zend_string *suhosin_encrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key)
{
int l;
name = estrndup(name, name_len);
name_len = php_url_decode(name, name_len);
suhosin_normalize_varname(name);
name_len = strlen(name);
if ((SUHOSIN7_G(cookie_plainlist) && zend_hash_str_exists(SUHOSIN7_G(cookie_plainlist), name, name_len)) ||
(SUHOSIN7_G(cookie_plainlist) == NULL && SUHOSIN7_G(cookie_cryptlist) && !zend_hash_str_exists(SUHOSIN7_G(cookie_cryptlist), name, name_len))) {
efree(name);
return zend_string_init(value, value_len, 0);
}
value = estrndup(value, value_len);
value_len = php_url_decode(value, value_len);
zend_string *d = suhosin_encrypt_string(value, value_len, name, name_len, key);
zend_string *d_url = php_url_encode(ZSTR_VAL(d), ZSTR_LEN(d));
zend_string_release(d);
efree(name);
efree(value);
return d_url;
}
static inline int vld_dump_zval_string(ZVAL_VALUE_TYPE value)
{
ZVAL_VALUE_STRING_TYPE *new_str;
int new_len, len;
new_str = php_url_encode(ZVAL_STRING_VALUE(value), ZVAL_STRING_LEN(value) PHP_URLENCODE_NEW_LEN(new_len));
len = vld_printf (stderr, "'%s'", ZSTRING_VALUE(new_str));
efree(new_str);
return len;
}
inline char * sw_php_url_encode(char *value, size_t value_len, int* exten) {
zend_string *str = php_url_encode(value, value_len);
*exten = str->len;
char *return_str = (char*) emalloc(str->len);
memcpy(return_str, str->val, str->len);
zend_string_release(str);
return return_str;
}
static inline int vld_dump_zval_string(zvalue_value value)
{
char *new_str;
int new_len, len;
new_str = php_url_encode(value.str.val, value.str.len, &new_len);
len = vld_printf (stderr, "'%s'", new_str);
efree(new_str);
return len;
}
char *suhosin_decrypt_single_cookie(char *name, int name_len, char *value, int value_len, char *key, char **out)
{
char *name2 = estrndup(name, name_len);
int name2_len = php_url_decode(name2, name_len);
suhosin_normalize_varname(name2);
name2_len = strlen(name2);
if ((SUHOSIN7_G(cookie_plainlist) && zend_hash_str_exists(SUHOSIN7_G(cookie_plainlist), name2, name2_len)) ||
(SUHOSIN7_G(cookie_plainlist) == NULL && SUHOSIN7_G(cookie_cryptlist) && !zend_hash_str_exists(SUHOSIN7_G(cookie_cryptlist), name2, name2_len))) {
// if (1) {
efree(name2);
memcpy(*out, name, name_len);
*out += name_len;
**out = '='; *out +=1;
memcpy(*out, value, value_len);
*out += value_len;
return *out;
}
value = estrndup(value, value_len);
value_len = php_url_decode(value, value_len);
zend_string *d = suhosin_decrypt_string(value, value_len, name2, name2_len, key, SUHOSIN7_G(cookie_checkraddr));
if (d) {
zend_string *d_url = php_url_encode(ZSTR_VAL(d), ZSTR_LEN(d));
zend_string_release(d);
memcpy(*out, name, name_len);
*out += name_len;
**out = '='; *out += 1;
memcpy(*out, ZSTR_VAL(d_url), ZSTR_LEN(d_url));
*out += ZSTR_LEN(d_url);
zend_string_release(d_url);
}
efree(name2);
efree(value);
return *out;
}
PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, time_t expires, char *path, int path_len, char *domain, int domain_len, int secure, int url_encode, int httponly TSRMLS_DC)
{
char *cookie, *encoded_value = NULL;
int len=sizeof("Set-Cookie: ");
