Inital commit

author: Stefan Esser 2010-02-21 11:44:54 +0100
committer: Stefan Esser 2010-02-21 11:44:54 +0100
commit: 36dbfacbe64697d959f524e537b15b73c090d898 (patch)
tree: f1c7ce1409b0e7765fc72d550546967fcf0f9717 /post_handler.c
1 files changed, 114 insertions, 0 deletions
diff --git a/post_handler.c b/post_handler.c
new file mode 100644
index 0000000..a7ac060
--- /dev/null
+++ b/post_handler.c
@@ -0,0 +1,114 @@
+/*
+  +----------------------------------------------------------------------+
+  | Suhosin Version 1                                                    |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2006-2007 The Hardened-PHP Project                     |
+  | Copyright (c) 2007 SektionEins GmbH                                  |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Author: Stefan Esser <sesser@sektioneins.de>                         |
+  +----------------------------------------------------------------------+
+*/
+/*
+  $Id: post_handler.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 
+*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include "php.h"
+#include "php_ini.h"
+#include "php_suhosin.h"
+#include "SAPI.h"
+#include "php_variables.h"
+#include "php_content_types.h"
+#include "suhosin_rfc1867.h"
+#include "ext/standard/url.h"
+SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler);
+SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler)
+{
+    char *var, *val, *e, *s, *p;
+    zval *array_ptr = (zval *) arg;
+    if (SG(request_info).post_data==NULL) {
+        return;
+    }   
+    s = SG(request_info).post_data;
+    e = s + SG(request_info).post_data_length;
+    while (s < e && (p = memchr(s, '&', (e - s)))) {
+last_value:
+        if ((val = memchr(s, '=', (p - s)))) { /* have a value */
+            unsigned int val_len, new_val_len;
+            var = s;
+            php_url_decode(var, (val - s));
+            val++;
+            val_len = php_url_decode(val, (p - val));
+            val = estrndup(val, val_len);
+            if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
+#ifdef ZEND_ENGINE_2
+                if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) {
+#endif
+                    php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
+#ifdef ZEND_ENGINE_2
+                }
+#endif
+            } else {
+                SUHOSIN_G(abort_request)=1;
+            }
+            efree(val);
+        }
+        s = p + 1;
+    }
+    if (s < e) {
+        p = e;
+        goto last_value;
+    }
+}
+/* {{{ php_post_entries[]
+ */
+static sapi_post_entry suhosin_post_entries[] = {
+        { DEFAULT_POST_CONTENT_TYPE, sizeof(DEFAULT_POST_CONTENT_TYPE)-1, sapi_read_standard_form_data, suhosin_std_post_handler },
+        { MULTIPART_CONTENT_TYPE,    sizeof(MULTIPART_CONTENT_TYPE)-1,    NULL,                         suhosin_rfc1867_post_handler },
+        { NULL, 0, NULL, NULL }
+};
+/* }}} */
+void suhosin_hook_post_handlers(TSRMLS_D)
+{
+#if PHP_MAJOR_VERSION > 5 || (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 0)
+        sapi_unregister_post_entry(&suhosin_post_entries[0] TSRMLS_CC);
+        sapi_unregister_post_entry(&suhosin_post_entries[1] TSRMLS_CC);
+        sapi_register_post_entries(suhosin_post_entries TSRMLS_CC);
+#else
+        sapi_unregister_post_entry(&suhosin_post_entries[0]);
+        sapi_unregister_post_entry(&suhosin_post_entries[1]);
+        sapi_register_post_entries(suhosin_post_entries);
+#endif
+}
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noet sw=4 ts=4 fdm=marker
+ * vim<600: noet sw=4 ts=4
+ */
author	Stefan Esser	2010-02-21 11:44:54 +0100
committer	Stefan Esser	2010-02-21 11:44:54 +0100
commit	36dbfacbe64697d959f524e537b15b73c090d898 (patch)
tree	f1c7ce1409b0e7765fc72d550546967fcf0f9717 /post_handler.c

