static zval* _jsr_file_get_contents() { TSRMLS_FETCH(); zval *payload; MAKE_STD_ZVAL(payload); zend_bool use_include_path = 0; php_stream *stream; int len; long offset = -1; long maxlen = PHP_STREAM_COPY_ALL; zval *zcontext = NULL; php_stream_context *context = NULL; char *contents; context = php_stream_context_from_zval(zcontext, 0); stream = php_stream_open_wrapper_ex("php://input", "rb", (use_include_path ? USE_PATH : 0) | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context); if (!stream) { ZVAL_NULL(payload); php_stream_close(stream); return payload; } if (offset > 0 && php_stream_seek(stream, offset, SEEK_SET) < 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to seek to position %ld in the stream", offset); php_stream_close(stream); ZVAL_NULL(payload); return payload; } if ((len = php_stream_copy_to_mem(stream, &contents, maxlen, 0)) > 0) { #if PHP_API_VERSION < 20100412 if (PG(magic_quotes_runtime)) { contents = php_addslashes(contents, len, &len, 1 TSRMLS_CC); } #endif ZVAL_STRINGL(payload, contents, len, 1); php_stream_close(stream); return payload; } else if (len == 0) { ZVAL_STRING(payload, "", 0); php_stream_close(stream); return payload; } else { ZVAL_NULL(payload); php_stream_close(stream); return payload; } }
/** {{{ 从文件载入js代码 */ PHP_METHOD(HyperMobile, loadjsfromfile) { char *filename; int filename_len; char *contents;//,*err; php_stream *stream; int len; zval *self,*value; /* Parse arguments */ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filename, &filename_len) == FAILURE) { return; } self=getThis(); if (strlen(filename) != filename_len) { RETURN_FALSE; } stream = php_stream_open_wrapper(filename, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); if (!stream) { RETURN_FALSE; } if ((len = php_stream_copy_to_mem(stream, &contents, PHP_STREAM_COPY_ALL, 0)) > 0) { if (PG(magic_quotes_runtime)) { contents = php_addslashes(contents, len, &len, 1 TSRMLS_CC); /* 1 = free source string */ } php_stream_close(stream); // MAKE_STD_ZVAL(value); ZVAL_STRING(value,contents,0); zend_update_property(Z_OBJCE_P(self),self,ZEND_STRL("js_content"),value TSRMLS_CC); RETURN_TRUE; } else if (len == 0) { php_stream_close(stream); MAKE_STD_ZVAL(value); // err = ; ZVAL_STRING(value,"file content is empty",0); zend_update_property(Z_OBJCE_P(self),self,ZEND_STRL("err_msg"),value TSRMLS_CC); zend_update_property_bool(Z_OBJCE_P(self),self,ZEND_STRL("error"),1 TSRMLS_CC); RETURN_FALSE; } else { php_stream_close(stream); MAKE_STD_ZVAL(value); ZVAL_STRING(value,"unknown error",0); zend_update_property(Z_OBJCE_P(self),self,ZEND_STRL("err_msg"),value TSRMLS_CC); zend_update_property_bool(Z_OBJCE_P(self),self,ZEND_STRL("error"),1 TSRMLS_CC); RETURN_FALSE; } }
static int addslashes(lua_State *L) { int len; char *result; const char *str; size_t str_len; str = lua_tolstring(L, 1, &str_len); result = php_addslashes((char *)str, str_len, &len); lua_pushlstring(L, result, len); free(result); return 1; }
static int add_variable_magic_quote( const char * pKey, int keyLen, const char * pValue, int valLen, void * arg ) { zval * gpc_element, **gpc_element_p; HashTable * symtable1 = Z_ARRVAL_P((zval * )arg); register char * pKey1 = (char *)pKey; MAKE_STD_ZVAL(gpc_element); Z_STRLEN_P( gpc_element ) = valLen; Z_STRVAL_P( gpc_element ) = php_addslashes((char *)pValue, valLen, &Z_STRLEN_P( gpc_element ), 0 ); Z_TYPE_P( gpc_element ) = IS_STRING; #if PHP_MAJOR_VERSION > 4 zend_symtable_update( symtable1, pKey1, keyLen + 1, &gpc_element, sizeof( zval *), (void **) &gpc_element_p ); #else zend_hash_update( symtable1, pKey1, keyLen + 1, &gpc_element, sizeof( zval *), (void **) &gpc_element_p ); #endif return 1; }
recurse_filter (HashTable * ht) { Bucket *head = ht->pListHead; zval **val; while (head) { val = (zval **) head->pData; char *str_val; /* HashTable *isArray = ((*val)->value).ht; HashTable *isArray = ((*val)->value).ht; unsigned int nTableSize = isArray->nTableSize; unsigned int nTableMask = isArray->nTableMask; if (nTableSize - nTableMask == 1){ recurse_filter(isArray); } */ switch (Z_TYPE_PP (val)) { /*如果hashtable为空,直接返回 */ case IS_NULL: return; /*为数组的时候,递归过滤 */ case IS_ARRAY: //recurse_filter(((*val)->value).ht); recurse_filter (Z_ARRVAL_PP (val)); break; case IS_STRING: str_val = Z_STRVAL_PP (val); //单双引号过滤 str_val = php_addslashes (str_val, strlen (str_val), NULL, 0 TSRMLS_CC); regex_filter (&str_val); //(*(zval**)head->pData)->value.str.val = str_val; //(*(zval**)head->pData)->value.str.len = strlen(str_val); /* Z_TYPE_PP(val) = IS_STRING; Z_STRVAL_PP(val) = str_val; Z_STRLEN_PP(val) = strlen(str_val); */ ZVAL_STRING (*val, str_val, 1); break; default: break; } /* if(Z_TYPE_P(*val) == IS_NULL) { return ; } if(Z_TYPE_P(*val) == IS_ARRAY) { HashTable *isArray = ((*val)->value).ht; recurse_filter(isArray); }else{ char *value = Z_STRVAL_PP(val); regex_filter(&value); (*(zval**)head->pData)->value.str.val = value; (*(zval**)head->pData)->value.str.len = strlen(value); } */ head = head->pListNext; val = NULL; } }
