Back to index

php5  5.3.10
Defines | Functions | Variables
php_filter.h File Reference
#include "SAPI.h"
#include "zend_API.h"
#include "php.h"
#include "php_ini.h"
#include "ext/standard/info.h"
#include "ext/standard/php_string.h"
#include "ext/standard/html.h"
#include "php_variables.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define phpext_filter_ptr   &filter_module_entry
#define IF_G(v)   (filter_globals.v)
#define PHP_INPUT_FILTER_PARAM_DECL   zval *value, long flags, zval *option_array, char *charset TSRMLS_DC

Functions

 PHP_MINIT_FUNCTION (filter)
 PHP_MSHUTDOWN_FUNCTION (filter)
 PHP_RINIT_FUNCTION (filter)
 PHP_RSHUTDOWN_FUNCTION (filter)
 PHP_MINFO_FUNCTION (filter)
 PHP_FUNCTION (filter_input)
 PHP_FUNCTION (filter_var)
 PHP_FUNCTION (filter_input_array)
 PHP_FUNCTION (filter_var_array)
 PHP_FUNCTION (filter_list)
 PHP_FUNCTION (filter_has_var)
 PHP_FUNCTION (filter_id)
void php_filter_int (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_boolean (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_float (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_validate_regexp (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_validate_url (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_validate_email (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_validate_ip (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_string (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_encoded (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_special_chars (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_full_special_chars (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_unsafe_raw (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_email (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_url (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_number_int (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_number_float (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_magic_quotes (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_callback (PHP_INPUT_FILTER_PARAM_DECL)

Variables

zend_module_entry filter_module_entry
zval * post_array
zval * get_array
zval * cookie_array
zval * env_array
zval * server_array
zval * session_array
long default_filter
long default_filter_flags

Define Documentation

#define IF_G (   v)    (filter_globals.v)

Definition at line 69 of file php_filter.h.

#define PHP_INPUT_FILTER_PARAM_DECL   zval *value, long flags, zval *option_array, char *charset TSRMLS_DC

Definition at line 73 of file php_filter.h.

Definition at line 35 of file php_filter.h.


Function Documentation

Definition at line 232 of file logical_filters.c.

{
       char *str = Z_STRVAL_P(value);
       int len = Z_STRLEN_P(value);
       int ret;

       PHP_FILTER_TRIM_DEFAULT(str, len);

       /* returns true for "1", "true", "on" and "yes"
        * returns false for "0", "false", "off", "no", and ""
        * null otherwise. */
       switch (len) {
              case 1:
                     if (*str == '1') {
                            ret = 1;
                     } else if (*str == '0') {
                            ret = 0;
                     } else {
                            ret = -1;
                     }
                     break;
              case 2:
                     if (strncasecmp(str, "on", 2) == 0) {
                            ret = 1;
                     } else if (strncasecmp(str, "no", 2) == 0) {
                            ret = 0;
                     } else {
                            ret = -1;
                     }
                     break;
              case 3:
                     if (strncasecmp(str, "yes", 3) == 0) {
                            ret = 1;
                     } else if (strncasecmp(str, "off", 3) == 0) {
                            ret = 0;
                     } else {
                            ret = -1;
                     }
                     break;
              case 4:
                     if (strncasecmp(str, "true", 4) == 0) {
                            ret = 1;
                     } else {
                            ret = -1;
                     }
                     break;
              case 5:
                     if (strncasecmp(str, "false", 5) == 0) {
                            ret = 0;
                     } else {
                            ret = -1;
                     }
                     break;
              default:
                     ret = -1;
       }

       if (ret == -1) {     
              RETURN_VALIDATION_FAILED
       } else {
              zval_dtor(value);
              ZVAL_BOOL(value, ret);
       }
}

Definition at line 23 of file callback_filter.c.

{
       zval *retval_ptr;
       zval ***args;
       int status;

       if (!option_array || !zend_is_callable(option_array, IS_CALLABLE_CHECK_NO_ACCESS, NULL TSRMLS_CC)) {
              php_error_docref(NULL TSRMLS_CC, E_WARNING, "First argument is expected to be a valid callback");
              zval_dtor(value);
              Z_TYPE_P(value) = IS_NULL;
              return;
       }

       args = safe_emalloc(sizeof(zval **), 1, 0);
       args[0] = &value;
       
       status = call_user_function_ex(EG(function_table), NULL, option_array, &retval_ptr, 1, args, 0, NULL TSRMLS_CC);

       if (status == SUCCESS && retval_ptr != NULL) {
              if (retval_ptr != value) {
                     zval_dtor(value);
                     COPY_PZVAL_TO_ZVAL(*value, retval_ptr);
              } else {
                     zval_ptr_dtor(&retval_ptr);
              }
       } else {
              zval_dtor(value);
              Z_TYPE_P(value) = IS_NULL;
       }

       efree(args);
}

Here is the call graph for this function:

Definition at line 303 of file sanitizing_filters.c.

