X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=php_http_params.c;h=76d6909b6eeee83a10e5294dae3dcf6cd4415592;hp=faa3cbb735a4a4f76307e0905153d96177b30d4a;hb=a11c142449b5d8359ff87320e5b547d12b448d9b;hpb=76a68c0c135bbbf4fa676647ebe9ccde8a215df3 diff --git a/php_http_params.c b/php_http_params.c index faa3cbb..76d6909 100644 --- a/php_http_params.c +++ b/php_http_params.c @@ -60,7 +60,7 @@ static inline void sanitize_escaped(zval *zv TSRMLS_DC) ZVAL_STRINGL(zv, deq, deq_len, 0); } - php_stripslashes(Z_STRVAL_P(zv), &Z_STRLEN_P(zv) TSRMLS_CC); + php_stripcslashes(Z_STRVAL_P(zv), &Z_STRLEN_P(zv) TSRMLS_CC); } static inline void prepare_escaped(zval *zv TSRMLS_DC) @@ -68,9 +68,10 @@ static inline void prepare_escaped(zval *zv TSRMLS_DC) if (Z_TYPE_P(zv) == IS_STRING) { int len = Z_STRLEN_P(zv); - Z_STRVAL_P(zv) = php_addslashes(Z_STRVAL_P(zv), Z_STRLEN_P(zv), &Z_STRLEN_P(zv), 1 TSRMLS_CC); + Z_STRVAL_P(zv) = php_addcslashes(Z_STRVAL_P(zv), Z_STRLEN_P(zv), &Z_STRLEN_P(zv), 1, + ZEND_STRL("\0..\37\173\\\"") TSRMLS_CC); - if (len != Z_STRLEN_P(zv)) { + if (len != Z_STRLEN_P(zv) || strpbrk(Z_STRVAL_P(zv), "()<>@,;:\"/[]?={} ")) { zval tmp = *zv; int len = Z_STRLEN_P(zv) + 2; char *str = emalloc(len + 1); @@ -741,12 +742,13 @@ static inline void shift_val(php_http_buffer_t *buf, zval *zvalue, const char *v } } -static void shift_arg(php_http_buffer_t *buf, char *key_str, size_t key_len, zval *zvalue, const char *ass, size_t asl, const char *vss, size_t vsl, unsigned flags, zend_bool rfc5987 TSRMLS_DC) +static void shift_arg(php_http_buffer_t *buf, char *key_str, size_t key_len, zval *zvalue, const char *ass, size_t asl, const char *vss, size_t vsl, unsigned flags TSRMLS_DC) { if (Z_TYPE_P(zvalue) == IS_ARRAY || Z_TYPE_P(zvalue) == IS_OBJECT) { HashPosition pos; php_http_array_hashkey_t key = php_http_array_hashkey_init(0); zval **val; + zend_bool rfc5987 = !strcmp(key_str, "*rfc5987*"); if (!rfc5987) { shift_key(buf, key_str, key_len, ass, asl, flags TSRMLS_CC); @@ -758,7 +760,7 @@ static void shift_arg(php_http_buffer_t *buf, char *key_str, size_t key_len, zva shift_key(buf, key.str, key.len-1, ass, asl, flags TSRMLS_CC); shift_rfc5987(buf, *val, vss, vsl, flags TSRMLS_CC); } else { - shift_arg(buf, key.str, key.len-1, *val, ass, asl, vss, vsl, flags, 0 TSRMLS_CC); + shift_arg(buf, key.str, key.len-1, *val, ass, asl, vss, vsl, flags TSRMLS_CC); } php_http_array_hashkey_stringfree(&key); } @@ -768,7 +770,7 @@ static void shift_arg(php_http_buffer_t *buf, char *key_str, size_t key_len, zva } } -static void shift_param(php_http_buffer_t *buf, char *key_str, size_t key_len, zval *zvalue, const char *pss, size_t psl, const char *ass, size_t asl, const char *vss, size_t vsl, unsigned flags TSRMLS_DC) +static void shift_param(php_http_buffer_t *buf, char *key_str, size_t key_len, zval *zvalue, const char *pss, size_t psl, const char *ass, size_t asl, const char *vss, size_t vsl, unsigned flags, zend_bool rfc5987 TSRMLS_DC) { if (Z_TYPE_P(zvalue) == IS_ARRAY || Z_TYPE_P(zvalue) == IS_OBJECT) { /* treat as arguments, unless we care for dimensions or rfc5987 */ @@ -776,11 +778,11 @@ static void shift_param(php_http_buffer_t *buf, char *key_str, size_t key_len, z php_http_buffer_t *keybuf = php_http_buffer_from_string(key_str, key_len); prepare_dimension(buf, keybuf, zvalue, pss, psl, vss, vsl, flags TSRMLS_CC); php_http_buffer_free(&keybuf); - } else if (flags & PHP_HTTP_PARAMS_RFC5987) { + } else if (rfc5987) { shift_key(buf, key_str, key_len, pss, psl, flags TSRMLS_CC); shift_rfc5987(buf, zvalue, vss, vsl, flags TSRMLS_CC); } else { - shift_arg(buf, key_str, key_len, zvalue, ass, asl, vss, vsl, flags, 0 TSRMLS_CC); + shift_arg(buf, key_str, key_len, zvalue, ass, asl, vss, vsl, flags TSRMLS_CC); } } else { shift_key(buf, key_str, key_len, pss, psl, flags TSRMLS_CC); @@ -793,6 +795,7 @@ php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable * zval **zparam; HashPosition pos, pos1; php_http_array_hashkey_t key = php_http_array_hashkey_init(0), key1 = php_http_array_hashkey_init(0); + zend_bool rfc5987 = 0; if (!buf) { buf = php_http_buffer_init(NULL); @@ -807,12 +810,14 @@ php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable * if (SUCCESS != zend_hash_find(Z_ARRVAL_PP(zparam), ZEND_STRS("value"), (void *) &zvalue)) { if (SUCCESS != zend_hash_find(Z_ARRVAL_PP(zparam), ZEND_STRS("*rfc5987*"), (void *) &zvalue)) { zvalue = zparam; + } else { + rfc5987 = 1; } } } php_http_array_hashkey_stringify(&key); - shift_param(buf, key.str, key.len - 1, *zvalue, pss, psl, ass, asl, vss, vsl, flags TSRMLS_CC); + shift_param(buf, key.str, key.len - 1, *zvalue, pss, psl, ass, asl, vss, vsl, flags, rfc5987 TSRMLS_CC); php_http_array_hashkey_stringfree(&key); if (Z_TYPE_PP(zparam) == IS_ARRAY && SUCCESS != zend_hash_find(Z_ARRVAL_PP(zparam), ZEND_STRS("arguments"), (void *) &zvalue)) { @@ -829,8 +834,7 @@ php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable * } php_http_array_hashkey_stringify(&key1); - shift_arg(buf, key1.str, key1.len - 1, *zargs, ass, asl, vss, vsl, flags, - HASH_KEY_IS_STRING == key1.type && !strcmp(key1.str, "*rfc5987*") TSRMLS_CC); + shift_arg(buf, key1.str, key1.len - 1, *zargs, ass, asl, vss, vsl, flags TSRMLS_CC); php_http_array_hashkey_stringfree(&key1); } }