clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 10:27:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
9c1960c398
php-src/ext/filter/filter.c
Rasmus Lerdorf 06aede5b5d Filter skeleton code. No actual filters yet.
2005-02-23 22:41:43 +00:00

536 lines
15 KiB
C
Raw Blame History

/*
$Id$
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "php.h"
#include "php_ini.h"
#include "ext/standard/info.h"
#include "ext/standard/php_string.h"
#include "php_variables.h"
#include "filter.h"
ZEND_DECLARE_MODULE_GLOBALS(filter)
#ifndef PARSE_ENV
#define PARSE_ENV 4
#endif
#ifndef PARSE_SERVER
#define PARSE_SERVER 5
#endif
/* {{{ filter_functions[]
*/
function_entry filter_functions[] = {
PHP_FE(filter, NULL)
{NULL, NULL, NULL}
};
/* }}} */
/* {{{ filter_module_entry
*/
zend_module_entry filter_module_entry = {
#if ZEND_MODULE_API_NO >= 20010901
STANDARD_MODULE_HEADER,
#endif
"filter",
filter_functions,
PHP_MINIT(filter),
PHP_MSHUTDOWN(filter),
NULL,
PHP_RSHUTDOWN(filter),
PHP_MINFO(filter),
"0.1",
STANDARD_MODULE_PROPERTIES
};
/* }}} */
#ifdef COMPILE_DL_FILTER
ZEND_GET_MODULE(filter)
#endif
/* {{{ UpdateDefaultFilter
*/
static PHP_INI_MH(UpdateDefaultFilter) {
if(!strcasecmp(new_value, "notags")) {
IF_G(default_filter) = NOTAGS;
}
else
if(!strcasecmp(new_value, "raw")) {
IF_G(default_filter) = F_UNSAFE_RAW;
}
return SUCCESS;
}
/* }}} */
/* {{{ PHP_INI
*/
PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("filter.default", "notags", PHP_INI_ALL, UpdateDefaultFilter, default_filter, zend_filter_globals, filter_globals)
PHP_INI_END()
/* }}} */
/* {{{ php_filter_init_globals
*/
static void php_filter_init_globals(zend_filter_globals *filter_globals)
{
filter_globals->post_array = NULL;
filter_globals->get_array = NULL;
filter_globals->cookie_array = NULL;
filter_globals->env_array = NULL;
filter_globals->server_array = NULL;
filter_globals->default_filter = NOTAGS;
}
/* }}} */
#define PARSE_REQUEST 99
/* {{{ PHP_MINIT_FUNCTION
*/
PHP_MINIT_FUNCTION(filter)
{
ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);
REGISTER_INI_ENTRIES();
REGISTER_LONG_CONSTANT("FILTER_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_COOK_LOW", FILTER_FLAG_COOK_LOW, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_COOK_HIGH", FILTER_FLAG_COOK_HIGH, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SIGN", FILTER_FLAG_ALLOW_SIGN, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_HTML_NO_TAGS", FILTER_HTML_NO_TAGS, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", F_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_STRIPPED", F_STRIPPED, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_COOKED", F_COOKED, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_HTML", F_HTML, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_EMAIL", F_EMAIL, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_URL", F_URL, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_NUMBER", F_NUMBER, CONST_CS | CONST_PERSISTENT);
sapi_register_input_filter(php_sapi_filter);
return SUCCESS;
}
/* }}} */
/* {{{ PHP_MSHUTDOWN_FUNCTION
*/
PHP_MSHUTDOWN_FUNCTION(filter)
{
UNREGISTER_INI_ENTRIES();
return SUCCESS;
}
/* }}} */
/* {{{ PHP_RSHUTDOWN_FUNCTION
*/
PHP_RSHUTDOWN_FUNCTION(filter)
{
if(IF_G(get_array)) {
zval_ptr_dtor(&IF_G(get_array));
IF_G(get_array) = NULL;
}
if(IF_G(post_array)) {
zval_ptr_dtor(&IF_G(post_array));
IF_G(post_array) = NULL;
}
if(IF_G(cookie_array)) {
zval_ptr_dtor(&IF_G(cookie_array));
IF_G(cookie_array) = NULL;
}
if(IF_G(env_array)) {
zval_ptr_dtor(&IF_G(env_array));
IF_G(env_array) = NULL;
}
if(IF_G(server_array)) {
zval_ptr_dtor(&IF_G(server_array));
IF_G(server_array) = NULL;
}
return SUCCESS;
}
/* }}} */
/* {{{ PHP_MINFO_FUNCTION
*/
PHP_MINFO_FUNCTION(filter)
{
char tmp[256];
php_info_print_table_start();
php_info_print_table_row( 2, "PHP extension for Input Validation and Filtering", "enabled" );
php_info_print_table_row( 2, "Revision", "$Revision$");
sprintf(tmp, "%d",IF_G(default_filter));
php_info_print_table_row( 2, "default_filter", tmp);
php_info_print_table_end();
DISPLAY_INI_ENTRIES();
}
/* }}} */
