static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen,
void * arg )
{
int filter_arg = (arg == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
char * new_val = (char *) pValue;
unsigned int new_val_len;
if (sapi_module.input_filter(filter_arg, (char *)pKey, &new_val, valLen, &new_val_len TSRMLS_CC)) {
php_register_variable_safe((char *)pKey, new_val, new_val_len, (zval *)arg );
}
return 1;
}
static void
php_apache_sapi_register_variables(zval *track_vars_array)
{
php_struct *ctx = SG(server_context);
const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env);
char *key, *val;
size_t new_val_len;
APR_ARRAY_FOREACH_OPEN(arr, key, val)
if (!val) {
val = "";
}
if (sapi_module.input_filter(PARSE_SERVER, key, &val, strlen(val), &new_val_len)) {
php_register_variable_safe(key, val, new_val_len, track_vars_array);
}
APR_ARRAY_FOREACH_CLOSE()
if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, strlen(ctx->r->uri), &new_val_len)) {
php_register_variable_safe("PHP_SELF", ctx->r->uri, new_val_len, track_vars_array);
}
}
static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof)
{
char *start, *ksep, *vsep, *val;
size_t klen, vlen;
size_t new_vlen;
if (var->ptr >= var->end) {
return 0;
}
start = var->ptr + var->already_scanned;
vsep = memchr(start, '&', var->end - start);
if (!vsep) {
if (!eof) {
var->already_scanned = var->end - var->ptr;
return 0;
} else {
vsep = var->end;
}
}
ksep = memchr(var->ptr, '=', vsep - var->ptr);
if (ksep) {
*ksep = '\0';
/* "foo=bar&" or "foo=&" */
klen = ksep - var->ptr;
vlen = vsep - ++ksep;
} else {
ksep = "";
/* "foo&" */
klen = vsep - var->ptr;
vlen = 0;
}
php_url_decode(var->ptr, klen);
val = estrndup(ksep, vlen);
if (vlen) {
vlen = php_url_decode(val, vlen);
}
if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) {
php_register_variable_safe(var->ptr, val, new_vlen, arr);
}
efree(val);
var->ptr = vsep + (vsep != var->end);
var->already_scanned = 0;
return 1;
}
static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen,
void * arg )
{
#if PHP_MAJOR_VERSION >= 7
int filter_arg = (Z_ARR_P((zval *)arg) == Z_ARR(PG(http_globals)[TRACK_VARS_ENV]))
? PARSE_ENV : PARSE_SERVER;
#else
int filter_arg = (arg == PG(http_globals)[TRACK_VARS_ENV])?PARSE_ENV:PARSE_SERVER;
#endif
char * new_val = (char *) pValue;
size_t new_val_len;
if (sapi_module.input_filter(filter_arg, (char *)pKey, &new_val, valLen, &new_val_len)) {
php_register_variable_safe((char *)pKey, new_val, new_val_len, (zval *)arg );
}
return 1;
}
static void safe_php_register_variable(char *var, char *strval, size_t val_len, zval *track_vars_array, zend_bool override_protection) /* {{{ */
{
if (override_protection || !is_protected_variable(var)) {
php_register_variable_safe(var, strval, val_len, track_vars_array);
}
}
/* {{{ mbfl_no_encoding _php_mb_encoding_handler_ex() */
const mbfl_encoding *_php_mb_encoding_handler_ex(const php_mb_encoding_handler_info_t *info, zval *arg, char *res)
{
char *var, *val;
const char *s1, *s2;
char *strtok_buf = NULL, **val_list = NULL;
zval *array_ptr = (zval *) arg;
size_t n, num, *len_list = NULL;
size_t val_len, new_val_len;
mbfl_string string, resvar, resval;
const mbfl_encoding *from_encoding = NULL;
mbfl_encoding_detector *identd = NULL;
mbfl_buffer_converter *convd = NULL;
mbfl_string_init_set(&string, info->to_language, info->to_encoding);
mbfl_string_init_set(&resvar, info->to_language, info->to_encoding);
mbfl_string_init_set(&resval, info->to_language, info->to_encoding);
if (!res || *res == '\0') {
goto out;
}
/* count the variables(separators) contained in the "res".
* separator may contain multiple separator chars.
