hirokawa Tue Mar 21 07:47:43 2006 UTC
Modified files:
/php-src/ext/mbstring mbstring.c mbstring.h
/php-src/ext/mbstring/libmbfl/mbfl mbfilter.c
Log:
added mb_check_encoding() to detect possible invalid encoding attack.
http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.c?r1=1.246&r2=1.247&diff_format=u
Index: php-src/ext/mbstring/mbstring.c
diff -u php-src/ext/mbstring/mbstring.c:1.246
php-src/ext/mbstring/mbstring.c:1.247
--- php-src/ext/mbstring/mbstring.c:1.246 Tue Mar 21 02:19:59 2006
+++ php-src/ext/mbstring/mbstring.c Tue Mar 21 07:47:43 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mbstring.c,v 1.246 2006/03/21 02:19:59 hirokawa Exp $ */
+/* $Id: mbstring.c,v 1.247 2006/03/21 07:47:43 hirokawa Exp $ */
/*
* PHP 4 Multibyte String module "mbstring"
@@ -221,6 +221,7 @@
PHP_FE(mb_decode_numericentity, NULL)
PHP_FE(mb_send_mail, NULL)
PHP_FE(mb_get_info, NULL)
+ PHP_FE(mb_check_encoding, NULL)
#if HAVE_MBREGEX
PHP_MBREGEX_FUNCTION_ENTRIES
#endif
@@ -2084,7 +2085,7 @@
output = (char *)ret->val;
}
- MBSTRG(illegalchars) += mbfl_buffer_illegalchars(MBSTRG(outconv));
+ MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
mbfl_buffer_converter_delete(convd);
return output;
}
@@ -3454,6 +3455,67 @@
}
/* }}} */
+/* {{{ proto bool mb_check_encoding([string var[, string encoding]])
+ Check if the string is valid for the specified encoding */
+PHP_FUNCTION(mb_check_encoding)
+{
+ char *var = NULL;
+ int var_len;
+ char *enc = NULL;
+ int enc_len;
+ char *name;
+ mbfl_buffer_converter *convd;
+ enum mbfl_no_encoding no_encoding = MBSTRG(current_internal_encoding);
+ zval *row;
+ mbfl_string string, result, *ret = NULL;
+ long illegalchars = 0;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|ss", &var,
&var_len, &enc, &enc_len) == FAILURE) {
+ RETURN_FALSE;
+ }
+
+ if (var == NULL) {
+ RETURN_BOOL(MBSTRG(illegalchars) == 0);
+ }
+
+ if (enc != NULL) {
+ no_encoding = mbfl_name2no_encoding(enc);
+ if (no_encoding == mbfl_no_encoding_invalid || no_encoding ==
mbfl_no_encoding_pass) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid
encoding \"%s\"", enc);
+ RETURN_FALSE;
+ }
+ }
+
+ convd = mbfl_buffer_converter_new(no_encoding, no_encoding, 0);
+ if (convd == NULL) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to create
converter");
+ RETURN_FALSE;
+ }
+ mbfl_buffer_converter_illegal_mode(convd,
MBSTRG(current_filter_illegal_mode));
+ mbfl_buffer_converter_illegal_substchar(convd,
MBSTRG(current_filter_illegal_substchar));
+
+ /* initialize string */
+ mbfl_string_init(&string);
+ mbfl_string_init(&result);
+ string.no_encoding = no_encoding;
+ string.no_language = MBSTRG(current_language);
+
+ string.val = (unsigned char *)var;
+ string.len = var_len;
+ ret = mbfl_buffer_converter_feed_result(convd, &string, &result);
+ illegalchars = mbfl_buffer_illegalchars(convd);
+ mbfl_buffer_converter_delete(convd);
+
+ if (ret != NULL) {
+ MBSTRG(illegalchars) += illegalchars;
+ efree(ret->val);
+ RETURN_BOOL(illegalchars == 0);
+ } else {
+ RETURN_FALSE;
+ }
+}
+/* }}} */
+
/* {{{ MBSTRING_API int php_mb_encoding_translation() */
MBSTRING_API int php_mb_encoding_translation(TSRMLS_D)
{
@@ -3614,6 +3676,7 @@
str[i] = ret->val;
len[i] = ret->len;
}
+
MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
mbfl_buffer_converter_delete(convd);
}
@@ -3831,6 +3894,7 @@
*to = ret->val;
*to_length = ret->len;
}
+
MBSTRG(illegalchars) += mbfl_buffer_illegalchars(convd);
mbfl_buffer_converter_delete(convd);
http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.h?r1=1.69&r2=1.70&diff_format=u
Index: php-src/ext/mbstring/mbstring.h
diff -u php-src/ext/mbstring/mbstring.h:1.69
php-src/ext/mbstring/mbstring.h:1.70
--- php-src/ext/mbstring/mbstring.h:1.69 Tue Mar 21 02:11:55 2006
+++ php-src/ext/mbstring/mbstring.h Tue Mar 21 07:47:43 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mbstring.h,v 1.69 2006/03/21 02:11:55 hirokawa Exp $ */
+/* $Id: mbstring.h,v 1.70 2006/03/21 07:47:43 hirokawa Exp $ */
/*
* PHP 4 Multibyte String module "mbstring" (currently only for Japanese)
@@ -120,6 +120,7 @@
PHP_FUNCTION(mb_decode_numericentity);
PHP_FUNCTION(mb_send_mail);
PHP_FUNCTION(mb_get_info);
+PHP_FUNCTION(mb_check_encoding);
MBSTRING_API int php_mb_encoding_translation(TSRMLS_D);
http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c?r1=1.11&r2=1.12&diff_format=u
Index: php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c
diff -u php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c:1.11
php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c:1.12
--- php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c:1.11 Tue Mar 21 02:11:55 2006
+++ php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c Tue Mar 21 07:47:43 2006
@@ -335,6 +335,10 @@
{
int num_illegalchars = 0;
+ if (convd == NULL) {
+ return 0;
+ }
+
if (convd->filter1 != NULL) {
num_illegalchars += convd->filter1->num_illegalchar;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