/* {{{ php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned *new_val_len)
*/
unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC)
{
zval new_var;
zval *array_ptr = NULL;
char *raw_var, *out;
int var_len, res, ol, out_len;
assert(*val != NULL);
if(IF_G(default_filter)==F_UNSAFE_RAW) return(val_len);
switch(arg) {
case PARSE_GET:
if(!IF_G(get_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
IF_G(get_array) = array_ptr;
}
else {
array_ptr = IF_G(get_array);
}
break;
case PARSE_POST:
if(!IF_G(post_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
IF_G(post_array) = array_ptr;
}
else {
array_ptr = IF_G(post_array);
}
break;
case PARSE_COOKIE:
if(!IF_G(cookie_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
IF_G(cookie_array) = array_ptr;
}
else {
array_ptr = IF_G(cookie_array);
}
break;
case PARSE_ENV:
if(!IF_G(env_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
IF_G(env_array) = array_ptr;
}
else {
array_ptr = IF_G(env_array);
}
break;
case PARSE_SERVER:
if(!IF_G(server_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
IF_G(server_array) = array_ptr;
}
else {
array_ptr = IF_G(server_array);
}
break;
}
Z_STRLEN(new_var) = val_len;
Z_STRVAL(new_var) = estrndup(*val, val_len);
Z_TYPE(new_var) = IS_STRING;
var_len = strlen(var);
raw_var = emalloc(var_len+5); /* RAW_ and a \0 */
strcpy(raw_var, "RAW_");
strlcat(raw_var,var,var_len+5);
php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC);
ol = 0;
out_len = val_len * 2;
if(!out_len) out = estrdup("");
else out = emalloc(out_len);
while((res = php_filter_get_html(*val, val_len, out, &out_len, FILTER_HTML_NO_TAGS, FILTER_FLAG_ENCODE_AMP, NULL)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol; /* Just in case we don't actually get the right out_len for some reason */
out = emalloc(out_len);
}
*val = out;
#if PHP_API_VERSION > 20041224
if(new_val_len) *new_val_len = out_len?out_len-1:0;
#endif
return(out_len?out_len-1:0);
}
/* }}} */
/* {{{ static void filter_recursive(zval *array, long filter, long flags, char *charset TSRMLS_DC)
*/
static void filter_recursive(zval *array, long filter, long flags, char *charset TSRMLS_DC)
{
zval **element;
HashPosition pos;
int out_len, res, ol=0; /* Yes, ol should start at 0 here because the filter returns the right length */
char *out;
if (Z_TYPE_P(array) == IS_ARRAY) {
for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(array), &pos);
zend_hash_get_current_data_ex(Z_ARRVAL_P(array), (void **) &element, &pos) == SUCCESS;
zend_hash_move_forward_ex(Z_ARRVAL_P(array), &pos)) {
filter_recursive(*element, filter, flags, charset TSRMLS_CC);
}
} else if(Z_STRLEN_P(array)) {
switch(filter) {
case F_STRIPPED:
out_len = Z_STRLEN_P(array) + 1;
out = emalloc(out_len);
while((res = php_filter_get_stripped(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol;
out = emalloc(out_len);
}
efree(Z_STRVAL_P(array));
Z_STRVAL_P(array) = out;
Z_STRLEN_P(array) = out_len - 1;
break;
case F_COOKED:
out_len = Z_STRLEN_P(array) * 2;
out = emalloc(out_len);
while((res = php_filter_get_cooked(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol;
out = emalloc(out_len);
}
efree(Z_STRVAL_P(array));
Z_STRVAL_P(array) = out;
Z_STRLEN_P(array) = out_len - 1;
break;
case F_EMAIL:
out_len = Z_STRLEN_P(array) + 1;
out = emalloc(out_len);
while((res = php_filter_get_email(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol;
out = emalloc(out_len);
}
if(res==FILTER_RESULT_BAD_IN) { Z_TYPE_P(array) = IS_BOOL; Z_LVAL_P(array) = 0; }
else {
efree(Z_STRVAL_P(array));
Z_STRVAL_P(array) = out;
Z_STRLEN_P(array) = out_len - 1;
}
break;
case F_URL:
out_len = Z_STRLEN_P(array) + 1;
out = emalloc(out_len);
while((res = php_filter_get_url(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol;
out = emalloc(out_len);
}
if(res==FILTER_RESULT_BAD_IN) { Z_TYPE_P(array) = IS_BOOL; Z_LVAL_P(array) = 0; }
else {
efree(Z_STRVAL_P(array));
Z_STRVAL_P(array) = out;
Z_STRLEN_P(array) = out_len - 1;
}
break;
case F_NUMBER:
out_len = Z_STRLEN_P(array) + 1;
out = emalloc(out_len);
while((res = php_filter_get_number(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol;
out = emalloc(out_len);
