1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@lerdorf.on.ca> |
14 | Zeev Suraski <zeev@php.net> |
15 +----------------------------------------------------------------------+
16 */
17
18 #include <stdio.h>
19 #include "php.h"
20 #include "ext/standard/php_standard.h"
21 #include "ext/standard/credits.h"
22 #include "zend_smart_str.h"
23 #include "php_variables.h"
24 #include "php_globals.h"
25 #include "php_content_types.h"
26 #include "SAPI.h"
27 #include "zend_globals.h"
28
29 /* for systems that need to override reading of environment variables */
30 void _php_import_environment_variables(zval *array_ptr);
31 PHPAPI void (*php_import_environment_variables)(zval *array_ptr) = _php_import_environment_variables;
32
php_register_variable(const char * var,const char * strval,zval * track_vars_array)33 PHPAPI void php_register_variable(const char *var, const char *strval, zval *track_vars_array)
34 {
35 php_register_variable_safe(var, strval, strlen(strval), track_vars_array);
36 }
37
38 /* binary-safe version */
php_register_variable_safe(const char * var,const char * strval,size_t str_len,zval * track_vars_array)39 PHPAPI void php_register_variable_safe(const char *var, const char *strval, size_t str_len, zval *track_vars_array)
40 {
41 zval new_entry;
42 assert(strval != NULL);
43
44 ZVAL_STRINGL_FAST(&new_entry, strval, str_len);
45
46 php_register_variable_ex(var, &new_entry, track_vars_array);
47 }
48
php_register_variable_quick(const char * name,size_t name_len,zval * val,HashTable * ht)49 static zend_always_inline void php_register_variable_quick(const char *name, size_t name_len, zval *val, HashTable *ht)
50 {
51 zend_string *key = zend_string_init_interned(name, name_len, 0);
52
53 zend_hash_update_ind(ht, key, val);
54 zend_string_release_ex(key, 0);
55 }
56
php_register_variable_ex(const char * var_name,zval * val,zval * track_vars_array)57 PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
58 {
59 char *p = NULL;
60 char *ip = NULL; /* index pointer */
61 char *index;
62 char *var, *var_orig;
63 size_t var_len, index_len;
64 zval gpc_element, *gpc_element_p;
65 bool is_array = 0;
66 HashTable *symtable1 = NULL;
67 ALLOCA_FLAG(use_heap)
68
69 assert(var_name != NULL);
70
71 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
72 symtable1 = Z_ARRVAL_P(track_vars_array);
73 }
74
75 if (!symtable1) {
76 /* Nothing to do */
77 zval_ptr_dtor_nogc(val);
78 return;
79 }
80
81
82 /* ignore leading spaces in the variable name */
83 while (*var_name==' ') {
84 var_name++;
85 }
86
87 /*
88 * Prepare variable name
89 */
90 var_len = strlen(var_name);
91 var = var_orig = do_alloca(var_len + 1, use_heap);
92 memcpy(var_orig, var_name, var_len + 1);
93
94 /* ensure that we don't have spaces or dots in the variable name (not binary safe) */
95 for (p = var; *p; p++) {
96 if (*p == ' ' || *p == '.') {
97 *p='_';
98 } else if (*p == '[') {
99 is_array = 1;
100 ip = p;
101 *p = 0;
102 break;
103 }
104 }
105 var_len = p - var;
106
107 if (var_len==0) { /* empty variable name, or variable name with a space in it */
108 zval_ptr_dtor_nogc(val);
109 free_alloca(var_orig, use_heap);
110 return;
111 }
112
113 if (var_len == sizeof("this")-1 && EG(current_execute_data)) {
114 zend_execute_data *ex = EG(current_execute_data);
115
116 while (ex) {
117 if (ex->func && ZEND_USER_CODE(ex->func->common.type)) {
118 if ((ZEND_CALL_INFO(ex) & ZEND_CALL_HAS_SYMBOL_TABLE)
119 && ex->symbol_table == symtable1) {
120 if (memcmp(var, "this", sizeof("this")-1) == 0) {