{
       /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Definition at line 219 of file sanitizing_filters.c.

{
       /* apply strip_high and strip_low filters */
       php_filter_strip(value, flags);
       /* urlencode */
       php_filter_encode_url(value, (unsigned char *)DEFAULT_URL_ENCODE, sizeof(DEFAULT_URL_ENCODE)-1, flags & FILTER_FLAG_ENCODE_HIGH, flags & FILTER_FLAG_ENCODE_LOW, 1);
}

Here is the call graph for this function:

Definition at line 298 of file logical_filters.c.

{
       int len;
       char *str, *end;
       char *num, *p;

       zval **option_val;
       char *decimal;
       int decimal_set, decimal_len;
       char dec_sep = '.';
       char tsd_sep[3] = "',.";

       long lval;
       double dval;

       int first, n;

       len = Z_STRLEN_P(value);
       str = Z_STRVAL_P(value);

       PHP_FILTER_TRIM_DEFAULT(str, len);
       end = str + len;

       FETCH_STRING_OPTION(decimal, "decimal");

       if (decimal_set) {
              if (decimal_len != 1) {
                     php_error_docref(NULL TSRMLS_CC, E_WARNING, "decimal separator must be one char");
                     RETURN_VALIDATION_FAILED
              } else {
                     dec_sep = *decimal;
              }
       }

       num = p = emalloc(len+1);
       if (str < end && (*str == '+' || *str == '-')) {
              *p++ = *str++;
       }
       first = 1;
       while (1) {
              n = 0;
              while (str < end && *str >= '0' && *str <= '9') {
                     ++n;
                     *p++ = *str++;
              }
              if (str == end || *str == dec_sep || *str == 'e' || *str == 'E') {
                     if (!first && n != 3) {
                            goto error;
                     }
                     if (*str == dec_sep) {
                            *p++ = '.';
                            str++;
                            while (str < end && *str >= '0' && *str <= '9') {
                                   *p++ = *str++;
                            }
                     }
                     if (*str == 'e' || *str == 'E') {
                            *p++ = *str++;
                            if (str < end && (*str == '+' || *str == '-')) {
                                   *p++ = *str++;
                            }
                            while (str < end && *str >= '0' && *str <= '9') {
                                   *p++ = *str++;
                            }
                     }
                     break;
              }
              if ((flags & FILTER_FLAG_ALLOW_THOUSAND) && (*str == tsd_sep[0] || *str == tsd_sep[1] || *str == tsd_sep[2])) {
                     if (first?(n < 1 || n > 3):(n != 3)) {
                            goto error;
                     }
                     first = 0;
                     str++;
              } else {
                     goto error;
              }
       }
       if (str != end) {
              goto error;
       }
       *p = 0;

       switch (is_numeric_string(num, p - num, &lval, &dval, 0)) {
              case IS_LONG:
                     zval_dtor(value);
                     Z_TYPE_P(value) = IS_DOUBLE;
                     Z_DVAL_P(value) = lval;
                     break;
              case IS_DOUBLE:
                     if ((!dval && p - num > 1 && strpbrk(num, "123456789")) || !zend_finite(dval)) {
                            goto error;
                     }
                     zval_dtor(value);
                     Z_TYPE_P(value) = IS_DOUBLE;
                     Z_DVAL_P(value) = dval;
                     break;
              default:
error:
                     efree(num);
                     RETURN_VALIDATION_FAILED
       }
       efree(num);   
}

Here is the call graph for this function:

Definition at line 250 of file sanitizing_filters.c.

{
       char *buf;
       int   len, quotes;
       
       if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
              quotes = ENT_QUOTES;
       } else {
              quotes = ENT_NOQUOTES;
       }
       buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 1, quotes, SG(default_charset), 0 TSRMLS_CC);
       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = buf;
       Z_STRLEN_P(value) = len;
}

Here is the call graph for this function:

Definition at line 166 of file logical_filters.c.

