From: Christian Stocker Date: Wed, 6 Apr 2005 12:26:29 +0000 (+0000) Subject: - Added optional first parameter to XsltProcessor::registerPHPFunctions to only X-Git-Tag: php-5.0.1b1~599 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=997690b1325f8aeeb39eddb08ed53de17860a985;p=php - Added optional first parameter to XsltProcessor::registerPHPFunctions to only allow certain functions to be called from XSLT. --- diff --git a/NEWS b/NEWS index 8acf646723..49e2a0a62f 100644 --- a/NEWS +++ b/NEWS @@ -28,6 +28,8 @@ PHP NEWS . added spl_autoload*() functions . converted several 5.0 examples into c code . added class File +- Added optional first parameter to XsltProcessor::registerPHPFunctions to only + allow certain functions to be called from XSLT. (Christian) - Added the ability to override the autotools executables used by the buildconf script via the PHP_AUTOCONF and PHP_AUTOHEADER environmental variables. (Jon) - Added several new functions to support the PostgreSQL v3 protocol introduced diff --git a/ext/xsl/php_xsl.c b/ext/xsl/php_xsl.c index 4303e0140f..d101554558 100644 --- a/ext/xsl/php_xsl.c +++ b/ext/xsl/php_xsl.c @@ -78,6 +78,9 @@ void xsl_objects_free_storage(void *object TSRMLS_DC) zend_hash_destroy(intern->parameter); FREE_HASHTABLE(intern->parameter); + zend_hash_destroy(intern->registered_phpfunctions); + FREE_HASHTABLE(intern->registered_phpfunctions); + if (intern->node_list) { zend_hash_destroy(intern->node_list); FREE_HASHTABLE(intern->node_list); @@ -116,6 +119,7 @@ zend_object_value xsl_objects_new(zend_class_entry *class_type TSRMLS_DC) intern->parameter = NULL; intern->hasKeys = 0; intern->registerPhpFunctions = 0; + intern->registered_phpfunctions = NULL; intern->node_list = NULL; intern->doc = NULL; @@ -124,6 +128,8 @@ zend_object_value xsl_objects_new(zend_class_entry *class_type TSRMLS_DC) zend_hash_copy(intern->std.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); ALLOC_HASHTABLE(intern->parameter); zend_hash_init(intern->parameter, 0, NULL, ZVAL_PTR_DTOR, 0); + ALLOC_HASHTABLE(intern->registered_phpfunctions); + zend_hash_init(intern->registered_phpfunctions, 0, NULL, ZVAL_PTR_DTOR, 0); retval.handle = zend_objects_store_put(intern, NULL, (zend_objects_free_object_storage_t) xsl_objects_free_storage, NULL TSRMLS_CC); intern->handle = retval.handle; retval.handlers = &xsl_object_handlers; diff --git a/ext/xsl/php_xsl.h b/ext/xsl/php_xsl.h index 9995e496ac..2002224182 100644 --- a/ext/xsl/php_xsl.h +++ b/ext/xsl/php_xsl.h @@ -57,6 +57,7 @@ typedef struct _xsl_object { HashTable *parameter; int hasKeys; int registerPhpFunctions; + HashTable *registered_phpfunctions; HashTable *node_list; php_libxml_node_object *doc; } xsl_object; diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c index 04188c397b..a33a4a6dd2 100644 --- a/ext/xsl/xsltprocessor.c +++ b/ext/xsl/xsltprocessor.c @@ -267,6 +267,10 @@ static void xsl_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int t if (!zend_make_callable(&handler, &callable TSRMLS_CC)) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call handler %s()", callable); + } else if ( intern->registerPhpFunctions == 2 && zend_hash_exists(intern->registered_phpfunctions, callable, strlen(callable) + 1) == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not allowed to call handler '%s()'.", callable); + // Push an empty string, so that we at least have an xslt result... + valuePush(ctxt, xmlXPathNewString("")); } else { result = zend_call_function(&fci, NULL TSRMLS_CC); if (result == FAILURE) { @@ -685,13 +689,43 @@ PHP_FUNCTION(xsl_xsltprocessor_register_php_functions) { zval *id; xsl_object *intern; + zval *array_value, **entry, *new_string; + int name_len = 0; + char *name; DOM_GET_THIS(id); - intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC); - intern->registerPhpFunctions = 1; + if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "a", &array_value) == SUCCESS) { + intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC); + zend_hash_internal_pointer_reset(Z_ARRVAL_P(array_value)); + while (zend_hash_get_current_data(Z_ARRVAL_P(array_value), (void **)&entry) == SUCCESS) { + SEPARATE_ZVAL(entry); + convert_to_string_ex(entry); + + MAKE_STD_ZVAL(new_string); + ZVAL_LONG(new_string,1); + + zend_hash_update(intern->registered_phpfunctions, Z_STRVAL_PP(entry), Z_STRLEN_PP(entry) + 1, &new_string, sizeof(zval*), NULL); + zend_hash_move_forward(Z_ARRVAL_P(array_value)); + } + intern->registerPhpFunctions = 2; + RETURN_TRUE; + + } else if (zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS() TSRMLS_CC, "s", &name, &name_len) == SUCCESS) { + intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC); + + MAKE_STD_ZVAL(new_string); + ZVAL_LONG(new_string,1); + zend_hash_update(intern->registered_phpfunctions, name, name_len + 1, &new_string, sizeof(zval*), NULL); + intern->registerPhpFunctions = 2; + + } else { + intern = (xsl_object *)zend_object_store_get_object(id TSRMLS_CC); + intern->registerPhpFunctions = 1; + } + } /* }}} end xsl_xsltprocessor_register_php_functions(); */