diff options
Diffstat (limited to 'ext/filter')
62 files changed, 1440 insertions, 696 deletions
diff --git a/ext/filter/callback_filter.c b/ext/filter/callback_filter.c index 2c1bb9686..e72377e17 100644 --- a/ext/filter/callback_filter.c +++ b/ext/filter/callback_filter.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | + | Copyright (c) 1997-2007 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: callback_filter.c,v 1.9.2.1 2006/07/19 08:35:55 tony2001 Exp $ */ +/* $Id: callback_filter.c,v 1.9.2.4 2007/01/01 09:36:00 sebastian Exp $ */ #include "php_filter.h" @@ -39,17 +39,17 @@ void php_filter_callback(PHP_INPUT_FILTER_PARAM_DECL) status = call_user_function_ex(EG(function_table), NULL, option_array, &retval_ptr, 1, args, 0, NULL TSRMLS_CC); if (status == SUCCESS && retval_ptr != NULL) { - zval_dtor(value); - *value = *retval_ptr; - zval_copy_ctor(value); + if (retval_ptr != value) { + zval_dtor(value); + COPY_PZVAL_TO_ZVAL(*value, retval_ptr); + } else { + zval_ptr_dtor(&retval_ptr); + } } else { zval_dtor(value); Z_TYPE_P(value) = IS_NULL; } - if (retval_ptr) { - zval_ptr_dtor(&retval_ptr); - } efree(args); } diff --git a/ext/filter/config.m4 b/ext/filter/config.m4 index b7a42cf10..0de6fb5df 100644 --- a/ext/filter/config.m4 +++ b/ext/filter/config.m4 @@ -1,4 +1,4 @@ -dnl $Id: config.m4,v 1.6 2006/01/14 15:04:12 sniper Exp $ +dnl $Id: config.m4,v 1.6.2.3 2006/12/05 23:51:30 tony2001 Exp $ dnl config.m4 for input filtering extension PHP_ARG_ENABLE(filter, whether to enable input filter support, @@ -39,57 +39,9 @@ yes CPPFLAGS=$old_CPPFLAGS fi - if test "$PHP_PCRE_REGEX" != "yes"; then - dnl - dnl If PCRE extension is enabled we can use the already found paths, - dnl otherwise we have to detect them here: - dnl - if test "$PHP_PCRE_REGEX" = "no" || test "$PHP_PCRE_REGEX" = "pecl"; then - dnl Set the PCRE search dirs correctly - case "$PHP_PCRE_DIR" in - yes|no) - PCRE_SEARCH_DIR="/usr/local /usr" - ;; - *) - PCRE_SEARCH_DIR="$PHP_PCRE_DIR" - ;; - esac - - for i in $PCRE_SEARCH_DIR; do - if test -f $i/include/pcre/pcre.h; then - PCRE_INCDIR=$i/include/pcre - break - elif test -f $i/include/pcre.h; then - PCRE_INCDIR=$i/include - break - elif test -f $i/pcre.h; then - PCRE_INCDIR=$i - break - fi - done - - if test -z "$PCRE_INCDIR"; then - AC_MSG_ERROR([Could not find pcre.h anywhere under $PCRE_SEARCH_DIR]) - fi - - for j in $PCRE_SEARCH_DIR/$PHP_LIBDIR $PCRE_SEARCH_DIR; do - if test -f $j/libpcre.a || test -f $j/libpcre.$SHLIB_SUFFIX_NAME; then - PCRE_LIBDIR=$j - break - fi - done - - if test -z "$PCRE_LIBDIR" ; then - AC_MSG_ERROR([Could not find libpcre.(a|$SHLIB_SUFFIX_NAME) anywhere under $PCRE_SEARCH_DIR]) - fi - fi - - PHP_ADD_LIBRARY_WITH_PATH(pcre, $PCRE_LIBDIR, FILTER_SHARED_LIBADD) - PHP_ADD_INCLUDE($PCRE_INCDIR) - fi - PHP_NEW_EXTENSION(filter, filter.c sanitizing_filters.c logical_filters.c callback_filter.c, $ext_shared) PHP_SUBST(FILTER_SHARED_LIBADD) - PHP_INSTALL_HEADERS([$ext_srcdir/php_filter.h]) + PHP_INSTALL_HEADERS([ext/filter/php_filter.h]) + PHP_ADD_EXTENSION_DEP(filter, pcre) fi diff --git a/ext/filter/filter.c b/ext/filter/filter.c index 9ef94a2ac..ba6367d5c 100644 --- a/ext/filter/filter.c +++ b/ext/filter/filter.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | + | Copyright (c) 1997-2007 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -19,7 +19,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: filter.c,v 1.52.2.25 2006/10/17 15:26:14 iliaa Exp $ */ +/* $Id: filter.c,v 1.52.2.39 2007/04/04 20:50:26 pajoye Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -104,7 +104,7 @@ zend_module_entry filter_module_entry = { NULL, PHP_RSHUTDOWN(filter), PHP_MINFO(filter), - "0.9.5-dev", + "0.11.0", STANDARD_MODULE_PROPERTIES }; /* }}} */ @@ -123,7 +123,7 @@ static PHP_INI_MH(UpdateDefaultFilter) /* {{{ */ return SUCCESS; } } - /* Fallback to "string" filter */ + /* Fallback to the default filter */ IF_G(default_filter) = FILTER_DEFAULT; return SUCCESS; } @@ -170,9 +170,9 @@ PHP_MINIT_FUNCTION(filter) REGISTER_INI_ENTRIES(); REGISTER_LONG_CONSTANT("INPUT_POST", PARSE_POST, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("INPUT_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("INPUT_GET", PARSE_GET, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("INPUT_COOKIE", PARSE_COOKIE, CONST_CS | CONST_PERSISTENT); - REGISTER_LONG_CONSTANT("INPUT_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("INPUT_ENV", PARSE_ENV, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("INPUT_SERVER", PARSE_SERVER, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST, CONST_CS | CONST_PERSISTENT); @@ -274,8 +274,8 @@ PHP_RSHUTDOWN_FUNCTION(filter) PHP_MINFO_FUNCTION(filter) { php_info_print_table_start(); - php_info_print_table_header( 2, "Input Validation and Filtering", "enabled" ); - php_info_print_table_row( 2, "Revision", "$Revision: 1.52.2.25 $"); + php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" ); + php_info_print_table_row( 2, "Revision", "$Revision: 1.52.2.39 $"); php_info_print_table_end(); DISPLAY_INI_ENTRIES(); @@ -320,6 +320,20 @@ static void php_zval_filter(zval **value, long filter, long flags, zval *options convert_to_string(*value); filter_func.function(*value, flags, options, charset TSRMLS_CC); + + if ( + options && + ((flags & FILTER_NULL_ON_FAILURE && Z_TYPE_PP(value) == IS_NULL) || + (!(flags & FILTER_NULL_ON_FAILURE) && Z_TYPE_PP(value) == IS_BOOL && Z_LVAL_PP(value) == 0)) && + zend_hash_exists(HASH_OF(options), "default", sizeof("default")) + ) { + zval **tmp; + if (zend_hash_find(HASH_OF(options), "default", sizeof("default"), (void **)&tmp) == SUCCESS) { + **value = **tmp; + zval_copy_ctor(*value); + INIT_PZVAL(*value); + } + } } /* }}} */ @@ -357,6 +371,16 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int break; } + /* + * According to rfc2965, more specific paths are listed above the less specific ones. + * If we encounter a duplicate cookie name, we should skip it, since it is not possible + * to have the same (plain text) cookie name for the same path and we should not overwrite + * more specific cookies with the less specific ones. + */ + if (arg == PARSE_COOKIE && orig_array_ptr && zend_symtable_exists(Z_ARRVAL_P(orig_array_ptr), var, strlen(var)+1)) { + return 0; + } + if (array_ptr) { /* Make a copy of the variable name, as php_register_variable_ex seems to * modify it */ @@ -382,8 +406,9 @@ static unsigned int php_sapi_filter(int arg, char *var, char **val, unsigned int if (!(IF_G(default_filter) == FILTER_UNSAFE_RAW)) { zval *tmp_new_var = &new_var; Z_STRVAL(new_var) = estrndup(*val, val_len); + INIT_PZVAL(tmp_new_var); php_zval_filter(&tmp_new_var, IF_G(default_filter), IF_G(default_filter_flags), NULL, NULL/*charset*/, 0 TSRMLS_CC); - } else if (PG(magic_quotes_gpc)) { + } else if (PG(magic_quotes_gpc) && !retval) { /* for PARSE_STRING php_register_variable_safe() will do the addslashes() */ Z_STRVAL(new_var) = php_addslashes(*val, Z_STRLEN(new_var), &Z_STRLEN(new_var), 0 TSRMLS_CC); } else { Z_STRVAL(new_var) = estrndup(*val, val_len); @@ -494,7 +519,6 @@ PHP_FUNCTION(filter_has_var) long arg; char *var; int var_len; - zval **tmp; zval *array_ptr = NULL; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) { @@ -503,7 +527,7 @@ PHP_FUNCTION(filter_has_var) array_ptr = php_filter_get_storage(arg TSRMLS_CC); - if (array_ptr && HASH_OF(array_ptr) && zend_hash_find(HASH_OF(array_ptr), var, var_len + 1, (void **)&tmp) == SUCCESS) { + if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var, var_len + 1)) { RETURN_TRUE; } @@ -518,22 +542,27 @@ static void php_filter_call(zval **filtered, long filter, zval **filter_args, co char *charset = NULL; if (filter_args && Z_TYPE_PP(filter_args) != IS_ARRAY) { - convert_to_long_ex(filter_args); + long lval; + + PHP_FILTER_GET_LONG_OPT(filter_args, lval); + if (filter != -1) { /* handler for array apply */ /* filter_args is the filter_flags */ - filter_flags = Z_LVAL_PP(filter_args); + filter_flags = lval; + + if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) { + filter_flags |= FILTER_REQUIRE_SCALAR; + } } else { - filter = Z_LVAL_PP(filter_args); + filter = lval; } } else if (filter_args) { if (zend_hash_find(HASH_OF(*filter_args), "filter", sizeof("filter"), (void **)&option) == SUCCESS) { - convert_to_long(*option); - filter = Z_LVAL_PP(option); + PHP_FILTER_GET_LONG_OPT(option, filter); } if (zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) { - convert_to_long(*option); - filter_flags = Z_LVAL_PP(option); + PHP_FILTER_GET_LONG_OPT(option, filter_flags); if (!