char *dt;
sapi_header_line ctr = {0};
int result;
if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie names can not contain any of the folllowing '=,; \\t\\r\\n\\013\\014' (%s)", name );
return FAILURE;
}
if (!url_encode && value && strpbrk(value, ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie values can not contain any of the folllowing ',; \\t\\r\\n\\013\\014' (%s)", value );
return FAILURE;
}
len += name_len;
if (value && url_encode) {
int encoded_value_len;
encoded_value = php_url_encode(value, value_len, &encoded_value_len);
len += encoded_value_len;
} else if ( value ) {
encoded_value = estrdup(value);
len += value_len;
}
if (path) {
len += path_len;
}
if (domain) {
len += domain_len;
}
cookie = emalloc(len + 100);
if (value && value_len == 0) {
/*
* MSIE doesn't delete a cookie when you set it to a null value
* so in order to force cookies to be deleted, even on MSIE, we
* pick an expiry date 1 year and 1 second in the past
*/
time_t t = time(NULL) - 31536001;
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s", name, dt);
efree(dt);
} else {
snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
if (expires > 0) {
strlcat(cookie, "; expires=", len + 100);
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
strlcat(cookie, dt, len + 100);
efree(dt);
}
}
if (encoded_value) {
efree(encoded_value);
}
if (path && path_len > 0) {
strlcat(cookie, "; path=", len + 100);
strlcat(cookie, path, len + 100);
}
if (domain && domain_len > 0) {
strlcat(cookie, "; domain=", len + 100);
strlcat(cookie, domain, len + 100);
}
if (secure) {
strlcat(cookie, "; secure", len + 100);
}
if (httponly) {
strlcat(cookie, "; httponly", len + 100);
}
ctr.line = cookie;
ctr.line_len = strlen(cookie);
result = sapi_header_op(SAPI_HEADER_ADD, &ctr TSRMLS_CC);
efree(cookie);
return result;
}
/* {{{ php_url_encode_hash */
PHPAPI int php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
const char *num_prefix, int num_prefix_len,
const char *key_prefix, int key_prefix_len,
const char *key_suffix, int key_suffix_len,
zval *type, char *arg_sep, int enc_type TSRMLS_DC)
{
char *key = NULL;
char *ekey, *newprefix, *p;
int arg_sep_len, ekey_len, key_type, newprefix_len;
uint key_len;
ulong idx;
zval **zdata = NULL, *copyzval;
if (!ht) {
return FAILURE;
}
if (ht->nApplyCount > 0) {
/* Prevent recursion */
return SUCCESS;
}
if (!arg_sep) {
arg_sep = INI_STR("arg_separator.output");
if (!arg_sep || !strlen(arg_sep)) {
arg_sep = URL_DEFAULT_ARG_SEP;
}
}
arg_sep_len = strlen(arg_sep);
for (zend_hash_internal_pointer_reset(ht);
(key_type = zend_hash_get_current_key_ex(ht, &key, &key_len, &idx, 0, NULL)) != HASH_KEY_NON_EXISTANT;
zend_hash_move_forward(ht)
) {
if (key_type == HASH_KEY_IS_STRING && key_len && key[key_len-1] == '\0') {
/* We don't want that trailing NULL */
key_len -= 1;
}
/* handling for private & protected object properties */
if (key && *key == '\0' && type != NULL) {
const char *tmp;
zend_object *zobj = zend_objects_get_address(type TSRMLS_CC);
if (zend_check_property_access(zobj, key, key_len-1 TSRMLS_CC) != SUCCESS) {
