static void litespeed_php_import_environment_variables(zval *array_ptr)
{
char buf[128];
char **env, *p, *t = buf;
size_t alloc_size = sizeof(buf);
unsigned long nlen; /* ptrdiff_t is not portable */
if (Z_TYPE(PG(http_globals)[TRACK_VARS_ENV]) == IS_ARRAY &&
Z_ARR_P(array_ptr) != Z_ARR(PG(http_globals)[TRACK_VARS_ENV]) &&
zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_ENV])) > 0
) {
zend_array_destroy(Z_ARR_P(array_ptr));
Z_ARR_P(array_ptr) = zend_array_dup(Z_ARR(PG(http_globals)[TRACK_VARS_ENV]));
return;
} else if (Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY &&
Z_ARR_P(array_ptr) != Z_ARR(PG(http_globals)[TRACK_VARS_SERVER]) &&
zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER])) > 0
) {
zend_array_destroy(Z_ARR_P(array_ptr));
Z_ARR_P(array_ptr) = zend_array_dup(Z_ARR(PG(http_globals)[TRACK_VARS_SERVER]));
return;
}
for (env = environ; env != NULL && *env != NULL; env++) {
p = strchr(*env, '=');
if (!p) { /* malformed entry? */
continue;
}
nlen = p - *env;
if (nlen >= alloc_size) {
alloc_size = nlen + 64;
t = (t == buf ? emalloc(alloc_size): erealloc(t, alloc_size));
}
memcpy(t, *env, nlen);
t[nlen] = '\0';
add_variable(t, nlen, p + 1, strlen( p + 1 ), array_ptr);
}
if (t != buf && t != NULL) {
efree(t);
}
}
static void ZEND_FASTCALL zend_array_destroy_wrapper(zend_array *arr)
{
zend_array_destroy(arr);
}
int zend_dfa_optimize_calls(zend_op_array *op_array, zend_ssa *ssa)
{
zend_func_info *func_info = ZEND_FUNC_INFO(op_array);
int removed_ops = 0;
if (func_info->callee_info) {
zend_call_info *call_info = func_info->callee_info;
do {
if (call_info->caller_call_opline->opcode == ZEND_DO_ICALL
&& call_info->callee_func
&& ZSTR_LEN(call_info->callee_func->common.function_name) == sizeof("in_array")-1
&& memcmp(ZSTR_VAL(call_info->callee_func->common.function_name), "in_array", sizeof("in_array")-1) == 0
&& (call_info->caller_init_opline->extended_value == 2
|| (call_info->caller_init_opline->extended_value == 3
&& (call_info->caller_call_opline - 1)->opcode == ZEND_SEND_VAL
&& (call_info->caller_call_opline - 1)->op1_type == IS_CONST))) {
zend_op *send_array;
zend_op *send_needly;
zend_bool strict = 0;
if (call_info->caller_init_opline->extended_value == 2) {
send_array = call_info->caller_call_opline - 1;
send_needly = call_info->caller_call_opline - 2;
} else {
if (zend_is_true(CT_CONSTANT_EX(op_array, (call_info->caller_call_opline - 1)->op1.constant))) {
strict = 1;
}
send_array = call_info->caller_call_opline - 2;
send_needly = call_info->caller_call_opline - 3;
}
if (send_array->opcode == ZEND_SEND_VAL
&& send_array->op1_type == IS_CONST
&& Z_TYPE_P(CT_CONSTANT_EX(op_array, send_array->op1.constant)) == IS_ARRAY
&& (send_needly->opcode == ZEND_SEND_VAL
|| send_needly->opcode == ZEND_SEND_VAR)
) {
int ok = 1;
HashTable *src = Z_ARRVAL_P(CT_CONSTANT_EX(op_array, send_array->op1.constant));
HashTable *dst;
zval *val, tmp;
zend_ulong idx;
ZVAL_TRUE(&tmp);
dst = zend_new_array(zend_hash_num_elements(src));
if (strict) {
ZEND_HASH_FOREACH_VAL(src, val) {
if (Z_TYPE_P(val) == IS_STRING) {
