diff options
| author | Stefan Esser | 2014-02-17 21:34:51 +0100 |
|---|---|---|
| committer | Stefan Esser | 2014-02-17 21:34:51 +0100 |
| commit | 08caa5ac0051445077989810786fc3a41f7e390e (patch) | |
| tree | 87ee8f730ec5fde700c62216d998a840d46401cb | |
| parent | 8d6af664df1e6a05c3e8840f3366c24af44ea424 (diff) | |
Add some PHP 5.6.0aplha2 compatibility
| -rw-r--r-- | Changelog | 1 | ||||
| -rw-r--r-- | post_handler.c | 122 | ||||
| -rw-r--r-- | rfc1867_new.c | 2 | ||||
| -rw-r--r-- | session.c | 81 |
4 files changed, 198 insertions, 8 deletions
| @@ -12,6 +12,7 @@ | |||
| 12 | - Add ini_set() fail mode to suhosin.disable.display_errors | 12 | - Add ini_set() fail mode to suhosin.disable.display_errors |
| 13 | - Fix suhosin.get/post/cookie.max_totalname_length filter | 13 | - Fix suhosin.get/post/cookie.max_totalname_length filter |
| 14 | - Refactor array index handling in filter to make it work always | 14 | - Refactor array index handling in filter to make it work always |
| 15 | - Added support for PHP 5.6.0alpha2 | ||
| 15 | - TODO: WARN THAT FUNCTION WHITELISTS/BLACKLISTS NEVER WORKED CORRECTLY WITH PHP < 5.5 | 16 | - TODO: WARN THAT FUNCTION WHITELISTS/BLACKLISTS NEVER WORKED CORRECTLY WITH PHP < 5.5 |
| 16 | 17 | ||
| 17 | 2012-02-12 - 0.9.34 | 18 | 2012-02-12 - 0.9.34 |
diff --git a/post_handler.c b/post_handler.c index 7c678f4..4794a6b 100644 --- a/post_handler.c +++ b/post_handler.c | |||
| @@ -32,10 +32,13 @@ | |||
| 32 | #include "php_content_types.h" | 32 | #include "php_content_types.h" |
| 33 | #include "suhosin_rfc1867.h" | 33 | #include "suhosin_rfc1867.h" |
| 34 | #include "ext/standard/url.h" | 34 | #include "ext/standard/url.h" |
| 35 | #include "ext/standard/php_smart_str.h" | ||
| 36 | |||
| 35 | 37 | ||
| 36 | SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler); | 38 | SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler); |
| 37 | 39 | ||
| 38 | 40 | ||
| 41 | #if PHP_VERSION_ID < 50600 | ||
| 39 | SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler) | 42 | SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler) |
| 40 | { | 43 | { |
| 41 | char *var, *val, *e, *s, *p; | 44 | char *var, *val, *e, *s, *p; |
| @@ -68,7 +71,7 @@ last_value: | |||
| 68 | val_len = php_url_decode(val, (p - val)); | 71 | val_len = php_url_decode(val, (p - val)); |
| 69 | val = estrndup(val, val_len); | 72 | val = estrndup(val, val_len); |
| 70 | if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { | 73 | if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { |
| 71 | if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { | 74 | if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) { |
| 72 | php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); | 75 | php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); |
| 73 | } | 76 | } |
| 74 | } else { | 77 | } else { |
| @@ -83,6 +86,123 @@ last_value: | |||
| 83 | goto last_value; | 86 | goto last_value; |
| 84 | } | 87 | } |
| 85 | } | 88 | } |
| 89 | #else | ||
| 90 | typedef struct post_var_data { | ||
| 91 | smart_str str; | ||
| 92 | char *ptr; | ||
| 93 | char *end; | ||
| 94 | uint64_t cnt; | ||
| 95 | } post_var_data_t; | ||
| 96 | |||
| 97 | static zend_bool add_post_var(zval *arr, post_var_data_t *var, zend_bool eof TSRMLS_DC) | ||
| 98 | { | ||
| 99 | char *ksep, *vsep; | ||
| 100 | size_t klen, vlen; | ||
| 101 | /* FIXME: string-size_t */ | ||
| 102 | unsigned int new_vlen; | ||
| 103 | |||
| 104 | if (var->ptr >= var->end) { | ||
| 105 | return 0; | ||
| 106 | } | ||
| 107 | |||
| 108 | vsep = memchr(var->ptr, '&', var->end - var->ptr); | ||
| 109 | if (!vsep) { | ||
| 110 | if (!eof) { | ||
| 111 | return 0; | ||
| 112 | } else { | ||
| 113 | vsep = var->end; | ||
| 114 | } | ||
| 115 | } | ||
| 116 | |||