(filter_flags & FILTER_REQUIRE_ARRAY || filter_flags & FILTER_FORCE_ARRAY)) { filter_flags |= FILTER_REQUIRE_SCALAR; @@ -607,12 +636,16 @@ static void php_filter_array_handler(zval *input, zval **op, zval *return_value zval **tmp, **arg_elm; if (!op) { - SEPARATE_ZVAL(&input); + zval_dtor(return_value); *return_value = *input; + zval_copy_ctor(return_value); + INIT_PZVAL(return_value); php_filter_call(&return_value, FILTER_DEFAULT, NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC); } else if (Z_TYPE_PP(op) == IS_LONG) { - SEPARATE_ZVAL(&input); + zval_dtor(return_value); *return_value = *input; + zval_copy_ctor(return_value); + INIT_PZVAL(return_value); php_filter_call(&return_value, Z_LVAL_PP(op), NULL, 0, FILTER_REQUIRE_ARRAY TSRMLS_CC); } else if (Z_TYPE_PP(op) == IS_ARRAY) { array_init(return_value); @@ -620,13 +653,18 @@ static void php_filter_array_handler(zval *input, zval **op, zval *return_value zend_hash_internal_pointer_reset(Z_ARRVAL_PP(op)); for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(op), &pos); zend_hash_get_current_data_ex(Z_ARRVAL_PP(op), (void **) &arg_elm, &pos) == SUCCESS; - zend_hash_move_forward_ex(Z_ARRVAL_PP(op), &pos)) + zend_hash_move_forward_ex(Z_ARRVAL_PP(op), &pos)) { if (zend_hash_get_current_key_ex(Z_ARRVAL_PP(op), &arg_key, &arg_key_len, &index, 0, &pos) != HASH_KEY_IS_STRING) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric keys are not allowed in the definition array."); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Numeric keys are not allowed in the definition array"); zval_dtor(return_value); RETURN_FALSE; } + if (arg_key_len < 2) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty keys are not allowed in the definition array"); + zval_dtor(return_value); + RETURN_FALSE; + } if (zend_hash_find(Z_ARRVAL_P(input), arg_key, arg_key_len, (void **)&tmp) != SUCCESS) { add_assoc_null_ex(return_value, arg_key, arg_key_len); } else { @@ -662,17 +700,29 @@ PHP_FUNCTION(filter_input) return; } + if (!PHP_FILTER_ID_EXISTS(filter)) { + RETURN_FALSE; + } + input = php_filter_get_storage(fetch_from TSRMLS_CC); if (!input || !HASH_OF(input) || zend_hash_find(HASH_OF(input), var, var_len + 1, (void **)&tmp) != SUCCESS) { long filter_flags = 0; - zval **option; + zval **option, **opt, **def; if (filter_args) { if (Z_TYPE_PP(filter_args) == IS_LONG) { filter_flags = Z_LVAL_PP(filter_args); } else if (Z_TYPE_PP(filter_args) == IS_ARRAY && zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) { - convert_to_long(*option); - filter_flags = Z_LVAL_PP(option); + PHP_FILTER_GET_LONG_OPT(option, filter_flags); + } else if (Z_TYPE_PP(filter_args) == IS_ARRAY && + zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&opt) == SUCCESS && + Z_TYPE_PP(opt) == IS_ARRAY && + zend_hash_find(HASH_OF(*opt), "default", sizeof("default"), (void **)&def) == SUCCESS + ) { + *return_value = **def; + zval_copy_ctor(return_value); + INIT_PZVAL(return_value); + return; } } if (filter_flags & FILTER_NULL_ON_FAILURE) { @@ -684,6 +734,7 @@ PHP_FUNCTION(filter_input) *return_value = **tmp; zval_copy_ctor(return_value); /* Watch out for empty strings */ + INIT_PZVAL(return_value); php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC); } @@ -701,8 +752,13 @@ PHP_FUNCTION(filter_var) return; } + if (!PHP_FILTER_ID_EXISTS(filter)) { + RETURN_FALSE; + } + *return_value = *data; zval_copy_ctor(data); + INIT_PZVAL(return_value); php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC); } @@ -720,6 +776,13 @@ PHP_FUNCTION(filter_input_array) return; } + if (op + && (Z_TYPE_PP(op) != IS_ARRAY) + && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op))) + ) { + RETURN_FALSE; + } + array_input = php_filter_get_storage(fetch_from TSRMLS_CC); if (!array_input || !HASH_OF(array_input)) { @@ -729,8 +792,7 @@ PHP_FUNCTION(filter_input_array) if (Z_TYPE_PP(op) == IS_LONG) { filter_flags = Z_LVAL_PP(op); } else if (Z_TYPE_PP(op) == IS_ARRAY && zend_hash_find(HASH_OF(*op), "flags", sizeof("flags"), (void **)&option) == SUCCESS) { - convert_to_long(*option); - filter_flags = Z_LVAL_PP(option); + PHP_FILTER_GET_LONG_OPT(option, filter_flags); } } if (filter_flags & FILTER_NULL_ON_FAILURE) { @@ -755,6 +817,13 @@ PHP_FUNCTION(filter_var_array) return; } + if (op + && (Z_TYPE_PP(op) != IS_ARRAY) + && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op))) + ) { + RETURN_FALSE; + } + php_filter_array_handler(array_input, op, return_value TSRMLS_CC); } /* }}} */ @@ -766,7 +835,7 @@ PHP_FUNCTION(filter_list) int i, size = sizeof(filter_list) / sizeof(filter_list_entry); if (ZEND_NUM_ARGS()) { - WRONG_PARAM_COUNT; + WRONG_PARAM_COUNT; } array_init(return_value); diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h index 92d0775ea..6ae79afb5 100644 --- a/ext/filter/filter_private.h +++ b/ext/filter/filter_private.h @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | + | Copyright (c) 1997-2007 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: filter_private.h,v 1.12.2.5 2006/10/17 15:26:14 iliaa Exp $ */ +/* $Id: filter_private.h,v 1.12.2.9 2007/01/01 09:36:00 sebastian Exp $ */ #ifndef FILTER_PRIVATE_H #define FILTER_PRIVATE_H @@ -62,6 +62,7 @@ #define FILTER_VALIDATE_URL 0x0111 #define FILTER_VALIDATE_EMAIL 0x0112 #define FILTER_VALIDATE_IP 0x0113 +#define FILTER_VALIDATE_LAST 0x0113 #define FILTER_VALIDATE_ALL 0x0100 @@ -76,32 +77,49 @@ #define FILTER_SANITIZE_NUMBER_INT 0x0207 #define FILTER_SANITIZE_NUMBER_FLOAT 0x0208 #define FILTER_SANITIZE_MAGIC_QUOTES 0x0209 +#define FILTER_SANITIZE_LAST 0x0209 #define FILTER_SANITIZE_ALL 0x0200 #define FILTER_CALLBACK 0x0400 -#define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \ - while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \ +#define PHP_FILTER_ID_EXISTS(id) \ +((id >= FILTER_SANITIZE_ALL && id <= FILTER_SANITIZE_LAST) \ +|| (id >= FILTER_VALIDATE_ALL && id <= FILTER_VALIDATE_LAST) \ +|| id == FILTER_CALLBACK) + +#define RETURN_VALIDATION_FAILED \ + zval_dtor(value); \ + if (flags & FILTER_NULL_ON_FAILURE) { \ + ZVAL_NULL(value); \ + } else { \ + ZVAL_FALSE(value); \ + } \ + return; \ + +#define PHP_FILTER_TRIM_DEFAULT(p, len) { \ + while ((len > 0) && (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p == '\n')) { \ p++; \ len--; \ } \ - start = p; \ - end = p + len - 1; \ - if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \ - unsigned int i; \ - for (i = len - 1; i >= 0; i--) { \ - if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' || p[i] == '\v')) { \ - break; \ - } \ - } \ - i++; \ - p[i] = '\0'; \ - end = p + i - 1; \ - len = (int) (end - p) + 1; \ + if (len < 1) { \ + RETURN_VALIDATION_FAILED \ + } \ + while (p[len-1] == ' ' || p[len-1] == '\t' || p[len-1] == '\r' || p[len-1] == '\v' || p[len-1] == '\n') { \ + len--; \ } \ } +#define PHP_FILTER_GET_LONG_OPT(zv, opt) { \ + if (Z_TYPE_PP(zv) != IS_LONG) { \ + zval tmp = **zv; \ + zval_copy_ctor(&tmp); \ + convert_to_long(&tmp); \ + opt = Z_LVAL(tmp); \ + } else { \ + opt = Z_LVAL_PP(zv); \ + } \ +} #endif /* FILTER_PRIVATE_H */ diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index 307b4ed20..73220bc5d 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | + | Copyright (c) 1997-2007 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -17,21 +17,33 @@ +----------------------------------------------------------------------+ */ -/* $Id: logical_filters.c,v 1.1.2.11 2006/10/17 15:26:14 iliaa Exp $ */ +/* $Id: logical_filters.c,v 1.1.2.21 2007/01/01 09:36:00 sebastian Exp $ */ #include "php_filter.h" #include "filter_private.h" #include "ext/standard/url.h" #include "ext/pcre/php_pcre.h" +#include "zend_multiply.h" + +#if HAVE_ARPA_INET_H +# include <arpa/inet.h> +#endif + +#define LONG_SIGN_MASK (1L << (8*sizeof(long)-1)) + +#ifndef INADDR_NONE +# define INADDR_NONE ((unsigned long int) -1) +#endif + + /* {{{ FETCH_LONG_OPTION(var_name, option_name) */ #define FETCH_LONG_OPTION(var_name, option_name) \ var_name = 0; \ var_name##_set = 0; \ if (option_array) { \ if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \ - convert_to_long(*option_val); \ - var_name = Z_LVAL_PP(option_val); \ + PHP_FILTER_GET_LONG_OPT(option_val, var_name); \ var_name##_set = 1; \ } \ } @@ -44,10 +56,11 @@ var_name##_len = 0; \ if (option_array) { \ if (zend_hash_find(HASH_OF(option_array), option_name, sizeof(option_name), (void **) &option_val) == SUCCESS) { \ - convert_to_string(*option_val); \ - var_name = Z_STRVAL_PP(option_val); \ - var_name##_set = 1; \ - var_name##_len = Z_STRLEN_PP(option_val); \ + if (Z_TYPE_PP(option_val) == IS_STRING) { \ + var_name = Z_STRVAL_PP(option_val); \ + var_name##_len = Z_STRLEN_PP(option_val); \ + var_name##_set = 1; \ + } \ } \ } /* }}} */ @@ -55,24 +68,14 @@ #define FORMAT_IPV4 4 #define FORMAT_IPV6 6 -#define RETURN_VALIDATION_FAILED \ - zval_dtor(value); \ - if (flags & FILTER_NULL_ON_FAILURE) { \ - ZVAL_NULL(value); \ - } else { \ - ZVAL_FALSE(value); \ - } \ - return; \ - static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */ - long ctx_value = 0; + long ctx_value; long sign = 1; - int error = 0; - const char *end; + const char *end = str + str_len; + double dval; + long overflow; - end = str + str_len; - - switch(*str) { + switch (*str) { case '-': sign = -1; case '+': @@ -82,88 +85,79 @@ static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret } /* must start with 1..9*/ - if (*str >= '1' && *str <= '9') { - ctx_value += ((*str) - '0'); - str++; + if (str < end && *str >= '1' && *str <= '9') { + ctx_value = ((*(str++)) - '0'); } else { return -1; } - if (str_len == 1 ) { - *ret = ctx_value; - return 1; - } - - while (*str) { + while (str < end) { if (*str >= '0' && *str <= '9') { - ctx_value *= 10; - ctx_value += ((*str) - '0'); - str++; + ZEND_SIGNED_MULTIPLY_LONG(ctx_value, 10, ctx_value, dval, overflow); + if (overflow) { + return -1; + } + ctx_value += ((*(str++)) - '0'); + if (ctx_value & LONG_SIGN_MASK) { + return -1; + } } else { - error = 1; - break; + return -1; } } - /* state "tail" */ - if (!error && *str == '\0' && str == end) { - *ret = ctx_value * sign; - return 1; - } else { - return -1; - } + *ret = ctx_value * sign; + return 1; } /* }}} */ static int php_filter_parse_octal(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */ - long ctx_value = 0; - int error = 0; + unsigned long ctx_value = 0; + const char *end = str + str_len; - while (*str) { + while (str < end) { if (*str >= '0' && *str <= '7') { - ctx_value *= 8; - ctx_value += ((*str) - '0'); - str++; + unsigned long n = ((*(str++)) - '0'); + + if ((ctx_value > ((unsigned long)(~(long)0)) / 8) || + ((ctx_value = ctx_value * 8) > ((unsigned long)(~(long)0)) - n)) { + return -1; + } + ctx_value += n; } else { - error = 1; - break; + return -1; } } - if (!error && *str == '\0') { - *ret = ctx_value; - return 1; - } else { - return -1; - } + + *ret = (long)ctx_value; + return 1; } /* }}} */ static int php_filter_parse_hex(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */ - long ctx_value = 0; - int error = 0; - - while (*str) { - if ((*str >= '0' && *str <= '9') || (*str >= 'a' && *str <= 'f') || (*str >= 'A' && *str <= 'F')) { - ctx_value *= 16; - if (*str >= '0' && *str <= '9') { - ctx_value += ((*str) - '0'); - } else if (*str >= 'a' && *str <= 'f') { - ctx_value += 10 + ((*str) - 'a'); - } else if (*str >= 'A' && *str <= 'F') { - ctx_value += 10 + ((*str) - 'A'); - } - str++; + unsigned long ctx_value = 0; + const char *end = str + str_len; + unsigned long n; + + while (str < end) { + if (*str >= '0' && *str <= '9') { + n = ((*(str++)) - '0'); + } else