121 zend_throw_error(NULL, "Cannot re-assign $this");
122 zval_ptr_dtor_nogc(val);
123 free_alloca(var_orig, use_heap);
124 return;
125 }
126 }
127 break;
128 }
129 ex = ex->prev_execute_data;
130 }
131 }
132
133 /* GLOBALS hijack attempt, reject parameter */
134 if (symtable1 == &EG(symbol_table) &&
135 var_len == sizeof("GLOBALS")-1 &&
136 !memcmp(var, "GLOBALS", sizeof("GLOBALS")-1)) {
137 zval_ptr_dtor_nogc(val);
138 free_alloca(var_orig, use_heap);
139 return;
140 }
141
142 index = var;
143 index_len = var_len;
144
145 if (is_array) {
146 int nest_level = 0;
147 while (1) {
148 char *index_s;
149 size_t new_idx_len = 0;
150
151 if(++nest_level > PG(max_input_nesting_level)) {
152 HashTable *ht;
153 /* too many levels of nesting */
154
155 if (track_vars_array) {
156 ht = Z_ARRVAL_P(track_vars_array);
157 zend_symtable_str_del(ht, var, var_len);
158 }
159
160 zval_ptr_dtor_nogc(val);
161
162 /* do not output the error message to the screen,
163 this helps us to to avoid "information disclosure" */
164 if (!PG(display_errors)) {
165 php_error_docref(NULL, E_WARNING, "Input variable nesting level exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_nesting_level in php.ini.", PG(max_input_nesting_level));
166 }
167 free_alloca(var_orig, use_heap);
168 return;
169 }
170
171 ip++;
172 index_s = ip;
173 if (isspace(*ip)) {
174 ip++;
175 }
176 if (*ip==']') {
177 index_s = NULL;
178 } else {
179 ip = strchr(ip, ']');
180 if (!ip) {
181 /* not an index; un-terminate the var name */
182 *(index_s - 1) = '_';
183 /* PHP variables cannot contain ' ', '.', '[' in their names, so we replace the characters with a '_' */
184 for (p = index_s; *p; p++) {
185 if (*p == ' ' || *p == '.' || *p == '[') {
186 *p = '_';
187 }
188 }
189
190 index_len = 0;
191 if (index) {
192 index_len = strlen(index);
193 }
194 goto plain_var;
195 return;
196 }
197 *ip = 0;
198 new_idx_len = strlen(index_s);
199 }
200
201 if (!index) {
202 array_init(&gpc_element);
203 if ((gpc_element_p = zend_hash_next_index_insert(symtable1, &gpc_element)) == NULL) {
204 zend_array_destroy(Z_ARR(gpc_element));
205 zval_ptr_dtor_nogc(val);
206 free_alloca(var_orig, use_heap);
207 return;
208 }
209 } else {
210 gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
211 if (!gpc_element_p) {
212 zval tmp;
213 array_init(&tmp);
214 gpc_element_p = zend_symtable_str_update_ind(symtable1, index, index_len, &tmp);
215 } else {
216 if (Z_TYPE_P(gpc_element_p) == IS_INDIRECT) {
217 gpc_element_p = Z_INDIRECT_P(gpc_element_p);
218 }
219 if (Z_TYPE_P(gpc_element_p) != IS_ARRAY) {
220 zval_ptr_dtor_nogc(gpc_element_p);
221 array_init(gpc_element_p);
222 } else {
223 SEPARATE_ARRAY(gpc_element_p);
224 }
225 }
226 }
227 symtable1 = Z_ARRVAL_P(gpc_element_p);
228 /* ip pointed to the '[' character, now obtain the key */
229 index = index_s;
230 index_len = new_idx_len;
231
232 ip++;
233 if (*ip == '[') {
234 is_array = 1;
235 *ip = 0;
236 } else {
237 goto plain_var;
238 }
239 }
240 } else {
241 plain_var:
242 if (!index) {
243 if (zend_hash_next_index_insert(symtable1, val) == NULL) {
244 zval_ptr_dtor_nogc(val);
245 }
246 } else {
247 zend_ulong idx;
248
249 /*
250 * According to rfc2965, more specific paths are listed above the less specific ones.
251 * If we encounter a duplicate cookie name, we should skip it, since it is not possible
252 * to have the same (plain text) cookie name for the same path and we should not overwrite
253 * more specific cookies with the less specific ones.