/* private or protected property access outside of the class */
continue;
}
zend_unmangle_property_name(key, key_len-1, &tmp, (const char**)&key);
key_len = strlen(key);
}
if (zend_hash_get_current_data_ex(ht, (void **)&zdata, NULL) == FAILURE || !zdata || !(*zdata)) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error traversing form data array");
return FAILURE;
}
if (Z_TYPE_PP(zdata) == IS_ARRAY || Z_TYPE_PP(zdata) == IS_OBJECT) {
if (key_type == HASH_KEY_IS_STRING) {
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(key, key_len, &ekey_len);
} else {
ekey = php_url_encode(key, key_len, &ekey_len);
}
newprefix_len = key_suffix_len + ekey_len + key_prefix_len + 3 /* %5B */;
newprefix = emalloc(newprefix_len + 1);
p = newprefix;
if (key_prefix) {
memcpy(p, key_prefix, key_prefix_len);
p += key_prefix_len;
}
memcpy(p, ekey, ekey_len);
p += ekey_len;
efree(ekey);
if (key_suffix) {
memcpy(p, key_suffix, key_suffix_len);
p += key_suffix_len;
}
*(p++) = '%';
*(p++) = '5';
*(p++) = 'B';
*p = '\0';
} else {
/* Is an integer key */
ekey_len = spprintf(&ekey, 0, "%ld", idx);
newprefix_len = key_prefix_len + num_prefix_len + ekey_len + key_suffix_len + 3 /* %5B */;
newprefix = emalloc(newprefix_len + 1);
p = newprefix;
if (key_prefix) {
memcpy(p, key_prefix, key_prefix_len);
p += key_prefix_len;
}
memcpy(p, num_prefix, num_prefix_len);
p += num_prefix_len;
memcpy(p, ekey, ekey_len);
p += ekey_len;
efree(ekey);
if (key_suffix) {
memcpy(p, key_suffix, key_suffix_len);
p += key_suffix_len;
}
*(p++) = '%';
*(p++) = '5';
*(p++) = 'B';
*p = '\0';
}
ht->nApplyCount++;
php_url_encode_hash_ex(HASH_OF(*zdata), formstr, NULL, 0, newprefix, newprefix_len, "%5D", 3, (Z_TYPE_PP(zdata) == IS_OBJECT ? *zdata : NULL), arg_sep, enc_type TSRMLS_CC);
ht->nApplyCount--;
efree(newprefix);
} else if (Z_TYPE_PP(zdata) == IS_NULL || Z_TYPE_PP(zdata) == IS_RESOURCE) {
/* Skip these types */
continue;
} else {
if (formstr->len) {
smart_str_appendl(formstr, arg_sep, arg_sep_len);
}
/* Simple key=value */
smart_str_appendl(formstr, key_prefix, key_prefix_len);
if (key_type == HASH_KEY_IS_STRING) {
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(key, key_len, &ekey_len);
} else {
ekey = php_url_encode(key, key_len, &ekey_len);
}
smart_str_appendl(formstr, ekey, ekey_len);
efree(ekey);
} else {
/* Numeric key */
if (num_prefix) {
smart_str_appendl(formstr, num_prefix, num_prefix_len);
}
ekey_len = spprintf(&ekey, 0, "%ld", idx);
smart_str_appendl(formstr, ekey, ekey_len);
efree(ekey);
}
smart_str_appendl(formstr, key_suffix, key_suffix_len);
smart_str_appendl(formstr, "=", 1);
switch (Z_TYPE_PP(zdata)) {
case IS_STRING:
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(Z_STRVAL_PP(zdata), Z_STRLEN_PP(zdata), &ekey_len);
} else {
ekey = php_url_encode(Z_STRVAL_PP(zdata), Z_STRLEN_PP(zdata), &ekey_len);
}
break;
case IS_LONG:
case IS_BOOL:
ekey_len = spprintf(&ekey, 0, "%ld", Z_LVAL_PP(zdata));
break;
case IS_DOUBLE:
ekey_len = spprintf(&ekey, 0, "%.*G", (int) EG(precision), Z_DVAL_PP(zdata));
break;
default:
/* fall back on convert to string */
MAKE_STD_ZVAL(copyzval);
*copyzval = **zdata;
