1 files changed, 145 insertions, 0 deletions
diff --git a/post_handler.c b/post_handler.c
new file mode 100644
index 0000000..1a2374c
--- /dev/null
+++ b/post_handler.c
@@ -0,0 +1,145 @@
+/*
+  +----------------------------------------------------------------------+
+  | Suhosin Version 1                                                    |
+  +----------------------------------------------------------------------+
+  | Copyright (c) 2006-2007 The Hardened-PHP Project                     |
+  | Copyright (c) 2007-2016 SektionEins GmbH                             |
+  +----------------------------------------------------------------------+
+  | This source file is subject to version 3.01 of the PHP license,      |
+  | that is bundled with this package in the file LICENSE, and is        |
+  | available through the world-wide-web at the following url:           |
+  | http://www.php.net/license/3_01.txt                                  |
+  | If you did not receive a copy of the PHP license and are unable to   |
+  | obtain it through the world-wide-web, please send a note to          |
+  | license@php.net so we can mail you a copy immediately.               |
+  +----------------------------------------------------------------------+
+  | Authors: Stefan Esser <sesser@sektioneins.de>                        |
+  |          Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de>              |
+  +----------------------------------------------------------------------+
+*/
+/*
+  $Id: post_handler.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $ 
+*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include "php.h"
+#include "php_ini.h"
+#include "php_suhosin7.h"
+#include "SAPI.h"
+#include "php_variables.h"
+#include "php_content_types.h"
+#include "suhosin_rfc1867.h"
+#include "ext/standard/url.h"
+#include "ext/standard/php_smart_string.h"
+#if defined(PHP_WIN32)
+#include "win32/php_inttypes.h"
+#endif
+SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler);
+static void suhosin_post_handler_modification(sapi_post_entry *spe)
+{
+        char *content_type = estrndup(spe->content_type, spe->content_type_len);
+        suhosin_log(S_VARS, "some extension replaces the POST handler for %s - Suhosin's protection might be incomplete", content_type);
+        efree(content_type);
+}
+// static PHP_INI_MH((*old_OnUpdate_mbstring_encoding_translation)) = NULL;
+// 
+// /* {{{ static PHP_INI_MH(suhosin_OnUpdate_mbstring_encoding_translation) */
+// static PHP_INI_MH(suhosin_OnUpdate_mbstring_encoding_translation)
+// {
+//      zend_bool *p;
+// #ifndef ZTS
+//      char *base = (char *) mh_arg2;
+// #else
+//      char *base;
+// 
+//      base = (char *) ts_resource(*((int *) mh_arg2));
+// #endif
+// 
+//      p = (zend_bool *) (base+(size_t) mh_arg1);
+// 
+//      if (new_value_length == 2 && strcasecmp("on", new_value) == 0) {
+//                      *p = (zend_bool) 1;
+//      }
+//      else if (new_value_length == 3 && strcasecmp("yes", new_value) == 0) {
+//              *p = (zend_bool) 1;
+//      }
+//      else if (new_value_length == 4 && strcasecmp("true", new_value) == 0) {
+//              *p = (zend_bool) 1;
+//      }
+//      else {
+//              *p = (zend_bool) atoi(new_value);
+//      }
+//      if (*p) {
+//              suhosin_log(S_VARS, "Dynamic configuration (maybe a .htaccess file) tried to activate mbstring.encoding_translation which is incompatible with suhosin");
+//      }
+//      return SUCCESS;
+// }
+/* }}} */
+/* {{{ php_post_entries[]
+ */
+static sapi_post_entry suhosin_post_entries[] = {
+        // { DEFAULT_POST_CONTENT_TYPE, sizeof(DEFAULT_POST_CONTENT_TYPE)-1, sapi_read_standard_form_data,      suhosin_std_post_handler },
+        { ZEND_STRL(MULTIPART_CONTENT_TYPE), NULL, suhosin_rfc1867_post_handler },
+        { NULL, 0, NULL, NULL }