254 */
255 if (Z_TYPE(PG(http_globals)[TRACK_VARS_COOKIE]) != IS_UNDEF &&
256 symtable1 == Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]) &&
257 zend_symtable_str_exists(symtable1, index, index_len)) {
258 zval_ptr_dtor_nogc(val);
259 } else if (ZEND_HANDLE_NUMERIC_STR(index, index_len, idx)) {
260 zend_hash_index_update(symtable1, idx, val);
261 } else {
262 php_register_variable_quick(index, index_len, val, symtable1);
263 }
264 }
265 }
266 free_alloca(var_orig, use_heap);
267 }
268
269 typedef struct post_var_data {
270 smart_str str;
271 char *ptr;
272 char *end;
273 uint64_t cnt;
274
275 /* Bytes in ptr that have already been scanned for '&' */
276 size_t already_scanned;
277 } post_var_data_t;
278
add_post_var(zval * arr,post_var_data_t * var,bool eof)279 static bool add_post_var(zval *arr, post_var_data_t *var, bool eof)
280 {
281 char *start, *ksep, *vsep, *val;
282 size_t klen, vlen;
283 size_t new_vlen;
284
285 if (var->ptr >= var->end) {
286 return 0;
287 }
288
289 start = var->ptr + var->already_scanned;
290 vsep = memchr(start, '&', var->end - start);
291 if (!vsep) {
292 if (!eof) {
293 var->already_scanned = var->end - var->ptr;
294 return 0;
295 } else {
296 vsep = var->end;
297 }
298 }
299
300 ksep = memchr(var->ptr, '=', vsep - var->ptr);
301 if (ksep) {
302 *ksep = '\0';
303 /* "foo=bar&" or "foo=&" */
304 klen = ksep - var->ptr;
305 vlen = vsep - ++ksep;
306 } else {
307 ksep = "";
308 /* "foo&" */
309 klen = vsep - var->ptr;
310 vlen = 0;
311 }
312
313 php_url_decode(var->ptr, klen);
314
315 val = estrndup(ksep, vlen);
316 if (vlen) {
317 vlen = php_url_decode(val, vlen);
318 }
319
320 if (sapi_module.input_filter(PARSE_POST, var->ptr, &val, vlen, &new_vlen)) {
321 php_register_variable_safe(var->ptr, val, new_vlen, arr);
322 }
323 efree(val);
324
325 var->ptr = vsep + (vsep != var->end);
326 var->already_scanned = 0;
327 return 1;
328 }
329
add_post_vars(zval * arr,post_var_data_t * vars,bool eof)330 static inline int add_post_vars(zval *arr, post_var_data_t *vars, bool eof)
331 {
332 uint64_t max_vars = PG(max_input_vars);
333
334 vars->ptr = ZSTR_VAL(vars->str.s);
335 vars->end = ZSTR_VAL(vars->str.s) + ZSTR_LEN(vars->str.s);
336 while (add_post_var(arr, vars, eof)) {
337 if (++vars->cnt > max_vars) {
338 php_error_docref(NULL, E_WARNING,
339 "Input variables exceeded %" PRIu64 ". "
340 "To increase the limit change max_input_vars in php.ini.",
341 max_vars);
342 return FAILURE;
343 }
344 }
345
346 if (!eof && ZSTR_VAL(vars->str.s) != vars->ptr) {
347 memmove(ZSTR_VAL(vars->str.s), vars->ptr, ZSTR_LEN(vars->str.s) = vars->end - vars->ptr);
348 }
349 return SUCCESS;
350 }
351
352 #ifdef PHP_WIN32
353 #define SAPI_POST_HANDLER_BUFSIZ 16384
354 #else
355 # define SAPI_POST_HANDLER_BUFSIZ BUFSIZ
356 #endif
SAPI_POST_HANDLER_FUNC(php_std_post_handler)357 SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
358 {
359 zval *arr = (zval *) arg;
360 php_stream *s = SG(request_info).request_body;
361 post_var_data_t post_data;
362
363 if (s && SUCCESS == php_stream_rewind(s)) {
364 memset(&post_data, 0, sizeof(post_data));
365
366 while (!php_stream_eof(s)) {
367 char buf[SAPI_POST_HANDLER_BUFSIZ] = {0};
368 ssize_t len = php_stream_read(s, buf, SAPI_POST_HANDLER_BUFSIZ);
369
370 if (len > 0) {
371 smart_str_appendl(&post_data.str, buf, len);
372
373 if (SUCCESS != add_post_vars(arr, &post_data, 0)) {
374 smart_str_free(&post_data.str);
