From 58410541834f8f897291c290d38e7a505dbb93c1 Mon Sep 17 00:00:00 2001 From: Michael Wallner Date: Wed, 4 Apr 2012 10:08:01 +0000 Subject: [PATCH] fix bug #64111 enable the params parser to parse x-www-form-urlencoded (query string) --- package.xml | 6 +- php_http.h | 2 +- php_http_env_response.c | 2 +- php_http_misc.h | 19 +- php_http_params.c | 435 +++++++++++++++++++++++++++++++++++----- php_http_params.h | 13 +- php_http_querystring.c | 71 ++++++- php_http_url.h | 5 +- phpunit/UrlTest.php | 2 +- tests/bug61444.phpt | 38 ++++ 10 files changed, 536 insertions(+), 57 deletions(-) create mode 100644 tests/bug61444.phpt diff --git a/package.xml b/package.xml index e8c672e..9dbd103 100644 --- a/package.xml +++ b/package.xml @@ -28,7 +28,7 @@ Extended HTTP support. Again. Keep in mind that it's got the major version 2, be 2012-03-30 - 2.0.0dev10 + 2.0.0dev 2.0.0 @@ -37,7 +37,9 @@ Extended HTTP support. Again. Keep in mind that it's got the major version 2, be BSD, revised diff --git a/php_http.h b/php_http.h index 97c81f7..bbea3e7 100644 --- a/php_http.h +++ b/php_http.h @@ -13,7 +13,7 @@ #ifndef PHP_EXT_HTTP_H #define PHP_EXT_HTTP_H -#define PHP_HTTP_EXT_VERSION "2.0.0dev10" +#define PHP_HTTP_EXT_VERSION "2.0.0dev" zend_module_entry http_module_entry; #define phpext_http_ptr &http_module_entry diff --git a/php_http_env_response.c b/php_http_env_response.c index 5f493a6..5316bed 100644 --- a/php_http_env_response.c +++ b/php_http_env_response.c @@ -381,7 +381,7 @@ static STATUS php_http_env_response_send_head(php_http_env_response_t *r) php_http_buffer_t buf; php_http_buffer_init(&buf); - if (php_http_params_to_string(&buf, Z_ARRVAL_P(zoption_copy), ZEND_STRL(","), ZEND_STRL(";"), ZEND_STRL("=") TSRMLS_CC)) { + if (php_http_params_to_string(&buf, Z_ARRVAL_P(zoption_copy), ZEND_STRL(","), ZEND_STRL(";"), ZEND_STRL("="), PHP_HTTP_PARAMS_DEFAULT TSRMLS_CC)) { ret = php_http_env_set_response_header_format(0, 1 TSRMLS_CC, "Content-Disposition: %s", PHP_HTTP_BUFFER_VAL(&buf)); } diff --git a/php_http_misc.h b/php_http_misc.h index 16a7be8..0a63a04 100644 --- a/php_http_misc.h +++ b/php_http_misc.h @@ -175,7 +175,8 @@ static inline zval *php_http_ztyp(int type, zval *z) return z; } -static inline zval *php_http_zsep(zend_bool add_ref, int type, zval *z) { +static inline zval *php_http_zsep(zend_bool add_ref, int type, zval *z) +{ if (add_ref) { Z_ADDREF_P(z); } @@ -195,6 +196,22 @@ static inline zval *php_http_zsep(zend_bool add_ref, int type, zval *z) { return z; } +static inline STATUS php_http_ini_entry(const char *name_str, size_t name_len, const char **value_str, size_t *value_len, zend_bool orig TSRMLS_DC) +{ + zend_ini_entry *ini_entry; + + if (SUCCESS == zend_hash_find(EG(ini_directives), name_str, name_len + 1, (void *) &ini_entry)) { + if (orig && ini_entry->modified) { + *value_str = ini_entry->orig_value; + *value_len = (size_t) ini_entry->orig_value_length; + } else { + *value_str = ini_entry->value; + *value_len = (size_t) ini_entry->value_length; + } + return SUCCESS; + } + return FAILURE; +} /* return bool (v == SUCCESS) */ #define RETVAL_SUCCESS(v) RETVAL_BOOL(SUCCESS == (v)) diff --git a/php_http_params.c b/php_http_params.c index cd7728a..69f8a34 100644 --- a/php_http_params.c +++ b/php_http_params.c @@ -18,7 +18,9 @@ static php_http_params_token_t def_val_sep = {"=", 1}, *def_val_sep_ptr[] = {&de static php_http_params_opts_t def_opts = { .param = def_param_sep_ptr, .arg = def_arg_sep_ptr, - .val = def_val_sep_ptr + .val = def_val_sep_ptr, + .defval = NULL, + .flags = PHP_HTTP_PARAMS_DEFAULT }; PHP_HTTP_API php_http_params_opts_t *php_http_params_opts_default_get(php_http_params_opts_t *opts) @@ -44,12 +46,8 @@ typedef struct php_http_params_state { } current; } php_http_params_state_t; -static inline void sanitize_string(char *str, size_t len, zval *zv TSRMLS_DC) +static void sanitize_default(zval *zv TSRMLS_DC) { - /* trim whitespace */ - php_trim(str, len, NULL, 0, zv, 3 TSRMLS_CC); - - /* dequote */ if (Z_STRVAL_P(zv)[0] == '"' && Z_STRVAL_P(zv)[Z_STRLEN_P(zv) - 1] == '"') { size_t deq_len = Z_STRLEN_P(zv) - 2; char *deq = estrndup(Z_STRVAL_P(zv) + 1, deq_len); @@ -58,22 +56,311 @@ static inline void sanitize_string(char *str, size_t len, zval *zv TSRMLS_DC) ZVAL_STRINGL(zv, deq, deq_len, 0); } - /* strip slashes */ php_stripslashes(Z_STRVAL_P(zv), &Z_STRLEN_P(zv) TSRMLS_CC); } +static void prepare_default(zval *zv TSRMLS_DC) +{ + int len = Z_STRLEN_P(zv); + + Z_STRVAL_P(zv) = php_addslashes(Z_STRVAL_P(zv), Z_STRLEN_P(zv), &Z_STRLEN_P(zv), 1 TSRMLS_CC); + + if (len != Z_STRLEN_P(zv)) { + zval tmp = *zv; + int len = Z_STRLEN_P(zv) + 2; + char *str = emalloc(len + 1); + + str[0] = '"'; + memcpy(&str[1], Z_STRVAL_P(zv), Z_STRLEN_P(zv)); + str[len-1] = '"'; + str[len] = '\0'; + + zval_dtor(&tmp); + ZVAL_STRINGL(zv, str, len, 0); + } +} + +static void sanitize_urlencoded(zval *zv TSRMLS_DC) +{ + Z_STRLEN_P(zv) = php_raw_url_decode(Z_STRVAL_P(zv), Z_STRLEN_P(zv)); +} + +static void prepare_urlencoded(zval *zv TSRMLS_DC) +{ + int len; + char *str = php_raw_url_encode(Z_STRVAL_P(zv), Z_STRLEN_P(zv), &len); + + zval_dtor(zv); + ZVAL_STRINGL(zv, str, len, 0); +} + +static void sanitize_dimension(zval *zv TSRMLS_DC) +{ + zval *arr = NULL, *tmp = NULL, **cur = NULL; + char *var = NULL, *ptr = Z_STRVAL_P(zv), *end = Z_STRVAL_P(zv) + Z_STRLEN_P(zv); + long level = 0; + + MAKE_STD_ZVAL(arr); + array_init(arr); + cur = &arr; + + while (ptr < end) { + if (!var) { + var = ptr; + } + + switch (*ptr) { + case '[': + if (++level > PG(max_input_nesting_level)) { + zval_ptr_dtor(&arr); + php_http_error(HE_WARNING, PHP_HTTP_E_QUERYSTRING, "Max input nesting level of %ld exceeded", PG(max_input_nesting_level)); + return; + } + if (ptr - var == 0) { + ++var; + break; + } + /* no break */ + + case ']': + + MAKE_STD_ZVAL(tmp); + ZVAL_NULL(tmp); + convert_to_array(*cur); + + if (ptr - var) { + char chr = *ptr; + *ptr = '\0'; + zend_symtable_update(Z_ARRVAL_PP(cur), var, ptr - var + 1, (void *) &tmp, sizeof(zval *), (void *) &cur); + *ptr = chr; + } else { + zend_hash_next_index_insert(Z_ARRVAL_PP(cur), (void *) &tmp, sizeof(zval *), (void *) &cur); + } + + var = NULL; + break; + } + + ++ptr; + } + + if (zend_hash_num_elements(Z_ARRVAL_P(arr))) { + zval_dtor(zv); + ZVAL_COPY_VALUE(zv, arr); + FREE_ZVAL(arr); + } else { + zval_ptr_dtor(&arr); + } +} + +static void prepare_dimension(zval *zv TSRMLS_DC) +{ + if (Z_TYPE_P(zv) == IS_ARRAY) { + zval **zdata = &zv; + php_http_array_hashkey_t key = php_http_array_hashkey_init(0); + php_http_buffer_t buf; + + php_http_buffer_init(&buf); + + do { + if (HASH_KEY_IS_STRING == zend_hash_get_current_key_ex(Z_ARRVAL_PP(zdata), &key.str, &key.len, &key.num, key.dup, NULL)) { + php_http_buffer_appendf(&buf, "[%s]", key.str); + } else { + php_http_buffer_appendf(&buf, "[%lu]", key.num); + } + } while (SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zdata), (void *) &zdata) && Z_TYPE_PP(zdata) == IS_ARRAY); + + php_http_buffer_fix(&buf); + zval_dtor(zv); + ZVAL_STRINGL(zv, buf.data, buf.used, 0); + } +} + +static void sanitize_key(unsigned flags, char *str, size_t len, zval *zv TSRMLS_DC) +{ + php_trim(str, len, NULL, 0, zv, 3 TSRMLS_CC); + + if (flags & PHP_HTTP_PARAMS_DEFAULT) { + sanitize_default(zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_URLENCODED) { + sanitize_urlencoded(zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_DIMENSION) { + sanitize_dimension(zv TSRMLS_CC); + } +} + +static void sanitize_value(unsigned flags, char *str, size_t len, zval *zv TSRMLS_DC) +{ + php_trim(str, len, NULL, 0, zv, 3 TSRMLS_CC); + + if (flags & PHP_HTTP_PARAMS_DEFAULT) { + sanitize_default(zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_URLENCODED) { + sanitize_urlencoded(zv TSRMLS_CC); + } +} + +static void prepare_key(unsigned flags, char *old_key, size_t old_len, char **new_key, size_t *new_len TSRMLS_DC) +{ + zval zv; + + INIT_PZVAL(&zv); + ZVAL_STRINGL(&zv, old_key, old_len, 1); + + if (flags & PHP_HTTP_PARAMS_DIMENSION) { + prepare_dimension(&zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_URLENCODED) { + prepare_urlencoded(&zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_DEFAULT) { + prepare_default(&zv TSRMLS_CC); + } + + *new_key = Z_STRVAL(zv); + *new_len = Z_STRLEN(zv); +} + +static void prepare_value(unsigned flags, zval *zv TSRMLS_DC) +{ + if (flags & PHP_HTTP_PARAMS_DIMENSION) { + prepare_dimension(zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_URLENCODED) { + prepare_urlencoded(zv TSRMLS_CC); + } + + if (flags & PHP_HTTP_PARAMS_DEFAULT) { + prepare_default(zv TSRMLS_CC); + } +} + +static void merge_param(HashTable *params, zval *zdata, zval ***cur TSRMLS_DC) +{ + zval **ptr, **zdata_ptr; + php_http_array_hashkey_t hkey = php_http_array_hashkey_init(0); + +#if 0 + { + zval tmp; + INIT_PZVAL_ARRAY(&tmp, params); + fprintf(stderr, "params = "); + zend_print_zval_r(&tmp, 1 TSRMLS_CC); + fprintf(stderr, "\n"); + } +#endif + + hkey.type = zend_hash_get_current_key_ex(Z_ARRVAL_P(zdata), &hkey.str, &hkey.len, &hkey.num, hkey.dup, NULL); + + if ((hkey.type == HASH_KEY_IS_STRING && !zend_hash_exists(params, hkey.str, hkey.len)) + || (hkey.type == HASH_KEY_IS_LONG && !zend_hash_index_exists(params, hkey.num)) + ) { + zval *tmp; + + /* create the entry if it doesn't exist */ + zend_hash_get_current_data(Z_ARRVAL_P(zdata), (void *) &ptr); + Z_ADDREF_PP(ptr); + MAKE_STD_ZVAL(tmp); + array_init(tmp); + add_assoc_zval_ex(tmp, ZEND_STRS("value"), *ptr); + + if (hkey.type == HASH_KEY_IS_STRING) { + zend_hash_update(params, hkey.str, hkey.len, (void *) &tmp, sizeof(zval *), (void *) &ptr); + } else { + zend_hash_index_update(params, hkey.num, (void *) &tmp, sizeof(zval *), (void *) &ptr); + } + } else { + /* merge */ + if (hkey.type == HASH_KEY_IS_STRING) { + zend_hash_find(params, hkey.str, hkey.len, (void *) &ptr); + } else { + zend_hash_index_find(params, hkey.num, (void *) &ptr); + } + + zdata_ptr = &zdata; + + if (Z_TYPE_PP(ptr) == IS_ARRAY + && SUCCESS == zend_hash_find(Z_ARRVAL_PP(ptr), "value", sizeof("value"), (void *) &ptr) + && SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zdata_ptr), (void *) &zdata_ptr) + ) { + /* + * params = [arr => [value => [0 => 1]]] + * ^- ptr + * zdata = [arr => [0 => NULL]] + * ^- zdata_ptr + */ + zval **test_ptr; + + while (Z_TYPE_PP(zdata_ptr) == IS_ARRAY + && SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zdata_ptr), (void *) &test_ptr) + ) { + if (Z_TYPE_PP(test_ptr) == IS_ARRAY) { + + /* now find key in ptr */ + if (HASH_KEY_IS_STRING == zend_hash_get_current_key_ex(Z_ARRVAL_PP(zdata_ptr), &hkey.str, &hkey.len, &hkey.num, hkey.dup, NULL)) { + if (SUCCESS == zend_hash_find(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) &ptr)) { + zdata_ptr = test_ptr; + } else { + Z_ADDREF_PP(test_ptr); + zend_hash_update(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) test_ptr, sizeof(zval *), (void *) &ptr); + break; + } + } else { + if (SUCCESS == zend_hash_find(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) &ptr)) { + zdata_ptr = test_ptr; + } else if (hkey.num) { + Z_ADDREF_PP(test_ptr); + zend_hash_index_update(Z_ARRVAL_PP(ptr), hkey.num, (void *) test_ptr, sizeof(zval *), (void *) &ptr); + break; + } else { + Z_ADDREF_PP(test_ptr); + zend_hash_next_index_insert(Z_ARRVAL_PP(ptr), (void *) test_ptr, sizeof(zval *), (void *) &ptr); + break; + } + } + } else { + /* this is the leaf */ + Z_ADDREF_PP(test_ptr); + if (HASH_KEY_IS_STRING == zend_hash_get_current_key_ex(Z_ARRVAL_PP(zdata_ptr), &hkey.str, &hkey.len, &hkey.num, hkey.dup, NULL)) { + zend_hash_update(Z_ARRVAL_PP(ptr), hkey.str, hkey.len, (void *) test_ptr, sizeof(zval *), (void *) &ptr); + } else if (hkey.num) { + zend_hash_index_update(Z_ARRVAL_PP(ptr), hkey.num, (void *) test_ptr, sizeof(zval *), (void *) &ptr); + } else { + zend_hash_next_index_insert(Z_ARRVAL_PP(ptr), (void *) test_ptr, sizeof(zval *), (void *) &ptr); + } + break; + } + } + + } + } + + /* bubble up */ + while (Z_TYPE_PP(ptr) == IS_ARRAY && SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(ptr), (void *) &ptr)); + *cur = ptr; +} + static void push_param(HashTable *params, php_http_params_state_t *state, const php_http_params_opts_t *opts TSRMLS_DC) { if (state->val.str) { if (0 < (state->val.len = state->input.str - state->val.str)) { - sanitize_string(state->val.str, state->val.len, *(state->current.val) TSRMLS_CC); + sanitize_value(opts->flags, state->val.str, state->val.len, *(state->current.val) TSRMLS_CC); } } else if (state->arg.str) { if (0 < (state->arg.len = state->input.str - state->arg.str)) { zval *val, key; INIT_PZVAL(&key); - sanitize_string(state->arg.str, state->arg.len, &key TSRMLS_CC); + sanitize_key(opts->flags, state->arg.str, state->arg.len, &key TSRMLS_CC); if (Z_STRLEN(key)) { MAKE_STD_ZVAL(val); ZVAL_TRUE(val); @@ -83,24 +370,33 @@ static void push_param(HashTable *params, php_http_params_state_t *state, const } } else if (state->param.str) { if (0 < (state->param.len = state->input.str - state->param.str)) { - zval *prm, *arg, *val, key; - - INIT_PZVAL(&key); - sanitize_string(state->param.str, state->param.len, &key TSRMLS_CC); - if (Z_STRLEN(key)) { + zval *prm, *arg, *val, *key; + + MAKE_STD_ZVAL(key); + ZVAL_NULL(key); + sanitize_key(opts->flags, state->param.str, state->param.len, key TSRMLS_CC); + if (Z_TYPE_P(key) != IS_STRING) { + merge_param(params, key, &state->current.val TSRMLS_CC); + } else if (Z_STRLEN_P(key)) { MAKE_STD_ZVAL(prm); array_init(prm); + MAKE_STD_ZVAL(val); - ZVAL_TRUE(val); + if (opts->defval) { + ZVAL_COPY_VALUE(val, opts->defval); + zval_copy_ctor(val); + } else { + ZVAL_TRUE(val); + } zend_hash_update(Z_ARRVAL_P(prm), "value", sizeof("value"), (void *) &val, sizeof(zval *), (void *) &state->current.val); MAKE_STD_ZVAL(arg); array_init(arg); zend_hash_update(Z_ARRVAL_P(prm), "arguments", sizeof("arguments"), (void *) &arg, sizeof(zval *), (void *) &state->current.args); - zend_symtable_update(params, Z_STRVAL(key), Z_STRLEN(key) + 1, (void *) &prm, sizeof(zval *), (void *) &state->current.param); + zend_symtable_update(params, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void *) &prm, sizeof(zval *), (void *) &state->current.param); } - zval_dtor(&key); + zval_ptr_dtor(&key); } } } @@ -135,7 +431,10 @@ PHP_HTTP_API HashTable *php_http_params_parse(HashTable *params, const php_http_ } while (state.input.len) { - if (!state.param.str) { + if (*state.input.str == '\\') { + ++state.input.str; + --state.input.len; + } else if (!state.param.str) { /* initialize */ state.param.str = state.input.str; } else { @@ -174,8 +473,10 @@ PHP_HTTP_API HashTable *php_http_params_parse(HashTable *params, const php_http_ } } - ++state.input.str; - --state.input.len; + if (state.input.len) { + ++state.input.str; + --state.input.len; + } } /* finalize */ push_param(params, &state, opts TSRMLS_CC); @@ -183,11 +484,11 @@ PHP_HTTP_API HashTable *php_http_params_parse(HashTable *params, const php_http_ return params; } -PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable *params, const char *pss, size_t psl, const char *ass, size_t asl, const char *vss, size_t vsl TSRMLS_DC) +PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable *params, const char *pss, size_t psl, const char *ass, size_t asl, const char *vss, size_t