zend_hash_add(dst, Z_STR_P(val), &tmp);
} else if (Z_TYPE_P(val) == IS_LONG) {
zend_hash_index_add(dst, Z_LVAL_P(val), &tmp);
} else {
zend_array_destroy(dst);
ok = 0;
break;
}
} ZEND_HASH_FOREACH_END();
} else {
ZEND_HASH_FOREACH_VAL(src, val) {
if (Z_TYPE_P(val) != IS_STRING || ZEND_HANDLE_NUMERIC(Z_STR_P(val), idx)) {
zend_array_destroy(dst);
ok = 0;
break;
}
zend_hash_add(dst, Z_STR_P(val), &tmp);
} ZEND_HASH_FOREACH_END();
}
if (ok) {
uint32_t op_num = send_needly - op_array->opcodes;
zend_ssa_op *ssa_op = ssa->ops + op_num;
if (ssa_op->op1_use >= 0) {
/* Reconstruct SSA */
int var_num = ssa_op->op1_use;
zend_ssa_var *var = ssa->vars + var_num;
ZEND_ASSERT(ssa_op->op1_def < 0);
zend_ssa_unlink_use_chain(ssa, op_num, ssa_op->op1_use);
ssa_op->op1_use = -1;
ssa_op->op1_use_chain = -1;
op_num = call_info->caller_call_opline - op_array->opcodes;
ssa_op = ssa->ops + op_num;
ssa_op->op1_use = var_num;
ssa_op->op1_use_chain = var->use_chain;
var->use_chain = op_num;
}
ZVAL_ARR(&tmp, dst);
/* Update opcode */
call_info->caller_call_opline->opcode = ZEND_IN_ARRAY;
call_info->caller_call_opline->extended_value = strict;
call_info->caller_call_opline->op1_type = send_needly->op1_type;
call_info->caller_call_opline->op1.num = send_needly->op1.num;
call_info->caller_call_opline->op2_type = IS_CONST;
call_info->caller_call_opline->op2.constant = zend_optimizer_add_literal(op_array, &tmp);
if (call_info->caller_init_opline->extended_value == 3) {
MAKE_NOP(call_info->caller_call_opline - 1);
}
MAKE_NOP(call_info->caller_init_opline);
MAKE_NOP(send_needly);
MAKE_NOP(send_array);
removed_ops++;
}
}
PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array)
{
char *p = NULL;
char *ip = NULL; /* index pointer */
char *index;
char *var, *var_orig;
size_t var_len, index_len;
zval gpc_element, *gpc_element_p;
zend_bool is_array = 0;
HashTable *symtable1 = NULL;
ALLOCA_FLAG(use_heap)
assert(var_name != NULL);
if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
symtable1 = Z_ARRVAL_P(track_vars_array);
}
if (!symtable1) {
/* Nothing to do */
zval_ptr_dtor_nogc(val);
return;
}
/* ignore leading spaces in the variable name */
while (*var_name==' ') {
var_name++;
}
/*
* Prepare variable name
*/
var_len = strlen(var_name);
var = var_orig = do_alloca(var_len + 1, use_heap);
memcpy(var_orig, var_name, var_len + 1);
/* ensure that we don't have spaces or dots in the variable name (not binary safe) */
for (p = var; *p; p++) {
if (*p == ' ' || *p == '.') {
*p='_';
} else if (*p == '[') {
is_array = 1;
ip = p;
*p = 0;
break;
}
}
var_len = p - var;
if (var_len==0) { /* empty variable name, or variable name with a space in it */
zval_ptr_dtor_nogc(val);
free_alloca(var_orig, use_heap);
return;
}
if (var_len == sizeof("this")-1 && EG(current_execute_data)) {
zend_execute_data *ex = EG(current_execute_data);
while (ex) {
if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
&& ex->symbol_table == symtable1) {
if (memcmp(var, "this", sizeof("this")-1) == 0) {
zend_throw_error(NULL, "Cannot re-assign $this");
zval_ptr_dtor_nogc(val);
free_alloca(var_orig, use_heap);
return;
}
}