*/
num = 1;
for (s1=res; *s1 != '\0'; s1++) {
for (s2=info->separator; *s2 != '\0'; s2++) {
if (*s1 == *s2) {
num++;
}
}
}
num *= 2; /* need space for variable name and value */
val_list = (char **)ecalloc(num, sizeof(char *));
len_list = (size_t *)ecalloc(num, sizeof(size_t));
/* split and decode the query */
n = 0;
strtok_buf = NULL;
var = php_strtok_r(res, info->separator, &strtok_buf);
while (var) {
val = strchr(var, '=');
if (val) { /* have a value */
len_list[n] = php_url_decode(var, val-var);
val_list[n] = var;
n++;
*val++ = '\0';
val_list[n] = val;
len_list[n] = php_url_decode(val, strlen(val));
} else {
len_list[n] = php_url_decode(var, strlen(var));
val_list[n] = var;
n++;
val_list[n] = "";
len_list[n] = 0;
}
n++;
var = php_strtok_r(NULL, info->separator, &strtok_buf);
}
if (ZEND_SIZE_T_GT_ZEND_LONG(n, (PG(max_input_vars) * 2))) {
php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
goto out;
}
num = n; /* make sure to process initialized vars only */
/* initialize converter */
if (info->num_from_encodings <= 0) {
from_encoding = &mbfl_encoding_pass;
} else if (info->num_from_encodings == 1) {
from_encoding = info->from_encodings[0];
} else {
/* auto detect */
from_encoding = NULL;
identd = mbfl_encoding_detector_new(info->from_encodings, info->num_from_encodings, MBSTRG(strict_detection));
if (identd != NULL) {
n = 0;
while (n < num) {
string.val = (unsigned char *)val_list[n];
string.len = len_list[n];
if (mbfl_encoding_detector_feed(identd, &string)) {
break;
}
n++;
}
from_encoding = mbfl_encoding_detector_judge(identd);
mbfl_encoding_detector_delete(identd);
}
if (!from_encoding) {
if (info->report_errors) {
php_error_docref(NULL, E_WARNING, "Unable to detect encoding");
}
from_encoding = &mbfl_encoding_pass;
}
}
convd = NULL;
if (from_encoding != &mbfl_encoding_pass) {
convd = mbfl_buffer_converter_new(from_encoding, info->to_encoding, 0);
if (convd != NULL) {
mbfl_buffer_converter_illegal_mode(convd, MBSTRG(current_filter_illegal_mode));
mbfl_buffer_converter_illegal_substchar(convd, MBSTRG(current_filter_illegal_substchar));
} else {
if (info->report_errors) {
php_error_docref(NULL, E_WARNING, "Unable to create converter");
}
goto out;
}
}
/* convert encoding */
string.encoding = from_encoding;
n = 0;
while (n < num) {
string.val = (unsigned char *)val_list[n];
string.len = len_list[n];
if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resvar) != NULL) {
var = (char *)resvar.val;
} else {
var = val_list[n];
}
n++;
string.val = (unsigned char *)val_list[n];
string.len = len_list[n];
if (convd != NULL && mbfl_buffer_converter_feed_result(convd, &string, &resval) != NULL) {
val = (char *)resval.val;
val_len = resval.len;
} else {
val = val_list[n];
val_len = len_list[n];
}
n++;
/* we need val to be emalloc()ed */
val = estrndup(val, val_len);
if (sapi_module.input_filter(info->data_type, var, &val, val_len, &new_val_len)) {
/* add variable to symbol table */
php_register_variable_safe(var, val, new_val_len, array_ptr);
}
efree(val);
if (convd != NULL){
mbfl_string_clear(&resvar);
mbfl_string_clear(&resval);
}
}
out:
if (convd != NULL) {
MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
mbfl_buffer_converter_delete(convd);
}
if (val_list != NULL) {
efree((void *)val_list);
}
if (len_list != NULL) {
efree((void *)len_list);
}
return from_encoding;
}
PHPAPI void php_register_variable(char *var, char *strval, zval *track_vars_array)
{
php_register_variable_safe(var, strval, strlen(strval), track_vars_array);
}
SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
{
char *res = NULL, *var, *val, *separator = NULL;
const char *c_var;
zval array;
int free_buffer = 0;
char *strtok_buf = NULL;
zend_long count = 0;
ZVAL_UNDEF(&array);
switch (arg) {
case PARSE_POST:
case PARSE_GET:
case PARSE_COOKIE:
array_init(&array);
switch (arg) {
case PARSE_POST:
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_POST]);
ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
break;
case PARSE_GET:
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_GET]);
ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
break;
case PARSE_COOKIE:
zval_ptr_dtor(&PG(http_globals)[TRACK_VARS_COOKIE]);
ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
break;
}
break;
default:
ZVAL_COPY_VALUE(&array, destArray);
break;
}
if (arg == PARSE_POST) {
sapi_handle_post(&array);
return;
}
if (arg == PARSE_GET) { /* GET data */
c_var = SG(request_info).query_string;
if (c_var && *c_var) {
res = (char *) estrdup(c_var);
free_buffer = 1;
} else {
free_buffer = 0;
}
} else if (arg == PARSE_COOKIE) { /* Cookie data */
c_var = SG(request_info).cookie_data;
if (c_var && *c_var) {
res = (char *) estrdup(c_var);
free_buffer = 1;
} else {
free_buffer = 0;
}
} else if (arg == PARSE_STRING) { /* String data */
res = str;
free_buffer = 1;
}
if (!res) {
return;
}
switch (arg) {
case PARSE_GET:
case PARSE_STRING:
separator = (char *) estrdup(PG(arg_separator).input);
break;
case PARSE_COOKIE:
separator = ";\0";
break;
}
var = php_strtok_r(res, separator, &strtok_buf);
while (var) {
val = strchr(var, '=');
if (arg == PARSE_COOKIE) {
/* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
while (isspace(*var)) {
var++;
}
if (var == val || *var == '\0') {
goto next_cookie;
}
}
if (++count > PG(max_input_vars)) {
php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
break;
}
if (val) { /* have a value */
size_t val_len;
size_t new_val_len;
*val++ = '\0';
php_url_decode(var, strlen(var));
val_len = php_url_decode(val, strlen(val));
val = estrndup(val, val_len);
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
php_register_variable_safe(var, val, new_val_len, &array);
}
efree(val);
} else {
size_t val_len;
size_t new_val_len;
php_url_decode(var, strlen(var));
val_len = 0;
val = estrndup("", val_len);
if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
php_register_variable_safe(var, val, new_val_len, &array);
}
efree(val);
}
next_cookie:
var = php_strtok_r(NULL, separator, &strtok_buf);
}
if (arg != PARSE_COOKIE) {
efree(separator);
}
if (free_buffer) {
efree(res);
}
}
static int add_variable( const char * pKey, int keyLen, const char * pValue, int valLen,
void * arg )
{
php_register_variable_safe((char *)pKey, (char *)pValue, valLen, (zval *)arg TSRMLS_CC);
return 1;
}
