From: Rasmus Lerdorf <rasmus@php.net>
Date: Wed, 31 Mar 2010 21:50:36 +0000 (+0000)
Subject: Added the full htmlspecialchars() functionality which includes utf-8
X-Git-Tag: php-5.4.0alpha1~191^2~1821
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4d75c644157b33d4d63aec4b757fc6d09cca9813;p=php

Added the full htmlspecialchars() functionality which includes utf-8
validation as a default filter.
---

diff --git a/NEWS b/NEWS
index 8dffac53dc..9cef0a0e7b 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ PHP                                                                        NEWS
   ReflectionExtension::isPersistent(). (Johannes)
 - Added ReflectionZendExtension class. (Johannes)
 - Added command line option --rz to CLI. (Johannes)
+- Added full_special_chars filter to ext/filter (Rasmus)
 
 - default_charset if not specified is now UTF-8 instead of ISO-8859-1. (Rasmus)
 - default session.entropy_file is now /dev/urandom or /dev/arandom if either
diff --git a/ext/filter/filter.c b/ext/filter/filter.c
index e417e5d9d8..2ffe70499b 100644
--- a/ext/filter/filter.c
+++ b/ext/filter/filter.c
@@ -52,6 +52,7 @@ static const filter_list_entry filter_list[] = {
 	{ "stripped",        FILTER_SANITIZE_STRING,        php_filter_string          },
 	{ "encoded",         FILTER_SANITIZE_ENCODED,       php_filter_encoded         },
 	{ "special_chars",   FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars   },
+	{ "full_special_chars",   FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars   },
 	{ "unsafe_raw",      FILTER_UNSAFE_RAW,             php_filter_unsafe_raw      },
 	{ "email",           FILTER_SANITIZE_EMAIL,         php_filter_email           },
 	{ "url",             FILTER_SANITIZE_URL,           php_filter_url             },
@@ -238,6 +239,7 @@ PHP_MINIT_FUNCTION(filter)
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h
index aaecbdc28e..249319637f 100644
--- a/ext/filter/filter_private.h
+++ b/ext/filter/filter_private.h
@@ -78,7 +78,8 @@
 #define FILTER_SANITIZE_NUMBER_INT    0x0207
 #define FILTER_SANITIZE_NUMBER_FLOAT  0x0208
 #define FILTER_SANITIZE_MAGIC_QUOTES  0x0209
-#define FILTER_SANITIZE_LAST          0x0209
+#define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a
+#define FILTER_SANITIZE_LAST          0x020a
 
 #define FILTER_SANITIZE_ALL           0x0200
 
diff --git a/ext/filter/php_filter.h b/ext/filter/php_filter.h
index 1779e45521..d625b625cf 100644
--- a/ext/filter/php_filter.h
+++ b/ext/filter/php_filter.h
@@ -28,6 +28,7 @@
 #include "php_ini.h"
 #include "ext/standard/info.h"
 #include "ext/standard/php_string.h"
+#include "ext/standard/html.h"
 #include "php_variables.h"
 
 extern zend_module_entry filter_module_entry;
@@ -81,6 +82,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);
diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index e610d1faa7..c44d7a8e55 100644
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -242,6 +242,24 @@ void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
 }
 /* }}} */
 
+/* {{{ php_filter_full_special_chars */
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
+{
+	char *buf;
+	int   len, quotes;
+	
+	if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
+		quotes = ENT_QUOTES;
+	} else {
+		quotes = ENT_NOQUOTES;
+	}
+	buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 1, quotes, SG(default_charset), 0 TSRMLS_CC);
+	efree(Z_STRVAL_P(value));
+	Z_STRVAL_P(value) = buf;
+	Z_STRLEN_P(value) = len;
+}
+/* }}} */
+
 /* {{{ php_filter_unsafe_raw */
 void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 {
@@ -266,6 +284,8 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 }
 /* }}} */
 
+
+
 /* {{{ php_filter_email */
 #define SAFE        "$-_.+"
 #define EXTRA       "!*'(),"