zval_copy_ctor(copyzval);
convert_to_string_ex(©zval);
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(Z_STRVAL_P(copyzval), Z_STRLEN_P(copyzval), &ekey_len);
} else {
ekey = php_url_encode(Z_STRVAL_P(copyzval), Z_STRLEN_P(copyzval), &ekey_len);
}
zval_ptr_dtor(©zval);
}
smart_str_appendl(formstr, ekey, ekey_len);
efree(ekey);
}
}
return SUCCESS;
}
/* {{{ php_url_encode_hash */
PHPAPI int php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
const char *num_prefix, size_t num_prefix_len,
const char *key_prefix, size_t key_prefix_len,
const char *key_suffix, size_t key_suffix_len,
zval *type, char *arg_sep, int enc_type)
{
zend_string *key = NULL;
char *newprefix, *p;
const char *prop_name;
size_t arg_sep_len, newprefix_len, prop_len;
zend_ulong idx;
zval *zdata = NULL;
if (!ht) {
return FAILURE;
}
if (GC_IS_RECURSIVE(ht)) {
/* Prevent recursion */
return SUCCESS;
}
if (!arg_sep) {
arg_sep = INI_STR("arg_separator.output");
if (!arg_sep || !strlen(arg_sep)) {
arg_sep = URL_DEFAULT_ARG_SEP;
}
}
arg_sep_len = strlen(arg_sep);
ZEND_HASH_FOREACH_KEY_VAL(ht, idx, key, zdata) {
zend_bool is_dynamic = 1;
if (Z_TYPE_P(zdata) == IS_INDIRECT) {
zdata = Z_INDIRECT_P(zdata);
if (Z_ISUNDEF_P(zdata)) {
continue;
}
is_dynamic = 0;
}
/* handling for private & protected object properties */
if (key) {
prop_name = ZSTR_VAL(key);
prop_len = ZSTR_LEN(key);
if (type != NULL && zend_check_property_access(Z_OBJ_P(type), key, is_dynamic) != SUCCESS) {
/* property not visible in this scope */
continue;
}
if (ZSTR_VAL(key)[0] == '\0' && type != NULL) {
const char *tmp;
zend_unmangle_property_name_ex(key, &tmp, &prop_name, &prop_len);
} else {
prop_name = ZSTR_VAL(key);
prop_len = ZSTR_LEN(key);
}
} else {
prop_name = NULL;
prop_len = 0;
}
ZVAL_DEREF(zdata);
if (Z_TYPE_P(zdata) == IS_ARRAY || Z_TYPE_P(zdata) == IS_OBJECT) {
if (key) {
zend_string *ekey;
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(prop_name, prop_len);
} else {
ekey = php_url_encode(prop_name, prop_len);
}
newprefix_len = key_suffix_len + ZSTR_LEN(ekey) + key_prefix_len + 3 /* %5B */;
newprefix = emalloc(newprefix_len + 1);
p = newprefix;
if (key_prefix) {
memcpy(p, key_prefix, key_prefix_len);
p += key_prefix_len;
}
memcpy(p, ZSTR_VAL(ekey), ZSTR_LEN(ekey));
p += ZSTR_LEN(ekey);
zend_string_free(ekey);
if (key_suffix) {
memcpy(p, key_suffix, key_suffix_len);
p += key_suffix_len;
}
*(p++) = '%';
*(p++) = '5';
*(p++) = 'B';
*p = '\0';
} else {
char *ekey;
size_t ekey_len;
/* Is an integer key */
ekey_len = spprintf(&ekey, 0, ZEND_LONG_FMT, idx);
newprefix_len = key_prefix_len + num_prefix_len + ekey_len + key_suffix_len + 3 /* %5B */;
newprefix = emalloc(newprefix_len + 1);
p = newprefix;
if (key_prefix) {
memcpy(p, key_prefix, key_prefix_len);
p += key_prefix_len;
}
memcpy(p, num_prefix, num_prefix_len);
p += num_prefix_len;
memcpy(p, ekey, ekey_len);
p += ekey_len;
efree(ekey);
if (key_suffix) {
memcpy(p, key_suffix, key_suffix_len);
p += key_suffix_len;
}
*(p++) = '%';
*(p++) = '5';
*(p++) = 'B';
*p = '\0';
}
if (!(GC_FLAGS(ht) & GC_IMMUTABLE)) {
GC_PROTECT_RECURSION(ht);
}