if (*str >= 'a' && *str <= 'f') { + n = ((*(str++)) - ('a' - 10)); + } else if (*str >= 'A' && *str <= 'F') { + n = ((*(str++)) - ('A' - 10)); } else { - error = 1; - break; + return -1; } + if ((ctx_value > ((unsigned long)(~(long)0)) / 16) || + ((ctx_value = ctx_value * 16) > ((unsigned long)(~(long)0)) - n)) { + return -1; + } + ctx_value += n; } - if (!error && *str == '\0') { - *ret = ctx_value; - return 1; - } else { - return -1; - } + + *ret = (long)ctx_value; + return 1; } /* }}} */ @@ -175,7 +169,7 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ int allow_octal = 0, allow_hex = 0; int len, error = 0; long ctx_value; - char *p, *start, *end; + char *p; /* Parse options */ FETCH_LONG_OPTION(min_range, "min_range"); @@ -200,12 +194,12 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ p = Z_STRVAL_P(value); ctx_value = 0; - PHP_FILTER_TRIM_DEFAULT(p, len, end); + PHP_FILTER_TRIM_DEFAULT(p, len); if (*p == '0') { - p++; + p++; len--; if (allow_hex && (*p == 'x' || *p == 'X')) { - p++; + p++; len--; if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) { error = 1; } @@ -213,7 +207,7 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) { error = 1; } - } else if (len != 1) { + } else if (len != 0) { error = 1; } } else { @@ -236,34 +230,65 @@ void php_filter_int(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { char *str = Z_STRVAL_P(value); - char *start, *end; int len = Z_STRLEN_P(value); + int ret; - if (len>0) { - PHP_FILTER_TRIM_DEFAULT(str, len, end); - } else { - RETURN_VALIDATION_FAILED - } + PHP_FILTER_TRIM_DEFAULT(str, len); /* returns true for "1", "true", "on" and "yes" * returns false for "0", "false", "off", "no", and "" * null otherwise. */ - if ((strncasecmp(str, "true", sizeof("true")) == 0) || - (strncasecmp(str, "yes", sizeof("yes")) == 0) || - (strncasecmp(str, "on", sizeof("on")) == 0) || - (strncmp(str, "1", sizeof("1")) == 0)) - { - zval_dtor(value); - ZVAL_BOOL(value, 1); - } else if ((strncasecmp(str, "false", sizeof("false")) == 0) || - (strncasecmp(str, "no", sizeof("no")) == 0) || - (strncasecmp(str, "off", sizeof("off")) == 0) || - (strncmp(str, "0", sizeof("0")) == 0)) - { - zval_dtor(value); - ZVAL_BOOL(value, 0); - } else { + switch (len) { + case 1: + if (*str == '1') { + ret = 1; + } else if (*str == '0') { + ret = 0; + } else { + ret = -1; + } + break; + case 2: + if (strncasecmp(str, "on", 2) == 0) { + ret = 1; + } else if (strncasecmp(str, "no", 2) == 0) { + ret = 0; + } else { + ret = -1; + } + break; + case 3: + if (strncasecmp(str, "yes", 3) == 0) { + ret = 1; + } else if (strncasecmp(str, "off", 3) == 0) { + ret = 0; + } else { + ret = -1; + } + break; + case 4: + if (strncasecmp(str, "true", 4) == 0) { + ret = 1; + } else { + ret = -1; + } + break; + case 5: + if (strncasecmp(str, "false", 5) == 0) { + ret = 0; + } else { + ret = -1; + } + break; + default: + ret = -1; + } + + if (ret == -1) { RETURN_VALIDATION_FAILED + } else { + zval_dtor(value); + ZVAL_BOOL(value, ret); } } /* }}} */ @@ -271,168 +296,105 @@ void php_filter_boolean(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { int len; - char *str, *start, *end; + char *str, *end; + char *num, *p; zval **option_val; char *decimal; - char dec_sep = '\0'; - - const char default_decimal[] = "."; int decimal_set, decimal_len; - + char dec_sep = '.'; char tsd_sep[3] = "',."; - long options_flag; - int options_flag_set; + long lval; + double dval; - int sign = 1; - - double ret_val = 0; - double factor; - - int exp_value = 0, exp_multiply = 1; + int first, n; len = Z_STRLEN_P(value); - - if (len < 1) { - RETURN_VALIDATION_FAILED - } - str = Z_STRVAL_P(value); - start = str; - if (len == 1) { - if (*str >= '0' && *str <= '9') { - ret_val = (double)*str - '0'; - } else if (*str == 'E' || *str == 'e') { - ret_val = 0; - } - zval_dtor(value); - Z_TYPE_P(value) = IS_DOUBLE; - Z_DVAL_P(value) = ret_val; - return; - } + PHP_FILTER_TRIM_DEFAULT(str, len); + end = str + len; FETCH_STRING_OPTION(decimal, "decimal"); - FETCH_LONG_OPTION(options_flag, "flags"); if (decimal_set) { - if (decimal_len > 1) { + if (decimal_len != 1) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "decimal separator must be one char"); + RETURN_VALIDATION_FAILED } else { dec_sep = *decimal; } - } else { - dec_sep = *default_decimal; } - PHP_FILTER_TRIM_DEFAULT(str, len, end); - - if (*str == '-') { - sign = -1; - str++; - start = str; - } else if (*str == '+') { - sign = 1; - str++; - start = str; + num = p = emalloc(len+1); + if (str < end && (*str == '+' || *str == '-')) { + *p++ = *str++; } - - ret_val = 0.0; - - while (*str == '0') { - str++; - } - - if (*str == dec_sep) { - str++; - goto stateDot; - } - - ret_val = 0; - - if (str != start) { - str--; - } - - while (*str && *str != dec_sep) { - if ((options_flag & FILTER_FLAG_ALLOW_THOUSAND) && (*str == tsd_sep[0] || *str == tsd_sep[1] || *str == tsd_sep[2])) { - str++; - continue; - } - - if (*str == 'e' || *str == 'E') { - goto stateExp; - } - - if (*str < '0' || *str > '9') { - goto stateError; + first = 1; + while (1) { + n = 0; + while (str < end && *str >= '0' && *str <= '9') { + ++n; + *p++ = *str++; } - - ret_val *=10; ret_val += (*str - '0'); - str++; - } - if (!(*str)) { - goto stateT; - } - str++; - -stateDot: - factor = 0.1; - while (*str) { - if (*str == 'e' || *str == 'E') { - goto stateExp; + if (str == end || *str == dec_sep || *str == 'e' || *str == 'E') { + if (!first && n != 3) { + goto error; + } + if (*str == dec_sep) { + *p++ = '.'; + str++; + while (str < end && *str >= '0' && *str <= '9') { + *p++ = *str++; + } + } + if (*str == 'e' || *str == 'E') { + *p++ = *str++; + if (str < end && (*str == '+' || *str == '-')) { + *p++ = *str++; + } + while (str < end && *str >= '0' && *str <= '9') { + *p++ = *str++; + } + } + break; } - - if (*str < '0' || *str > '9') { - goto stateError; + if ((flags & FILTER_FLAG_ALLOW_THOUSAND) && (*str == tsd_sep[0] || *str == tsd_sep[1] || *str == tsd_sep[2])) { + if (first?(n < 1 || n > 3):(n != 3)) { + goto error; + } + first = 0; + str++; + } else { + goto error; } - - ret_val += factor * (*str - '0'); - factor /= 10; - str++; } - if (!(*str)) { - goto stateT; + if (str != end) { + goto error; } + *p = 0; -stateExp: - str++; - switch (*str) { - case '-': - exp_multiply = -1; - str++; + switch (is_numeric_string(num, p - num, &lval, &dval, 0)) { + case IS_LONG: + zval_dtor(value); + Z_TYPE_P(value) = IS_DOUBLE; + Z_DVAL_P(value) = lval; break; - case '+': - exp_multiply = 1; - str++; - } - - while (*str) { - if (*str < '0' || *str > '9') { - goto stateError; - } - exp_value *= 10; - exp_value += ((*str) - '0'); - str++; - } - -stateT: - if ((str -1) != end) { - goto stateError; - } - if (exp_value) { - exp_value *= exp_multiply; - ret_val *= pow(10, exp_value); + case IS_DOUBLE: + if ((!dval && p - num > 1 && strpbrk(num, "123456789")) || !zend_finite(dval)) { + goto error; + } + zval_dtor(value); + Z_TYPE_P(value) = IS_DOUBLE; + Z_DVAL_P(value) = dval; + break; + default: +error: + efree(num); + RETURN_VALIDATION_FAILED } - - zval_dtor(value); - Z_TYPE_P(value) = IS_DOUBLE; - Z_DVAL_P(value) = sign * ret_val; - return; - -stateError: - RETURN_VALIDATION_FAILED + efree(num); } /* }}} */ @@ -476,6 +438,13 @@ void php_filter_validate_regexp(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; + int old_len = Z_STRLEN_P(value); + + php_filter_url(value, flags, option_array, charset TSRMLS_CC); + + if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) { + RETURN_VALIDATION_FAILED + } /* Use parse_url - if it returns false, we return NULL */ url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value)); @@ -485,10 +454,10 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ } if ( - ((flags & FILTER_FLAG_SCHEME_REQUIRED) && url->scheme == NULL) || - ((flags & FILTER_FLAG_HOST_REQUIRED) && url->host == NULL) || - ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || - ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL) + url->scheme == NULL || + /* some schemas allow the host to be empty */ + (url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) || + ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL) ) { php_url_free(url); RETURN_VALIDATION_FAILED @@ -500,7 +469,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { /* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */ - const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\v\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/"; + const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/"; pcre *re = NULL; pcre_extra *pcre_extra = NULL; @@ -523,220 +492,97 @@ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ } /* }}} */ -static int _php_filter_validate_ipv4_count_dots(char *str) /* {{{ */ +static int _php_filter_validate_ipv4(char *str, int str_len, int *ip) /* {{{ */ { - char *s1, *s2, *s3, *s4; - - s1 = strchr(str, '.'); - if (!s1) - return 0; - s2 = strchr(s1 + 1, '.'); - if (!s2) - return 1; - s3 = strchr(s2 + 1, '.'); - if (!s3) - return 2; - s4 = strchr(s3 + 1, '.'); - if (!s4) - return 3; - return 4; /* too many */ -} -/* }}} */ + const char *end = str + str_len; + int num, m; + int n = 0; -static int _php_filter_validate_ipv4_get_nr(char **str) /* {{{ */ -{ - char *begin, *end, *ptr, *tmp_str; - int tmp_nr = -1; - - begin = ptr = *str; - while ((*ptr >= '0') && (*ptr <= '9')) { - ++ptr; - } - end = ptr; - *str = end + 1; - - if (end == begin) { - return -1; - } - - tmp_str = calloc(1, end - begin + 1); - memcpy(tmp_str, begin, end - begin); - tmp_nr = strtol(tmp_str, NULL, 10); - free(tmp_str); - - if (tmp_nr < 0 || tmp_nr > 255) { - tmp_nr = -1; - } - return tmp_nr; -} -/* }}} */ - -static int _php_filter_validate_ipv4(char *str, int *ip TSRMLS_DC) /* {{{ */ -{ - char *p; - int x; - - if (_php_filter_validate_ipv4_count_dots(str) != 3) { - return 0; - } - - p = str; - for (x = 0; x < 4; ++x) { - ip[x] = _php_filter_validate_ipv4_get_nr(&p); - if (ip[x] == -1) { + while (str < end) { + if (*str < '0' || *str > '9') { + return 0; + } + m = 1; + num = ((*(str++)) - '0'); + while (str < end && (*str >= '0' && *str <= '9')) { + num = num * 10 + ((*(str++)) - '0'); + if (num > 255 || ++m > 3) { + return 0; + } + } + ip[n++] = num; + if (n == 4) { + return str == end; + } else if (str >= end || *(str++) != '.') { return 0; } } - return 1; + return 0; } /* }}} */ -#define IS_HEX(s) if (!