+};
+/* }}} */
+void suhosin_hook_post_handlers()
+{
+        HashTable tempht;
+        // zend_ini_entry *ini_entry;
+        
+        sapi_unregister_post_entry(&suhosin_post_entries[0]);
+        // sapi_unregister_post_entry(&suhosin_post_entries[1]);
+        sapi_register_post_entries(suhosin_post_entries);
+        /* we want to get notified if another extension deregisters the suhosin post handlers */
+        /* we need to tell suhosin patch that there is a new valid destructor */
+        /* therefore we have create HashTable that has this destructor */
+        // zend_hash_init(&tempht, 0, NULL, (dtor_func_t)suhosin_post_handler_modification, 0);
+        // zend_hash_destroy(&tempht);
+        /* And now we can overwrite the destructor for post entries */
+        // SG(known_post_content_types).pDestructor = (dtor_func_t)suhosin_post_handler_modification;
+        
+        /* we have to stop mbstring from replacing our post handler */
+        // if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) {
+        //      return;
+        // }
+        /* replace OnUpdate_mbstring_encoding_translation handler */
+        // old_OnUpdate_mbstring_encoding_translation = ini_entry->on_modify;
+        // ini_entry->on_modify = suhosin_OnUpdate_mbstring_encoding_translation;
+}
+// void suhosin_unhook_post_handlers()
+// {
+//      zend_ini_entry *ini_entry;
+// 
+//      /* Restore to an empty destructor */
+//      SG(known_post_content_types).pDestructor = NULL;
+// 
+//      /* Now restore the ini entry handler */
+//      if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) {
+//              return;
+//      }
+//      /* replace OnUpdate_mbstring_encoding_translation handler */
+//      ini_entry->on_modify = old_OnUpdate_mbstring_encoding_translation;
+//      old_OnUpdate_mbstring_encoding_translation = NULL;
+// }
+/*
+ * Local variables:
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ * vim600: noet sw=4 ts=4 fdm=marker
+ * vim<600: noet sw=4 ts=4
+ */

diff --git a/post_handler.c b/post_handler.c new file mode 100644 index 0000000..1a2374c --- /dev/null +++ b/post_handler.c
@@ -0,0 +1,145 @@
	1	/*
	2	+----------------------------------------------------------------------+
	3	\| Suhosin Version 1 \|
	4	+----------------------------------------------------------------------+
	5	\| Copyright (c) 2006-2007 The Hardened-PHP Project \|
	6	\| Copyright (c) 2007-2016 SektionEins GmbH \|
	7	+----------------------------------------------------------------------+
	8	\| This source file is subject to version 3.01 of the PHP license, \|
	9	\| that is bundled with this package in the file LICENSE, and is \|
	10	\| available through the world-wide-web at the following url: \|
	11	\| http://www.php.net/license/3_01.txt \|
	12	\| If you did not receive a copy of the PHP license and are unable to \|
	13	\| obtain it through the world-wide-web, please send a note to \|
	14	\| license@php.net so we can mail you a copy immediately. \|
	15	+----------------------------------------------------------------------+
	16	\| Authors: Stefan Esser <sesser@sektioneins.de> \|
	17	\| Ben Fuhrmannek <ben.fuhrmannek@sektioneins.de> \|
	18	+----------------------------------------------------------------------+
	19	*/
	20	/*
	21	$Id: post_handler.c,v 1.1.1.1 2007-11-28 01:15:35 sesser Exp $
	22	*/
	23
	24	#ifdef HAVE_CONFIG_H
	25	#include "config.h"
	26	#endif
	27
	28	#include "php.h"
	29	#include "php_ini.h"
	30	#include "php_suhosin7.h"
	31	#include "SAPI.h"
	32	#include "php_variables.h"
	33	#include "php_content_types.h"
	34	#include "suhosin_rfc1867.h"
	35	#include "ext/standard/url.h"
	36	#include "ext/standard/php_smart_string.h"
	37
	38	#if defined(PHP_WIN32)
	39	#include "win32/php_inttypes.h"
	40	#endif
	41
	42	SAPI_POST_HANDLER_FUNC(suhosin_rfc1867_post_handler);
	43
