X-Git-Url: https://git.m6w6.name/?a=blobdiff_plain;f=php_http_params.c;h=08b10ad7ae168733f88015b5ffab602b2481c82c;hb=3de3e5f65db0e7c24849c0e7c60c54a4e8566422;hp=a8b8d2db22ed5d893027db7f2d165a33885c61b4;hpb=809cfb73a233ce951274a5951b921d5f5feb6676;p=m6w6%2Fext-http

diff --git a/php_http_params.c b/php_http_params.c
index a8b8d2d..08b10ad 100644
--- a/php_http_params.c
+++ b/php_http_params.c
@@ -44,18 +44,36 @@ typedef struct php_http_params_state {
 	} current;
 } php_http_params_state_t;
 
+static inline void sanitize_string(char *str, size_t len, zval *zv TSRMLS_DC)
+{
+	/* trim whitespace */
+	php_trim(str, len, NULL, 0, zv, 3 TSRMLS_CC);
+
+	/* dequote */
+	if (Z_STRVAL_P(zv)[0] == '"' && Z_STRVAL_P(zv)[Z_STRLEN_P(zv) - 1] == '"') {
+		size_t deq_len = Z_STRLEN_P(zv) - 2;
+		char *deq = estrndup(Z_STRVAL_P(zv) + 1, deq_len);
+
+		zval_dtor(zv);
+		ZVAL_STRINGL(zv, deq, deq_len, 0);
+	}
+
+	/* strip slashes */
+	php_stripslashes(Z_STRVAL_P(zv), &Z_STRLEN_P(zv) TSRMLS_CC);
+}
+
 static void push_param(HashTable *params, php_http_params_state_t *state, const php_http_params_opts_t *opts TSRMLS_DC)
 {
 	if (state->val.str) {
 		if (0 < (state->val.len = state->input.str - state->val.str)) {
-			php_trim(state->val.str, state->val.len, NULL, 0, *(state->current.val), 3 TSRMLS_CC);
+			sanitize_string(state->val.str, state->val.len, *(state->current.val) TSRMLS_CC);
 		}
 	} else if (state->arg.str) {
 		if (0 < (state->arg.len = state->input.str - state->arg.str)) {
 			zval *val, key;
 
 			INIT_PZVAL(&key);
-			php_trim(state->arg.str, state->arg.len, NULL, 0, &key, 3 TSRMLS_CC);
+			sanitize_string(state->arg.str, state->arg.len, &key TSRMLS_CC);
 			if (Z_STRLEN(key)) {
 				MAKE_STD_ZVAL(val);
 				ZVAL_TRUE(val);
@@ -68,7 +86,7 @@ static void push_param(HashTable *params, php_http_params_state_t *state, const
 			zval *prm, *arg, *val, key;
 
 			INIT_PZVAL(&key);
-			php_trim(state->param.str, state->param.len, NULL, 0, &key, 3 TSRMLS_CC);
+			sanitize_string(state->param.str, state->param.len, &key TSRMLS_CC);
 			if (Z_STRLEN(key)) {
 				MAKE_STD_ZVAL(prm);
 				array_init(prm);
@@ -106,16 +124,10 @@ static size_t check_sep(php_http_params_state_t *state, php_http_params_token_t
 
 PHP_HTTP_API HashTable *php_http_params_parse(HashTable *params, const php_http_params_opts_t *opts TSRMLS_DC)
 {
-	php_http_params_state_t state = {
-		.input.str = opts->input.str,
-		.input.len = opts->input.len,
-		.param.str = NULL,
-		.param.len = 0,
-		.arg.str = NULL,
-		.arg.len = 0,
-		.val.str = NULL,
-		.val.len = 0
-	};
+	php_http_params_state_t state = {{NULL,0}, {NULL,0}, {NULL,0}, {NULL,0}, {NULL,NULL,NULL}};
+
+	state.input.str = opts->input.str;
+	state.input.len = opts->input.len;
 
 	if (!params) {
 		ALLOC_HASHTABLE(params);
@@ -288,13 +300,13 @@ PHP_METHOD(HttpParams, __construct)
 		if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|z!/z/z/z/", &zparams, &param_sep, &arg_sep, &val_sep)) {
 			switch (ZEND_NUM_ARGS()) {
 				case 4:
-					zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("param_sep"), param_sep TSRMLS_CC);
+					zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), val_sep TSRMLS_CC);
 					/* no break */
 				case 3:
 					zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("arg_sep"), arg_sep TSRMLS_CC);
 					/* no break */
 				case 2:
-					zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), val_sep TSRMLS_CC);
+					zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("param_sep"), param_sep TSRMLS_CC);
 					/* no break */
 			}
 
@@ -310,8 +322,10 @@ PHP_METHOD(HttpParams, __construct)
 						zcopy = php_http_ztyp(IS_STRING, zparams);
 						if (Z_STRLEN_P(zcopy)) {
 							php_http_params_opts_t opts = {
-								.input.str = Z_STRVAL_P(zcopy),
-								.input.len = Z_STRLEN_P(zcopy),
+								.input = {
+									.str = Z_STRVAL_P(zcopy),
+									.len = Z_STRLEN_P(zcopy)
+								},
 								.param = parse_sep(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("param_sep"), 0 TSRMLS_CC) TSRMLS_CC),
 								.arg = parse_sep(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("arg_sep"), 0 TSRMLS_CC) TSRMLS_CC),
 								.val = parse_sep(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), 0 TSRMLS_CC) TSRMLS_CC)
@@ -407,9 +421,17 @@ PHP_METHOD(HttpParams, toString)
 						/* add value */
 						if (Z_TYPE_PP(zarg) != IS_BOOL) {
 							zval *tmp = php_http_ztyp(IS_STRING, *zarg);
+							int escaped_len;
 
+							Z_STRVAL_P(tmp) = php_addslashes(Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), &escaped_len, 1 TSRMLS_CC);
 							php_http_buffer_append(&buf, Z_STRVAL_P(zvsep), Z_STRLEN_P(zvsep));
-							php_http_buffer_append(&buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
+							if (escaped_len != Z_STRLEN_P(tmp)) {
+								php_http_buffer_appends(&buf, "\"");
+								php_http_buffer_append(&buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp) = escaped_len);
+								php_http_buffer_appends(&buf, "\"");
+							} else {
+								php_http_buffer_append(&buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
+							}
 							zval_ptr_dtor(&tmp);
 						} else if (!Z_BVAL_PP(zarg)) {
 							php_http_buffer_append(&buf, Z_STRVAL_P(zvsep), Z_STRLEN_P(zvsep));
@@ -426,6 +448,7 @@ PHP_METHOD(HttpParams, toString)
 	zval_ptr_dtor(&zasep);
 	zval_ptr_dtor(&zvsep);
 
+	php_http_buffer_fix(&buf);
 	php_http_buffer_shrink(&buf);
 	RETVAL_PHP_HTTP_BUFFER_VAL(&buf);
 }