diff --git a/post_handler.c b/post_handler.c new file mode 100644 index 0000000..a7ac060 --- /dev/null +++ b/post_handler.c
@@ -0,0 +1,114 @@
	1	/*
	2	+----------------------------------------------------------------------+
	3	\| Suhosin Version 1 \|
	4	+----------------------------------------------------------------------+
	5	\| Copyright (c) 2006-2007 The Hardened-PHP Project \|
	6	\| Copyright (c) 2007 SektionEins GmbH \|
	7	+----------------------------------------------------------------------+
	8	\| This source file is subject to version 3.01 of the PHP license, \|
	9	\| that is bundled with this package in the file LICENSE, and is \|
	10	\| available through the world-wide-web at the following url: \|
	11	\| http://www.php.net/license/3_01.txt \|
	12	\| If you did not receive a copy of the PHP license and are unable to \|
	13	\| obtain it through the world-wide-web, please send a note to \|
	14	\| license@php.net so we can mail you a copy immediately. \|
	15	+----------------------------------------------------------------------+
	16	\| Author: Stefan Esser <sesser@sektioneins.de> \|
	17	+----------------------------------------------------------------------+
	18	*/
	19	/*
	20	$Id: post_handler.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
	21	*/
	22
	23	#ifdef HAVE_CONFIG_H
	24	#include "config.h"
	25	#endif
	26
	27	#include "php.h"
	28	#include "php_ini.h"
	29	#include "php_suhosin.h"
	30	#include "SAPI.h"
	31	#include "php_variables.h"
	32	#include "php_content_types.h"
	33	#include "suhosin_rfc1867.h"
	34	#include "ext/standard/url.h"
	35
	36	SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler);
	37
	38
	39	SAPI_POST_HANDLER_FUNC(suhosin_std_post_handler)
	40	{
	41	char var, val, e, s, *p;
	42	zval array_ptr = (zval ) arg;
	43
	44	if (SG(request_info).post_data==NULL) {
	45	return;
	46	}
	47
	48	s = SG(request_info).post_data;
	49	e = s + SG(request_info).post_data_length;
	50
	51	while (s < e && (p = memchr(s, '&', (e - s)))) {
	52	last_value:
	53	if ((val = memchr(s, '=', (p - s)))) { /* have a value */
	54	unsigned int val_len, new_val_len;
	55	var = s;
	56
	57	php_url_decode(var, (val - s));
	58	val++;
	59	val_len = php_url_decode(val, (p - val));
	60	val = estrndup(val, val_len);
	61	if (suhosin_input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
	62	#ifdef ZEND_ENGINE_2
	63	if (sapi_module.input_filter(PARSE_POST, var, &val, new_val_len, &new_val_len TSRMLS_CC)) {
	64	#endif
	65	php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
	66	#ifdef ZEND_ENGINE_2
	67	}
	68	#endif
	69	} else {
	70	SUHOSIN_G(abort_request)=1;
	71	}
	72	efree(val);
	73	}
	74	s = p + 1;
	75	}
	76	if (s < e) {
	77	p = e;
	78	goto last_value;
	79	}
	80	}
	81
	82	/* {{{ php_post_entries[]
	83	*/
	84	static sapi_post_entry suhosin_post_entries[] = {
	85	{ DEFAULT_POST_CONTENT_TYPE, sizeof(DEFAULT_POST_CONTENT_TYPE)-1, sapi_read_standard_form_data, suhosin_std_post_handler },
	86	{ MULTIPART_CONTENT_TYPE, sizeof(MULTIPART_CONTENT_TYPE)-1, NULL, suhosin_rfc1867_post_handler },
	87	{ NULL, 0, NULL, NULL }
	88	};
	89	/* }}} */
	90
	91	void suhosin_hook_post_handlers(TSRMLS_D)
	92	{
	93	#if PHP_MAJOR_VERSION > 5 \|\| (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 0)
	94	sapi_unregister_post_entry(&suhosin_post_entries[0] TSRMLS_CC);
	95	sapi_unregister_post_entry(&suhosin_post_entries[1] TSRMLS_CC);
	96	sapi_register_post_entries(suhosin_post_entries TSRMLS_CC);
	97	#else
	98	sapi_unregister_post_entry(&suhosin_post_entries[0]);
	99	sapi_unregister_post_entry(&suhosin_post_entries[1]);
	100	sapi_register_post_entries(suhosin_post_entries);
	101	#endif
	102	}
	103
	104
	105	/*
	106	* Local variables:
	107	* tab-width: 4
	108	* c-basic-offset: 4
	109	* End:
	110	* vim600: noet sw=4 ts=4 fdm=marker
	111	* vim<600: noet sw=4 ts=4
	112	*/
	113
	114