vsl, unsigned flags TSRMLS_DC) { zval **zparam; HashPosition pos1, pos2; - php_http_array_hashkey_t key1 = php_http_array_hashkey_init(0), key2 = php_http_array_hashkey_init(0); + php_http_array_hashkey_t key1 = php_http_array_hashkey_init(0), key2 = php_http_array_hashkey_init(0), key3 = php_http_array_hashkey_init(0); if (!buf) { buf = php_http_buffer_init(NULL); @@ -201,7 +502,12 @@ PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf /* add name */ if (key1.type == HASH_KEY_IS_STRING) { - php_http_buffer_append(buf, key1.str, key1.len - 1); + char *key; + size_t len; + + prepare_key(flags, key1.str, key1.len - 1, &key, &len TSRMLS_CC); + php_http_buffer_append(buf, key, len); + efree(key); } else { php_http_buffer_appendf(buf, "%lu", key1.num); } @@ -209,6 +515,8 @@ PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf if (Z_TYPE_PP(zparam) != IS_ARRAY) { zval *tmp = php_http_ztyp(IS_STRING, *zparam); + prepare_value(flags, tmp TSRMLS_CC); + php_http_buffer_append(buf, vss, vsl); php_http_buffer_append(buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)); zval_ptr_dtor(&tmp); @@ -218,8 +526,20 @@ PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf /* got a value? */ if (SUCCESS == zend_hash_find(Z_ARRVAL_PP(zparam), ZEND_STRS("value"), (void *) &zvalue)) { if (Z_TYPE_PP(zvalue) != IS_BOOL) { - zval *tmp = php_http_ztyp(IS_STRING, *zvalue); + zval *tmp; + if (Z_TYPE_PP(zvalue) == IS_ARRAY) { + tmp = php_http_zsep(1, IS_ARRAY, *zvalue); + prepare_value(flags, tmp TSRMLS_CC); + php_http_buffer_append(buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)); + zval_ptr_dtor(&tmp); + + /* go to leaf */ + while (SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zvalue), (void *) &zvalue) && Z_TYPE_PP(zvalue) == IS_ARRAY); + } + + tmp = php_http_ztyp(IS_STRING, *zvalue); + prepare_value(flags, tmp TSRMLS_CC); php_http_buffer_append(buf, vss, vsl); php_http_buffer_append(buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)); zval_ptr_dtor(&tmp); @@ -247,24 +567,33 @@ PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf /* add name */ if (key2.type == HASH_KEY_IS_STRING) { - php_http_buffer_append(buf, key2.str, key2.len - 1); + char *key; + size_t len; + + prepare_key(flags, key2.str, key2.len - 1, &key, &len TSRMLS_CC); + php_http_buffer_append(buf, key, len); + efree(key); } else { php_http_buffer_appendf(buf, "%lu", key2.num); } /* add value */ if (Z_TYPE_PP(zarg) != IS_BOOL) { - zval *tmp = php_http_ztyp(IS_STRING, *zarg); - int escaped_len; + zval *tmp; - Z_STRVAL_P(tmp) = php_addslashes(Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), &escaped_len, 1 TSRMLS_CC); - php_http_buffer_append(buf, vss, vsl); - if (escaped_len != Z_STRLEN_P(tmp)) { - php_http_buffer_appends(buf, "\""); - php_http_buffer_append(buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp) = escaped_len); - php_http_buffer_appends(buf, "\""); - } else { + if (Z_TYPE_PP(zarg) == IS_ARRAY) { + tmp = php_http_zsep(1, IS_ARRAY, *zarg); + prepare_value(flags, tmp TSRMLS_CC); php_http_buffer_append(buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)); + zval_ptr_dtor(&tmp); + + /* go to leaf */ + while (SUCCESS == zend_hash_get_current_data(Z_ARRVAL_PP(zarg), (void *) &zarg) && Z_TYPE_PP(zarg) == IS_ARRAY); } + + tmp = php_http_ztyp(IS_STRING, *zarg); + prepare_value(flags, tmp TSRMLS_CC); + php_http_buffer_append(buf, vss, vsl); + php_http_buffer_append(buf, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)); zval_ptr_dtor(&tmp); } else if (!Z_BVAL_PP(zarg)) { php_http_buffer_append(buf, vss, vsl); @@ -291,6 +620,7 @@ PHP_HTTP_BEGIN_ARGS(__construct, 0) PHP_HTTP_ARG_VAL(param_sep, 0) PHP_HTTP_ARG_VAL(arg_sep, 0) PHP_HTTP_ARG_VAL(val_sep, 0) + PHP_HTTP_ARG_VAL(flags, 0) PHP_HTTP_END_ARGS; PHP_HTTP_EMPTY_ARGS(toArray); @@ -346,15 +676,22 @@ PHP_MINIT_FUNCTION(http_params) zend_declare_class_constant_stringl(php_http_params_class_entry, ZEND_STRL("DEF_VAL_SEP"), ZEND_STRL("=") TSRMLS_CC); zend_declare_class_constant_stringl(php_http_params_class_entry, ZEND_STRL("COOKIE_PARAM_SEP"), ZEND_STRL("") TSRMLS_CC); + zend_declare_class_constant_long(php_http_params_class_entry, ZEND_STRL("PARSE_RAW"), PHP_HTTP_PARAMS_RAW TSRMLS_CC); + zend_declare_class_constant_long(php_http_params_class_entry, ZEND_STRL("PARSE_DEFAULT"), PHP_HTTP_PARAMS_DEFAULT TSRMLS_CC); + zend_declare_class_constant_long(php_http_params_class_entry, ZEND_STRL("PARSE_URLENCODED"), PHP_HTTP_PARAMS_URLENCODED TSRMLS_CC); + zend_declare_class_constant_long(php_http_params_class_entry, ZEND_STRL("PARSE_DIMENSION"), PHP_HTTP_PARAMS_DIMENSION TSRMLS_CC); + zend_declare_class_constant_long(php_http_params_class_entry, ZEND_STRL("PARSE_QUERY"), PHP_HTTP_PARAMS_QUERY TSRMLS_CC); + zend_declare_property_null(php_http_params_class_entry, ZEND_STRL("params"), ZEND_ACC_PUBLIC TSRMLS_CC); zend_declare_property_stringl(php_http_params_class_entry, ZEND_STRL("param_sep"), ZEND_STRL(","), ZEND_ACC_PUBLIC TSRMLS_CC); zend_declare_property_stringl(php_http_params_class_entry, ZEND_STRL("arg_sep"), ZEND_STRL(";"), ZEND_ACC_PUBLIC TSRMLS_CC); zend_declare_property_stringl(php_http_params_class_entry, ZEND_STRL("val_sep"), ZEND_STRL("="), ZEND_ACC_PUBLIC TSRMLS_CC); + zend_declare_property_long(php_http_params_class_entry, ZEND_STRL("flags"), PHP_HTTP_PARAMS_DEFAULT, ZEND_ACC_PUBLIC TSRMLS_CC); return SUCCESS; } -static php_http_params_token_t **parse_sep(zval *zv TSRMLS_DC) +PHP_HTTP_API php_http_params_token_t **php_http_params_separator_init(zval *zv TSRMLS_DC) { zval **sep; HashPosition pos; @@ -384,7 +721,8 @@ static php_http_params_token_t **parse_sep(zval *zv TSRMLS_DC) return ret; } -static void free_sep(php_http_params_token_t **separator) { +PHP_HTTP_API void php_http_params_separator_free(php_http_params_token_t **separator) +{ php_http_params_token_t **sep = separator; if (sep) { while (*sep) { @@ -400,9 +738,13 @@ PHP_METHOD(HttpParams, __construct) { with_error_handling(EH_THROW, php_http_exception_get_class_entry()) { zval *zcopy, *zparams = NULL, *param_sep = NULL, *arg_sep = NULL, *val_sep = NULL; + long flags = PHP_HTTP_PARAMS_DEFAULT; - if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|z!/z/z/z/", &zparams, ¶m_sep, &arg_sep, &val_sep)) { + if (SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|z!/z/z/z/l", &zparams, ¶m_sep, &arg_sep, &val_sep, &flags)) { switch (ZEND_NUM_ARGS()) { + case 5: + zend_update_property_long(php_http_params_class_entry, getThis(), ZEND_STRL("flags"), flags TSRMLS_CC); + /* no break */ case 4: zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), val_sep TSRMLS_CC); /* no break */ @@ -430,9 +772,10 @@ PHP_METHOD(HttpParams, __construct) .str = Z_STRVAL_P(zcopy), .len = Z_STRLEN_P(zcopy) }, - .param = parse_sep(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("param_sep"), 0 TSRMLS_CC) TSRMLS_CC), - .arg = parse_sep(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("arg_sep"), 0 TSRMLS_CC) TSRMLS_CC), - .val = parse_sep(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), 0 TSRMLS_CC) TSRMLS_CC) + .param = php_http_params_separator_init(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("param_sep"), 0 TSRMLS_CC) TSRMLS_CC), + .arg = php_http_params_separator_init(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("arg_sep"), 0 TSRMLS_CC) TSRMLS_CC), + .val = php_http_params_separator_init(zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), 0 TSRMLS_CC) TSRMLS_CC), + .flags = flags }; MAKE_STD_ZVAL(zparams); @@ -441,9 +784,9 @@ PHP_METHOD(HttpParams, __construct) zend_update_property(php_http_params_class_entry, getThis(), ZEND_STRL("params"), zparams