From: Kalle Sommer Nielsen Date: Mon, 9 Jul 2018 01:58:20 +0000 (+0200) Subject: Added the 'add_slashes' sanitization filter (FILTER_SANITIZE_ADD_SLASHES) as an alias... X-Git-Tag: php-7.3.0alpha4~71 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a8dce319572e6a0b2fabe60698257677013fd30f;p=php Added the 'add_slashes' sanitization filter (FILTER_SANITIZE_ADD_SLASHES) as an alias to 'magic_quotes' (FILTER_SANITIZE_MAGIC_QUOTES) so we can move past our "magical" legacy. --- diff --git a/NEWS b/NEWS index 851373d4d0..df2da1d05f 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS type 37). (Peter Kokot) - Filter: + . Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES). + (Kalle) . Fixed bug #76366 (References in sub-array for filtering breaks the filter). (ZiHang Gao) diff --git a/UPGRADING b/UPGRADING index 14c4ee4709..0cad272e31 100644 --- a/UPGRADING +++ b/UPGRADING @@ -374,6 +374,9 @@ JSON: . FILTER_VALIDATE_FLOAT now also supports a `thousand` option, which defines the set of allowed thousand separator chars. The default (`"',."`) is fully backward compatible with former PHP versions. + . FILTER_SANITIZE_ADD_SLASHES has been added as an alias of the 'magic_quotes' + filter (FILTER_SANITIZE_MAGIC_QUOTES). The 'magic_quotes' filter is subject + to removal in future versions of PHP. FTP: . Set default transfer mode to binary diff --git a/ext/filter/filter.c b/ext/filter/filter.c index 7e43619889..724ec0bb6e 100644 --- a/ext/filter/filter.c +++ b/ext/filter/filter.c @@ -58,7 +58,8 @@ static const filter_list_entry filter_list[] = { { "url", FILTER_SANITIZE_URL, php_filter_url }, { "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int }, { "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float }, - { "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_magic_quotes }, + { "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_add_slashes }, + { "add_slashes", FILTER_SANITIZE_ADD_SLASHES, php_filter_add_slashes }, { "callback", FILTER_CALLBACK, php_filter_callback }, }; @@ -253,6 +254,7 @@ PHP_MINIT_FUNCTION(filter) REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ADD_SLASHES", FILTER_SANITIZE_ADD_SLASHES, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT); diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h index a56cecb432..c2485d8a40 100644 --- a/ext/filter/filter_private.h +++ b/ext/filter/filter_private.h @@ -85,7 +85,8 @@ #define FILTER_SANITIZE_NUMBER_FLOAT 0x0208 #define FILTER_SANITIZE_MAGIC_QUOTES 0x0209 #define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a -#define FILTER_SANITIZE_LAST 0x020a +#define FILTER_SANITIZE_ADD_SLASHES 0x020b +#define FILTER_SANITIZE_LAST 0x020b #define FILTER_SANITIZE_ALL 0x0200 diff --git a/ext/filter/php_filter.h b/ext/filter/php_filter.h index 0620aa3807..087aec8110 100644 --- a/ext/filter/php_filter.h +++ b/ext/filter/php_filter.h @@ -91,7 +91,7 @@ void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_number_int(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL); -void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL); +void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_callback(PHP_INPUT_FILTER_PARAM_DECL); diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 8682e31994..5560e68f23 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -368,9 +368,11 @@ void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL) } /* }}} */ -/* {{{ php_filter_magic_quotes */ -void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL) +/* {{{ php_filter_add_slashes */ +void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL) { + /* This filter is used by both 'add_slashes' & 'magic_quotes' (legacy) */ + zend_string *buf; /* just call php_addslashes quotes */ diff --git a/ext/filter/tests/008.phpt b/ext/filter/tests/008.phpt index 54880e59cc..773c1ef7c7 100644 --- a/ext/filter/tests/008.phpt +++ b/ext/filter/tests/008.phpt @@ -11,7 +11,7 @@ var_dump(filter_list(array())); echo "Done\n"; ?> --EXPECTF-- -array(21) { +array(22) { [0]=> string(3) "int" [1]=> @@ -53,6 +53,8 @@ array(21) { [19]=> string(12) "magic_quotes" [20]=> + string(11) "add_slashes" + [21]=> string(8) "callback" } diff --git a/ext/filter/tests/033.phpt b/ext/filter/tests/033.phpt index 3819c6a01c..a899493161 100644 --- a/ext/filter/tests/033.phpt +++ b/ext/filter/tests/033.phpt @@ -30,4 +30,5 @@ url PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 12 number_int 1 1234 123 123 number_float 1 1234 123 123 magic_quotes PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 123abc<>() O\'Henry 하퍼 aa:bb:cc:dd:ee:ff +add_slashes PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 123abc<>() O\'Henry 하퍼 aa:bb:cc:dd:ee:ff callback PHP 1 FOO@BAR.COM HTTP://A.B.C 1.2.3.4 123 123ABC<>() O'HENRY 하퍼 AA:BB:CC:DD:EE:FF