{
       zval **option_val;
       long   min_range, max_range, option_flags;
       int    min_range_set, max_range_set;
       int    allow_octal = 0, allow_hex = 0;
       int       len, error = 0;
       long   ctx_value;
       char *p;

       /* Parse options */
       FETCH_LONG_OPTION(min_range,    "min_range");
       FETCH_LONG_OPTION(max_range,    "max_range");
       option_flags = flags;

       len = Z_STRLEN_P(value);

       if (len == 0) {
              RETURN_VALIDATION_FAILED
       }

       if (option_flags & FILTER_FLAG_ALLOW_OCTAL) {
              allow_octal = 1;
       }

       if (option_flags & FILTER_FLAG_ALLOW_HEX) {
              allow_hex = 1;
       }

       /* Start the validating loop */
       p = Z_STRVAL_P(value);
       ctx_value = 0;

       PHP_FILTER_TRIM_DEFAULT(p, len);

       if (*p == '0') {
              p++; len--;
              if (allow_hex && (*p == 'x' || *p == 'X')) {
                     p++; len--;
                     if (php_filter_parse_hex(p, len, &ctx_value TSRMLS_CC) < 0) {
                            error = 1;
                     }
              } else if (allow_octal) {
                     if (php_filter_parse_octal(p, len, &ctx_value TSRMLS_CC) < 0) {
                            error = 1;
                     }
              } else if (len != 0) {
                     error = 1;
              }
       } else {
              if (php_filter_parse_int(p, len, &ctx_value TSRMLS_CC) < 0) {
                     error = 1;
              }
       }

       if (error > 0 || (min_range_set && (ctx_value < min_range)) || (max_range_set && (ctx_value > max_range))) {
              RETURN_VALIDATION_FAILED
       } else {
              zval_dtor(value);
              Z_TYPE_P(value) = IS_LONG;
              Z_LVAL_P(value) = ctx_value;
              return;
       }
}

Here is the call graph for this function:

Definition at line 367 of file sanitizing_filters.c.

{
       char *buf;
       int   len;
       
       /* just call php_addslashes quotes */
       buf = php_addslashes(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 0 TSRMLS_CC);

       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = buf;
       Z_STRLEN_P(value) = len;
}

Here is the call graph for this function:

Definition at line 343 of file sanitizing_filters.c.

{
       /* strip everything [^0-9+-] */
       const unsigned char allowed_list[] = "+-" DIGIT;
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);

       /* depending on flags, strip '.', 'e', ",", "'" */
       if (flags & FILTER_FLAG_ALLOW_FRACTION) {
              filter_map_update(&map, 2, (const unsigned char *) ".");
       }
       if (flags & FILTER_FLAG_ALLOW_THOUSAND) {
              filter_map_update(&map, 3,  (const unsigned char *) ",");
       }
       if (flags & FILTER_FLAG_ALLOW_SCIENTIFIC) {
              filter_map_update(&map, 4,  (const unsigned char *) "eE");
       }
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Definition at line 330 of file sanitizing_filters.c.

{
       /* strip everything [^0-9+-] */
       const unsigned char allowed_list[] = "+-" DIGIT;
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Definition at line 229 of file sanitizing_filters.c.

{
       unsigned char enc[256] = {0};

       php_filter_strip(value, flags);

       /* encodes ' " < > & \0 to numerical entities */
       enc['\''] = enc['"'] = enc['<'] = enc['>'] = enc['&'] = enc[0] = 1;

       /* if strip low is not set, then we encode them as &#xx; */
       memset(enc, 1, 32);

       if (flags & FILTER_FLAG_ENCODE_HIGH) {
              memset(enc + 127, 1, sizeof(enc) - 127);
       }
       
       php_filter_encode_html(value, enc);       
}

Here is the call graph for this function:

Definition at line 179 of file sanitizing_filters.c.

{
       size_t new_len;
       unsigned char enc[256] = {0};

       /* strip high/strip low ( see flags )*/
       php_filter_strip(value, flags);

       if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
              enc['\''] = enc['"'] = 1;
       }
       if (flags & FILTER_FLAG_ENCODE_AMP) {
              enc['&'] = 1;
       }
       if (flags & FILTER_FLAG_ENCODE_LOW) {
              memset(enc, 1, 32);
       }
       if (flags & FILTER_FLAG_ENCODE_HIGH) {
              memset(enc + 127, 1, sizeof(enc) - 127);
       }

       php_filter_encode_html(value, enc);

       /* strip tags, implicitly also removes \0 chars */
       new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
       Z_STRLEN_P(value) = new_len;

       if (new_len == 0) {
              zval_dtor(value);
              if (flags & FILTER_FLAG_EMPTY_STRING_NULL) {
                     ZVAL_NULL(value);
              } else {
                     ZVAL_EMPTY_STRING(value);                 
              }
              return;
       }
}

Here is the call graph for this function:

Definition at line 268 of file sanitizing_filters.c.

