ZEND_DECLARE_MODULE_GLOBALS(filter)
-#define FILTER_FLAG_NONE 0x0000
-
-#define FILTER_FLAG_ALLOW_OCTAL 0x0001
-#define FILTER_FLAG_ALLOW_HEX 0x0002
-
-#define FILTER_FLAG_STRIP_LOW 0x0004
-#define FILTER_FLAG_STRIP_HIGH 0x0008
-#define FILTER_FLAG_ENCODE_LOW 0x0010
-#define FILTER_FLAG_ENCODE_HIGH 0x0020
-#define FILTER_FLAG_ENCODE_AMP 0x0040
-#define FILTER_FLAG_EMPTY_STRING_NULL 0x0080
-
-#define FILTER_FLAG_ALLOW_SIGN 0x0100
-#define FILTER_FLAG_ALLOW_FRACTION 0x0200
-#define FILTER_FLAG_ALLOW_THOUSAND 0x0400
-
-#define FL_INT 0x0101
-#define FL_BOOLEAN 0x0102
-#define FL_FLOAT 0x0103
-#define FL_REGEXP 0x0104
-
-#define FL_ALL 0x0100
-
-#define FS_DEFAULT 0x0201
-
-#define FS_STRING 0x0201
-#define FS_ENCODED 0x0202
-#define FS_SPECIAL_CHARS 0x0203
-#define FS_UNSAFE_RAW 0x0204
-#define FS_EMAIL 0x0205
-#define FS_URL 0x0206
-#define FS_NUMBER_INT 0x0207
-#define FS_NUMBER_FLOAT 0x0208
-#define FS_MAGIC_QUOTES 0x0209
-
-#define FS_ALL 0x0200
-
-#define FC_CALLBACK 0x0400
+#include "filter_private.h"
typedef struct filter_list_entry {
char *name;
} filter_list_entry;
filter_list_entry filter_list[] = {
- { "int", FL_INT, php_filter_int },
- { "boolean", FL_BOOLEAN, php_filter_boolean },
- { "float", FL_FLOAT, php_filter_float },
- { "regexp", FL_REGEXP, php_filter_regexp },
-
- { "string", FS_STRING, php_filter_string },
- { "stripped", FS_STRING, php_filter_string },
- { "encoded", FS_ENCODED, php_filter_encoded },
- { "special_chars", FS_SPECIAL_CHARS, php_filter_special_chars },
- { "unsafe_raw", FS_UNSAFE_RAW, php_filter_unsafe_raw },
- { "email", FS_EMAIL, php_filter_email },
- { "url", FS_URL, php_filter_url },
- { "number_int", FS_NUMBER_INT, php_filter_number_int },
- { "number_float", FS_NUMBER_FLOAT, php_filter_number_float },
- { "magic_quotes", FS_MAGIC_QUOTES, php_filter_magic_quotes },
-
- { "callback", FC_CALLBACK, php_filter_callback },
+ { "int", FL_INT, php_filter_int },
+ { "boolean", FL_BOOLEAN, php_filter_boolean },
+ { "float", FL_FLOAT, php_filter_float },
+
+ { "validate_regexp", FL_REGEXP, php_filter_validate_regexp },
+ { "validate_url", FL_URL, php_filter_validate_url },
+ { "validate_email", FL_EMAIL, php_filter_validate_email },
+ { "validate_ip", FL_IP, php_filter_validate_url },
+
+ { "string", FS_STRING, php_filter_string },
+ { "stripped", FS_STRING, php_filter_string },
+ { "encoded", FS_ENCODED, php_filter_encoded },
+ { "special_chars", FS_SPECIAL_CHARS, php_filter_special_chars },
+ { "unsafe_raw", FS_UNSAFE_RAW, php_filter_unsafe_raw },
+ { "email", FS_EMAIL, php_filter_email },
+ { "url", FS_URL, php_filter_url },
+ { "number_int", FS_NUMBER_INT, php_filter_number_int },
+ { "number_float", FS_NUMBER_FLOAT, php_filter_number_float },
+ { "magic_quotes", FS_MAGIC_QUOTES, php_filter_magic_quotes },
+
+ { "callback", FC_CALLBACK, php_filter_callback },
};
#ifndef PARSE_ENV
REGISTER_LONG_CONSTANT("FL_INT", FL_INT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FL_BOOLEAN", FL_BOOLEAN, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FL_FLOAT", FL_FLOAT, CONST_CS | CONST_PERSISTENT);
+
REGISTER_LONG_CONSTANT("FL_REGEXP", FL_REGEXP, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FL_URL", FL_URL, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FL_EMAIL", FL_EMAIL, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FL_IP", FL_IP, CONST_CS | CONST_PERSISTENT);
+
REGISTER_LONG_CONSTANT("FS_DEFAULT", FS_DEFAULT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FS_STRING", FS_STRING, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FS_STRIPPED", FS_STRING, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SIGN", FILTER_FLAG_ALLOW_SIGN, CONST_CS | CONST_PERSISTENT);
filter_func = php_find_filter(filter);
- if (filter_func.id) {
+ if (!filter_func.id) {
/* Find default filter */
filter_func = php_find_filter(FS_DEFAULT);
}
*/
#include "php_filter.h"
+#include "filter_private.h"
+#include "ext/standard/php_smart_str.h"