((s >= '0' && s <= '9') || (s >= 'a' && s <= 'f') ||(s >= 'A' && s <= 'F'))) { \ - return 0; \ -} - -#define IPV6_LOOP_IN(str) \ - if (*str == ':') { \ - if (hexcode_found > 4) { \ - return -134; \ - } \ - hexcode_found = 0; \ - col_fnd++; \ - } else { \ - IS_HEX(*str); \ - hexcode_found++; \ - } - -static int _php_filter_validate_ipv6_(char *str TSRMLS_DC) /* {{{ */ +static int _php_filter_validate_ipv6(char *str, int str_len TSRMLS_DC) /* {{{ */ { - int hexcode_found = 0; - int compressed_2end = 0; - int col_fnd = 0; - char *start = str; - char *compressed = NULL, *t = str; - char *s2 = NULL, *ipv4=NULL; + int compressed = 0; + int blocks = 8; + int n; + char *ipv4; + char *end; int ip4elm[4]; - if (!strchr(str, ':')) { + if (!memchr(str, ':', str_len)) { return 0; } - /* Check for compressed expression. only one is allowed */ - compressed = strstr(str, "::"); - if (compressed) { - s2 = strstr(compressed+1, "::"); - if (s2) { - return 0; - } - } - /* check for bundled IPv4 */ - ipv4 = strchr(str, '.'); - + ipv4 = memchr(str, '.', str_len); if (ipv4) { - while (*ipv4 != ':' && ipv4 >= start) { + while (ipv4 > str && *(ipv4-1) != ':') { ipv4--; } - /* ::w.x.y.z */ - if (compressed && ipv4 == (compressed + 1)) { - compressed_2end = 1; - } - ipv4++; - - if (!_php_filter_validate_ipv4(ipv4, ip4elm TSRMLS_CC)) { + if (!_php_filter_validate_ipv4(ipv4, (str_len - (ipv4 - str)), ip4elm)) { return 0; } - - if (compressed_2end) { - return 1; + str_len = (ipv4 - str) - 1; + if (str_len == 1) { + return *str == ':'; } + blocks = 6; } - if (!compressed) { - char *end; - if (ipv4) { - end = ipv4 - 1; - } else { - end = str + strlen(start); - } - - while (*str && str <= end) { - IPV6_LOOP_IN(str); - str++; - } - - if (!ipv4) { - if (col_fnd != 7) { - return 0; - } else { - return 1; - } - } else { - if (col_fnd != 6) { - return -1230; - } else { - return 1; - } - } - } else { - if (!ipv4) { - t = compressed - 1; - while (t >= start) { - IPV6_LOOP_IN(t); - t--; - } - - if (hexcode_found > 4) { - return 0; - } - - t = compressed + 2; - hexcode_found = 0; - while (*t) { - IPV6_LOOP_IN(t); - t++; - } - - if (hexcode_found > 4) { - return 0; - } - - if (col_fnd > 6) { - return 0; - } else { - return 1; - } - } else { - /* ipv4 part always at the end */ - t = ipv4 - 1; - while (t >= (compressed + 2)) { - IPV6_LOOP_IN(t); - t--; - } - - if (hexcode_found > 4) { - return 0; - } - - hexcode_found = 0; - t = compressed - 1; - while (t >= start) { - IPV6_LOOP_IN(t); - t--; - } - if (hexcode_found > 4) { + end = str + str_len; + while (str < end) { + if (*str == ':') { + if (--blocks == 0) { return 0; - } - - if (col_fnd > 6) { + } + if (++str >= end) { return 0; - } else { - return 1; } + if (*str == ':') { + if (compressed || --blocks == 0) { + return 0; + } + if (++str == end) { + return 1; + } + compressed = 1; + } + } + n = 0; + while ((str < end) && + ((*str >= '0' && *str <= '9') || + (*str >= 'a' && *str <= 'f') || + (*str >= 'A' && *str <= 'F'))) { + n++; + str++; + } + if (n < 1 || n > 4) { + return 0; } } - return 0; + return (compressed || blocks == 1); } /* }}} */ @@ -747,15 +593,12 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ * allow_ipv4 and allow_ipv6 flags flag are used, then the first dot or * colon determine the format */ - char *str = NULL; int ip[4]; int mode; - str = Z_STRVAL_P(value); - - if (strchr(str, ':')) { + if (memchr(Z_STRVAL_P(value), ':', Z_STRLEN_P(value))) { mode = FORMAT_IPV6; - } else if (strchr(str, '.')) { + } else if (memchr(Z_STRVAL_P(value), '.', Z_STRLEN_P(value))) { mode = FORMAT_IPV4; } else { RETURN_VALIDATION_FAILED @@ -771,7 +614,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ switch (mode) { case FORMAT_IPV4: - if (!_php_filter_validate_ipv4(str, ip TSRMLS_CC)) { + if (!_php_filter_validate_ipv4(Z_STRVAL_P(value), Z_STRLEN_P(value), ip)) { RETURN_VALIDATION_FAILED } @@ -801,7 +644,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ case FORMAT_IPV6: { int res = 0; - res = _php_filter_validate_ipv6_(str TSRMLS_CC); + res = _php_filter_validate_ipv6(Z_STRVAL_P(value), Z_STRLEN_P(value) TSRMLS_CC); if (res < 1) { RETURN_VALIDATION_FAILED } diff --git a/ext/filter/php_filter.h b/ext/filter/php_filter.h index eb4eab17b..f4b0133d7 100644 --- a/ext/filter/php_filter.h +++ b/ext/filter/php_filter.h @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | + | Copyright (c) 1997-2007 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: php_filter.h,v 1.10.2.1 2006/10/03 02:16:52 iliaa Exp $ */ +/* $Id: php_filter.h,v 1.10.2.2 2007/01/01 09:36:00 sebastian Exp $ */ #ifndef PHP_FILTER_H #define PHP_FILTER_H diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 910c7d13c..17f33c3a2 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -2,7 +2,7 @@ +----------------------------------------------------------------------+ | PHP Version 5 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2006 The PHP Group | + | Copyright (c) 1997-2007 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: sanitizing_filters.c,v 1.11.2.5 2006/10/03 11:42:23 pajoye Exp $ */ +/* $Id: sanitizing_filters.c,v 1.11.2.9 2007/01/01 09:36:00 sebastian Exp $ */ #include "php_filter.h" #include "filter_private.h" @@ -27,52 +27,29 @@ typedef unsigned long filter_map[256]; /* }}} */ /* {{{ HELPER FUNCTIONS */ -static void php_filter_encode_html(zval *value, const char* chars, int encode_nul) +static void php_filter_encode_html(zval *value, const unsigned char *chars) { - register int x, y; smart_str str = {0}; int len = Z_STRLEN_P(value); - char *s = Z_STRVAL_P(value); + unsigned char *s = (unsigned char *)Z_STRVAL_P(value); + unsigned char *e = s + len; if (Z_STRLEN_P(value) == 0) { return; } - for (x = 0, y = 0; len--; x++, y++) { - if (strchr(chars, s[x]) || (encode_nul && s[x] == 0)) { + while (s < e) { + if (chars[*s]) { smart_str_appendl(&str, "&#", 2); - smart_str_append_long(&str, s[x]); + smart_str_append_unsigned(&str, (unsigned long)*s); smart_str_appendc(&str, ';'); } else { - smart_str_appendc(&str, s[x]); + /* XXX: this needs to be optimized to work with blocks of 'safe' chars */ + smart_str_appendc(&str, *s); } + s++; } - smart_str_0(&str); - efree(Z_STRVAL_P(value)); - Z_STRVAL_P(value) = str.c; - Z_STRLEN_P(value) = str.len; -} -static void php_filter_encode_html_high_low(zval *value, long flags) -{ - register int x, y; - smart_str str = {0}; - int len = Z_STRLEN_P(value); - unsigned char *s = (unsigned char *)Z_STRVAL_P(value); - - if (Z_STRLEN_P(value) == 0) { - return; - } - - for (x = 0, y = 0; len--; x++, y++) { - if (((flags & FILTER_FLAG_ENCODE_LOW) && (s[x] < 32)) || ((flags & FILTER_FLAG_ENCODE_HIGH) && (s[x] > 127))) { - smart_str_appendl(&str, "&#", 2); - smart_str_append_unsigned(&str, s[x]); - smart_str_appendc(&str, ';'); - } else { - smart_str_appendc(&str, s[x]); - } - } smart_str_0(&str); efree(Z_STRVAL_P(value)); Z_STRVAL_P(value) = str.c; @@ -87,27 +64,47 @@ static const unsigned char hexchars[] = "0123456789ABCDEF"; #define DEFAULT_URL_ENCODE LOWALPHA HIALPHA DIGIT "-._" -static void php_filter_encode_url(zval *value, const char* chars, int high, int low, int encode_nul) +static void php_filter_encode_url(zval *value, const unsigned char* chars, const int char_len, int high, int low, int encode_nul) { - register int x, y; - unsigned char *str; - int len = Z_STRLEN_P(value); - char *s = Z_STRVAL_P(value); + unsigned char *str, *p; + unsigned char tmp[256]; + unsigned char *s = (unsigned char *)chars; + unsigned char *e = s + char_len; - str = (unsigned char *) safe_emalloc(3, len, 1); - for (x = 0, y = 0; len--; x++, y++) { - str[y] = (unsigned char) s[x]; + memset(tmp, 1, sizeof(tmp)-1); - if ((strlen(chars) && !strchr(chars, str[y])) || (high && str[y] > 127) || (low && str[y] < 32) || (encode_nul && str[y] == 0)) { - str[y++] = '%'; - str[y++] = hexchars[(unsigned char) s[x] >> 4]; - str[y] = hexchars[(unsigned char) s[x] & 15]; + while (s < e) { + tmp[*s++] = 0; + } +/* XXX: This is not needed since these chars in the allowed list never include the high/low/null value + if (encode_nul) { + tmp[0] = 1; + } + if (high) { + memset(tmp + 127, 1, sizeof(tmp) - 127); + } + if (low) { + memset(tmp, 1, 32); + } +*/ + p = str = (unsigned char *) safe_emalloc(3, Z_STRLEN_P(value), 1); + s = (unsigned char *)Z_STRVAL_P(value); + e = s + Z_STRLEN_P(value); + + while (s < e) { + if (tmp[*s]) { + *p++ = '%'; + *p++ = hexchars[(unsigned char) *s >> 4]; + *p++ = hexchars[(unsigned char) *s & 15]; + } else { + *p++ = *s; } + s++; } - str[y] = '\0'; + *p = '\0'; efree(Z_STRVAL_P(value)); Z_STRVAL_P(value) = (char *)str; - Z_STRLEN_P(value) = y; + Z_STRLEN_P(value) = p - str; } static void php_filter_strip(zval *value, long flags) @@ -181,9 +178,28 @@ static void filter_map_apply(zval *value, filter_map *map) void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) { size_t new_len; - + unsigned char enc[256] = {0}; + + /* strip high/strip low ( see flags )*/ + php_filter_strip(value, flags); + + if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) { + enc['\''] = enc['"'] = 1; + } + if (flags & FILTER_FLAG_ENCODE_AMP) { + enc['&'] = 1; + } + if (flags & FILTER_FLAG_ENCODE_LOW) { + memset(enc, 1, 32); + } + if (flags & FILTER_FLAG_ENCODE_HIGH) { + memset(enc + 127, 1, sizeof(enc) - 127); + } + + php_filter_encode_html(value, enc); + /* strip tags, implicitly also removes \0 chars */ - new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0); + new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1); Z_STRLEN_P(value) = new_len; if (new_len == 0) { @@ -191,21 +207,6 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) ZVAL_EMPTY_STRING(value); return; } - - if (! (flags & FILTER_FLAG_NO_ENCODE_QUOTES)) { - /* encode ' and " to numerical