{
       /* Only if no flags are set (optimization) */
       if (flags != 0 && Z_STRLEN_P(value) > 0) {
              unsigned char enc[256] = {0};

              php_filter_strip(value, flags);

              if (flags & FILTER_FLAG_ENCODE_AMP) {
                     enc['&'] = 1;
              }
              if (flags & FILTER_FLAG_ENCODE_LOW) {
                     memset(enc, 1, 32);
              }
              if (flags & FILTER_FLAG_ENCODE_HIGH) {
                     memset(enc + 127, 1, sizeof(enc) - 127);
              }

              php_filter_encode_html(value, enc);       
       } else if (flags & FILTER_FLAG_EMPTY_STRING_NULL && Z_STRLEN_P(value) == 0) {
              zval_dtor(value);
              ZVAL_NULL(value);
       }
}

Here is the call graph for this function:

Definition at line 316 of file sanitizing_filters.c.

{
       /* Strip all chars not part of section 5 of
        * http://www.faqs.org/rfcs/rfc1738.html */
       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT SAFE EXTRA NATIONAL PUNCTUATION RESERVED;
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 499 of file logical_filters.c.

{
       /*
        * The regex below is based on a regex by Michael Rushton.
        * However, it is not identical.  I changed it to only consider routeable
        * addresses as valid.  Michael's regex considers a@b a valid address
        * which conflicts with section 2.3.5 of RFC 5321 which states that:
        *
        *   Only resolvable, fully-qualified domain names (FQDNs) are permitted
        *   when domain names are used in SMTP.  In other words, names that can
        *   be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
        *   in Section 5) are permitted, as are CNAME RRs whose targets can be
        *   resolved, in turn, to MX or address RRs.  Local nicknames or
        *   unqualified names MUST NOT be used.
        *
        * This regex does not handle comments and folding whitespace.  While
        * this is technically valid in an email address, these parts aren't
        * actually part of the address itself.
        *
        * Michael's regex carries this copyright:
        *
        * Copyright © Michael Rushton 2009-10
        * http://squiloople.com/
        * Feel free to use and redistribute this code. But please keep this copyright notice.
        *
        */
       const char regexp[] = "/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-+[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-+[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD";

       pcre       *re = NULL;
       pcre_extra *pcre_extra = NULL;
       int preg_options = 0;
       int         ovector[150]; /* Needs to be a multiple of 3 */
       int         matches;


       /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
       if (Z_STRLEN_P(value) > 320) {
              RETURN_VALIDATION_FAILED
       }

       re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
       if (!re) {
              RETURN_VALIDATION_FAILED
       }
       matches = pcre_exec(re, NULL, Z_STRVAL_P(value), Z_STRLEN_P(value), 0, 0, ovector, 3);

       /* 0 means that the vector is too small to hold all the captured substring offsets */
       if (matches < 0) {
              RETURN_VALIDATION_FAILED
       }

}

Definition at line 667 of file logical_filters.c.

{
       /* validates an ipv4 or ipv6 IP, based on the flag (4, 6, or both) add a
        * flag to throw out reserved ranges; multicast ranges... etc. If both
        * allow_ipv4 and allow_ipv6 flags flag are used, then the first dot or
        * colon determine the format */

       int            ip[4];
       int            mode;

       if (memchr(Z_STRVAL_P(value), ':', Z_STRLEN_P(value))) {
              mode = FORMAT_IPV6;
       } else if (memchr(Z_STRVAL_P(value), '.', Z_STRLEN_P(value))) {
              mode = FORMAT_IPV4;
       } else {
              RETURN_VALIDATION_FAILED
       }

       if ((flags & FILTER_FLAG_IPV4) && (flags & FILTER_FLAG_IPV6)) {
              /* Both formats are cool */
       } else if ((flags & FILTER_FLAG_IPV4) && mode == FORMAT_IPV6) {
              RETURN_VALIDATION_FAILED
       } else if ((flags & FILTER_FLAG_IPV6) && mode == FORMAT_IPV4) {
              RETURN_VALIDATION_FAILED
       }

       switch (mode) {
              case FORMAT_IPV4:
                     if (!_php_filter_validate_ipv4(Z_STRVAL_P(value), Z_STRLEN_P(value), ip)) {
                            RETURN_VALIDATION_FAILED
                     }