-void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL)
+static void php_filter_encode_html(zval *value, char* chars)
{
+ register int x, y;
+ smart_str str = {0};
+ int len = Z_STRLEN_P(value);
+ char *s = Z_STRVAL_P(value);
+
+ for (x = 0, y = 0; len--; x++, y++) {
+ if (strchr(chars, s[x])) {
+ smart_str_appendl(&str, "&#", 2);
+ smart_str_append_long(&str, s[x]);
+ smart_str_appendc(&str, ';');
+ } else {
+ smart_str_appendc(&str, s[x]);
+ }
+ }
+ smart_str_0(&str);
efree(Z_STRVAL_P(value));
- Z_STRVAL_P(value) = estrdup("42");
- Z_STRLEN_P(value) = strlen("42");
- Z_TYPE_P(value) = IS_STRING;
+ Z_STRVAL_P(value) = str.c;
+ Z_STRLEN_P(value) = str.len;
}
-void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL)
+static unsigned char hexchars[] = "0123456789ABCDEF";
+
+static void php_filter_encode_url(zval *value, char* chars)
{
+ register int x, y;
+ unsigned char *str;
+ int len = Z_STRLEN_P(value);
+ char *s = Z_STRVAL_P(value);
+
+ str = (unsigned char *) safe_emalloc(3, len, 1);
+ for (x = 0, y = 0; len--; x++, y++) {
+ str[y] = (unsigned char) s[x];
+
+ if (strchr(chars, str[y])) {
+ str[y++] = '%';
+ str[y++] = hexchars[(unsigned char) s[x] >> 4];
+ str[y] = hexchars[(unsigned char) s[x] & 15];
+ }
+ }
+ str[y] = '\0';
+ efree(Z_STRVAL_P(value));
+ Z_STRVAL_P(value) = str;
+ Z_STRLEN_P(value) = y;
+}
+
+static void php_filter_strip(zval *value, long flags)
+{
+ unsigned char *buf, *str;
+ int i, c;
+
+ /* Optimization for if no strip flags are set */
+ if (! ((flags & FILTER_FLAG_STRIP_LOW) || (flags & FILTER_FLAG_STRIP_HIGH)) ) {
+ return;
+ }
+
+ str = Z_STRVAL_P(value);
+ buf = safe_emalloc(1, Z_STRLEN_P(value) + 1, 1);
+ c = 0;
+ for (i = 0; i < Z_STRLEN_P(value); i++) {
+ if ((str[i] > 127) && (flags & FILTER_FLAG_STRIP_HIGH)) {
+ } else if ((str[i] < 32) && (flags & FILTER_FLAG_STRIP_LOW)) {
+ } else {
+ buf[c] = str[i];
+ ++c;
+ }
+ }
+ /* update zval string data */
+ buf[c] = '\0';
efree(Z_STRVAL_P(value));
- Z_LVAL_P(value) = flags;
- Z_TYPE_P(value) = IS_LONG;
+ Z_STRVAL_P(value) = buf;
+ Z_STRLEN_P(value) = c;
+}
+
+void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL)
+{
+ size_t new_len;
+
+ /* strip tags */
+ new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0);
+ Z_STRLEN_P(value) = new_len;
+
+ if (! (flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
+ /* encode ' and " to numerical entity */
+ php_filter_encode_html(value, "'\"");
+ }
+ /* strip high/strip low ( see flags )*/
+ php_filter_strip(value, flags);
+}
+
+void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL)
+{
+ /* urlencode */
+ /* also all the flags - & encode as %xx */
}
void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
{
+ /* encodes ' " < > & \0 to numerical entities */
+ /* if strip low is not set, then we encode them as %xx */
+ /* encode_low doesn. tmake sense - update specs */
}
void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
{
+ /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
}
+#define LOWALPHA "abcdefghijklmnopqrstuvwxyz"
+#define HIALPHA "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+#define DIGIT "0123456789"
+#define SAFE "$-_.+"
+#define EXTRA "!*'(),"
+#define NATIONAL "{}|\\^~[]`"
+#define PUNCTUATION "<>#%\""
+
+#define RESERVED ";/?:@&="
+
void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL)
{
+ /* Strip all chars not part of section 5 of
+ * http://www.faqs.org/rfcs/rfc1738.html */
+ char *allowed_list = LOWALPHA HIALPHA DIGIT SAFE EXTRA NATIONAL PUNCTUATION RESERVED;
}
void php_filter_number_int(PHP_INPUT_FILTER_PARAM_DECL)
{
+ /* strip everything [^0-9+-] */
+ char *allowed_list = "+-" DIGIT;
}
void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL)
{
+ /* strip everything [^0-9+-] */
+ char *allowed_list = "+-" DIGIT;
+ /* depending on flags, strip '.', 'e', ",", "'" */
}
void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL)
{
+ /* just call magic quotes */
}
+
projects / php / commitdiff