| 117 | ksep = memchr(var->ptr, '=', vsep - var->ptr); | ||
| 118 | if (ksep) { | ||
| 119 | *ksep = '\0'; | ||
| 120 | /* "foo=bar&" or "foo=&" */ | ||
| 121 | klen = ksep - var->ptr; | ||
| 122 | vlen = vsep - ++ksep; | ||
| 123 | } else { | ||
| 124 | ksep = ""; | ||
| 125 | /* "foo&" */ | ||
| 126 | klen = vsep - var->ptr; | ||
| 127 | vlen = 0; | ||
| 128 | } | ||
| 129 | |||
| 130 | |||
| 131 | php_url_decode(var->ptr, klen); | ||
| 132 | if (vlen) { | ||
| 133 | vlen = php_url_decode(ksep, vlen); | ||
| 134 | } | ||
| 135 | |||
| 136 | if (suhosin_input_filter(PARSE_POST, var->ptr, &ksep, vlen, &new_vlen TSRMLS_CC)) { | ||
| 137 | if (sapi_module.input_filter(PARSE_POST, var->ptr, &ksep, new_vlen, &new_vlen TSRMLS_CC)) { | ||
| 138 | php_register_variable_safe(var->ptr, ksep, new_vlen, arr TSRMLS_CC); | ||
| 139 | } | ||
| 140 | } else { | ||
| 141 | SUHOSIN_G(abort_request)=1; | ||
| 142 | } | ||
| 143 | |||
| 144 | var->ptr = vsep + (vsep != var->end); | ||
| 145 | return 1; | ||
| 146 | } | ||
| 147 | |||
| 148 | static inline int add_post_vars(zval *arr, post_var_data_t *vars, zend_bool eof TSRMLS_DC) | ||
| 149 | { | ||
| 150 | uint64_t max_vars = PG(max_input_vars); | ||
| 151 | |||
| 152 | vars->ptr = vars->str.c; | ||
| 153 | vars->end = vars->str.c + vars->str.len; | ||
| 154 | while (add_post_var(arr, vars, eof TSRMLS_CC)) { | ||
| 155 | if (++vars->cnt > max_vars) { | ||
| 156 | php_error_docref(NULL TSRMLS_CC, E_WARNING, | ||
| 157 | "Input variables exceeded %" PRIu64 ". " | ||
| 158 | "To increase the limit change max_input_vars in php.ini.", | ||
| 159 | max_vars); | ||
| 160 | return FAILURE; | ||
| 161 | } | ||
| 162 | } | ||
| 163 | |||
| 164 | if (!eof) { | ||
| 165 | memmove(vars->str.c, vars->ptr, vars->str.len = vars->end - vars->ptr); | ||
| 166 | } | ||
| 167 | return SUCCESS; | ||
| 168 | } | ||
| 169 | |||
| 170 | SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler) | ||
| 171 | { | ||
| 172 | zval *arr = (zval *) arg; | ||
| 173 | php_stream *s = SG(request_info).request_body; | ||
| 174 | post_var_data_t post_data; | ||
| 175 | |||
| 176 | if (s && SUCCESS == php_stream_rewind(s)) { | ||
| 177 | memset(&post_data, 0, sizeof(post_data)); | ||
| 178 | |||
| 179 | while (!php_stream_eof(s)) { | ||
| 180 | char buf[BUFSIZ] = {0}; | ||
| 181 | size_t len = php_stream_read(s, buf, BUFSIZ); | ||
| 182 | |||
| 183 | if (len && len != (size_t) -1) { | ||
| 184 | smart_str_appendl(&post_data.str, buf, len); | ||
| 185 | |||
| 186 | if (SUCCESS != add_post_vars(arr, &post_data, 0 TSRMLS_CC)) { | ||
| 187 | if (post_data.str.c) { | ||
| 188 | efree(post_data.str.c); | ||
| 189 | } | ||
| 190 | return; | ||
| 191 | } | ||
| 192 | } | ||
| 193 | |||
| 194 | if (len != BUFSIZ){ | ||
| 195 | break; | ||
| 196 | } | ||
| 197 | } | ||
| 198 | |||
| 199 | add_post_vars(arr, &post_data, 1 TSRMLS_CC); | ||
| 200 | if (post_data.str.c) { | ||
| 201 | efree(post_data.str.c); | ||
| 202 | } | ||
| 203 | } | ||
| 204 | } | ||
| 205 | #endif | ||
| 86 | 206 | ||
| 87 | static void suhosin_post_handler_modification(sapi_post_entry *spe) | 207 | static void suhosin_post_handler_modification(sapi_post_entry *spe) |
| 88 | { | 208 | { |
diff --git a/rfc1867_new.c b/rfc1867_new.c index 8ab0494..1d7ff9e 100644 --- a/rfc1867_new.c +++ b/rfc1867_new.c | |||
| @@ -857,7 +857,7 @@ SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler) /* {{{ */ | |||
| 857 | continue; | 857 | continue; |
| 858 | } | 858 | } |
| 859 | 859 | ||
| 860 | if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { | 860 | if (++count <= PG(max_input_vars) && sapi_module.input_filter(PARSE_POST, param, &value, new_val_len, &new_val_len TSRMLS_CC)) { |
| 861 | if (suhosin_rfc1867_filter != NULL) { | 861 | if (suhosin_rfc1867_filter != NULL) { |