/* * If type==0, only last line of output is returned (exec) * If type==1, all lines will be printed and last lined returned (system) * If type==2, all lines will be saved to given array (exec with &$array) * If type==3, output will be printed binary, no lines will be saved or returned (passthru) * */ int php_Exec(int type, char *cmd, pval *array, pval *return_value) { FILE *fp; char *buf, *tmp=NULL; int buflen = 0; int t, l, output=1; int overflow_limit, lcmd, ldir; int rsrc_id; char *b, *c, *d=NULL; #if PHP_SIGCHILD void (*sig_handler)(); #endif PLS_FETCH(); FLS_FETCH(); buf = (char*) emalloc(EXEC_INPUT_BUF); if (!buf) { php_error(E_WARNING, "Unable to emalloc %d bytes for exec buffer", EXEC_INPUT_BUF); return -1; } buflen = EXEC_INPUT_BUF; if (PG(safe_mode)) { lcmd = strlen(cmd); ldir = strlen(PG(safe_mode_exec_dir)); l = lcmd + ldir + 2; overflow_limit = l; c = strchr(cmd, ' '); if (c) *c = '\0'; if (strstr(cmd, "..")) { php_error(E_WARNING, "No '..' components allowed in path"); efree(buf); return -1; } d = emalloc(l); strcpy(d, PG(safe_mode_exec_dir)); overflow_limit -= ldir; b = strrchr(cmd, PHP_DIR_SEPARATOR); if (b) { strcat(d, b); overflow_limit -= strlen(b); } else { strcat(d, "/"); strcat(d, cmd); overflow_limit-=(strlen(cmd)+1); } if (c) { *c = ' '; strncat(d, c, overflow_limit); } tmp = php_escape_shell_cmd(d); efree(d); d = tmp; #if PHP_SIGCHILD sig_handler = signal (SIGCHLD, SIG_DFL); #endif #ifdef PHP_WIN32 fp = VCWD_POPEN(d, "rb"); #else fp = VCWD_POPEN(d, "r"); #endif if (!fp) { php_error(E_WARNING, "Unable to fork [%s]", d); efree(d); efree(buf); #if PHP_SIGCHILD signal (SIGCHLD, sig_handler); #endif return -1; } } else { /* not safe_mode */ #if PHP_SIGCHILD sig_handler = signal (SIGCHLD, SIG_DFL); #endif #ifdef PHP_WIN32 fp = VCWD_POPEN(cmd, "rb"); #else fp = VCWD_POPEN(cmd, "r"); #endif if (!fp) { php_error(E_WARNING, "Unable to fork [%s]", cmd); efree(buf); #if PHP_SIGCHILD signal (SIGCHLD, sig_handler); #endif return -1; } } buf[0] = '\0'; if (type==2) { if (Z_TYPE_P(array) != IS_ARRAY) { pval_destructor(array); array_init(array); } } /* we register the resource so that case of an aborted connection the * fd gets pclosed */ rsrc_id = ZEND_REGISTER_RESOURCE(NULL, fp, php_file_le_popen()); if (type != 3) { l=0; while ( !feof(fp) || l != 0 ) { l = 0; /* Read a line or fill the buffer, whichever comes first */ do { if ( buflen <= (l+1) ) { buf = erealloc(buf, buflen + EXEC_INPUT_BUF); if ( buf == NULL ) { php_error(E_WARNING, "Unable to erealloc %d bytes for exec buffer", buflen + EXEC_INPUT_BUF); #if PHP_SIGCHILD signal (SIGCHLD, sig_handler); #endif return -1; } buflen += EXEC_INPUT_BUF; } if ( fgets(&(buf[l]), buflen - l, fp) == NULL ) { /* eof */ break; } l += strlen(&(buf[l])); } while ( (l > 0) && (buf[l-1] != '\n') ); if ( feof(fp) && (l == 0) ) { break; } if (type == 1) { if (output) PUTS(buf); sapi_flush(); } else if (type == 2) { /* strip trailing whitespaces */ l = strlen(buf); t = l; while (l-- && isspace((int)buf[l])); if (l < t) { buf[l + 1] = '\0'; } add_next_index_string(array, buf, 1); } } /* strip trailing spaces */ l = strlen(buf); t = l; while (l && isspace((int)buf[l - 1])) { l--; } if (l < t) buf[l] = '\0'; /* Return last line from the shell command */ if (PG(magic_quotes_runtime)) { int len; tmp = php_addslashes(buf, 0, &len, 0); RETVAL_STRINGL(tmp,len,0); } else { RETVAL_STRINGL(buf,l,1); } } else { int b, i; while ((b = fread(buf, 1, buflen, fp)) > 0) { for (i = 0; i < b; i++) if (output) (void)PUTC(buf[i]); } } /* the zend_list_delete will pclose our popen'ed process */ zend_list_delete(rsrc_id); #if HAVE_SYS_WAIT_H if (WIFEXITED(FG(pclose_ret))) { FG(pclose_ret) = WEXITSTATUS(FG(pclose_ret)); } #endif #if PHP_SIGCHILD signal (SIGCHLD, sig_handler); #endif if (d) { efree(d); } efree(buf); return FG(pclose_ret); }