Back to index

php5  5.3.10
Defines | Typedefs | Functions | Variables
sanitizing_filters.c File Reference
#include "php_filter.h"
#include "filter_private.h"
#include "ext/standard/php_smart_str.h"

Go to the source code of this file.

Defines

#define LOWALPHA   "abcdefghijklmnopqrstuvwxyz"
#define HIALPHA   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#define DIGIT   "0123456789"
#define DEFAULT_URL_ENCODE   LOWALPHA HIALPHA DIGIT "-._"
#define SAFE   "$-_.+"
#define EXTRA   "!*'(),"
#define NATIONAL   "{}|\\^~[]`"
#define PUNCTUATION   "<>#%\""
#define RESERVED   ";/?:@&="

Typedefs

typedef unsigned long filter_map [256]

Functions

static void php_filter_encode_html (zval *value, const unsigned char *chars)
static void php_filter_encode_url (zval *value, const unsigned char *chars, const int char_len, int high, int low, int encode_nul)
static void php_filter_strip (zval *value, long flags)
static void filter_map_init (filter_map *map)
static void filter_map_update (filter_map *map, int flag, const unsigned char *allowed_list)
static void filter_map_apply (zval *value, filter_map *map)
void php_filter_string (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_encoded (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_special_chars (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_full_special_chars (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_unsafe_raw (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_email (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_url (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_number_int (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_number_float (PHP_INPUT_FILTER_PARAM_DECL)
void php_filter_magic_quotes (PHP_INPUT_FILTER_PARAM_DECL)

Variables

static const unsigned char hexchars [] = "0123456789ABCDEF"

Define Documentation

Definition at line 65 of file sanitizing_filters.c.

#define DIGIT   "0123456789"

Definition at line 63 of file sanitizing_filters.c.

#define EXTRA   "!*'(),"

Definition at line 298 of file sanitizing_filters.c.

#define HIALPHA   "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

Definition at line 62 of file sanitizing_filters.c.

#define LOWALPHA   "abcdefghijklmnopqrstuvwxyz"

Definition at line 61 of file sanitizing_filters.c.

#define NATIONAL   "{}|\\^~[]`"

Definition at line 299 of file sanitizing_filters.c.

#define PUNCTUATION   "<>#%\""

Definition at line 300 of file sanitizing_filters.c.

#define RESERVED   ";/?:@&="

Definition at line 301 of file sanitizing_filters.c.

#define SAFE   "$-_.+"

Definition at line 297 of file sanitizing_filters.c.


Typedef Documentation

typedef unsigned long filter_map[256]

Definition at line 26 of file sanitizing_filters.c.


Function Documentation

static void filter_map_apply ( zval *  value,
filter_map map 
) [static]

Definition at line 156 of file sanitizing_filters.c.

{
       unsigned char *buf, *str;
       int   i, c;
       
       str = (unsigned char *)Z_STRVAL_P(value);
       buf = safe_emalloc(1, Z_STRLEN_P(value) + 1, 1);
       c = 0;
       for (i = 0; i < Z_STRLEN_P(value); i++) {
              if ((*map)[str[i]]) {
                     buf[c] = str[i];
                     ++c;
              }
       }
       /* update zval string data */
       buf[c] = '\0';
       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = (char *)buf;
       Z_STRLEN_P(value) = c;
}

Here is the caller graph for this function:

static void filter_map_init ( filter_map map) [static]

Definition at line 141 of file sanitizing_filters.c.

{
       memset(map, 0, sizeof(filter_map));
}

Here is the caller graph for this function:

static void filter_map_update ( filter_map map,
int  flag,
const unsigned char *  allowed_list 
) [static]

Definition at line 146 of file sanitizing_filters.c.

{
       int l, i;

       l = strlen((const char*)allowed_list);
       for (i = 0; i < l; ++i) {
              (*map)[allowed_list[i]] = flag;
       }
}

Here is the caller graph for this function:

Definition at line 303 of file sanitizing_filters.c.

{
       /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

static void php_filter_encode_html ( zval *  value,
const unsigned char *  chars 
) [static]

Definition at line 30 of file sanitizing_filters.c.