| 862 | multipart_event_formdata event_formdata; | 862 | multipart_event_formdata event_formdata; |
| 863 | size_t newlength = new_val_len; | 863 | size_t newlength = new_val_len; |
| @@ -234,7 +234,7 @@ typedef struct _php_ps_globals_53 { | |||
| 234 | } php_ps_globals_53; | 234 | } php_ps_globals_53; |
| 235 | 235 | ||
| 236 | #if PHP_VERSION_ID >= 50400 | 236 | #if PHP_VERSION_ID >= 50400 |
| 237 | typedef struct _php_session_rfc1867_progress_54_55 { | 237 | typedef struct _php_session_rfc1867_progress_54_55_56 { |
| 238 | 238 | ||
| 239 | size_t sname_len; | 239 | size_t sname_len; |
| 240 | zval sid; | 240 | zval sid; |
| @@ -252,7 +252,7 @@ typedef struct _php_session_rfc1867_progress_54_55 { | |||
| 252 | zval *files; /* data["files"] array */ | 252 | zval *files; /* data["files"] array */ |
| 253 | zval *current_file; /* array of currently uploading file */ | 253 | zval *current_file; /* array of currently uploading file */ |
| 254 | zval *current_file_bytes_processed; | 254 | zval *current_file_bytes_processed; |
| 255 | } php_session_rfc1867_progress_54_55; | 255 | } php_session_rfc1867_progress_54_55_56; |
| 256 | 256 | ||
| 257 | typedef struct _php_ps_globals_54 { | 257 | typedef struct _php_ps_globals_54 { |
| 258 | char *save_path; | 258 | char *save_path; |
| @@ -306,7 +306,7 @@ typedef struct _php_ps_globals_54 { | |||
| 306 | int define_sid; | 306 | int define_sid; |
| 307 | zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ | 307 | zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ |
| 308 | 308 | ||
| 309 | php_session_rfc1867_progress_54_55 *rfc1867_progress; | 309 | php_session_rfc1867_progress_54_55_56 *rfc1867_progress; |
| 310 | zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ | 310 | zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ |
| 311 | zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ | 311 | zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ |
| 312 | smart_str rfc1867_prefix; /* session.upload_progress.prefix */ | 312 | smart_str rfc1867_prefix; /* session.upload_progress.prefix */ |
| @@ -370,7 +370,7 @@ typedef struct _php_ps_globals_55 { | |||
| 370 | int define_sid; | 370 | int define_sid; |
| 371 | zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ | 371 | zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ |
| 372 | 372 | ||
| 373 | php_session_rfc1867_progress_54_55 *rfc1867_progress; | 373 | php_session_rfc1867_progress_54_55_56 *rfc1867_progress; |
| 374 | zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ | 374 | zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ |
| 375 | zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ | 375 | zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ |
| 376 | smart_str rfc1867_prefix; /* session.upload_progress.prefix */ | 376 | smart_str rfc1867_prefix; /* session.upload_progress.prefix */ |
| @@ -380,11 +380,78 @@ typedef struct _php_ps_globals_55 { | |||
| 380 | 380 | ||
| 381 | zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ | 381 | zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ |
| 382 | } php_ps_globals_55; | 382 | } php_ps_globals_55; |
| 383 | |||
| 384 | typedef struct _php_ps_globals_56 { | ||
| 385 | char *save_path; | ||
| 386 | char *session_name; | ||
| 387 | char *id; | ||
| 388 | char *extern_referer_chk; | ||
| 389 | char *entropy_file; | ||
| 390 | char *cache_limiter; | ||
| 391 | long entropy_length; | ||
| 392 | long cookie_lifetime; | ||
| 393 | char *cookie_path; | ||
| 394 | char *cookie_domain; | ||
| 395 | zend_bool cookie_secure; | ||
| 396 | zend_bool cookie_httponly; | ||
| 397 | ps_module *mod; | ||
| 398 | ps_module *default_mod; | ||
| 399 | void *mod_data; | ||
| 400 | php_session_status session_status; | ||
| 401 | long gc_probability; | ||
| 402 | long gc_divisor; | ||