375 return;
376 }
377 }
378
379 if (len != SAPI_POST_HANDLER_BUFSIZ){
380 break;
381 }
382 }
383
384 if (post_data.str.s) {
385 add_post_vars(arr, &post_data, 1);
386 smart_str_free(&post_data.str);
387 }
388 }
389 }
390 #undef SAPI_POST_HANDLER_BUFSIZ
391
SAPI_INPUT_FILTER_FUNC(php_default_input_filter)392 SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter)
393 {
394 /* TODO: check .ini setting here and apply user-defined input filter */
395 if(new_val_len) *new_val_len = val_len;
396 return 1;
397 }
398
SAPI_TREAT_DATA_FUNC(php_default_treat_data)399 SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
400 {
401 char *res = NULL, *var, *val, *separator = NULL;
402 const char *c_var;
403 zval array;
404 int free_buffer = 0;
405 char *strtok_buf = NULL;
406 zend_long count = 0;
407
408 ZVAL_UNDEF(&array);
409 switch (arg) {
410 case PARSE_POST:
411 case PARSE_GET:
412 case PARSE_COOKIE:
413 array_init(&array);
414 switch (arg) {
415 case PARSE_POST:
416 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_POST]);
417 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_POST], &array);
418 break;
419 case PARSE_GET:
420 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_GET]);
421 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_GET], &array);
422 break;
423 case PARSE_COOKIE:
424 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_COOKIE]);
425 ZVAL_COPY_VALUE(&PG(http_globals)[TRACK_VARS_COOKIE], &array);
426 break;
427 }
428 break;
429 default:
430 ZVAL_COPY_VALUE(&array, destArray);
431 break;
432 }
433
434 if (arg == PARSE_POST) {
435 sapi_handle_post(&array);
436 return;
437 }
438
439 if (arg == PARSE_GET) { /* GET data */
440 c_var = SG(request_info).query_string;
441 if (c_var && *c_var) {
442 res = (char *) estrdup(c_var);
443 free_buffer = 1;
444 } else {
445 free_buffer = 0;
446 }
447 } else if (arg == PARSE_COOKIE) { /* Cookie data */
448 c_var = SG(request_info).cookie_data;
449 if (c_var && *c_var) {
450 res = (char *) estrdup(c_var);
451 free_buffer = 1;
452 } else {
453 free_buffer = 0;
454 }
455 } else if (arg == PARSE_STRING) { /* String data */
456 res = str;
457 free_buffer = 1;
458 }
459
460 if (!res) {
461 return;
462 }
463
464 switch (arg) {
465 case PARSE_GET:
466 case PARSE_STRING:
467 separator = PG(arg_separator).input;
468 break;
469 case PARSE_COOKIE:
470 separator = ";\0";
471 break;
472 }
473
474 var = php_strtok_r(res, separator, &strtok_buf);
475
476 while (var) {
477 size_t val_len;
478 size_t new_val_len;
479
480 val = strchr(var, '=');
481
482 if (arg == PARSE_COOKIE) {
483 /* Remove leading spaces from cookie names, needed for multi-cookie header where ; can be followed by a space */
484 while (isspace(*var)) {
485 var++;
486 }
487 if (var == val || *var == '\0') {
488 goto next_cookie;
489 }
490 }
491
492 if (++count > PG(max_input_vars)) {
493 php_error_docref(NULL, E_WARNING, "Input variables exceeded " ZEND_LONG_FMT ". To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
494 break;
495 }
496
497 if (val) { /* have a value */
498
499 *val++ = '\0';
500
501 if (arg == PARSE_COOKIE) {
502 val_len = php_raw_url_decode(val, strlen(val));
503 } else {
504 val_len = php_url_decode(val, strlen(val));
505 }
506 } else {
507 val = "";
508 val_len = 0;
509 }
510
511 val = estrndup(val, val_len);
512 if (arg != PARSE_COOKIE) {
513 php_url_decode(var, strlen(var));
514 }
515 if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