                     /* Check flags */
                     if (flags & FILTER_FLAG_NO_PRIV_RANGE) {
                            if (
                                   (ip[0] == 10) ||
                                   (ip[0] == 172 && (ip[1] >= 16 && ip[1] <= 31)) ||
                                   (ip[0] == 192 && ip[1] == 168)
                            ) {
                                   RETURN_VALIDATION_FAILED
                            }
                     }

                     if (flags & FILTER_FLAG_NO_RES_RANGE) {
                            if (
                                   (ip[0] == 0) ||
                                   (ip[0] == 128 && ip[1] == 0) ||
                                   (ip[0] == 191 && ip[1] == 255) ||
                                   (ip[0] == 169 && ip[1] == 254) ||
                                   (ip[0] == 192 && ip[1] == 0 && ip[2] == 2) ||
                                   (ip[0] == 127 && ip[1] == 0 && ip[2] == 0 && ip[3] == 1) ||
                                   (ip[0] >= 224 && ip[0] <= 255)
                            ) {
                                   RETURN_VALIDATION_FAILED
                            }
                     }
                     break;

              case FORMAT_IPV6:
                     {
                            int res = 0;
                            res = _php_filter_validate_ipv6(Z_STRVAL_P(value), Z_STRLEN_P(value) TSRMLS_CC);
                            if (res < 1) {
                                   RETURN_VALIDATION_FAILED
                            }
                            /* Check flags */
                            if (flags & FILTER_FLAG_NO_PRIV_RANGE) {
                                   if (Z_STRLEN_P(value) >=2 && (!strncasecmp("FC", Z_STRVAL_P(value), 2) || !strncasecmp("FD", Z_STRVAL_P(value), 2))) {
                                          RETURN_VALIDATION_FAILED
                                   }
                            }
                            if (flags & FILTER_FLAG_NO_RES_RANGE) {
                                   switch (Z_STRLEN_P(value)) {
                                          case 1: case 0:
                                                 break;
                                          case 2:
                                                 if (!strcmp("::", Z_STRVAL_P(value))) {
                                                        RETURN_VALIDATION_FAILED
                                                 }
                                                 break;
                                          case 3:
                                                 if (!strcmp("::1", Z_STRVAL_P(value)) || !strcmp("5f:", Z_STRVAL_P(value))) {
                                                        RETURN_VALIDATION_FAILED
                                                 }
                                                 break;
                                          default:
                                                 if (Z_STRLEN_P(value) >= 5) {
                                                        if (
                                                               !strncasecmp("fe8", Z_STRVAL_P(value), 3) ||
                                                               !strncasecmp("fe9", Z_STRVAL_P(value), 3) ||
                                                               !strncasecmp("fea", Z_STRVAL_P(value), 3) ||
                                                               !strncasecmp("feb", Z_STRVAL_P(value), 3)
                                                        ) {
                                                               RETURN_VALIDATION_FAILED
                                                        }
                                                 }
                                                 if (
                                                        (Z_STRLEN_P(value) >= 9 &&  !strncasecmp("2001:0db8", Z_STRVAL_P(value), 9)) ||
                                                        (Z_STRLEN_P(value) >= 2 &&  !strncasecmp("5f", Z_STRVAL_P(value), 2)) ||
                                                        (Z_STRLEN_P(value) >= 4 &&  !strncasecmp("3ff3", Z_STRVAL_P(value), 4)) ||
                                                        (Z_STRLEN_P(value) >= 8 &&  !strncasecmp("2001:001", Z_STRVAL_P(value), 8))
                                                 ) {
                                                        RETURN_VALIDATION_FAILED
                                                 }
                                   }
                            }
                     }
                     break;
       }
}

Here is the call graph for this function:

Definition at line 403 of file logical_filters.c.