php_url_encode_hash_ex(HASH_OF(zdata), formstr, NULL, 0, newprefix, newprefix_len, "%5D", 3, (Z_TYPE_P(zdata) == IS_OBJECT ? zdata : NULL), arg_sep, enc_type);
if (!(GC_FLAGS(ht) & GC_IMMUTABLE)) {
GC_UNPROTECT_RECURSION(ht);
}
efree(newprefix);
} else if (Z_TYPE_P(zdata) == IS_NULL || Z_TYPE_P(zdata) == IS_RESOURCE) {
/* Skip these types */
continue;
} else {
if (formstr->s) {
smart_str_appendl(formstr, arg_sep, arg_sep_len);
}
/* Simple key=value */
smart_str_appendl(formstr, key_prefix, key_prefix_len);
if (key) {
zend_string *ekey;
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(prop_name, prop_len);
} else {
ekey = php_url_encode(prop_name, prop_len);
}
smart_str_append(formstr, ekey);
zend_string_free(ekey);
} else {
/* Numeric key */
if (num_prefix) {
smart_str_appendl(formstr, num_prefix, num_prefix_len);
}
smart_str_append_long(formstr, idx);
}
smart_str_appendl(formstr, key_suffix, key_suffix_len);
smart_str_appendl(formstr, "=", 1);
switch (Z_TYPE_P(zdata)) {
case IS_STRING: {
zend_string *ekey;
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(Z_STRVAL_P(zdata), Z_STRLEN_P(zdata));
} else {
ekey = php_url_encode(Z_STRVAL_P(zdata), Z_STRLEN_P(zdata));
}
smart_str_append(formstr, ekey);
zend_string_free(ekey);
}
break;
case IS_LONG:
smart_str_append_long(formstr, Z_LVAL_P(zdata));
break;
case IS_FALSE:
smart_str_appendl(formstr, "0", sizeof("0")-1);
break;
case IS_TRUE:
smart_str_appendl(formstr, "1", sizeof("1")-1);
break;
case IS_DOUBLE:
{
char *ekey;
size_t ekey_len;
ekey_len = spprintf(&ekey, 0, "%.*G", (int) EG(precision), Z_DVAL_P(zdata));
smart_str_appendl(formstr, ekey, ekey_len);
efree(ekey);
}
break;
default:
{
zend_string *ekey;
zend_string *tmp;
zend_string *str= zval_get_tmp_string(zdata, &tmp);
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(ZSTR_VAL(str), ZSTR_LEN(str));
} else {
ekey = php_url_encode(ZSTR_VAL(str), ZSTR_LEN(str));
}
smart_str_append(formstr, ekey);
zend_tmp_string_release(tmp);
zend_string_free(ekey);
}
}
}
} ZEND_HASH_FOREACH_END();
/* {{{ php_url_encode_hash */
PHPAPI int php_url_encode_hash_ex(HashTable *ht, smart_str *formstr,
const char *num_prefix, size_t num_prefix_len,
const char *key_prefix, size_t key_prefix_len,
const char *key_suffix, size_t key_suffix_len,
zval *type, char *arg_sep, int enc_type)
{
zend_string *key = NULL;
char *newprefix, *p;
const char *prop_name;
size_t arg_sep_len, newprefix_len, prop_len;
zend_ulong idx;
zval *zdata = NULL, copyzval;
if (!ht) {
return FAILURE;
}
if (ht->u.v.nApplyCount > 0) {
/* Prevent recursion */
return SUCCESS;
}
if (!arg_sep) {
arg_sep = INI_STR("arg_separator.output");
if (!arg_sep || !strlen(arg_sep)) {
arg_sep = URL_DEFAULT_ARG_SEP;
}
}
arg_sep_len = strlen(arg_sep);
ZEND_HASH_FOREACH_KEY_VAL_IND(ht, idx, key, zdata) {
/* handling for private & protected object properties */
if (key) {
if (key->val[0] == '\0' && type != NULL) {
const char *tmp;
zend_object *zobj = Z_OBJ_P(type);
if (zend_check_property_access(zobj, key) != SUCCESS) {
/* private or protected property access outside of the class */
continue;
}