entity */ - php_filter_encode_html(value, "'\"", 0); - } - /* strip high/strip low ( see flags )*/ - php_filter_strip(value, flags); - - /* encode low/encode high flags */ - php_filter_encode_html_high_low(value, flags); - - /* also all the flags - & encode as %xx */ - if (flags & FILTER_FLAG_ENCODE_AMP) { - php_filter_encode_html(value, "&", 0); - } } /* }}} */ @@ -215,18 +216,28 @@ void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL) /* apply strip_high and strip_low filters */ php_filter_strip(value, flags); /* urlencode */ - php_filter_encode_url(value, DEFAULT_URL_ENCODE, flags & FILTER_FLAG_ENCODE_HIGH, flags & FILTER_FLAG_ENCODE_LOW, 1); + php_filter_encode_url(value, (unsigned char *)DEFAULT_URL_ENCODE, sizeof(DEFAULT_URL_ENCODE)-1, flags & FILTER_FLAG_ENCODE_HIGH, flags & FILTER_FLAG_ENCODE_LOW, 1); } /* }}} */ /* {{{ php_filter_special_chars */ void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL) { + unsigned char enc[256] = {0}; + + php_filter_strip(value, flags); + /* encodes ' " < > & \0 to numerical entities */ - php_filter_encode_html(value, "'\"<>&", 1); + enc['\''] = enc['"'] = enc['<'] = enc['>'] = enc['&'] = enc[0] = 1; + /* if strip low is not set, then we encode them as &#xx; */ - php_filter_strip(value, flags); - php_filter_encode_html_high_low(value, FILTER_FLAG_ENCODE_LOW | flags); + memset(enc, 1, 32); + + if (flags & FILTER_FLAG_ENCODE_HIGH) { + memset(enc + 127, 1, sizeof(enc) - 127); + } + + php_filter_encode_html(value, enc); } /* }}} */ @@ -235,11 +246,21 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL) { /* Only if no flags are set (optimization) */ if (flags != 0 && Z_STRLEN_P(value) > 0) { + unsigned char enc[256] = {0}; + php_filter_strip(value, flags); + if (flags & FILTER_FLAG_ENCODE_AMP) { - php_filter_encode_html(value, "&", 0); + enc['&'] = 1; } - php_filter_encode_html_high_low(value, flags); + if (flags & FILTER_FLAG_ENCODE_LOW) { + memset(enc, 1, 32); + } + if (flags & FILTER_FLAG_ENCODE_HIGH) { + memset(enc + 127, 1, sizeof(enc) - 127); + } + + php_filter_encode_html(value, enc); } } /* }}} */ diff --git a/ext/filter/tests/004.phpt b/ext/filter/tests/004.phpt index a0d1b5f2a..b89912493 100644 --- a/ext/filter/tests/004.phpt +++ b/ext/filter/tests/004.phpt @@ -1,11 +1,7 @@ --TEST-- GET/POST/REQUEST Test with filtered data --SKIPIF-- -<?php -/* CGI doesn't read commandline options when it sees REQUES_METHOD */ -die("skip"); -die("not possible to set ini setting using -d and CGI"); -?> +<?php if (!extension_loaded("filter")) die("skip"); ?> --INI-- filter.default=special_chars --POST-- @@ -26,5 +22,5 @@ echo $_REQUEST['d']; echo $_REQUEST['e']; ?> --EXPECT-- -O'HenryBold"quotes"\slash -O'HenryBold"quotes"\slash +O'Henry<b>Bold</b>"quotes"\slash +O'Henry<b>Bold</b>"quotes"\slash diff --git a/ext/filter/tests/006.phpt b/ext/filter/tests/006.phpt index aa612d73d..9439e471c 100644 --- a/ext/filter/tests/006.phpt +++ b/ext/filter/tests/006.phpt @@ -1,5 +1,7 @@ --TEST-- filter() test +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --POST-- foo=<b>abc</b> --FILE-- diff --git a/ext/filter/tests/007.phpt b/ext/filter/tests/007.phpt index 72670dc79..96e0b5f18 100644 --- a/ext/filter/tests/007.phpt +++ b/ext/filter/tests/007.phpt @@ -1,11 +1,7 @@ --TEST-- -input_has_variable() +filter_has_var() --SKIPIF-- -<?php -/* TODO: Check why we get warnings 2x */ -die("skip"); -die("error mode cannot be changed via -d"); -?> +<?php if (!extension_loaded("filter")) die("skip"); ?> --GET-- a=qwe&abc=<a>href</a> --POST-- @@ -13,25 +9,25 @@ b=qwe&bbc=<a>href</a> --FILE-- <?php -var_dump(input_has_variable(INPUT_GET, "a")); -var_dump(input_has_variable(INPUT_GET, "abc")); -var_dump(input_has_variable(INPUT_GET, "nonex")); -var_dump(input_has_variable(INPUT_GET, " ")); -var_dump(input_has_variable(INPUT_GET, "")); -var_dump(input_has_variable(INPUT_GET, array())); +var_dump(filter_has_var(INPUT_GET, "a")); +var_dump(filter_has_var(INPUT_GET, "abc")); +var_dump(filter_has_var(INPUT_GET, "nonex")); +var_dump(filter_has_var(INPUT_GET, " ")); +var_dump(filter_has_var(INPUT_GET, "")); +var_dump(filter_has_var(INPUT_GET, array())); -var_dump(input_has_variable(INPUT_POST, "b")); -var_dump(input_has_variable(INPUT_POST, "bbc")); -var_dump(input_has_variable(INPUT_POST, "nonex")); -var_dump(input_has_variable(INPUT_POST, " ")); -var_dump(input_has_variable(INPUT_POST, "")); -var_dump(input_has_variable(INPUT_POST, array())); +var_dump(filter_has_var(INPUT_POST, "b")); +var_dump(filter_has_var(INPUT_POST, "bbc")); +var_dump(filter_has_var(INPUT_POST, "nonex")); +var_dump(filter_has_var(INPUT_POST, " ")); +var_dump(filter_has_var(INPUT_POST, "")); +var_dump(filter_has_var(INPUT_POST, array())); -var_dump(input_has_variable(-1, "")); -var_dump(input_has_variable("", "")); -var_dump(input_has_variable(array(), array())); -var_dump(input_has_variable(array(), "")); -var_dump(input_has_variable("", array())); +var_dump(filter_has_var(-1, "")); +var_dump(filter_has_var("", "")); +var_dump(filter_has_var(array(), array())); +var_dump(filter_has_var(array(), "")); +var_dump(filter_has_var("", array())); echo "Done\n"; ?> @@ -42,27 +38,27 @@ bool(false) bool(false) bool(false) -Warning: input_has_variable() expects parameter 2 to be string, array given in %s on line %d -NULL +Warning: filter_has_var() expects parameter 2 to be string, array given in %s007.php on line %d +bool(false) bool(true) bool(true) bool(false) bool(false) bool(false) -Warning: input_has_variable() expects parameter 2 to be string, array given in %s on line %d -NULL +Warning: filter_has_var() expects parameter 2 to be string, array given in %s007.php on line %d +bool(false) bool(false) -Warning: input_has_variable() expects parameter 1 to be long, string given in %s on line %d -NULL +Warning: filter_has_var() expects parameter 1 to be long, string given in %s007.php on line %d +bool(false) -Warning: input_has_variable() expects parameter 1 to be long, array given in %s on line %d -NULL +Warning: filter_has_var() expects parameter 1 to be long, array given in %s007.php on line %d +bool(false) -Warning: input_has_variable() expects parameter 1 to be long, array given in %s on line %d -NULL +Warning: filter_has_var() expects parameter 1 to be long, array given in %s007.php on line %d +bool(false) -Warning: input_has_variable() expects parameter 1 to be long, string given in %s on line %d -NULL +Warning: filter_has_var() expects parameter 1 to be long, string given in %s007.php on line %d +bool(false) Done diff --git a/ext/filter/tests/008.phpt b/ext/filter/tests/008.phpt index 5f89910d7..e6c646d67 100644 --- a/ext/filter/tests/008.phpt +++ b/ext/filter/tests/008.phpt @@ -1,5 +1,7 @@ --TEST-- filter_list() +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/009.phpt b/ext/filter/tests/009.phpt index d9d66be07..d09f996fd 100644 --- a/ext/filter/tests/009.phpt +++ b/ext/filter/tests/009.phpt @@ -1,5 +1,7 @@ --TEST-- filter_id() +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/010.phpt b/ext/filter/tests/010.phpt index b1cf124f2..e868c10c4 100644 --- a/ext/filter/tests/010.phpt +++ b/ext/filter/tests/010.phpt @@ -1,5 +1,9 @@ --TEST-- filter_var() +--INI-- +precision=14 +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php @@ -55,6 +59,6 @@ NULL string(1) "1" string(1) "1" string(1) "1" -string(1) "1" -string(1) "1" +bool(false) +bool(false) Done diff --git a/ext/filter/tests/011.phpt b/ext/filter/tests/011.phpt index 1e5d0182c..6a9bf1fa3 100644 --- a/ext/filter/tests/011.phpt +++ b/ext/filter/tests/011.phpt @@ -1,11 +1,9 @@ --TEST-- input_get() +--INI-- +precision=14 --SKIPIF-- -<?php -/* TODO: Check why we get warnings 2x */ -die("skip"); -die("error mode cannot be changed via -d"); -?> +<?php if (!extension_loaded("filter")) die("skip"); ?> --GET-- a=<b>test</b>&b=http://example.com --POST-- @@ -13,20 +11,20 @@ c=<p>string</p>&d=12345.7 --FILE-- <?php ini_set('html_errors', false); -var_dump(input_get(INPUT_GET, "a", FILTER_SANITIZE_STRIPPED)); -var_dump(input_get(INPUT_GET, "b", FILTER_SANITIZE_URL)); -var_dump(input_get(INPUT_GET, "a", FILTER_SANITIZE_SPECIAL_CHARS, array(1,2,3,4,5))); -var_dump(input_get(INPUT_GET, "b", FILTER_VALIDATE_FLOAT, new stdClass)); -var_dump(input_get(INPUT_POST, "c", FILTER_SANITIZE_STRIPPED, array(5,6,7,8))); -var_dump(input_get(INPUT_POST, "d", FILTER_VALIDATE_FLOAT)); -var_dump(input_get(INPUT_POST, "c", FILTER_SANITIZE_SPECIAL_CHARS)); -var_dump(input_get(INPUT_POST, "d", FILTER_VALIDATE_INT)); +var_dump(filter_input(INPUT_GET, "a", FILTER_SANITIZE_STRIPPED)); +var_dump(filter_input(INPUT_GET, "b", FILTER_SANITIZE_URL)); +var_dump(filter_input(INPUT_GET, "a", FILTER_SANITIZE_SPECIAL_CHARS, array(1,2,3,4,5))); +var_dump(filter_input(INPUT_GET, "b", FILTER_VALIDATE_FLOAT, new stdClass)); +var_dump(filter_input(INPUT_POST, "c", FILTER_SANITIZE_STRIPPED, array(5,6,7,8))); +var_dump(filter_input(INPUT_POST, "d", FILTER_VALIDATE_FLOAT)); +var_dump(filter_input(INPUT_POST, "c", FILTER_SANITIZE_SPECIAL_CHARS)); +var_dump(filter_input(INPUT_POST, "d", FILTER_VALIDATE_INT)); -var_dump(input_get(new stdClass, "d")); +var_dump(filter_var(new stdClass, "d")); -var_dump(input_get(INPUT_POST, "c", "", "")); -var_dump(input_get("", "", "", "", "")); -var_dump(input_get(0, 0, 0, 0, 0)); +var_dump(filter_input(INPUT_POST, "c", "", "")); +var_dump(filter_var("", "", "", "", "")); +var_dump(filter_var(0, 0, 0, 0, 0)); echo "Done\n"; ?