{
       smart_str str = {0};
       int len = Z_STRLEN_P(value);
       unsigned char *s = (unsigned char *)Z_STRVAL_P(value);
       unsigned char *e = s + len;

       if (Z_STRLEN_P(value) == 0) {
              return;
       }

       while (s < e) {
              if (chars[*s]) {
                     smart_str_appendl(&str, "&#", 2);
                     smart_str_append_unsigned(&str, (unsigned long)*s);
                     smart_str_appendc(&str, ';');
              } else {
                     /* XXX: this needs to be optimized to work with blocks of 'safe' chars */
                     smart_str_appendc(&str, *s);
              }
              s++;
       }

       smart_str_0(&str);
       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = str.c;
       Z_STRLEN_P(value) = str.len;
}

Here is the caller graph for this function:

static void php_filter_encode_url ( zval *  value,
const unsigned char *  chars,
const int  char_len,
int  high,
int  low,
int  encode_nul 
) [static]

Definition at line 67 of file sanitizing_filters.c.

{
       unsigned char *str, *p;
       unsigned char tmp[256];
       unsigned char *s = (unsigned char *)chars;
       unsigned char *e = s + char_len;

       memset(tmp, 1, sizeof(tmp)-1);

       while (s < e) {
              tmp[*s++] = 0;
       }
/* XXX: This is not needed since these chars in the allowed list never include the high/low/null value
       if (encode_nul) {
              tmp[0] = 1;
       }
       if (high) {
              memset(tmp + 127, 1, sizeof(tmp) - 127);
       }
       if (low) {
              memset(tmp, 1, 32);
       }
*/
       p = str = (unsigned char *) safe_emalloc(3, Z_STRLEN_P(value), 1);
       s = (unsigned char *)Z_STRVAL_P(value);
       e = s + Z_STRLEN_P(value);

       while (s < e) {
              if (tmp[*s]) {
                     *p++ = '%';
                     *p++ = hexchars[(unsigned char) *s >> 4];
                     *p++ = hexchars[(unsigned char) *s & 15];
              } else {
                     *p++ = *s;    
              }
              s++;   
       }
       *p = '\0';
       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = (char *)str;
       Z_STRLEN_P(value) = p - str;
}

Here is the caller graph for this function:

Definition at line 219 of file sanitizing_filters.c.

{
       /* apply strip_high and strip_low filters */
       php_filter_strip(value, flags);
       /* urlencode */
       php_filter_encode_url(value, (unsigned char *)DEFAULT_URL_ENCODE, sizeof(DEFAULT_URL_ENCODE)-1, flags & FILTER_FLAG_ENCODE_HIGH, flags & FILTER_FLAG_ENCODE_LOW, 1);
}

Here is the call graph for this function:

Definition at line 250 of file sanitizing_filters.c.

{
       char *buf;
       int   len, quotes;
       
       if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
              quotes = ENT_QUOTES;
       } else {
              quotes = ENT_NOQUOTES;
       }
       buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 1, quotes, SG(default_charset), 0 TSRMLS_CC);
       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = buf;
       Z_STRLEN_P(value) = len;
}

Here is the call graph for this function:

Definition at line 367 of file sanitizing_filters.c.

{
       char *buf;
       int   len;
       
       /* just call php_addslashes quotes */
       buf = php_addslashes(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 0 TSRMLS_CC);

       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = buf;
       Z_STRLEN_P(value) = len;
}

Here is the call graph for this function:

Definition at line 343 of file sanitizing_filters.c.

{
       /* strip everything [^0-9+-] */
       const unsigned char allowed_list[] = "+-" DIGIT;
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);

       /* depending on flags, strip '.', 'e', ",", "'" */
       if (flags & FILTER_FLAG_ALLOW_FRACTION) {
              filter_map_update(&map, 2, (const unsigned char *) ".");
       }
       if (flags & FILTER_FLAG_ALLOW_THOUSAND) {
              filter_map_update(&map, 3,  (const unsigned char *) ",");
       }
       if (flags & FILTER_FLAG_ALLOW_SCIENTIFIC) {
              filter_map_update(&map, 4,  (const unsigned char *) "eE");
       }
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Definition at line 330 of file sanitizing_filters.c.

{
       /* strip everything [^0-9+-] */
       const unsigned char allowed_list[] = "+-" DIGIT;
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Definition at line 229 of file sanitizing_filters.c.