break;
}
ex = ex->prev_execute_data;
}
}
/* GLOBALS hijack attempt, reject parameter */
if (symtable1 == &EG(symbol_table) &&
var_len == sizeof("GLOBALS")-1 &&
!memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
zval_ptr_dtor_nogc(val);
free_alloca(var_orig, use_heap);
return;
}
index = var;
index_len = var_len;
if (is_array) {
int nest_level = 0;
while (1) {
char *index_s;
size_t new_idx_len = 0;
if(++nest_level > PG(max_input_nesting_level)) {
HashTable *ht;
/* too many levels of nesting */
if (track_vars_array) {
ht = Z_ARRVAL_P(track_vars_array);
zend_symtable_str_del(ht, var, var_len);
}
zval_ptr_dtor_nogc(val);
/* do not output the error message to the screen,
this helps us to to avoid "information disclosure" */
if (!PG(display_errors)) {
php_error_docref(NULL, E_WARNING, "Input variable nesting level exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
}
free_alloca(var_orig, use_heap);
return;
}
ip++;
index_s = ip;
if (isspace(*ip)) {
ip++;
}
if (*ip==']') {
index_s = NULL;
} else {
ip = strchr(ip, ']');
if (!ip) {
/* PHP variables cannot contain '[' in their names, so we replace the character with a '_' */
*(index_s - 1) = '_';
index_len = 0;
if (index) {
index_len = strlen(index);
}
goto plain_var;
return;
}
*ip = 0;
new_idx_len = strlen(index_s);
}
if (!index) {
array_init(&gpc_element);
if ((gpc_element_p = zend_hash_next_index_insert(symtable1, &gpc_element)) == NULL) {
zend_array_destroy(Z_ARR(gpc_element));
zval_ptr_dtor_nogc(val);
free_alloca(var_orig, use_heap);
return;
}
} else {
gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
if (!gpc_element_p) {
zval tmp;
array_init(&tmp);
gpc_element_p = zend_symtable_str_update_ind(symtable1, index, index_len, &tmp);
} else {
if (Z_TYPE_P(gpc_element_p) == IS_INDIRECT) {
gpc_element_p = Z_INDIRECT_P(gpc_element_p);
}
if (Z_TYPE_P(gpc_element_p) != IS_ARRAY) {
zval_ptr_dtor_nogc(gpc_element_p);
array_init(gpc_element_p);
} else {
SEPARATE_ARRAY(gpc_element_p);
}
}
}
symtable1 = Z_ARRVAL_P(gpc_element_p);
/* ip pointed to the '[' character, now obtain the key */
index = index_s;
index_len = new_idx_len;
ip++;
if (*ip == '[') {
is_array = 1;
*ip = 0;
} else {
goto plain_var;
}
}
} else {
plain_var:
if (!index) {
if (zend_hash_next_index_insert(symtable1, val) == NULL) {
zval_ptr_dtor_nogc(val);
}
} else {
zend_ulong idx;
/*
* According to rfc2965, more specific paths are listed above the less specific ones.
* If we encounter a duplicate cookie name, we should skip it, since it is not possible
* to have the same (plain text) cookie name for the same path and we should not overwrite
* more specific cookies with the less specific ones.
*/
if (Z_TYPE(PG(http_globals)[TRACK_VARS_COOKIE]) != IS_UNDEF &&
symtable1 == Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]) &&
zend_symtable_str_exists(symtable1, index, index_len)) {
zval_ptr_dtor_nogc(val);
} else if (ZEND_HANDLE_NUMERIC_STR(index, index_len, idx)) {
zend_hash_index_update(symtable1, idx, val);
} else {
php_register_variable_quick(index, index_len, val, symtable1);
}
}
}
free_alloca(var_orig, use_heap);
}