{
       zval **option_val;
       char  *regexp;
       int regexp_len;
       long   option_flags;
       int    regexp_set, option_flags_set;

       pcre       *re = NULL;
       pcre_extra *pcre_extra = NULL;
       int preg_options = 0;

       int         ovector[3];
       int         matches;

       /* Parse options */
       FETCH_STRING_OPTION(regexp, "regexp");
       FETCH_LONG_OPTION(option_flags, "flags");

       if (!regexp_set) {
              php_error_docref(NULL TSRMLS_CC, E_WARNING, "'regexp' option missing");
              RETURN_VALIDATION_FAILED
       }

       re = pcre_get_compiled_regex(regexp, &pcre_extra, &preg_options TSRMLS_CC);
       if (!re) {
              RETURN_VALIDATION_FAILED
       }
       matches = pcre_exec(re, NULL, Z_STRVAL_P(value), Z_STRLEN_P(value), 0, 0, ovector, 3);

       /* 0 means that the vector is too small to hold all the captured substring offsets */
       if (matches < 0) {
              RETURN_VALIDATION_FAILED
       }
}

Definition at line 440 of file logical_filters.c.

{
       php_url *url;
       int old_len = Z_STRLEN_P(value);
       
       php_filter_url(value, flags, option_array, charset TSRMLS_CC);

       if (Z_TYPE_P(value) != IS_STRING || old_len != Z_STRLEN_P(value)) {
              RETURN_VALIDATION_FAILED
       }

       /* Use parse_url - if it returns false, we return NULL */
       url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));

       if (url == NULL) {
              RETURN_VALIDATION_FAILED
       }

       if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) {
              char *e, *s;

              if (url->host == NULL) {
                     goto bad_url;
              }

              e = url->host + strlen(url->host);
              s = url->host;

              /* First char of hostname must be alphanumeric */
              if(!isalnum((int)*(unsigned char *)s)) { 
                     goto bad_url;
              }

              while (s < e) {
                     if (!isalnum((int)*(unsigned char *)s) && *s != '-' && *s != '.') {
                            goto bad_url;
                     }
                     s++;
              }

              if (*(e - 1) == '.') {
                     goto bad_url;
              }
       }

       if (
              url->scheme == NULL || 
              /* some schemas allow the host to be empty */
              (url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
              ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
       ) {
bad_url:
              php_url_free(url);
              RETURN_VALIDATION_FAILED
       }
       php_url_free(url);
}

Here is the call graph for this function:

PHP_FUNCTION ( filter_input  )

Definition at line 751 of file filter.c.

{
       long   fetch_from, filter = FILTER_DEFAULT;
       zval **filter_args = NULL, **tmp;
       zval  *input = NULL;
       char *var;
       int var_len;

       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls|lZ", &fetch_from, &var, &var_len, &filter, &filter_args) == FAILURE) {
              return;
       }

       if (!PHP_FILTER_ID_EXISTS(filter)) {
              RETURN_FALSE;
       }

       input = php_filter_get_storage(fetch_from TSRMLS_CC);

       if (!input || !HASH_OF(input) || zend_hash_find(HASH_OF(input), var, var_len + 1, (void **)&tmp) != SUCCESS) {
              long filter_flags = 0;
              zval **option, **opt, **def;
              if (filter_args) {
                     if (Z_TYPE_PP(filter_args) == IS_LONG) {
                            filter_flags = Z_LVAL_PP(filter_args);
                     } else if (Z_TYPE_PP(filter_args) == IS_ARRAY && zend_hash_find(HASH_OF(*filter_args), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
                            PHP_FILTER_GET_LONG_OPT(option, filter_flags);
                     }
                     if (Z_TYPE_PP(filter_args) == IS_ARRAY && 
                            zend_hash_find(HASH_OF(*filter_args), "options", sizeof("options"), (void **)&opt) == SUCCESS &&
                            Z_TYPE_PP(opt) == IS_ARRAY &&
                            zend_hash_find(HASH_OF(*opt), "default", sizeof("default"), (void **)&def) == SUCCESS
                     ) {
                            MAKE_COPY_ZVAL(def, return_value);
                            return;
                     }
              }

              /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
               * the function: normally when validation fails false is returned, and
               * when the input value doesn't exist NULL is returned. With the flag
               * set, NULL and false should be returned, respectively. Ergo, although
               * the code below looks incorrect, it's actually right. */
              if (filter_flags & FILTER_NULL_ON_FAILURE) {
                     RETURN_FALSE;
              } else {
                     RETURN_NULL();
              }
       }

       MAKE_COPY_ZVAL(tmp, return_value);

       php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
}

Here is the call graph for this function:

PHP_FUNCTION ( filter_var  )

Definition at line 809 of file filter.c.