> @@ -34,19 +32,23 @@ echo "Done\n"; string(4) "test" string(18) "http://example.com" string(27) "<b>test</b>" + +Notice: Object of class stdClass could not be converted to int in %s011.php on line %d bool(false) string(6) "string" float(12345.7) string(29) "<p>string</p>" bool(false) -Warning: input_get() expects parameter 1 to be long, object given in %s on line %d +Warning: filter_var() expects parameter 2 to be long, string given in %s011.php on line %d NULL -Warning: input_get() expects parameter 3 to be long, string given in %s on line %d +Warning: filter_input() expects parameter 3 to be long, string given in %s011.php on line %d NULL -Warning: input_get() expects parameter 1 to be long, string given in %s on line %d +Warning: filter_var() expects at most 3 parameters, 5 given in %s011.php on line %d NULL + +Warning: filter_var() expects at most 3 parameters, 5 given in %s011.php on line %d NULL Done diff --git a/ext/filter/tests/012.phpt b/ext/filter/tests/012.phpt index ef0525489..9a8ead944 100644 --- a/ext/filter/tests/012.phpt +++ b/ext/filter/tests/012.phpt @@ -1,5 +1,7 @@ --TEST-- filter_input() +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/013.phpt b/ext/filter/tests/013.phpt index 55c71e353..421c5d55b 100644 --- a/ext/filter/tests/013.phpt +++ b/ext/filter/tests/013.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and flags +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php var_dump(filter_var(" 234", FILTER_VALIDATE_INT)); diff --git a/ext/filter/tests/014.phpt b/ext/filter/tests/014.phpt index 77e4d2557..883745714 100644 --- a/ext/filter/tests/014.phpt +++ b/ext/filter/tests/014.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_VALIDATE_BOOLEAN +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/015.phpt b/ext/filter/tests/015.phpt index edde095e7..a9c4a8cf4 100644 --- a/ext/filter/tests/015.phpt +++ b/ext/filter/tests/015.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_VALIDATE_URL +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php @@ -22,6 +24,10 @@ $values = Array( '', -1, array(), +'mailto:foo@bar.com', +'news:news.php.net', +'file://foo/bar', +"http://\r\n/bar", ); foreach ($values as $value) { var_dump(filter_var($value, FILTER_VALIDATE_URL)); @@ -46,18 +52,22 @@ string(32) "http://www.example.com/index.php" string(31) "http://www.example/img/test.png" string(27) "http://www.example/img/dir/" string(26) "http://www.example/img/dir" -string(28) "http//www.example/wrong/url/" -string(17) "http:/www.example" +bool(false) +bool(false) string(18) "file:///tmp/test.c" string(26) "ftp://ftp.example.com/tmp/" -string(11) "/tmp/test.c" -string(1) "/" bool(false) -string(6) "http:/" -string(5) "http:" -string(4) "http" -string(0) "" -string(2) "-1" +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +string(18) "mailto:foo@bar.com" +string(17) "news:news.php.net" +string(14) "file://foo/bar" bool(false) bool(false) string(10) "http://qwe" @@ -68,4 +78,4 @@ bool(false) string(42) "http://www.example.com/path/at/the/server/" bool(false) string(40) "http://www.example.com/index.php?a=b&c=d" -Done +Done
\ No newline at end of file diff --git a/ext/filter/tests/016.phpt b/ext/filter/tests/016.phpt index 67921f018..e013c550a 100644 --- a/ext/filter/tests/016.phpt +++ b/ext/filter/tests/016.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_VALIDATE_EMAIL +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $values = Array( diff --git a/ext/filter/tests/017.phpt b/ext/filter/tests/017.phpt index 661dfe40f..518ee7925 100644 --- a/ext/filter/tests/017.phpt +++ b/ext/filter/tests/017.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_VALIDATE_REGEXP +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/018.phpt b/ext/filter/tests/018.phpt index 7ea17b329..10840aae7 100644 --- a/ext/filter/tests/018.phpt +++ b/ext/filter/tests/018.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_VALIDATE_IP +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php var_dump(filter_var("192.168.0.1", FILTER_VALIDATE_IP)); diff --git a/ext/filter/tests/019.phpt b/ext/filter/tests/019.phpt index 5a20ff821..1665181cd 100644 --- a/ext/filter/tests/019.phpt +++ b/ext/filter/tests/019.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() & FILTER_VALIDATE_IP and weird data +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/020.phpt b/ext/filter/tests/020.phpt index d39ee55e9..c2ab6096d 100644 --- a/ext/filter/tests/020.phpt +++ b/ext/filter/tests/020.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_MAGIC_QUOTES +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/021.phpt b/ext/filter/tests/021.phpt index 1dffc9f7a..994dac282 100644 --- a/ext/filter/tests/021.phpt +++ b/ext/filter/tests/021.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_NUMBER_* +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/022.phpt b/ext/filter/tests/022.phpt index a2ad5a4c3..649c6e409 100644 --- a/ext/filter/tests/022.phpt +++ b/ext/filter/tests/022.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_EMAIL +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/023.phpt b/ext/filter/tests/023.phpt index b9761a5b7..f8d4137bf 100644 --- a/ext/filter/tests/023.phpt +++ b/ext/filter/tests/023.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_UNSAFE_RAW +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/024.phpt b/ext/filter/tests/024.phpt index bc2cdb400..7d7349fcd 100644 --- a/ext/filter/tests/024.phpt +++ b/ext/filter/tests/024.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_ENCODED +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/025.phpt b/ext/filter/tests/025.phpt index d1e94abf0..df8c3737b 100644 --- a/ext/filter/tests/025.phpt +++ b/ext/filter/tests/025.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_STRING +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php @@ -17,7 +19,7 @@ echo "Done\n"; string(0) "" string(0) "" string(12) "!@#$%^&*()'"" -string(32) "!@#$%^&*()&#39;&#34;" +string(24) "!@#$%^&*()'"" string(11) "`1234567890" string(5) "`123`" string(1) "." diff --git a/ext/filter/tests/026.phpt b/ext/filter/tests/026.phpt index 9d66f1144..38d15e7d0 100644 --- a/ext/filter/tests/026.phpt +++ b/ext/filter/tests/026.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_STRIPPED +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/027.phpt b/ext/filter/tests/027.phpt index c187960a0..759030a64 100644 --- a/ext/filter/tests/027.phpt +++ b/ext/filter/tests/027.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_ENCODED +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/028.phpt b/ext/filter/tests/028.phpt index 4ffb0fd1f..c0ab16fe8 100644 --- a/ext/filter/tests/028.phpt +++ b/ext/filter/tests/028.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_SANITIZE_SPECIAL_CHARS +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/029.phpt b/ext/filter/tests/029.phpt index d0979f1e3..c1ede74ab 100644 --- a/ext/filter/tests/029.phpt +++ b/ext/filter/tests/029.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FILTER_CALLBACK +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/030.phpt b/ext/filter/tests/030.phpt index 97b62b9e2..d3466f5b4 100644 --- a/ext/filter/tests/030.phpt +++ b/ext/filter/tests/030.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and IPv6 +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $ipv6_test = array( @@ -19,7 +21,13 @@ $ipv6_test = array( "0:0:0:0:0:FFFF:129.144.52.38" => true, "0:0:0:0:0:0:13.1.68.3" => true, "::13.1.68.3" => true, - "::FFFF:129.144.52.38" => true + "::FFFF:129.144.52.38" => true, + "1:2:3:4:5:6::129.144.52.38" => false, + "::1:2:3:4:5:6:129.144.52.38" => false, + "1:2:3::4:5:6:129.144.52.38" => false, + "1:2:3:4:5:6:7:8::" => false, + "::1:2:3:4:5:6:7:8" => false, + "1:2:3:4::5:6:7:8" => false, ); foreach ($ipv6_test as $ip => $exp) { $out = filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); diff --git a/ext/filter/tests/031.phpt b/ext/filter/tests/031.phpt index 74883b8b2..02ef90a34 100644 --- a/ext/filter/tests/031.phpt +++ b/ext/filter/tests/031.phpt @@ -1,5 +1,7 @@ --TEST-- filter_var() and FLOAT +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/032.phpt b/ext/filter/tests/032.phpt index cc6abd4f0..d88d50279 100644 --- a/ext/filter/tests/032.phpt +++ b/ext/filter/tests/032.phpt @@ -1,5 +1,7 @@ --TEST-- input_get_args() +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $data = array( diff --git a/ext/filter/tests/033.phpt b/ext/filter/tests/033.phpt index 2a679d50c..18a361690 100644 --- a/ext/filter/tests/033.phpt +++ b/ext/filter/tests/033.phpt @@ -1,5 +1,7 @@ --TEST-- Test all filters returned by filter_list() +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php include dirname(__FILE__) . '/033_run.inc'; @@ -9,7 +11,7 @@ int 1 123 boolean 1 float 1 123 validate_regexp O'Henry -validate_url PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 123abc<>() O'Henry 하퍼 +validate_url http://a.b.c validate_email foo@bar.com validate_ip 1.2.3.4 string PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 123abc() O'Henry 하퍼 diff --git a/ext/filter/tests/033_run.inc b/ext/filter/tests/033_run.inc index c77d888ac..e3b67387c 100644 --- a/ext/filter/tests/033_run.inc +++ b/ext/filter/tests/033_run.inc @@ -1,7 +1,12 @@ <?php +if (function_exists('setlocale')) { + setlocale(LC_ALL, 'C'); +} + function test($data) { return strtoupper($data); } + $data = array( "PHP", "1", diff --git a/ext/filter/tests/034.phpt b/ext/filter/tests/034.phpt index f96596d7c..364f9024f 100644 --- a/ext/filter/tests/034.phpt +++ b/ext/filter/tests/034.phpt @@ -1,5 +1,7 @@ --TEST-- Logical filter: boolean +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $booleans = array( diff --git a/ext/filter/tests/035.phpt b/ext/filter/tests/035.phpt index e85444322..e2d332527 100644 --- a/ext/filter/tests/035.phpt +++ b/ext/filter/tests/035.phpt @@ -1,5 +1,7 @@ --TEST-- GET/POST/REQUEST Test with input_filter +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --POST-- d=379 --GET-- diff --git a/ext/filter/tests/037.phpt b/ext/filter/tests/037.phpt index 9e91288cb..f8497c63b 100644 --- a/ext/filter/tests/037.phpt +++ b/ext/filter/tests/037.phpt @@ -1,5 +1,7 @@ --TEST-- GET and data callback tests +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --GET-- a=1&b=2 --FILE-- diff --git a/ext/filter/tests/038.phpt b/ext/filter/tests/038.phpt index d74e5f27e..998c80fe8 100644 --- a/ext/filter/tests/038.phpt +++ b/ext/filter/tests/038.phpt @@ -1,5 +1,7 @@ --TEST-- Test scalar, array +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/039.phpt b/ext/filter/tests/039.phpt new file mode 100644 index 000000000..ae883db3e --- /dev/null +++ b/ext/filter/tests/039.phpt @@ -0,0 +1,117 @@ +--TEST-- +filter_var_array() and different arguments +--SKIPIF-- +<?php if (!extension_loaded("filter")) print "skip"; ?