static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen, void * arg ) { int filter_arg = (arg == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER; char * new_val = (char *) pValue; unsigned int new_val_len; if (sapi_module.input_filter(filter_arg, (char *)pKey, &new_val, valLen, &new_val_len TSRMLS_CC)) { php_register_variable_safe((char *)pKey, new_val, new_val_len, (zval *)arg ); } return 1; }
static void php_apache_sapi_register_variables(zval *track_vars_array) { php_struct *ctx = SG(server_context); const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env); char *key, *val; size_t new_val_len; APR_ARRAY_FOREACH_OPEN(arr, key, val) if (!val) { val = ""; } if (sapi_module.input_filter(PARSE_SERVER, key, &val, strlen(val), &new_val_len)) { php_register_variable_safe(key, val, new_val_len, track_vars_array); } APR_ARRAY_FOREACH_CLOSE() if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, strlen(ctx->r->uri), &new_val_len)) { php_register_variable_safe("PHP_SELF", ctx->r->uri, new_val_len, track_vars_array); } }
static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof) { char *start, *ksep, *vsep, *val; size_t klen, vlen; size_t new_vlen; if (var->ptr >= var->end) { return 0; } start = var->ptr + var->already_scanned; vsep = memchr(start, '&', var->end - start); if (!vsep) { if (!eof) { var->already_scanned = var->end - var->ptr; return 0; } else { vsep = var->end; } } ksep = memchr(var->ptr, '=', vsep - var->ptr); if (ksep) { *ksep = '\0'; /* "foo=bar&" or "foo=&" */ klen = ksep - var->ptr; vlen = vsep - ++ksep; } else { ksep = ""; /* "foo&" */ klen = vsep - var->ptr; vlen = 0; } php_url_decode(var->ptr, klen); val = estrndup(ksep, vlen); if (vlen) { vlen = php_url_decode(val, vlen); } if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) { php_register_variable_safe(var->ptr, val, new_vlen, arr); } efree(val); var->ptr = vsep + (vsep != var->end); var->already_scanned = 0; return 1; }
static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen, void * arg ) { #if PHP_MAJOR_VERSION >= 7 int filter_arg = (Z_ARR_P((zval *)arg) == Z_ARR(PG(http_globals)[TRACK_VARS_ENV])) ? PARSE_ENV : PARSE_SERVER; #else int filter_arg = (arg == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER; #endif char * new_val = (char *) pValue; size_t new_val_len; if (sapi_module.input_filter(filter_arg, (char *)pKey, &new_val, valLen, &new_val_len)) { php_register_variable_safe((char *)pKey, new_val, new_val_len, (zval *)arg ); } return 1; }
static void safe_php_register_variable(char *var, char *strval, size_t val_len, zval *track_vars_array, zend_bool override_protection) /* {{{ */ { if (override_protection || !is_protected_variable(var)) { php_register_variable_safe(var, strval, val_len, track_vars_array); } }
/* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */ const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *arg, char *res) { char *var, *val; const char *s1, *s2; char *strtok_buf = NULL, **val_list = NULL; zval *array_ptr = (zval *) arg; size_t n, num, *len_list = NULL; size_t val_len, new_val_len; mbfl_string string, resvar, resval; const mbfl_encoding *from_encoding = NULL; mbfl_encoding_detector *identd = NULL; mbfl_buffer_converter *convd = NULL; mbfl_string_init_set(&string, info->to_language, info->to_encoding); mbfl_string_init_set(&resvar, info->to_language, info->to_encoding); mbfl_string_init_set(&resval, info->to_language, info->to_encoding); if (!res || *res == '\0') { goto out; } /* count the variables(separators) contained in the "res". * separator may contain multiple separator chars. */ num = 1; for (s1=res; *s1 != '\0'; s1++) { for (s2=info->separator; *s2 != '\0'; s2++) { if (*s1 == *s2) { num++; } } } num *= 2; /* need space for variable name and value */ val_list = (char **)ecalloc(num, sizeof(char *)); len_list = (size_t *)ecalloc(num, sizeof(size_t)); /* split and decode the query */ n = 0; strtok_buf = NULL; var = php_strtok_r(res, info->separator, &strtok_buf); while (var) { val = strchr(var, '='); if (val) { /* have a value */ len_list[n] = php_url_decode(var, val-var); val_list[n] = var; n++; *val++ = '\0'; val_list[n] = val; len_list[n] = php_url_decode(val, strlen(val)); } else { len_list[n] = php_url_decode(var, strlen(var)); val_list[n] = var; n++; val_list[n] = ""; len_list[n] = 0; } n++; var = php_strtok_r(NULL, info->separator, &strtok_buf); } if (ZEND_SIZE_T_GT_ZEND_LONG(n, (PG(max_input_vars) * 2))) { php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); goto out; } num = n; /* make sure to process initialized vars only */ /* initialize converter */ if (info->num_from_encodings <= 0) { from_encoding = &mbfl_encoding_pass; } else if (info->num_from_encodings == 1) { from_encoding = info->from_encodings[0]; } else { /* auto detect */ from_encoding = NULL; identd = mbfl_encoding_detector_new(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection)); if (identd != NULL) { n = 0; while (n < num) { string.val = (unsigned char *)val_list[n]; string.len = len_list[n]; if (mbfl_encoding_detector_feed(identd, &string)) { break; } n++; } from_encoding = mbfl_encoding_detector_judge(identd); mbfl_encoding_detector_delete(identd); } if (!from_encoding) { if (info->report_errors) { php_error_docref(NULL, E_WARNING, "Unable to detect encoding"); } from_encoding = &mbfl_encoding_pass; } } convd = NULL; if (from_encoding != &mbfl_encoding_pass) { convd = mbfl_buffer_converter_new(from_encoding, info->to_encoding, 0); if (convd != NULL) { mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode)); mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar)); } else { if (info->report_errors) { php_error_docref(NULL, E_WARNING, "Unable to create converter"); } goto out; } } /* convert encoding */ string.encoding = from_encoding; n = 0; while (n < num) { string.val = (unsigned char *)val_list[n]; string.len = len_list[n]; if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resvar) != NULL) { var = (char *)resvar.val; } else { var = val_list[n]; } n++; string.val = (unsigned char *)val_list[n]; string.len = len_list[n]; if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resval) != NULL) { val = (char *)resval.val; val_len = resval.len; } else { val = val_list[n]; val_len = len_list[n]; } n++; /* we need val to be emalloc()ed */ val = estrndup(val, val_len); if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len)) { /* add variable to symbol table */ php_register_variable_safe(var, val, new_val_len, array_ptr); } efree(val); if (convd != NULL){ mbfl_string_clear(&resvar); mbfl_string_clear(&resval); } } out: if (convd != NULL) { MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd); mbfl_buffer_converter_delete(convd); } if (val_list != NULL) { efree((void *)val_list); } if (len_list != NULL) { efree((void *)len_list); } return from_encoding; }
PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array) { php_register_variable_safe(var, strval, strlen(strval), track_vars_array); }
SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) { char *res = NULL, *var, *val, *separator = NULL; const char *c_var; zval array; int free_buffer = 0; char *strtok_buf = NULL; zend_long count = 0; ZVAL_UNDEF(&array); switch (arg) { case PARSE_POST: case PARSE_GET: case PARSE_COOKIE: array_init(&array); switch (arg) { case PARSE_POST: zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]); ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array); break; case PARSE_GET: zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]); ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array); break; case PARSE_COOKIE: zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]); ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array); break; } break; default: ZVAL_COPY_VALUE(&array, destArray); break; } if (arg == PARSE_POST) { sapi_handle_post(&array); return; } if (arg == PARSE_GET) { /* GET data */ c_var = SG(request_info).query_string; if (c_var && *c_var) { res = (char *) estrdup(c_var); free_buffer = 1; } else { free_buffer = 0; } } else if (arg == PARSE_COOKIE) { /* Cookie data */ c_var = SG(request_info).cookie_data; if (c_var && *c_var) { res = (char *) estrdup(c_var); free_buffer = 1; } else { free_buffer = 0; } } else if (arg == PARSE_STRING) { /* String data */ res = str; free_buffer = 1; } if (!res) { return; } switch (arg) { case PARSE_GET: case PARSE_STRING: separator = (char *) estrdup(PG(arg_separator).input); break; case PARSE_COOKIE: separator = ";\0"; break; } var = php_strtok_r(res, separator, &strtok_buf); while (var) { val = strchr(var, '='); if (arg == PARSE_COOKIE) { /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */ while (isspace(*var)) { var++; } if (var == val || *var == '\0') { goto next_cookie; } } if (++count > PG(max_input_vars)) { php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); break; } if (val) { /* have a value */ size_t val_len; size_t new_val_len; *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); val = estrndup(val, val_len); if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { php_register_variable_safe(var, val, new_val_len, &array); } efree(val); } else { size_t val_len; size_t new_val_len; php_url_decode(var, strlen(var)); val_len = 0; val = estrndup("", val_len); if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { php_register_variable_safe(var, val, new_val_len, &array); } efree(val); } next_cookie: var = php_strtok_r(NULL, separator, &strtok_buf); } if (arg != PARSE_COOKIE) { efree(separator); } if (free_buffer) { efree(res); } }
static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen, void * arg ) { php_register_variable_safe((char *)pKey, (char *)pValue, valLen, (zval *)arg TSRMLS_CC); return 1; }