{
       long filter = FILTER_DEFAULT;
       zval **filter_args = NULL, *data;

       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z/|lZ", &data, &filter, &filter_args) == FAILURE) {
              return;
       }

       if (!PHP_FILTER_ID_EXISTS(filter)) {
              RETURN_FALSE;
       }

       MAKE_COPY_ZVAL(&data, return_value);

       php_filter_call(&return_value, filter, filter_args, 1, FILTER_REQUIRE_SCALAR TSRMLS_CC);
}

Here is the call graph for this function:

PHP_FUNCTION ( filter_input_array  )

Definition at line 831 of file filter.c.

{
       long    fetch_from;
       zval   *array_input = NULL, **op = NULL;
       zend_bool add_empty = 1;

       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|Zb",  &fetch_from, &op, &add_empty) == FAILURE) {
              return;
       }

       if (op
              && (Z_TYPE_PP(op) != IS_ARRAY)
              && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
              ) {
              RETURN_FALSE;
       }

       array_input = php_filter_get_storage(fetch_from TSRMLS_CC);

       if (!array_input || !HASH_OF(array_input)) {
              long filter_flags = 0;
              zval **option;
              if (op) {
                     if (Z_TYPE_PP(op) == IS_LONG) {
                            filter_flags = Z_LVAL_PP(op);
                     } else if (Z_TYPE_PP(op) == IS_ARRAY && zend_hash_find(HASH_OF(*op), "flags", sizeof("flags"), (void **)&option) == SUCCESS) {
                            PHP_FILTER_GET_LONG_OPT(option, filter_flags);
                     }
              }

              /* The FILTER_NULL_ON_FAILURE flag inverts the usual return values of
               * the function: normally when validation fails false is returned, and
               * when the input value doesn't exist NULL is returned. With the flag
               * set, NULL and false should be returned, respectively. Ergo, although
               * the code below looks incorrect, it's actually right. */
              if (filter_flags & FILTER_NULL_ON_FAILURE) {
                     RETURN_FALSE;
              } else {
                     RETURN_NULL();
              }
       }

       php_filter_array_handler(array_input, op, return_value, add_empty TSRMLS_CC);
}

Here is the call graph for this function:

PHP_FUNCTION ( filter_var_array  )

Definition at line 880 of file filter.c.

{
       zval *array_input = NULL, **op = NULL;
       zend_bool add_empty = 1;

       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "a|Zb",  &array_input, &op, &add_empty) == FAILURE) {
              return;
       }

       if (op
              && (Z_TYPE_PP(op) != IS_ARRAY)
              && (Z_TYPE_PP(op) == IS_LONG && !PHP_FILTER_ID_EXISTS(Z_LVAL_PP(op)))
              ) {
              RETURN_FALSE;
       }

       php_filter_array_handler(array_input, op, return_value, add_empty TSRMLS_CC);
}

Here is the call graph for this function:

Definition at line 902 of file filter.c.

{
       int i, size = sizeof(filter_list) / sizeof(filter_list_entry);

       if (zend_parse_parameters_none() == FAILURE) {
              return;
       }

       array_init(return_value);
       for (i = 0; i < size; ++i) {
              add_next_index_string(return_value, (char *)filter_list[i].name, 1);
       }
}

Here is the call graph for this function:

PHP_FUNCTION ( filter_has_var  )

Definition at line 583 of file filter.c.

{
       long        arg;
       char       *var;
       int         var_len;
       zval       *array_ptr = NULL;

       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) {
              RETURN_FALSE;
       }

       array_ptr = php_filter_get_storage(arg TSRMLS_CC);

       if (array_ptr && HASH_OF(array_ptr) && zend_hash_exists(HASH_OF(array_ptr), var, var_len + 1)) {
              RETURN_TRUE;
       }

       RETURN_FALSE;
}

Here is the call graph for this function:

PHP_FUNCTION ( filter_id  )

Definition at line 919 of file filter.c.

{
       int i, filter_len;
       int size = sizeof(filter_list) / sizeof(filter_list_entry);
       char *filter;

       if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &filter, &filter_len) == FAILURE) {
              return;
       }

       for (i = 0; i < size; ++i) {
              if (strcmp(filter_list[i].name, filter) == 0) {
                     RETURN_LONG(filter_list[i].id);
              }
       }

       RETURN_FALSE;
}

Here is the call graph for this function:

PHP_MINFO_FUNCTION ( filter  )

Definition at line 317 of file filter.c.

{
       php_info_print_table_start();
       php_info_print_table_row( 2, "Input Validation and Filtering", "enabled" );
       php_info_print_table_row( 2, "Revision", "$Revision: 321634 $");
       php_info_print_table_end();

       DISPLAY_INI_ENTRIES();
}

Here is the call graph for this function:

PHP_MINIT_FUNCTION ( filter  )

Definition at line 207 of file filter.c.