zend_unmangle_property_name_ex(key, &tmp, &prop_name, &prop_len);
} else {
prop_name = key->val;
prop_len = key->len;
}
} else {
prop_name = NULL;
prop_len = 0;
}
ZVAL_DEREF(zdata);
if (Z_TYPE_P(zdata) == IS_ARRAY || Z_TYPE_P(zdata) == IS_OBJECT) {
if (key) {
zend_string *ekey;
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(prop_name, prop_len);
} else {
ekey = php_url_encode(prop_name, prop_len);
}
newprefix_len = key_suffix_len + ekey->len + key_prefix_len + 3 /* %5B */;
newprefix = emalloc(newprefix_len + 1);
p = newprefix;
if (key_prefix) {
memcpy(p, key_prefix, key_prefix_len);
p += key_prefix_len;
}
memcpy(p, ekey->val, ekey->len);
p += ekey->len;
zend_string_free(ekey);
if (key_suffix) {
memcpy(p, key_suffix, key_suffix_len);
p += key_suffix_len;
}
*(p++) = '%';
*(p++) = '5';
*(p++) = 'B';
*p = '\0';
} else {
char *ekey;
size_t ekey_len;
/* Is an integer key */
ekey_len = spprintf(&ekey, 0, "%pd", idx);
newprefix_len = key_prefix_len + num_prefix_len + ekey_len + key_suffix_len + 3 /* %5B */;
newprefix = emalloc(newprefix_len + 1);
p = newprefix;
if (key_prefix) {
memcpy(p, key_prefix, key_prefix_len);
p += key_prefix_len;
}
memcpy(p, num_prefix, num_prefix_len);
p += num_prefix_len;
memcpy(p, ekey, ekey_len);
p += ekey_len;
efree(ekey);
if (key_suffix) {
memcpy(p, key_suffix, key_suffix_len);
p += key_suffix_len;
}
*(p++) = '%';
*(p++) = '5';
*(p++) = 'B';
*p = '\0';
}
if (ZEND_HASH_APPLY_PROTECTION(ht)) {
ht->u.v.nApplyCount++;
}
php_url_encode_hash_ex(HASH_OF(zdata), formstr, NULL, 0, newprefix, newprefix_len, "%5D", 3, (Z_TYPE_P(zdata) == IS_OBJECT ? zdata : NULL), arg_sep, enc_type);
if (ZEND_HASH_APPLY_PROTECTION(ht)) {
ht->u.v.nApplyCount--;
}
efree(newprefix);
} else if (Z_TYPE_P(zdata) == IS_NULL || Z_TYPE_P(zdata) == IS_RESOURCE) {
/* Skip these types */
continue;
} else {
if (formstr->s) {
smart_str_appendl(formstr, arg_sep, arg_sep_len);
}
/* Simple key=value */
smart_str_appendl(formstr, key_prefix, key_prefix_len);
if (key) {
zend_string *ekey;
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(prop_name, prop_len);
} else {
ekey = php_url_encode(prop_name, prop_len);
}
smart_str_append(formstr, ekey);
zend_string_free(ekey);
} else {
/* Numeric key */
if (num_prefix) {
smart_str_appendl(formstr, num_prefix, num_prefix_len);
}
smart_str_append_long(formstr, idx);
}
smart_str_appendl(formstr, key_suffix, key_suffix_len);
smart_str_appendl(formstr, "=", 1);
switch (Z_TYPE_P(zdata)) {
case IS_STRING: {
zend_string *ekey;
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(Z_STRVAL_P(zdata), Z_STRLEN_P(zdata));
} else {
ekey = php_url_encode(Z_STRVAL_P(zdata), Z_STRLEN_P(zdata));
}
smart_str_append(formstr, ekey);
zend_string_free(ekey);
}
break;
case IS_LONG:
smart_str_append_long(formstr, Z_LVAL_P(zdata));
break;
case IS_FALSE:
smart_str_appendl(formstr, "0", sizeof("0")-1);
break;
case IS_TRUE:
smart_str_appendl(formstr, "1", sizeof("1")-1);
break;
case IS_DOUBLE:
{
char *ekey;
size_t ekey_len;
ekey_len = spprintf(&ekey, 0, "%.*G", (int) EG(precision), Z_DVAL_P(zdata));
smart_str_appendl(formstr, ekey, ekey_len);
efree(ekey);
}
break;
