diff options
| author | jvoisin | 2022-06-27 20:55:20 +0200 |
|---|---|---|
| committer | jvoisin | 2022-06-27 20:55:20 +0200 |
| commit | a5f070cd7d982ae96ad72fb79420407574e7682a (patch) | |
| tree | 998d2eb8483bc15930e023e467b235cbb7eb7340 | |
| parent | 30f1270c26edb6ced469eb302de2fa27befbdbec (diff) | |
Dump the eval'ed code
| -rw-r--r-- | src/php_snuffleupagus.h | 7 | ||||
| -rw-r--r-- | src/sp_execute.c | 2 | ||||
| -rw-r--r-- | src/sp_utils.c | 9 | ||||
| -rw-r--r-- | src/tests/dump_request/dump_eval_blacklist.phpt | 2 |
4 files changed, 20 insertions, 0 deletions
diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 97fa0e4..a4a0ed4 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h | |||
| @@ -148,6 +148,13 @@ u_long execution_depth; | |||
| 148 | HashTable *disabled_functions_hook; | 148 | HashTable *disabled_functions_hook; |
| 149 | HashTable *sp_internal_functions_hook; | 149 | HashTable *sp_internal_functions_hook; |
| 150 | HashTable *sp_eval_blacklist_functions_hook; | 150 | HashTable *sp_eval_blacklist_functions_hook; |
| 151 | |||
| 152 | #if PHP_VERSION_ID >= 80000 | ||
| 153 | zend_string* eval_source_string; | ||
| 154 | #else | ||
| 155 | zval* eval_source_string; | ||
| 156 | #endif | ||
| 157 | |||
| 151 | ZEND_END_MODULE_GLOBALS(snuffleupagus) | 158 | ZEND_END_MODULE_GLOBALS(snuffleupagus) |
| 152 | 159 | ||
| 153 | ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus) | 160 | ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus) |
diff --git a/src/sp_execute.c b/src/sp_execute.c index b81f408..a8798e4 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c | |||
| @@ -302,6 +302,8 @@ ZEND_API zend_op_array* sp_compile_string(zend_string* source_string, | |||
| 302 | #else | 302 | #else |
| 303 | ZEND_API zend_op_array* sp_compile_string(zval* source_string, char* filename) { | 303 | ZEND_API zend_op_array* sp_compile_string(zval* source_string, char* filename) { |
| 304 | #endif | 304 | #endif |
| 305 | // TODO(jvoisin) handle recursive calls to `eval` | ||
| 306 | SPG(eval_source_string) = source_string; | ||
| 305 | zend_op_array* opline = orig_zend_compile_string(source_string, filename); | 307 | zend_op_array* opline = orig_zend_compile_string(source_string, filename); |
| 306 | sp_sloppy_modify_opcode(opline); | 308 | sp_sloppy_modify_opcode(opline); |
| 307 | return opline; | 309 | return opline; |
diff --git a/src/sp_utils.c b/src/sp_utils.c index df2f0d6..d7200b1 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c | |||
| @@ -177,6 +177,15 @@ int sp_log_request(const zend_string* restrict folder, const zend_string* restri | |||
| 177 | ZEND_HASH_FOREACH_END(); | 177 | ZEND_HASH_FOREACH_END(); |
| 178 | fputs("\n", file); | 178 | fputs("\n", file); |
| 179 | } | 179 | } |
| 180 | |||
| 181 | if (UNEXPECTED(0 != SPG(in_eval))) { | ||
| 182 | #if PHP_VERSION_ID >= 80000 | ||
| 183 | fprintf(file, "EVAL_CODE: %s\n", ZSTR_VAL(SPG(eval_source_string))); | ||
| 184 | #else | ||
| 185 | fprintf(file, "EVAL_CODE: %s\n", ZSTR_VAL(zval_get_string(SPG(eval_source_string)))); | ||
| 186 | #endif | ||
| 187 | } | ||
| 188 | |||
| 180 | fclose(file); | 189 | fclose(file); |
| 181 | 190 | ||
| 182 | return 0; | 191 | return 0; |
diff --git a/src/tests/dump_request/dump_eval_blacklist.phpt b/src/tests/dump_request/dump_eval_blacklist.phpt index c9f48e4..a8c1618 100644 --- a/src/tests/dump_request/dump_eval_blacklist.phpt +++ b/src/tests/dump_request/dump_eval_blacklist.phpt | |||
| @@ -38,6 +38,8 @@ if ($res[3] != "GET:get_a='data_get_a' get_b='data_get_b' \n") { | |||
| 38 | echo "Invalid POST"; | 38 | echo "Invalid POST"; |
| 39 | } elseif ($res[5] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") { | 39 | } elseif ($res[5] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") { |
| 40 | echo "Invalid COOKIE"; | 40 | echo "Invalid COOKIE"; |
| 41 | } elseif ($res[6] != "EVAL_CODE: \$a = strtoupper(\"1234\");\n") { | ||
| 42 | echo "Invalid EVAL_CODE"; | ||
| 41 | } | 43 | } |
| 42 | ?> | 44 | ?> |
| 43 | --EXPECTF-- | 45 | --EXPECTF-- |