TSRMLS_CC); zval_ptr_dtor(&zparams); - free_sep(opts.param); - free_sep(opts.arg); - free_sep(opts.val); + php_http_params_separator_free(opts.param); + php_http_params_separator_free(opts.arg); + php_http_params_separator_free(opts.val); } zval_ptr_dtor(&zcopy); break; @@ -468,21 +811,23 @@ PHP_METHOD(HttpParams, toArray) PHP_METHOD(HttpParams, toString) { - zval *zparams, *zpsep, *zasep, *zvsep; + zval *zparams, *zpsep, *zasep, *zvsep, *zflags; php_http_buffer_t buf; zparams = php_http_ztyp(IS_ARRAY, zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("params"), 0 TSRMLS_CC)); zpsep = php_http_ztyp(IS_STRING, zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("param_sep"), 0 TSRMLS_CC)); zasep = php_http_ztyp(IS_STRING, zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("arg_sep"), 0 TSRMLS_CC)); zvsep = php_http_ztyp(IS_STRING, zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("val_sep"), 0 TSRMLS_CC)); + zflags = php_http_ztyp(IS_LONG, zend_read_property(php_http_params_class_entry, getThis(), ZEND_STRL("flags"), 0 TSRMLS_CC)); php_http_buffer_init(&buf); - php_http_params_to_string(&buf, Z_ARRVAL_P(zparams), Z_STRVAL_P(zpsep), Z_STRLEN_P(zpsep), Z_STRVAL_P(zasep), Z_STRLEN_P(zasep), Z_STRVAL_P(zvsep), Z_STRLEN_P(zvsep) TSRMLS_CC); + php_http_params_to_string(&buf, Z_ARRVAL_P(zparams), Z_STRVAL_P(zpsep), Z_STRLEN_P(zpsep), Z_STRVAL_P(zasep), Z_STRLEN_P(zasep), Z_STRVAL_P(zvsep), Z_STRLEN_P(zvsep), Z_LVAL_P(zflags) TSRMLS_CC); zval_ptr_dtor(&zparams); zval_ptr_dtor(&zpsep); zval_ptr_dtor(&zasep); zval_ptr_dtor(&zvsep); + zval_ptr_dtor(&zflags); RETVAL_PHP_HTTP_BUFFER_VAL(&buf); } diff --git a/php_http_params.h b/php_http_params.h index a040139..716cba8 100644 --- a/php_http_params.h +++ b/php_http_params.h @@ -18,16 +18,27 @@ typedef struct php_http_params_token { size_t len; } php_http_params_token_t; +#define PHP_HTTP_PARAMS_RAW 0x00 +#define PHP_HTTP_PARAMS_DEFAULT 0x01 +#define PHP_HTTP_PARAMS_URLENCODED 0x04 +#define PHP_HTTP_PARAMS_DIMENSION 0x08 +#define PHP_HTTP_PARAMS_QUERY (PHP_HTTP_PARAMS_URLENCODED|PHP_HTTP_PARAMS_DIMENSION) + typedef struct php_http_params_opts { php_http_params_token_t input; php_http_params_token_t **param; php_http_params_token_t **arg; php_http_params_token_t **val; + zval *defval; + unsigned flags; } php_http_params_opts_t; PHP_HTTP_API php_http_params_opts_t *php_http_params_opts_default_get(php_http_params_opts_t *opts); PHP_HTTP_API HashTable *php_http_params_parse(HashTable *params, const php_http_params_opts_t *opts TSRMLS_DC); -PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable *params, const char *pss, size_t psl, const char *ass, size_t asl, const char *vss, size_t vsl TSRMLS_DC); +PHP_HTTP_API php_http_buffer_t *php_http_params_to_string(php_http_buffer_t *buf, HashTable *params, const char *pss, size_t psl, const char *ass, size_t asl, const char *vss, size_t vsl, unsigned flags TSRMLS_DC); + +PHP_HTTP_API php_http_params_token_t **php_http_params_separator_init(zval *zv TSRMLS_DC); +PHP_HTTP_API void php_http_params_separator_free(php_http_params_token_t **separator); typedef php_http_object_t php_http_params_object_t; diff --git a/php_http_querystring.c b/php_http_querystring.c index 8c65a7a..e14504c 100644 --- a/php_http_querystring.c +++ b/php_http_querystring.c @@ -138,6 +138,75 @@ PHP_HTTP_API STATUS php_http_querystring_ctor(zval *instance, zval *params TSRML return SUCCESS; } +static int apply_querystring(void *pData TSRMLS_DC) +{ + zval **val = pData; + + if (Z_TYPE_PP(val) == IS_ARRAY) { + zval **zvalue; + + if (SUCCESS == zend_hash_find(Z_ARRVAL_PP(val), ZEND_STRS("value"), (void *) &zvalue)) { + zval *tmp = *val; + + Z_ADDREF_PP(zvalue); + *val = *zvalue; + zval_dtor(tmp); + Z_TYPE_P(tmp) = IS_NULL; + zval_ptr_dtor(&tmp); + } + } + + return ZEND_HASH_APPLY_KEEP; +} + +PHP_HTTP_API STATUS php_http_querystring_parse(HashTable *ht, const char *str, size_t len TSRMLS_DC) +{ + STATUS rv = FAILURE; + php_http_params_opts_t opts; + php_http_params_token_t psep = { ZEND_STRL("&") }, *psepp[] = { &psep, NULL }; + php_http_params_token_t vsep = { ZEND_STRL("=") }, *vsepp[] = { &vsep, NULL }; + const char *asi_str = NULL; + size_t asi_len = 0; + + opts.input.str = estrndup(str, len); + opts.input.len = len; + opts.param = psepp; + opts.arg = NULL; + opts.val = vsepp; + opts.flags = PHP_HTTP_PARAMS_QUERY; + + if (SUCCESS == php_http_ini_entry(ZEND_STRL("arg_separator.input"), &asi_str, &asi_len, 0 TSRMLS_CC) && asi_len) { + zval *arr; + + MAKE_STD_ZVAL(arr); + array_init_size(arr, asi_len); + + do { + add_next_index_stringl(arr, asi_str++, 1, 1); + } while (*asi_str); + + opts.param = php_http_params_separator_init(arr TSRMLS_CC); + + zval_ptr_dtor(&arr); + } + + MAKE_STD_ZVAL(opts.defval); + ZVAL_NULL(opts.defval); + + if (php_http_params_parse(ht, &opts TSRMLS_CC)) { + zend_hash_apply(ht, apply_querystring TSRMLS_CC); + rv = SUCCESS; + } + + if (asi_len) { + php_http_params_separator_free(opts.param); + } + + zval_ptr_dtor(&opts.defval); + efree(opts.input.str); + return rv; +} + PHP_HTTP_API STATUS php_http_querystring_update(zval *qarray, zval *params, zval *outstring TSRMLS_DC) { /* enforce proper type */ @@ -165,7 +234,7 @@ PHP_HTTP_API STATUS php_http_querystring_update(zval *qarray, zval *params, zval } else { zv_ptr = php_http_ztyp(IS_STRING, params); array_init(&zv); - php_default_treat_data(PARSE_STRING, estrdup(Z_STRVAL_P(zv_ptr)), &zv TSRMLS_CC); + php_http_querystring_parse(Z_ARRVAL(zv), Z_STRVAL_P(zv_ptr), Z_STRLEN_P(zv_ptr) TSRMLS_CC); zval_ptr_dtor(&zv_ptr); zv_ptr = NULL; ptr = Z_ARRVAL(zv); diff --git a/php_http_url.h b/php_http_url.h index a482d23..cc663ac 100644 --- a/php_http_url.h +++ b/php_http_url.h @@ -41,10 +41,7 @@ PHP_HTTP_API STATUS php_http_url_encode_hash_ex(HashTable *ht, php_http_buffer_t static inline void php_http_url_argsep(const char **str, size_t *len TSRMLS_DC) { - *str = INI_STR("arg_separator.output"); - *len = strlen(*str); - - if (!*len) { + if (SUCCESS != php_http_ini_entry(ZEND_STRL("arg_separator.output"), str, len, 0 TSRMLS_CC) || !*len) { *str = PHP_HTTP_URL_ARGSEP; *len = lenof(PHP_HTTP_URL_ARGSEP); } diff --git a/phpunit/UrlTest.php b/phpunit/UrlTest.php index 3f66e52..50fa2ff 100644 --- a/phpunit/UrlTest.php +++ b/phpunit/UrlTest.php @@ -24,7 +24,7 @@ class UrlTest extends PHPUnit_Framework_TestCase { $this->assertEquals("www.example.com", $url->host); $this->assertEquals(8080, $url->port); $this->assertEquals("/path/changed", $url->path); - $this->assertEquals("foo=&more%5B0%5D=1&more%5B1%5D=2&added=this", $url->query); + $this->assertEquals("more%5B0%5D=1&more%5B1%5D=2&added=this", $url->query); $this->assertEmpty($url->fragment); } diff --git a/tests/bug61444.phpt b/tests/bug61444.phpt new file mode 100644 index 0000000..28d267c --- /dev/null +++ b/tests/bug61444.phpt @@ -0,0 +1,38 @@ +--TEST-- +. become _ in query strings due to php_default_treat_data() +--SKIPIF-- + +--FILE-- + 'utm_source=changed'), http\Url::JOIN_QUERY), PHP_EOL, PHP_EOL; + +// Replacing the host +echo new http\Url($url, array('host' => 'www.google.com')), PHP_EOL, PHP_EOL; + +// Generating a query string from scratch +echo new http\QueryString(array( + 'bar.baz' => 'blah', + 'utm_source' => 'google', + 'utm_campaign' => 'somethingelse', + 'blat' => null, + )), PHP_EOL, PHP_EOL; +?> +DONE +--EXPECT-- +http://www.example.com/foobar?bar.baz=blah&utm_source=google&utm_campaign=somethingelse&blat + +http://www.example.com/foobar?bar.baz=blah&utm_source=changed&utm_campaign=somethingelse + +http://www.google.com/foobar?bar.baz=blah&utm_source=google&utm_campaign=somethingelse&blat + +bar.baz=blah&utm_source=google&utm_campaign=somethingelse + +DONE -- 2.30.2