| 403 | long gc_maxlifetime; | ||
| 404 | int module_number; | ||
| 405 | long cache_expire; | ||
| 406 | union { | ||
| 407 | zval *names[7]; | ||
| 408 | struct { | ||
| 409 | zval *ps_open; | ||
| 410 | zval *ps_close; | ||
| 411 | zval *ps_read; | ||
| 412 | zval *ps_write; | ||
| 413 | zval *ps_destroy; | ||
| 414 | zval *ps_gc; | ||
| 415 | zval *ps_create_sid; | ||
| 416 | } name; | ||
| 417 | } mod_user_names; | ||
| 418 | int mod_user_implemented; | ||
| 419 | int mod_user_is_open; | ||
| 420 | const struct ps_serializer_struct *serializer; | ||
| 421 | zval *http_session_vars; | ||
| 422 | zend_bool auto_start; | ||
| 423 | zend_bool use_cookies; | ||
| 424 | zend_bool use_only_cookies; | ||
| 425 | zend_bool use_trans_sid; /* contains the INI value of whether to use trans-sid */ | ||
| 426 | zend_bool apply_trans_sid; /* whether or not to enable trans-sid for the current request */ | ||
| 427 | |||
| 428 | long hash_func; | ||
| 429 | #if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) | ||
| 430 | php_hash_ops *hash_ops; | ||
| 431 | #endif | ||
| 432 | long hash_bits_per_character; | ||
| 433 | int send_cookie; | ||
| 434 | int define_sid; | ||
| 435 | zend_bool invalid_session_id; /* allows the driver to report about an invalid session id and request id regeneration */ | ||
| 436 | |||
| 437 | php_session_rfc1867_progress_54_55_56 *rfc1867_progress; | ||
| 438 | zend_bool rfc1867_enabled; /* session.upload_progress.enabled */ | ||
| 439 | zend_bool rfc1867_cleanup; /* session.upload_progress.cleanup */ | ||
| 440 | smart_str rfc1867_prefix; /* session.upload_progress.prefix */ | ||
| 441 | smart_str rfc1867_name; /* session.upload_progress.name */ | ||
| 442 | long rfc1867_freq; /* session.upload_progress.freq */ | ||
| 443 | double rfc1867_min_freq; /* session.upload_progress.min_freq */ | ||
| 444 | |||
| 445 | zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */ | ||
| 446 | unsigned char session_data_hash[16]; /* binary MD5 hash length */ | ||
| 447 | } php_ps_globals_56; | ||
| 383 | #endif | 448 | #endif |
| 384 | 449 | ||
| 385 | #ifdef ZTS | 450 | #ifdef ZTS |
| 386 | static ts_rsrc_id session_globals_id = 0; | 451 | static ts_rsrc_id session_globals_id = 0; |
| 387 | # if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) | 452 | # if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 6) |
| 453 | # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_56 *, v) | ||
| 454 | # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) | ||
| 388 | # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_55 *, v) | 455 | # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_55 *, v) |
| 389 | # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) | 456 | # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) |
| 390 | # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_54 *, v) | 457 | # define SESSION_G(v) TSRMG(session_globals_id, php_ps_globals_54 *, v) |
| @@ -400,7 +467,9 @@ static ts_rsrc_id session_globals_id = 0; | |||
| 400 | UNSUPPORTED PHP VERSION | 467 | UNSUPPORTED PHP VERSION |
| 401 | # endif | 468 | # endif |
| 402 | #else | 469 | #else |
| 403 | # if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) | 470 | # if (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 6) |
| 471 | static php_ps_globals_56 *session_globals = NULL; | ||
| 472 | # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 5) | ||
| 404 | static php_ps_globals_55 *session_globals = NULL; | 473 | static php_ps_globals_55 *session_globals = NULL; |
| 405 | # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) | 474 | # elif (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION >= 4) |
| 406 | static php_ps_globals_54 *session_globals = NULL; | 475 | static php_ps_globals_54 *session_globals = NULL; |