{
       unsigned char enc[256] = {0};

       php_filter_strip(value, flags);

       /* encodes ' " < > & \0 to numerical entities */
       enc['\''] = enc['"'] = enc['<'] = enc['>'] = enc['&'] = enc[0] = 1;

       /* if strip low is not set, then we encode them as &#xx; */
       memset(enc, 1, 32);

       if (flags & FILTER_FLAG_ENCODE_HIGH) {
              memset(enc + 127, 1, sizeof(enc) - 127);
       }
       
       php_filter_encode_html(value, enc);       
}

Here is the call graph for this function:

Definition at line 179 of file sanitizing_filters.c.

{
       size_t new_len;
       unsigned char enc[256] = {0};

       /* strip high/strip low ( see flags )*/
       php_filter_strip(value, flags);

       if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
              enc['\''] = enc['"'] = 1;
       }
       if (flags & FILTER_FLAG_ENCODE_AMP) {
              enc['&'] = 1;
       }
       if (flags & FILTER_FLAG_ENCODE_LOW) {
              memset(enc, 1, 32);
       }
       if (flags & FILTER_FLAG_ENCODE_HIGH) {
              memset(enc + 127, 1, sizeof(enc) - 127);
       }

       php_filter_encode_html(value, enc);

       /* strip tags, implicitly also removes \0 chars */
       new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
       Z_STRLEN_P(value) = new_len;

       if (new_len == 0) {
              zval_dtor(value);
              if (flags & FILTER_FLAG_EMPTY_STRING_NULL) {
                     ZVAL_NULL(value);
              } else {
                     ZVAL_EMPTY_STRING(value);                 
              }
              return;
       }
}

Here is the call graph for this function:

static void php_filter_strip ( zval *  value,
long  flags 
) [static]

Definition at line 110 of file sanitizing_filters.c.

{
       unsigned char *buf, *str;
       int   i, c;
       
       /* Optimization for if no strip flags are set */
       if (! ((flags & FILTER_FLAG_STRIP_LOW) || (flags & FILTER_FLAG_STRIP_HIGH)) ) {
              return;
       }

       str = (unsigned char *)Z_STRVAL_P(value);
       buf = safe_emalloc(1, Z_STRLEN_P(value) + 1, 1);
       c = 0;
       for (i = 0; i < Z_STRLEN_P(value); i++) {
              if ((str[i] > 127) && (flags & FILTER_FLAG_STRIP_HIGH)) {
              } else if ((str[i] < 32) && (flags & FILTER_FLAG_STRIP_LOW)) {
              } else if ((str[i] == '`') && (flags & FILTER_FLAG_STRIP_BACKTICK)) {
              } else {
                     buf[c] = str[i];
                     ++c;
              }
       }
       /* update zval string data */
       buf[c] = '\0';
       efree(Z_STRVAL_P(value));
       Z_STRVAL_P(value) = (char *)buf;
       Z_STRLEN_P(value) = c;
}

Here is the caller graph for this function:

Definition at line 268 of file sanitizing_filters.c.

{
       /* Only if no flags are set (optimization) */
       if (flags != 0 && Z_STRLEN_P(value) > 0) {
              unsigned char enc[256] = {0};

              php_filter_strip(value, flags);

              if (flags & FILTER_FLAG_ENCODE_AMP) {
                     enc['&'] = 1;
              }
              if (flags & FILTER_FLAG_ENCODE_LOW) {
                     memset(enc, 1, 32);
              }
              if (flags & FILTER_FLAG_ENCODE_HIGH) {
                     memset(enc + 127, 1, sizeof(enc) - 127);
              }

              php_filter_encode_html(value, enc);       
       } else if (flags & FILTER_FLAG_EMPTY_STRING_NULL && Z_STRLEN_P(value) == 0) {
              zval_dtor(value);
              ZVAL_NULL(value);
       }
}

Here is the call graph for this function:

Definition at line 316 of file sanitizing_filters.c.

{
       /* Strip all chars not part of section 5 of
        * http://www.faqs.org/rfcs/rfc1738.html */
       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT SAFE EXTRA NATIONAL PUNCTUATION RESERVED;
       filter_map     map;

       filter_map_init(&map);
       filter_map_update(&map, 1, allowed_list);
       filter_map_apply(value, &map);
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

const unsigned char hexchars[] = "0123456789ABCDEF" [static]

Definition at line 59 of file sanitizing_filters.c.