COOKIE: if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(cookie_array); else array_ptr = PG(http_globals)[TRACK_VARS_COOKIE]; break; case PARSE_ENV: if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(env_array); else array_ptr = PG(http_globals)[TRACK_VARS_ENV]; break; case PARSE_SERVER: if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(server_array); else array_ptr = PG(http_globals)[TRACK_VARS_SERVER]; break; case PARSE_REQUEST: if (PG(variables_order)) { zval **a_ptr = &array_ptr; char *p, *variables_order = PG(variables_order); for (p=variables_order; p && *p; p++) { switch(*p) { case 'p': case 'P': if(IF_G(default_filter)!=F_UNSAFE_RAW) *a_ptr = IF_G(post_array); else *a_ptr = PG(http_globals)[TRACK_VARS_POST]; break; case 'g': case 'G': if(IF_G(default_filter)!=F_UNSAFE_RAW) *a_ptr = IF_G(get_array); else *a_ptr = PG(http_globals)[TRACK_VARS_GET]; break; case 'c': case 'C': if(IF_G(default_filter)!=F_UNSAFE_RAW) *a_ptr = IF_G(cookie_array); else *a_ptr = PG(http_globals)[TRACK_VARS_COOKIE]; break; } if(array_ptr && !array_ptr2) { a_ptr = &array_ptr2; continue; } if(array_ptr2 && !array_ptr3) { a_ptr = &array_ptr3; } } } else { if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(get_array); else array_ptr = PG(http_globals)[TRACK_VARS_GET]; break; } } if(!array_ptr) RETURN_FALSE; if(IF_G(default_filter)!=F_UNSAFE_RAW) { /* * I'm changing the variable name here because when running with register_globals on, * the variable will end up in the global symbol table and I am using that var name * in the internal raw storage arrays as well. */ var_len += 5; raw_var = emalloc(var_len); /* RAW_ and a \0 */ strcpy(raw_var, "RAW_"); strlcat(raw_var,var,var_len); } else { raw_var = var; var_len++; } if(array_ptr3) { hash_ptr = HASH_OF(array_ptr3); if(hash_ptr && zend_hash_find(hash_ptr, raw_var, var_len, (void **)&tmp) == SUCCESS) { *return_value = **tmp; found = 1; } } if(array_ptr2 && !found) { hash_ptr = HASH_OF(array_ptr2); if(hash_ptr && zend_hash_find(hash_ptr, raw_var, var_len, (void **)&tmp) == SUCCESS) { *return_value = **tmp; found = 1; } } if(!found) { hash_ptr = HASH_OF(array_ptr); if(hash_ptr && zend_hash_find(hash_ptr, raw_var, var_len, (void **)&tmp) == SUCCESS) { *return_value = **tmp; found = 1; } } if(found) { zval_copy_ctor(return_value); /* Watch out for empty strings */ if(filter != F_UNSAFE_RAW) { filter_recursive(return_value, filter, flags, charset); } } else { RETVAL_FALSE; } if(IF_G(default_filter)!=F_UNSAFE_RAW) { efree(raw_var); } } /* }}} */ /* * Local variables: * tab-width: 4 * c-basic-offset: 4 * End: vim600: noet sw=4 ts=4 fdm=marker * vim<600: noet sw=4 ts=4 */