	44	static void suhosin_post_handler_modification(sapi_post_entry *spe)
	45	{
	46	char *content_type = estrndup(spe->content_type, spe->content_type_len);
	47	suhosin_log(S_VARS, "some extension replaces the POST handler for %s - Suhosin's protection might be incomplete", content_type);
	48	efree(content_type);
	49	}
	50
	51	// static PHP_INI_MH((*old_OnUpdate_mbstring_encoding_translation)) = NULL;
	52	//
	53	// /* {{{ static PHP_INI_MH(suhosin_OnUpdate_mbstring_encoding_translation) */
	54	// static PHP_INI_MH(suhosin_OnUpdate_mbstring_encoding_translation)
	55	// {
	56	// zend_bool *p;
	57	// #ifndef ZTS
	58	// char base = (char ) mh_arg2;
	59	// #else
	60	// char *base;
	61	//
	62	// base = (char ) ts_resource(((int *) mh_arg2));
	63	// #endif
	64	//
	65	// p = (zend_bool *) (base+(size_t) mh_arg1);
	66	//
	67	// if (new_value_length == 2 && strcasecmp("on", new_value) == 0) {
	68	// *p = (zend_bool) 1;
	69	// }
	70	// else if (new_value_length == 3 && strcasecmp("yes", new_value) == 0) {
	71	// *p = (zend_bool) 1;
	72	// }
	73	// else if (new_value_length == 4 && strcasecmp("true", new_value) == 0) {
	74	// *p = (zend_bool) 1;
	75	// }
	76	// else {
	77	// *p = (zend_bool) atoi(new_value);
	78	// }
	79	// if (*p) {
	80	// suhosin_log(S_VARS, "Dynamic configuration (maybe a .htaccess file) tried to activate mbstring.encoding_translation which is incompatible with suhosin");
	81	// }
	82	// return SUCCESS;
	83	// }
	84	/* }}} */
	85
	86	/* {{{ php_post_entries[]
	87	*/
	88	static sapi_post_entry suhosin_post_entries[] = {
	89	// { DEFAULT_POST_CONTENT_TYPE, sizeof(DEFAULT_POST_CONTENT_TYPE)-1, sapi_read_standard_form_data, suhosin_std_post_handler },
	90	{ ZEND_STRL(MULTIPART_CONTENT_TYPE), NULL, suhosin_rfc1867_post_handler },
	91	{ NULL, 0, NULL, NULL }
	92	};
	93	/* }}} */
	94
	95	void suhosin_hook_post_handlers()
	96	{
	97	HashTable tempht;
	98	// zend_ini_entry *ini_entry;
	99
	100	sapi_unregister_post_entry(&suhosin_post_entries[0]);
	101	// sapi_unregister_post_entry(&suhosin_post_entries[1]);
	102	sapi_register_post_entries(suhosin_post_entries);
	103
	104	/* we want to get notified if another extension deregisters the suhosin post handlers */
	105
	106	/* we need to tell suhosin patch that there is a new valid destructor */
	107	/* therefore we have create HashTable that has this destructor */
	108	// zend_hash_init(&tempht, 0, NULL, (dtor_func_t)suhosin_post_handler_modification, 0);
	109	// zend_hash_destroy(&tempht);
	110	/* And now we can overwrite the destructor for post entries */
	111	// SG(known_post_content_types).pDestructor = (dtor_func_t)suhosin_post_handler_modification;
	112
	113	/* we have to stop mbstring from replacing our post handler */
	114	// if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) {
	115	// return;
	116	// }
	117	/* replace OnUpdate_mbstring_encoding_translation handler */
	118	// old_OnUpdate_mbstring_encoding_translation = ini_entry->on_modify;
	119	// ini_entry->on_modify = suhosin_OnUpdate_mbstring_encoding_translation;
	120	}
	121
	122	// void suhosin_unhook_post_handlers()
	123	// {
	124	// zend_ini_entry *ini_entry;
	125	//
	126	// /* Restore to an empty destructor */
	127	// SG(known_post_content_types).pDestructor = NULL;
	128	//
	129	// /* Now restore the ini entry handler */
	130	// if (zend_hash_find(EG(ini_directives), "mbstring.encoding_translation", sizeof("mbstring.encoding_translation"), (void **) &ini_entry) == FAILURE) {
	131	// return;
	132	// }
	133	// /* replace OnUpdate_mbstring_encoding_translation handler */
	134	// ini_entry->on_modify = old_OnUpdate_mbstring_encoding_translation;
	135	// old_OnUpdate_mbstring_encoding_translation = NULL;
	136	// }
	137
	138	/*
	139	* Local variables:
	140	* tab-width: 4
	141	* c-basic-offset: 4
	142	* End:
	143	* vim600: noet sw=4 ts=4 fdm=marker
	144	* vim<600: noet sw=4 ts=4
	145	*/