516 php_register_variable_safe(var, val, new_val_len, &array);
517 }
518 efree(val);
519 next_cookie:
520 var = php_strtok_r(NULL, separator, &strtok_buf);
521 }
522
523 if (free_buffer) {
524 efree(res);
525 }
526 }
527
valid_environment_name(const char * name,const char * end)528 static zend_always_inline int valid_environment_name(const char *name, const char *end)
529 {
530 const char *s;
531
532 for (s = name; s < end; s++) {
533 if (*s == ' ' || *s == '.' || *s == '[') {
534 return 0;
535 }
536 }
537 return 1;
538 }
539
import_environment_variable(HashTable * ht,char * env)540 static zend_always_inline void import_environment_variable(HashTable *ht, char *env)
541 {
542 char *p;
543 size_t name_len, len;
544 zval val;
545 zend_ulong idx;
546
547 p = strchr(env, '=');
548 if (!p
549 || p == env
550 || !valid_environment_name(env, p)) {
551 /* malformed entry? */
552 return;
553 }
554 name_len = p - env;
555 p++;
556 len = strlen(p);
557 ZVAL_STRINGL_FAST(&val, p, len);
558 if (ZEND_HANDLE_NUMERIC_STR(env, name_len, idx)) {
559 zend_hash_index_update(ht, idx, &val);
560 } else {
561 php_register_variable_quick(env, name_len, &val, ht);
562 }
563 }
564
_php_import_environment_variables(zval * array_ptr)565 void _php_import_environment_variables(zval *array_ptr)
566 {
567 tsrm_env_lock();
568
569 #ifndef PHP_WIN32
570 for (char **env = environ; env != NULL && *env != NULL; env++) {
571 import_environment_variable(Z_ARRVAL_P(array_ptr), *env);
572 }
573 #else
574 char *environment = GetEnvironmentStringsA();
575 for (char *env = environment; env != NULL && *env; env += strlen(env) + 1) {
576 import_environment_variable(Z_ARRVAL_P(array_ptr), env);
577 }
578 FreeEnvironmentStringsA(environment);
579 #endif
580
581 tsrm_env_unlock();
582 }
583
php_std_auto_global_callback(char * name,uint32_t name_len)584 bool php_std_auto_global_callback(char *name, uint32_t name_len)
585 {
586 zend_printf("%s\n", name);
587 return 0; /* don't rearm */
588 }
589
590 /* {{{ php_build_argv */
php_build_argv(const char * s,zval * track_vars_array)591 PHPAPI void php_build_argv(const char *s, zval *track_vars_array)
592 {
593 zval arr, argc, tmp;
594 int count = 0;
595
596 if (!(SG(request_info).argc || track_vars_array)) {
597 return;
598 }
599
600 array_init(&arr);
601
602 /* Prepare argv */
603 if (SG(request_info).argc) { /* are we in cli sapi? */
604 int i;
605 for (i = 0; i < SG(request_info).argc; i++) {
606 ZVAL_STRING(&tmp, SG(request_info).argv[i]);
607 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
608 zend_string_efree(Z_STR(tmp));
609 }
610 }
611 } else if (s && *s) {
612 while (1) {
613 const char *space = strchr(s, '+');
614 /* auto-type */
615 ZVAL_STRINGL(&tmp, s, space ? space - s : strlen(s));
616 count++;
617 if (zend_hash_next_index_insert(Z_ARRVAL(arr), &tmp) == NULL) {
618 zend_string_efree(Z_STR(tmp));
619 }
620 if (!space) {
621 break;
622 }
623 s = space + 1;
624 }
625 }
626
627 /* prepare argc */
628 if (SG(request_info).argc) {
629 ZVAL_LONG(&argc, SG(request_info).argc);
630 } else {
631 ZVAL_LONG(&argc, count);
632 }
633
634 if (SG(request_info).argc) {
635 Z_ADDREF(arr);
636 zend_hash_update(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), &arr);
637 zend_hash_update(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), &argc);
638 }
639 if (track_vars_array && Z_TYPE_P(track_vars_array) == IS_ARRAY) {
640 Z_ADDREF(arr);