> +--FILE-- +<?php + +echo "-- (1)\n"; +var_dump(filter_var_array(NULL)); +var_dump(filter_var_array(array())); +var_dump(filter_var_array(array(1,"blah"=>"hoho"))); +var_dump(filter_var_array(array(), -1)); +var_dump(filter_var_array(array(), 1000000)); +var_dump(filter_var_array(array(), "")); + +echo "-- (2)\n"; +var_dump(filter_var_array(array(""=>""), -1)); +var_dump(filter_var_array(array(""=>""), 1000000)); +var_dump(filter_var_array(array(""=>""), "")); + +echo "-- (3)\n"; +var_dump(filter_var_array(array("aaa"=>"bbb"), -1)); +var_dump(filter_var_array(array("aaa"=>"bbb"), 1000000)); +var_dump(filter_var_array(array("aaa"=>"bbb"), "")); + +echo "-- (4)\n"; +var_dump(filter_var_array(array(), new stdclass)); +var_dump(filter_var_array(array(), array())); +var_dump(filter_var_array(array(), array("var_name"=>1))); +var_dump(filter_var_array(array(), array("var_name"=>-1))); +var_dump(filter_var_array(array("var_name"=>""), array("var_name"=>-1))); + +echo "-- (5)\n"; +var_dump(filter_var_array(array("var_name"=>""), array("var_name"=>-1, "asdas"=>"asdasd", "qwe"=>"rty", ""=>""))); +var_dump(filter_var_array(array("asdas"=>"text"), array("var_name"=>-1, "asdas"=>"asdasd", "qwe"=>"rty", ""=>""))); + + +$a = array(""=>""); $b = -1; +var_dump(filter_var_array($a, $b)); +var_dump($a, $b); + +$a = array(""=>""); $b = 100000; +var_dump(filter_var_array($a, $b)); +var_dump($a, $b); + +$a = array(""=>""); $b = ""; +var_dump(filter_var_array($a, $b)); +var_dump($a, $b); + +echo "Done\n"; +?> +--EXPECTF-- +-- (1) + +Warning: filter_var_array() expects parameter 1 to be array, null given in %s on line %d +NULL +array(0) { +} +array(2) { + [0]=> + string(1) "1" + ["blah"]=> + string(4) "hoho" +} +bool(false) +bool(false) +bool(false) +-- (2) +bool(false) +bool(false) +bool(false) +-- (3) +bool(false) +bool(false) +bool(false) +-- (4) +bool(false) +array(0) { +} +array(1) { + ["var_name"]=> + NULL +} +array(1) { + ["var_name"]=> + NULL +} +array(1) { + ["var_name"]=> + string(0) "" +} +-- (5) + +Warning: filter_var_array(): Empty keys are not allowed in the definition array in %s on line %d +bool(false) + +Warning: filter_var_array(): Empty keys are not allowed in the definition array in %s on line %d +bool(false) +bool(false) +array(1) { + [""]=> + string(0) "" +} +int(-1) +bool(false) +array(1) { + [""]=> + string(0) "" +} +int(100000) +bool(false) +array(1) { + [""]=> + string(0) "" +} +string(0) "" +Done diff --git a/ext/filter/tests/040.phpt b/ext/filter/tests/040.phpt new file mode 100644 index 000000000..fd39b369d --- /dev/null +++ b/ext/filter/tests/040.phpt @@ -0,0 +1,45 @@ +--TEST-- +filter_has_var() tests +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--GET-- +a=1&b=2&c=0 +--POST-- +ap[]=1&bp=test&cp= +--FILE-- +<?php + +var_dump(filter_has_var()); +var_dump(filter_has_var(INPUT_GET,"")); +var_dump(filter_has_var(INPUT_GET,array())); +var_dump(filter_has_var(INPUT_POST, "ap")); +var_dump(filter_has_var(INPUT_POST, "cp")); +var_dump(filter_has_var(INPUT_GET, "a")); +var_dump(filter_has_var(INPUT_GET, "c")); +var_dump(filter_has_var(INPUT_GET, "abc")); +var_dump(filter_has_var(INPUT_GET, "cc")); +var_dump(filter_has_var(-1, "cc")); +var_dump(filter_has_var(0, "cc")); +var_dump(filter_has_var("", "cc")); + +echo "Done\n"; +?> +--EXPECTF-- +Warning: filter_has_var() expects exactly 2 parameters, 0 given in %s on line %d +bool(false) +bool(false) + +Warning: filter_has_var() expects parameter 2 to be string, array given in %s on line %d +bool(false) +bool(true) +bool(true) +bool(true) +bool(true) +bool(false) +bool(false) +bool(false) +bool(false) + +Warning: filter_has_var() expects parameter 1 to be long, string given in %s on line %d +bool(false) +Done diff --git a/ext/filter/tests/041.phpt b/ext/filter/tests/041.phpt new file mode 100644 index 000000000..0a2e3f0a1 --- /dev/null +++ b/ext/filter/tests/041.phpt @@ -0,0 +1,34 @@ +--TEST-- +COOKIE multiple cookie test +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--INI-- +filter.default=stripped +filter.default_flags=0 +--COOKIE-- +abc=dir; def=true; abc=root; xyz="foo bar"; +--FILE-- +<?php +var_dump($_COOKIE); +var_dump(filter_has_var(INPUT_COOKIE, "abc")); +var_dump(filter_input(INPUT_COOKIE, "abc")); +var_dump(filter_input(INPUT_COOKIE, "def")); +var_dump(filter_input(INPUT_COOKIE, "xyz")); +var_dump(filter_has_var(INPUT_COOKIE, "bogus")); +var_dump(filter_input(INPUT_COOKIE, "xyz", FILTER_SANITIZE_SPECIAL_CHARS)); +?> +--EXPECT-- +array(3) { + ["abc"]=> + string(3) "dir" + ["def"]=> + string(4) "true" + ["xyz"]=> + string(17) ""foo bar"" +} +bool(true) +string(3) "dir" +string(4) "true" +string(9) ""foo bar"" +bool(false) +string(17) ""foo bar"" diff --git a/ext/filter/tests/042.phpt b/ext/filter/tests/042.phpt new file mode 100644 index 000000000..08f4dd633 --- /dev/null +++ b/ext/filter/tests/042.phpt @@ -0,0 +1,19 @@ +--TEST-- +Combination of strip & sanitize filters +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +$var = 'XYZ< script>alert(/ext/filter+bypass/);< /script>ABC'; +$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW)); +echo $a . "\n"; + +$var = 'XYZ< +script>alert(/ext/filter+bypass/);< +/script>ABC'; +$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW)); +echo $a . "\n"; +?> +--EXPECT-- +XYZalert(/ext/filter+bypass/);ABC +XYZalert(/ext/filter+bypass/);ABC diff --git a/ext/filter/tests/043.phpt b/ext/filter/tests/043.phpt new file mode 100644 index 000000000..92ac0517d --- /dev/null +++ b/ext/filter/tests/043.phpt @@ -0,0 +1,269 @@ +--TEST-- +Character encoding test +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +$flags = FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_LOW|FILTER_FLAG_ENCODE_HIGH; + +for ($i = 0; $i < 256; $i++) { + var_dump(filter_var(chr($i), FILTER_SANITIZE_STRING, array("flags" => $flags))); +} +?> +--EXPECT-- +string(4) "�" +string(4) "" +string(4) "" +string(4) "" +string(4) "" +string(4) "" +string(4) "" +string(4) "" +string(4) "" +string(4) "	" +string(5) " " +string(5) "" +string(5) "" +string(5) " " +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(5) "" +string(1) " " +string(1) "!" +string(5) """ +string(1) "#" +string(1) "$" +string(1) "%" +string(5) "&" +string(5) "'" +string(1) "(" +string(1) ")" +string(1) "*" +string(1) "+" +string(1) "," +string(1) "-" +string(1) "." +string(1) "/" +string(1) "0" +string(1) "1" +string(1) "2" +string(1) "3" +string(1) "4" +string(1) "5" +string(1) "6" +string(1) "7" +string(1) "8" +string(1) "9" +string(1) ":" +string(1) ";" +string(0) "" +string(1) "=" +string(1) ">" +string(1) "?" +string(1) "@" +string(1) "A" +string(1) "B" +string(1) "C" +string(1) "D" +string(1) "E" +string(1) "F" +string(1) "G" +string(1) "H" +string(1) "I" +string(1) "J" +string(1) "K" +string(1) "L" +string(1) "M" +string(1) "N" +string(1) "O" +string(1) "P" +string(1) "Q" +string(1) "R" +string(1) "S" +string(1) "T" +string(1) "U" +string(1) "V" +string(1) "W" +string(1) "X" +string(1) "Y" +string(1) "Z" +string(1) "[" +string(1) "\" +string(1) "]" +string(1) "^" +string(1) "_" +string(1) "`" +string(1) "a" +string(1) "b" +string(1) "c" +string(1) "d" +string(1) "e" +string(1) "f" +string(1) "g" +string(1) "h" +string(1) "i" +string(1) "j" +string(1) "k" +string(1) "l" +string(1) "m" +string(1) "n" +string(1) "o" +string(1) "p" +string(1) "q" +string(1) "r" +string(1) "s" +string(1) "t" +string(1) "u" +string(1) "v" +string(1) "w" +string(1) "x" +string(1) "y" +string(1) "z" +string(1) "{" +string(1) "|" +string(1) "}" +string(1) "~" +string(6) "" +string(6) "€" +string(6) "" +string(6) "‚" +string(6) "ƒ" +string(6) "„" +string(6) "…" +string(6) "†" +string(6) "‡" +string(6) "ˆ" +string(6) "‰" +string(6) "Š" +string(6) "‹" +string(6) "Œ" +string(6) "" +string(6) "Ž" +string(6) "" +string(6) "" +string(6) "‘" +string(6) "’" +string(6) "“" +string(6) "”" +string(6) "•" +string(6) "–" +string(6) "—" +string(6) "˜" +string(6) "™" +string(6) "š" +string(6) "›" +string(6) "œ" +string(6) "" +string(6) "ž" +string(6) "Ÿ" +string(6) " " +string(6) "¡" +string(6) "¢" +string(6) "£" +string(6) "¤" +string(6) "¥" +string(6) "¦" +string(6) "§" +string(6) "¨" +string(6) "©" +string(6) "ª" +string(6) "«" +string(6) "¬" +string(6) "­" +string(6) "®" +string(6) "¯" +string(6) "°" +string(6) "±" +string(6) "²" +string(6) "³" +string(6) "´" +string(6) "µ" +string(6) "¶" +string(6) "·" +string(6) "¸" +string(6) "¹" +string(6) "º" +string(6) "»" +string(6) "¼" +string(6) "½" +string(6) "¾" +string(6) "¿" +string(6) "À" +string(6) "Á" +string(6) "Â" +string(6) "Ã" +string(6) "Ä" +string(6) "Å" +string(6) "Æ" +string(6) "Ç" +string(6) "È" +string(6) "É" +string(6) "Ê" +string(6) "Ë" +string(6) "Ì" +string(6) "Í" +string(6) "Î" +string(6) "Ï" +string(6) "Ð" +string(6) "Ñ" +string(6) "Ò" +string(6) "Ó" +string(6) "Ô" +string(6) "Õ" +string(6) "Ö" +string(6) "×" +string(6) "Ø" +string(6) "Ù" +string(6) "Ú" +string(6) "Û" +string(6) "Ü" +string(6) "Ý" +string(6) "Þ" +string(6) "ß" +string(6) "à" +string(6) "á" +string(6) "â" +string(6) "ã" +string(6) "ä" +string(6) "å" +string(6) "æ" +string(6) "ç" +string(6) "è" +string(6) "é" +string(6) "ê" +string(6) "ë" +string(6) "ì" +string(6) "í" +string(6) "î" +string(6) "ï" +string(6) "ð" +string(6) "ñ" +string(6) "ò" +string(6) "ó" +string(6) "ô" +string(6) "õ" +string(6) "ö" +string(6) "÷" +string(6) "ø" +string(6) "ù" +string(6) "ú" +string(6) "û" +string(6) "ü" +string(6) "ý" +string(6) "þ" +string(6) "ÿ" diff --git a/ext/filter/tests/044.phpt b/ext/filter/tests/044.phpt new file mode 100644 index 000000000..6fa6c2e30 --- /dev/null +++ b/ext/filter/tests/044.phpt @@ -0,0 +1,23 @@ +--TEST-- +Integer validation with spaces +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +$vals = array( +" + ", +" ", +" 123", +" 123.01 ", +); + +foreach ($vals as $var) { + var_dump(filter_var($var, FILTER_VALIDATE_FLOAT)); +} +?> +--EXPECT-- +bool(false) +bool(false) +float(123) +float(123.01) diff --git a/ext/filter/tests/045.phpt b/ext/filter/tests/045.phpt new file mode 100755 index 000000000..22b871005 --- /dev/null +++ b/ext/filter/tests/045.phpt @@ -0,0 +1,30 @@ +--TEST--
