From d08a0e99c865509214c9a577babc9499f6d377b3 Mon Sep 17 00:00:00 2001
From: Rasmus Lerdorf <rasmus@php.net>
Date: Thu, 20 Feb 2003 22:21:49 +0000
Subject: [PATCH] An input filter might not simply strip stuff, it might also
 turn things into entities or use some other mechanism which causes the
 filtered data to be longer than the original data.  Ergo, pass in the address
 of the buffer instead so the filter is free to reallocate it.

---
 README.input_filter   | 10 +++++-----
 ext/mbstring/mb_gpc.c |  2 +-
 main/SAPI.c           |  2 +-
 main/SAPI.h           |  6 +++---
 main/php_variables.c  |  4 ++--
 main/rfc1867.c        |  2 +-
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/README.input_filter b/README.input_filter
index 011b167725..60a88ed9c2 100644
--- a/README.input_filter
+++ b/README.input_filter
@@ -89,14 +89,14 @@ PHP_MINFO_FUNCTION(my_input_filter)
     php_info_print_table_end();
 }
 
-unsigned int  my_sapi_input_filter(int arg, char *var, char *val, unsigned int val_len)
+unsigned int  my_sapi_input_filter(int arg, char *var, char **val, unsigned int val_len)
 {
     zval new_var;
     zval *array_ptr = NULL;
     char *raw_var;
     int var_len;
 
-    assert(val != NULL);
+    assert(*val != NULL);
 
     switch(arg) {
         case PARSE_GET:
@@ -125,7 +125,7 @@ unsigned int  my_sapi_input_filter(int arg, char *var, char *val, unsigned int v
             break;
     }
     Z_STRLEN(new_var) = val_len;
-    Z_STRVAL(new_var) = estrndup(val, val_len);
+    Z_STRVAL(new_var) = estrndup(*val, val_len);
     Z_TYPE(new_var) = IS_STRING;
 
     var_len = strlen(var);
@@ -135,9 +135,9 @@ unsigned int  my_sapi_input_filter(int arg, char *var, char *val, unsigned int v
 
     php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC);
 
-    php_strip_tags(val, val_len, NULL, NULL, 0);
+    php_strip_tags(*val, val_len, NULL, NULL, 0);
 
-    return strlen(val);
+    return strlen(*val);
 }
 
 PHP_FUNCTION(my_get_raw)
diff --git a/ext/mbstring/mb_gpc.c b/ext/mbstring/mb_gpc.c
index 9003150537..74402ebbfd 100644
--- a/ext/mbstring/mb_gpc.c
+++ b/ext/mbstring/mb_gpc.c
@@ -342,7 +342,7 @@ int _php_mb_encoding_handler_ex(int data_type, zval *arg, char *res, char *separ
 			val_len = len_list[n];
 		}
 		n++;
-		val_len = sapi_module.input_filter(data_type, var, val, val_len TSRMLS_CC);
+		val_len = sapi_module.input_filter(data_type, var, &val, val_len TSRMLS_CC);
 		/* add variable to symbol table */
 		php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
 		if (convd != NULL){
diff --git a/main/SAPI.c b/main/SAPI.c
index 117d868fc8..94a333c967 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -823,7 +823,7 @@ SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zva
 	return SUCCESS;
 }
 
-SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char *val, unsigned int val_len TSRMLS_DC))
+SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC))
 {
 	sapi_module.input_filter = input_filter;
 	return SUCCESS;
diff --git a/main/SAPI.h b/main/SAPI.h
index 1bc31b26cb..88692d255b 100644
--- a/main/SAPI.h
+++ b/main/SAPI.h
@@ -178,7 +178,7 @@ SAPI_API int sapi_register_post_entry(sapi_post_entry *post_entry);
 SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry);
 SAPI_API int sapi_register_default_post_reader(void (*default_post_reader)(TSRMLS_D));
 SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zval *destArray TSRMLS_DC));
-SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char *val, unsigned int val_len TSRMLS_DC));
+SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC));
 
 SAPI_API int sapi_flush(TSRMLS_D);
 SAPI_API struct stat *sapi_get_stat(TSRMLS_D);
@@ -240,7 +240,7 @@ struct _sapi_module_struct {
 	int (*get_target_uid)(uid_t * TSRMLS_DC);
 	int (*get_target_gid)(gid_t * TSRMLS_DC);
 
-	unsigned int (*input_filter)(int arg, char *var, char *val, unsigned int val_len TSRMLS_DC);
+	unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC);
 };
 
 
@@ -269,7 +269,7 @@ struct _sapi_post_entry {
 #define SAPI_POST_HANDLER_FUNC(post_handler) void post_handler(char *content_type_dup, void *arg TSRMLS_DC)
 
 #define SAPI_TREAT_DATA_FUNC(treat_data) void treat_data(int arg, char *str, zval* destArray TSRMLS_DC)
-#define SAPI_INPUT_FILTER_FUNC(input_filter) unsigned int input_filter(int arg, char *var, char *val, unsigned int val_len TSRMLS_DC)
+#define SAPI_INPUT_FILTER_FUNC(input_filter) unsigned int input_filter(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC)
 
 SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data);
 SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader);
diff --git a/main/php_variables.c b/main/php_variables.c
index a82c966ef8..cb354c7dcd 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -226,7 +226,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
 			*val++ = '\0';
 			php_url_decode(var, strlen(var));
 			val_len = php_url_decode(val, strlen(val));
-			val_len = sapi_module.input_filter(PARSE_POST, var, val, val_len TSRMLS_CC);
+			val_len = sapi_module.input_filter(PARSE_POST, var, &val, val_len TSRMLS_CC);
 			php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
 		}
 		var = php_strtok_r(NULL, "&", &strtok_buf);
@@ -321,7 +321,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
 			*val++ = '\0';
 			php_url_decode(var, strlen(var));
 			val_len = php_url_decode(val, strlen(val));
-			val_len = sapi_module.input_filter(arg, var, val, val_len TSRMLS_CC);
+			val_len = sapi_module.input_filter(arg, var, &val, val_len TSRMLS_CC);
 			php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC);
 		} else {
 			php_url_decode(var, strlen(var));
diff --git a/main/rfc1867.c b/main/rfc1867.c
index eea22ce6a8..202dc8ee8d 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -805,7 +805,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 					value = estrdup("");
 				}
 
-				sapi_module.input_filter(PARSE_POST, param, value, strlen(value) TSRMLS_CC);
+				sapi_module.input_filter(PARSE_POST, param, &value, strlen(value) TSRMLS_CC);
 				safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC);
 				if (!strcmp(param, "MAX_FILE_SIZE")) {
 					max_file_size = atol(value);
-- 
2.50.1