default:
{
zend_string *ekey;
/* fall back on convert to string */
ZVAL_DUP(©zval, zdata);
convert_to_string_ex(©zval);
if (enc_type == PHP_QUERY_RFC3986) {
ekey = php_raw_url_encode(Z_STRVAL(copyzval), Z_STRLEN(copyzval));
} else {
ekey = php_url_encode(Z_STRVAL(copyzval), Z_STRLEN(copyzval));
}
smart_str_append(formstr, ekey);
zval_ptr_dtor(©zval);
zend_string_free(ekey);
}
}
}
} ZEND_HASH_FOREACH_END();
return SUCCESS;
}
PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, time_t expires, char *path, int path_len, char *domain, int domain_len, int secure, int url_encode, int httponly TSRMLS_DC)
{
char *cookie;
int len=sizeof("Set-Cookie: ");
zend_string *dt;
sapi_header_line ctr = {0};
int result;
zend_string *encoded_value = NULL;
if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie names cannot contain any of the following '=,; \\t\\r\\n\\013\\014'" );
return FAILURE;
}
if (!url_encode && value && strpbrk(value, ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie values cannot contain any of the following ',; \\t\\r\\n\\013\\014'" );
return FAILURE;
}
len += name_len;
if (value && url_encode) {
encoded_value = php_url_encode(value, value_len);
len += encoded_value->len;
} else if (value) {
encoded_value = zend_string_init(value, value_len, 0);
len += encoded_value->len;
}
if (path) {
len += path_len;
}
if (domain) {
len += domain_len;
}
cookie = emalloc(len + 100);
if (value && value_len == 0) {
/*
* MSIE doesn't delete a cookie when you set it to a null value
* so in order to force cookies to be deleted, even on MSIE, we
* pick an expiry date in the past
*/
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, 1, 0 TSRMLS_CC);
snprintf(cookie, len + 100, "Set-Cookie: %s=deleted; expires=%s; Max-Age=0", name, dt->val);
zend_string_free(dt);
} else {
snprintf(cookie, len + 100, "Set-Cookie: %s=%s", name, value ? encoded_value->val : "");
if (expires > 0) {
const char *p;
char tsdelta[13];
strlcat(cookie, COOKIE_EXPIRES, len + 100);
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
/* check to make sure that the year does not exceed 4 digits in length */
p = zend_memrchr(dt->val, '-', dt->len);
if (!p || *(p + 5) != ' ') {
zend_string_free(dt);
efree(cookie);
zend_string_free(encoded_value);
zend_error(E_WARNING, "Expiry date cannot have a year greater than 9999");
return FAILURE;
}
strlcat(cookie, dt->val, len + 100);
zend_string_free(dt);
snprintf(tsdelta, sizeof(tsdelta), "%li", (long) difftime(expires, time(NULL)));
strlcat(cookie, COOKIE_MAX_AGE, len + 100);
strlcat(cookie, tsdelta, len + 100);
}
}
if (encoded_value) {
zend_string_free(encoded_value);
}
if (path && path_len > 0) {
strlcat(cookie, COOKIE_PATH, len + 100);
strlcat(cookie, path, len + 100);
}
if (domain && domain_len > 0) {
strlcat(cookie, COOKIE_DOMAIN, len + 100);
strlcat(cookie, domain, len + 100);
}
if (secure) {
strlcat(cookie, COOKIE_SECURE, len + 100);
}
if (httponly) {
strlcat(cookie, COOKIE_HTTPONLY, len + 100);
}
ctr.line = cookie;
ctr.line_len = strlen(cookie);
result = sapi_header_op(SAPI_HEADER_ADD, &ctr TSRMLS_CC);
efree(cookie);
return result;
}