{
       ZEND_INIT_MODULE_GLOBALS(filter, php_filter_init_globals, NULL);

       REGISTER_INI_ENTRIES();

       REGISTER_LONG_CONSTANT("INPUT_POST",      PARSE_POST,   CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("INPUT_GET",              PARSE_GET,           CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("INPUT_COOKIE",    PARSE_COOKIE,        CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("INPUT_ENV",              PARSE_ENV,           CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("INPUT_SERVER",    PARSE_SERVER,        CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("INPUT_SESSION", PARSE_SESSION,  CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("INPUT_REQUEST", PARSE_REQUEST,  CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_FLAG_NONE", FILTER_FLAG_NONE, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_REQUIRE_SCALAR", FILTER_REQUIRE_SCALAR, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_REQUIRE_ARRAY", FILTER_REQUIRE_ARRAY, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FORCE_ARRAY", FILTER_FORCE_ARRAY, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_NULL_ON_FAILURE", FILTER_NULL_ON_FAILURE, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_INT", FILTER_VALIDATE_INT, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_BOOLEAN", FILTER_VALIDATE_BOOLEAN, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_FLOAT", FILTER_VALIDATE_FLOAT, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_REGEXP", FILTER_VALIDATE_REGEXP, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_URL", FILTER_VALIDATE_URL, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_EMAIL", FILTER_VALIDATE_EMAIL, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_VALIDATE_IP", FILTER_VALIDATE_IP, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_OCTAL", FILTER_FLAG_ALLOW_OCTAL, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_HEX", FILTER_FLAG_ALLOW_HEX, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_LOW", FILTER_FLAG_STRIP_LOW, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_HIGH", FILTER_FLAG_STRIP_HIGH, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_STRIP_BACKTICK", FILTER_FLAG_STRIP_BACKTICK, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_LOW", FILTER_FLAG_ENCODE_LOW, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_HIGH", FILTER_FLAG_ENCODE_HIGH, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_ENCODE_AMP", FILTER_FLAG_ENCODE_AMP, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_ENCODE_QUOTES", FILTER_FLAG_NO_ENCODE_QUOTES, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_EMPTY_STRING_NULL", FILTER_FLAG_EMPTY_STRING_NULL, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_FRACTION", FILTER_FLAG_ALLOW_FRACTION, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_THOUSAND", FILTER_FLAG_ALLOW_THOUSAND, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_ALLOW_SCIENTIFIC", FILTER_FLAG_ALLOW_SCIENTIFIC, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_FLAG_SCHEME_REQUIRED", FILTER_FLAG_SCHEME_REQUIRED, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_HOST_REQUIRED", FILTER_FLAG_HOST_REQUIRED, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_PATH_REQUIRED", FILTER_FLAG_PATH_REQUIRED, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_QUERY_REQUIRED", FILTER_FLAG_QUERY_REQUIRED, CONST_CS | CONST_PERSISTENT);

       REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV4", FILTER_FLAG_IPV4, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_IPV6", FILTER_FLAG_IPV6, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_RES_RANGE", FILTER_FLAG_NO_RES_RANGE, CONST_CS | CONST_PERSISTENT);
       REGISTER_LONG_CONSTANT("FILTER_FLAG_NO_PRIV_RANGE", FILTER_FLAG_NO_PRIV_RANGE, CONST_CS | CONST_PERSISTENT);

       sapi_register_input_filter(php_sapi_filter, php_sapi_filter_init);

       return SUCCESS;
}

Here is the call graph for this function:

PHP_MSHUTDOWN_FUNCTION ( filter  )

Definition at line 287 of file filter.c.

PHP_RINIT_FUNCTION ( filter  )
PHP_RSHUTDOWN_FUNCTION ( filter  )

Variable Documentation

zval* cookie_array

Definition at line 58 of file php_filter.h.

Definition at line 62 of file php_filter.h.

Definition at line 63 of file php_filter.h.

zval* env_array

Definition at line 59 of file php_filter.h.

zend_module_entry filter_module_entry

Definition at line 137 of file filter.c.

zval* get_array

Definition at line 57 of file php_filter.h.

zval* post_array

Definition at line 56 of file php_filter.h.

zval* server_array

Definition at line 60 of file php_filter.h.

Definition at line 61 of file php_filter.h.