}
if(res==FILTER_RESULT_BAD_IN) { Z_TYPE_P(array) = IS_BOOL; Z_LVAL_P(array) = 0; }
else {
efree(Z_STRVAL_P(array));
Z_STRVAL_P(array) = out;
Z_STRLEN_P(array) = out_len - 1;
}
break;
case F_NOTAGS:
default:
out_len = Z_STRLEN_P(array) + 1;
out = emalloc(out_len);
while((res = php_filter_get_html(Z_STRVAL_P(array), Z_STRLEN_P(array), out, &out_len, FILTER_HTML_NO_TAGS, flags, charset)) == FILTER_RESULT_OUTLEN_SMALL) {
efree(out);
ol++;
out_len *= ol;
out = emalloc(out_len);
}
efree(Z_STRVAL_P(array));
Z_STRVAL_P(array) = out;
Z_STRLEN_P(array) = out_len - 1;
}
}
}
/* }}} */
/* {{{ filter(constant type, string variable_name [, int filter [, int flags [, string charset]]])
*/
PHP_FUNCTION(filter)
{
long arg, filter = F_NOTAGS, flags = 0;
char *var;
int var_len, charset_len, found = 0;
int argc = ZEND_NUM_ARGS();
zval **tmp;
zval *array_ptr = NULL, *array_ptr2 = NULL, *array_ptr3 = NULL;
HashTable *hash_ptr;
char *raw_var, *charset = NULL;
if(zend_parse_parameters(argc TSRMLS_CC, "ls|lls", &arg, &var, &var_len, &filter, &flags, &charset, &charset_len) == FAILURE) {
return;
}
switch(arg) {
case PARSE_GET:
if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(get_array);
else array_ptr = PG(http_globals)[TRACK_VARS_GET];
break;
case PARSE_POST:
if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(post_array);
else array_ptr = PG(http_globals)[TRACK_VARS_POST];
break;
case PARSE_COOKIE:
if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(cookie_array);
else array_ptr = PG(http_globals)[TRACK_VARS_COOKIE];
break;
case PARSE_ENV:
if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(env_array);
else array_ptr = PG(http_globals)[TRACK_VARS_ENV];
break;
case PARSE_SERVER:
if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(server_array);
else array_ptr = PG(http_globals)[TRACK_VARS_SERVER];
break;
case PARSE_REQUEST:
if (PG(variables_order)) {
zval **a_ptr = &array_ptr;
char *p, *variables_order = PG(variables_order);
for (p=variables_order; p && *p; p++) {
switch(*p) {
case 'p':
case 'P':
if(IF_G(default_filter)!=F_UNSAFE_RAW) *a_ptr = IF_G(post_array);
else *a_ptr = PG(http_globals)[TRACK_VARS_POST];
break;
case 'g':
case 'G':
if(IF_G(default_filter)!=F_UNSAFE_RAW) *a_ptr = IF_G(get_array);
else *a_ptr = PG(http_globals)[TRACK_VARS_GET];
break;
case 'c':
case 'C':
if(IF_G(default_filter)!=F_UNSAFE_RAW) *a_ptr = IF_G(cookie_array);
else *a_ptr = PG(http_globals)[TRACK_VARS_COOKIE];
break;
}
if(array_ptr && !array_ptr2) { a_ptr = &array_ptr2; continue; }
if(array_ptr2 && !array_ptr3) { a_ptr = &array_ptr3; }
}
} else {
if(IF_G(default_filter)!=F_UNSAFE_RAW) array_ptr = IF_G(get_array);
else array_ptr = PG(http_globals)[TRACK_VARS_GET];
break;
}
}
if(!array_ptr) RETURN_FALSE;
if(IF_G(default_filter)!=F_UNSAFE_RAW) {
/*
* I'm changing the variable name here because when running with register_globals on,
* the variable will end up in the global symbol table and I am using that var name
* in the internal raw storage arrays as well.
*/
var_len += 5;
raw_var = emalloc(var_len); /* RAW_ and a \0 */
strcpy(raw_var, "RAW_");
strlcat(raw_var,var,var_len);
} else {
raw_var = var;
var_len++;
}
if(array_ptr3) {
hash_ptr = HASH_OF(array_ptr3);
if(hash_ptr && zend_hash_find(hash_ptr, raw_var, var_len, (void **)&tmp) == SUCCESS) {
*return_value = **tmp;
found = 1;
}
}
if(array_ptr2 && !found) {
hash_ptr = HASH_OF(array_ptr2);
if(hash_ptr && zend_hash_find(hash_ptr, raw_var, var_len, (void **)&tmp) == SUCCESS) {
*return_value = **tmp;
found = 1;
}
}
if(!found) {
hash_ptr = HASH_OF(array_ptr);
if(hash_ptr && zend_hash_find(hash_ptr, raw_var, var_len, (void **)&tmp) == SUCCESS) {
*return_value = **tmp;
found = 1;
}
}
if(found) {
zval_copy_ctor(return_value); /* Watch out for empty strings */
if(filter != F_UNSAFE_RAW) {
filter_recursive(return_value, filter, flags, charset);
}
} else {
RETVAL_FALSE;
}
if(IF_G(default_filter)!=F_UNSAFE_RAW) {
efree(raw_var);
}
}
/* }}} */
/*
* Local variables:
* tab-width: 4
* c-basic-offset: 4
* End:
vim600: noet sw=4 ts=4 fdm=marker
* vim<600: noet sw=4 ts=4
*/
Reference in New Issue View Git Blame Copy Permalink