+Options must not be changed by filter_var()
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+$a = array("flags"=>(string)FILTER_FLAG_ALLOW_HEX, "options" => array("min_range"=>"0", "max_range"=>"1024"));
+$ret = filter_var("0xff", FILTER_VALIDATE_INT, $a);
+echo ($ret === 255 && $a["options"]["min_range"] === "0")?"ok\n":"bug\n";
+echo ($ret === 255 && $a["options"]["max_range"] === "1024")?"ok\n":"bug\n";
+echo ($ret === 255 && is_string($a["flags"]) && $a["flags"] == FILTER_FLAG_ALLOW_HEX)?"ok\n":"bug\n";
+$a = (string)FILTER_FLAG_ALLOW_HEX;
+$ret = filter_var("0xff", FILTER_VALIDATE_INT, $a);
+echo ($ret === 255 && is_string($a) && $a == FILTER_FLAG_ALLOW_HEX)?"ok\n":"bug\n";
+$a = array("test"=>array("filter"=>(string)FILTER_VALIDATE_INT, "flags"=>(string)FILTER_FLAG_ALLOW_HEX));
+$ret = filter_var_array(array("test"=>"0xff"), $a);
+echo ($ret["test"] === 255 && is_string($a["test"]["filter"]) && $a["test"]["filter"] == FILTER_VALIDATE_INT)?"ok\n":"bug\n";
+echo ($ret["test"] === 255 && is_string($a["test"]["flags"]) && $a["test"]["flags"] == FILTER_FLAG_ALLOW_HEX)?"ok\n":"bug\n";
+$a = array("test"=>(string)FILTER_VALIDATE_INT);
+$ret = filter_var_array(array("test"=>"255"), $a);
+echo ($ret["test"] === 255 && is_string($a["test"]) && $a["test"] == FILTER_VALIDATE_INT)?"ok\n":"bug\n";
+?>
+--EXPECT--
+ok
+ok
+ok
+ok
+ok
+ok
+ok
diff --git a/ext/filter/tests/046.phpt b/ext/filter/tests/046.phpt new file mode 100755 index 000000000..4ab1ce62e --- /dev/null +++ b/ext/filter/tests/046.phpt @@ -0,0 +1,23 @@ +--TEST--
+Integer overflow
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+$s = sprintf("%d", PHP_INT_MAX);
+var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT)));
+
+$s = sprintf("%.0f", PHP_INT_MAX+1);
+var_dump(filter_var($s, FILTER_VALIDATE_INT));
+
+$s = sprintf("%d", -PHP_INT_MAX);
+var_dump(is_long(filter_var($s, FILTER_VALIDATE_INT)));
+
+$s = sprintf("%.0f", -(PHP_INT_MAX+1));
+var_dump(filter_var($s, FILTER_VALIDATE_INT));
+?>
+--EXPECT--
+bool(true)
+bool(false)
+bool(true)
+bool(false)
diff --git a/ext/filter/tests/047.phpt b/ext/filter/tests/047.phpt new file mode 100755 index 000000000..9bcb66691 --- /dev/null +++ b/ext/filter/tests/047.phpt @@ -0,0 +1,37 @@ +--TEST--
+Octal integer overflow
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+function octal_inc($s) {
+ $len = strlen($s);
+ while ($len > 0) {
+ $len--;
+ if ($s[$len] != '7') {
+ $s[$len] = $s[$len] + 1;
+ return $s;
+ }
+ $s[$len] = '0';
+ }
+ return '1'.$s;
+}
+
+
+$s = sprintf("%o", PHP_INT_MAX);
+var_dump(is_long(filter_var('0'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_OCTAL))));
+
+$s = octal_inc($s);
+var_dump(is_long(filter_var('0'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_OCTAL))));
+
+$s = sprintf("%o", ~0);
+var_dump(is_long(filter_var('0'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_OCTAL))));
+
+$s = octal_inc($s);
+var_dump(filter_var('0'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_OCTAL)));
+?>
+--EXPECT--
+bool(true)
+bool(true)
+bool(true)
+bool(false)
diff --git a/ext/filter/tests/048.phpt b/ext/filter/tests/048.phpt new file mode 100755 index 000000000..c4436c400 --- /dev/null +++ b/ext/filter/tests/048.phpt @@ -0,0 +1,41 @@ +--TEST--
+Hex integer overflow
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+function hex_inc($s) {
+ $len = strlen($s);
+ while ($len > 0) {
+ $len--;
+ if ($s[$len] != 'f') {
+ if ($s[$len] == '9') {
+ $s[$len] = 'a';
+ } else {
+ $s[$len] = $s[$len] + 1;
+ }
+ return $s;
+ }
+ $s[$len] = '0';
+ }
+ return '1'.$s;
+}
+
+
+$s = sprintf("%x", PHP_INT_MAX);
+var_dump(is_long(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX))));
+
+$s = hex_inc($s);
+var_dump(is_long(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX))));
+
+$s = sprintf("%x", ~0);
+var_dump(is_long(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX))));
+
+$s = hex_inc($s);
+var_dump(filter_var('0x'.$s, FILTER_VALIDATE_INT, array("flags"=>FILTER_FLAG_ALLOW_HEX)));
+?>
+--EXPECT--
+bool(true)
+bool(true)
+bool(true)
+bool(false)
diff --git a/ext/filter/tests/049.phpt b/ext/filter/tests/049.phpt new file mode 100755 index 000000000..c87e7056d --- /dev/null +++ b/ext/filter/tests/049.phpt @@ -0,0 +1,34 @@ +--TEST--
+filter_var() and doubles with thousend separators
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+$test = array(
+ '0' => 0.0,
+ '12345678900.1234567165' => 12345678900.1234567165,
+ '1,234,567,890.1234567165' => 1234567890.1234567165,
+ '-1,234,567,890.1234567165' => -1234567890.1234567165,
+ '1234,567,890.1234567165' => false,
+ '1,234,567,89.1234567165' => false,
+ '1,234,567,8900.1234567165' => false,
+ '1.234.567.890.1234567165' => false,
+ '1,234,567,8900.123,456' => false,
+);
+foreach ($test as $src => $dst) {
+ $out = filter_var($src, FILTER_VALIDATE_FLOAT, array("flags"=>FILTER_FLAG_ALLOW_THOUSAND));
+ if ($dst !== $out) {
+ if ($out === false) {
+ echo "$src -> false != $dst\n";
+ } elseif ($dst === false) {
+ echo "$src -> $out != false\n";
+ } else {
+ echo "$src -> $out != $dst\n";
+ }
+ }
+}
+
+echo "Ok\n";
+?>
+--EXPECT--
+Ok
diff --git a/ext/filter/tests/050.phpt b/ext/filter/tests/050.phpt new file mode 100755 index 000000000..fb6b6922d --- /dev/null +++ b/ext/filter/tests/050.phpt @@ -0,0 +1,29 @@ +--TEST--
+filter_var() and double overflow/underflow
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+$test = array(
+ '1e+308' => 1e+308,
+ '1e+309' => false,
+ '1e-323' => 1e-323,
+ '1e-324' => false,
+);
+foreach ($test as $src => $dst) {
+ $out = filter_var($src, FILTER_VALIDATE_FLOAT);
+ if ($dst !== $out) {
+ if ($out === false) {
+ echo "$src -> false != $dst\n";
+ } elseif ($dst === false) {
+ echo "$src -> $out != false\n";
+ } else {
+ echo "$src -> $out != $dst\n";
+ }
+ }
+}
+
+echo "Ok\n";
+?>
+--EXPECT--
+Ok
diff --git a/ext/filter/tests/051.phpt b/ext/filter/tests/051.phpt new file mode 100755 index 000000000..1a5f166da --- /dev/null +++ b/ext/filter/tests/051.phpt @@ -0,0 +1,11 @@ +--TEST--
+filter_var() and default values
+--SKIPIF--
+<?php if (!extension_loaded("filter")) die("skip"); ?>
+--FILE--
+<?php
+$tmp = $default = 321;
+var_dump(filter_var("123asd", FILTER_VALIDATE_INT, array("options"=>array("default"=>$default))));
+?>
+--EXPECT--
+int(321)
diff --git a/ext/filter/tests/bug39763.phpt b/ext/filter/tests/bug39763.phpt new file mode 100644 index 000000000..cc8d9ccee --- /dev/null +++ b/ext/filter/tests/bug39763.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #39763 filter applies magic_quotes twice in parse_str() +--INI-- +magic_quotes_gpc=1 +filter.default= +--FILE-- +<?php +$arr = array(); +parse_str("val=%22probably+a+bug%22", $arr); +echo $arr['val'] . "\n"; +parse_str("val=%22probably+a+bug%22"); +echo $val . "\n"; +?> +--EXPECT-- +\"probably a bug\" +\"probably a bug\" diff --git a/ext/filter/tests/bug39846.phpt b/ext/filter/tests/bug39846.phpt new file mode 100644 index 000000000..57407f108 --- /dev/null +++ b/ext/filter/tests/bug39846.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #39846 (ipv4 trailing data validation) +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +var_dump(filter_var('192.168.1.100random-text-here', FILTER_VALIDATE_IP)); +var_dump(filter_var("192.168.1.155\0foo", FILTER_VALIDATE_IP)); +?> +--EXPECT-- +bool(false) +bool(false) diff --git a/ext/filter/tests/bug7586.phpt b/ext/filter/tests/bug7586.phpt index d9ea723f4..74e55ff71 100644 --- a/ext/filter/tests/bug7586.phpt +++ b/ext/filter/tests/bug7586.phpt @@ -1,5 +1,7 @@ --TEST-- input_get_args() filter not reseted between elements +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $data = array( diff --git a/ext/filter/tests/bug7715.phpt b/ext/filter/tests/bug7715.phpt index 3372f756d..4298d505d 100644 --- a/ext/filter/tests/bug7715.phpt +++ b/ext/filter/tests/bug7715.phpt @@ -1,5 +1,9 @@ --TEST-- bug 7715, floats value with integer or incomplete input +--INI-- +precision=14 +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $data = array( @@ -24,6 +28,6 @@ float(-42) float(42) float(0.4) float(-0.4) -float(1.0E+12) -float(-1.0E+12) +float(1000000000000) +float(-1000000000000) float(2.324) diff --git a/ext/filter/tests/bug7733.phpt b/ext/filter/tests/bug7733.phpt index 07b4b0c72..ab0212390 100644 --- a/ext/filter/tests/bug7733.phpt +++ b/ext/filter/tests/bug7733.phpt @@ -1,5 +1,7 @@ --TEST-- filter_data() Float exponential weird result +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php $data = array( @@ -15,13 +17,13 @@ var_dump($out); --EXPECTF-- array(5) { [0]=> - float(0) + bool(false) [1]=> - float(10) + bool(false) [2]=> - float(2) + bool(false) [3]=> - float(0) + bool(false) [4]=> - float(0) + bool(false) } diff --git a/ext/filter/tests/bug8315.phpt b/ext/filter/tests/bug8315.phpt index ab1a0937e..094d82f21 100644 --- a/ext/filter/tests/bug8315.phpt +++ b/ext/filter/tests/bug8315.phpt @@ -1,5 +1,7 @@ --TEST-- bug 8315, NULL values halt the validation +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php diff --git a/ext/filter/tests/callback_non_modified_var.phpt b/ext/filter/tests/callback_non_modified_var.phpt new file mode 100644 index 000000000..f0d557577 --- /dev/null +++ b/ext/filter/tests/callback_non_modified_var.phpt @@ -0,0 +1,14 @@ +--TEST-- +callback function returns non modified value +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +function callback($var) { + return $var; +} +$var = "test"; +var_dump(filter_var($var, FILTER_CALLBACK, array('options'=>'callback'))); +?> +--EXPECT-- +string(4) "test" diff --git a/ext/filter/tests/filter_data.phpt b/ext/filter/tests/filter_data.phpt index 14e8545c9..6926a8851 100644 --- a/ext/filter/tests/filter_data.phpt +++ b/ext/filter/tests/filter_data.phpt @@ -1,5 +1,7 @@ --TEST-- Simple filter_var() tests +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> --FILE-- <?php |