641 zend_hash_update(Z_ARRVAL_P(track_vars_array), ZSTR_KNOWN(ZEND_STR_ARGV), &arr);
642 zend_hash_update(Z_ARRVAL_P(track_vars_array), ZSTR_KNOWN(ZEND_STR_ARGC), &argc);
643 }
644 zval_ptr_dtor_nogc(&arr);
645 }
646 /* }}} */
647
648 /* {{{ php_register_server_variables */
php_register_server_variables(void)649 static inline void php_register_server_variables(void)
650 {
651 zval tmp;
652 zval *arr = &PG(http_globals)[TRACK_VARS_SERVER];
653 HashTable *ht;
654
655 zval_ptr_dtor_nogc(arr);
656 array_init(arr);
657
658 /* Server variables */
659 if (sapi_module.register_server_variables) {
660 sapi_module.register_server_variables(arr);
661 }
662 ht = Z_ARRVAL_P(arr);
663
664 /* PHP Authentication support */
665 if (SG(request_info).auth_user) {
666 ZVAL_STRING(&tmp, SG(request_info).auth_user);
667 php_register_variable_quick("PHP_AUTH_USER", sizeof("PHP_AUTH_USER")-1, &tmp, ht);
668 }
669 if (SG(request_info).auth_password) {
670 ZVAL_STRING(&tmp, SG(request_info).auth_password);
671 php_register_variable_quick("PHP_AUTH_PW", sizeof("PHP_AUTH_PW")-1, &tmp, ht);
672 }
673 if (SG(request_info).auth_digest) {
674 ZVAL_STRING(&tmp, SG(request_info).auth_digest);
675 php_register_variable_quick("PHP_AUTH_DIGEST", sizeof("PHP_AUTH_DIGEST")-1, &tmp, ht);
676 }
677
678 /* store request init time */
679 ZVAL_DOUBLE(&tmp, sapi_get_request_time());
680 php_register_variable_quick("REQUEST_TIME_FLOAT", sizeof("REQUEST_TIME_FLOAT")-1, &tmp, ht);
681 ZVAL_LONG(&tmp, zend_dval_to_lval(Z_DVAL(tmp)));
682 php_register_variable_quick("REQUEST_TIME", sizeof("REQUEST_TIME")-1, &tmp, ht);
683 }
684 /* }}} */
685
686 /* {{{ php_autoglobal_merge */
php_autoglobal_merge(HashTable * dest,HashTable * src)687 static void php_autoglobal_merge(HashTable *dest, HashTable *src)
688 {
689 zval *src_entry, *dest_entry;
690 zend_string *string_key;
691 zend_ulong num_key;
692 int globals_check = (dest == (&EG(symbol_table)));
693
694 ZEND_HASH_FOREACH_KEY_VAL(src, num_key, string_key, src_entry) {
695 if (Z_TYPE_P(src_entry) != IS_ARRAY
696 || (string_key && (dest_entry = zend_hash_find(dest, string_key)) == NULL)
697 || (string_key == NULL && (dest_entry = zend_hash_index_find(dest, num_key)) == NULL)
698 || Z_TYPE_P(dest_entry) != IS_ARRAY) {
699 Z_TRY_ADDREF_P(src_entry);
700 if (string_key) {
701 if (!globals_check || ZSTR_LEN(string_key) != sizeof("GLOBALS") - 1
702 || memcmp(ZSTR_VAL(string_key), "GLOBALS", sizeof("GLOBALS") - 1)) {
703 zend_hash_update(dest, string_key, src_entry);
704 } else {
705 Z_TRY_DELREF_P(src_entry);
706 }
707 } else {
708 zend_hash_index_update(dest, num_key, src_entry);
709 }
710 } else {
711 SEPARATE_ARRAY(dest_entry);
712 php_autoglobal_merge(Z_ARRVAL_P(dest_entry), Z_ARRVAL_P(src_entry));
713 }
714 } ZEND_HASH_FOREACH_END();
715 }
716 /* }}} */
717
718 /* {{{ php_hash_environment */
php_hash_environment(void)719 PHPAPI int php_hash_environment(void)
720 {
721 memset(PG(http_globals), 0, sizeof(PG(http_globals)));
722 zend_activate_auto_globals();
723 if (PG(register_argc_argv)) {
724 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
725 }
726 return SUCCESS;
727 }
728 /* }}} */
729
php_auto_globals_create_get(zend_string * name)730 static bool php_auto_globals_create_get(zend_string *name)
731 {
732 if (PG(variables_order) && (strchr(PG(variables_order),'G') || strchr(PG(variables_order),'g'))) {
733 sapi_module.treat_data(PARSE_GET, NULL, NULL);
734 } else {
735 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_GET]);
736 array_init(&PG(http_globals)[TRACK_VARS_GET]);
737 }
738
739 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_GET]);
740 Z_ADDREF(PG(http_globals)[TRACK_VARS_GET]);
741
742 return 0; /* don't rearm */
743 }
744
php_auto_globals_create_post(zend_string * name)745 static bool php_auto_globals_create_post(zend_string *name)
746 {
747 if (PG(variables_order) &&
748 (strchr(PG(variables_order),'P') || strchr(PG(variables_order),'p')) &&
749 !SG(headers_sent) &&
750 SG(request_info).request_method &&
751 !strcasecmp(SG(request_info).request_method, "POST")) {
752 sapi_module.treat_data(PARSE_POST, NULL, NULL);
753 } else {
754 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_POST]);
755 array_init(&PG(http_globals)[TRACK_VARS_POST]);
756 }
757
758 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_POST]);
759 Z_ADDREF(PG(http_globals)[TRACK_VARS_POST]);
760
761 return 0; /* don't rearm */
762 }
763
php_auto_globals_create_cookie(zend_string * name)764 static bool php_auto_globals_create_cookie(zend_string *name)
765 {
766 if (PG(variables_order) && (strchr(PG(variables_order),'C') || strchr(PG(variables_order),'c'))) {
767 sapi_module.treat_data(PARSE_COOKIE, NULL, NULL);
768 } else {
769 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_COOKIE]);
770 array_init(&PG(http_globals)[TRACK_VARS_COOKIE]);
771 }
772
773 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_COOKIE]);
774 Z_ADDREF(PG(http_globals)[TRACK_VARS_COOKIE]);
775
776 return 0; /* don't rearm */
777 }
778
php_auto_globals_create_files(zend_string * name)779 static bool php_auto_globals_create_files(zend_string *name)
780 {
781 if (Z_TYPE(PG(http_globals)[TRACK_VARS_FILES]) == IS_UNDEF) {
782 array_init(&PG(http_globals)[TRACK_VARS_FILES]);
783 }
784
785 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_FILES]);
786 Z_ADDREF(PG(http_globals)[TRACK_VARS_FILES]);
787
788 return 0; /* don't rearm */
789 }
790
791 /* Ugly hack to fix HTTP_PROXY issue, see bug #72573 */
check_http_proxy(HashTable * var_table)792 static void check_http_proxy(HashTable *var_table)
793 {
794 if (zend_hash_str_exists(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1)) {
795 char *local_proxy = getenv("HTTP_PROXY");
796
797 if (!local_proxy) {
798 zend_hash_str_del(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1);
799 } else {
800 zval local_zval;
801 ZVAL_STRING(&local_zval, local_proxy);
802 zend_hash_str_update(var_table, "HTTP_PROXY", sizeof("HTTP_PROXY")-1, &local_zval);
803 }
804 }
805 }
806
php_auto_globals_create_server(zend_string * name)807 static bool php_auto_globals_create_server(zend_string *name)
808 {
809 if (PG(variables_order) && (strchr(PG(variables_order),'S') || strchr(PG(variables_order),'s'))) {
810 php_register_server_variables();
811
812 if (PG(register_argc_argv)) {
813 if (SG(request_info).argc) {
814 zval *argc, *argv;
815
816 if ((argc = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGC), 1)) != NULL &&
817 (argv = zend_hash_find_ex_ind(&EG(symbol_table), ZSTR_KNOWN(ZEND_STR_ARGV), 1)) != NULL) {
818 Z_ADDREF_P(argv);
819 zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGV), argv);
820 zend_hash_update(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), ZSTR_KNOWN(ZEND_STR_ARGC), argc);
821 }
822 } else {
823 php_build_argv(SG(request_info).query_string, &PG(http_globals)[TRACK_VARS_SERVER]);
824 }
825 }
826
827 } else {
828 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_SERVER]);
829 array_init(&PG(http_globals)[TRACK_VARS_SERVER]);
830 }
831
832 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
833 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_SERVER]);
834 Z_ADDREF(PG(http_globals)[TRACK_VARS_SERVER]);
835
836 /* TODO: TRACK_VARS_SERVER is modified in a number of places (e.g. phar) past this point,
837 * where rc>1 due to the $_SERVER global. Ideally this shouldn't happen, but for now we
838 * ignore this issue, as it would probably require larger changes. */
839 HT_ALLOW_COW_VIOLATION(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]));
840
841 return 0; /* don't rearm */
842 }
843
php_auto_globals_create_env(zend_string * name)844 static bool php_auto_globals_create_env(zend_string *name)
845 {
846 zval_ptr_dtor_nogc(&PG(http_globals)[TRACK_VARS_ENV]);
847 array_init(&PG(http_globals)[TRACK_VARS_ENV]);
848
849 if (PG(variables_order) && (strchr(PG(variables_order),'E') || strchr(PG(variables_order),'e'))) {
850 php_import_environment_variables(&PG(http_globals)[TRACK_VARS_ENV]);
851 }
852
853 check_http_proxy(Z_ARRVAL(PG(http_globals)[TRACK_VARS_ENV]));
854 zend_hash_update(&EG(symbol_table), name, &PG(http_globals)[TRACK_VARS_ENV]);
855 Z_ADDREF(PG(http_globals)[TRACK_VARS_ENV]);
856
857 return 0; /* don't rearm */
858 }
859
php_auto_globals_create_request(zend_string * name)860 static bool php_auto_globals_create_request(zend_string *name)
861 {
862 zval form_variables;
863 unsigned char _gpc_flags[3] = {0, 0, 0};
864 char *p;
865
866 array_init(&form_variables);
867
868 if (PG(request_order) != NULL) {
869 p = PG(request_order);
870 } else {
871 p = PG(variables_order);
872 }
873
874 for (; p && *p; p++) {
875 switch (*p) {
876 case 'g':
877 case 'G':
878 if (!_gpc_flags[0]) {
879 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_GET]));
880 _gpc_flags[0] = 1;
881 }
882 break;
883 case 'p':
884 case 'P':
885 if (!_gpc_flags[1]) {
886 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_POST]));
887 _gpc_flags[1] = 1;
888 }
889 break;
890 case 'c':
891 case 'C':
892 if (!_gpc_flags[2]) {
893 php_autoglobal_merge(Z_ARRVAL(form_variables), Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]));
894 _gpc_flags[2] = 1;
895 }
896 break;
897 }
898 }
899
900 zend_hash_update(&EG(symbol_table), name, &form_variables);
901 return 0;
902 }
903
php_startup_auto_globals(void)904 void php_startup_auto_globals(void)
905 {
906 zend_register_auto_global(zend_string_init_interned("_GET", sizeof("_GET")-1, 1), 0, php_auto_globals_create_get);
907 zend_register_auto_global(zend_string_init_interned("_POST", sizeof("_POST")-1, 1), 0, php_auto_globals_create_post);
908 zend_register_auto_global(zend_string_init_interned("_COOKIE", sizeof("_COOKIE")-1, 1), 0, php_auto_globals_create_cookie);
909 zend_register_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_SERVER), PG(auto_globals_jit), php_auto_globals_create_server);
910 zend_register_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_ENV), PG(auto_globals_jit), php_auto_globals_create_env);
911 zend_register_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_REQUEST), PG(auto_globals_jit), php_auto_globals_create_request);
912 zend_register_auto_global(zend_string_init_interned("_FILES", sizeof("_FILES")-1, 1), 0, php_auto_globals_create_files);
913 }
914