Derick, Seiji Masugata wrote:
> masugata Mon Apr 3 13:04:13 2006 UTC > > Modified files: (Branch: PHP_4_4) > /php-src/ext/mbstring mbstring.c mbstring.h > /php-src/ext/mbstring/libmbfl/mbfl mbfilter.c > Log: > added mb_check_encoding( ). detect possible invalid encoding attack(avoids > a security issue). There was a contact from Rui. Make apply this function to the PHP4_4 Branch. http://news.php.net/php.cvs/37387 http://news.php.net/php.cvs/37437 This function is necessary to detect possible invalid encoding attack(avoids a security issue). There was no reply afterwards though it reported directly from Rui to Derick. Therefore, Rui thinks can apply to PHP4_4 Branch. I reverted without knowing this thing. Compatibility is secured. Therefore, there is not an influence. Thank you. -- Seiji Masugata > > http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.c?r1=1.142.2.47.2.16&r2=1.142.2.47.2.17&diff_format=u > Index: php-src/ext/mbstring/mbstring.c > diff -u php-src/ext/mbstring/mbstring.c:1.142.2.47.2.16 > php-src/ext/mbstring/mbstring.c:1.142.2.47.2.17 > --- php-src/ext/mbstring/mbstring.c:1.142.2.47.2.16 Thu Mar 23 02:17:42 2006 > +++ php-src/ext/mbstring/mbstring.c Mon Apr 3 13:04:13 2006 > @@ -17,7 +17,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: mbstring.c,v 1.142.2.47.2.16 2006/03/23 02:17:42 masugata Exp $ */ > +/* $Id: mbstring.c,v 1.142.2.47.2.17 2006/04/03 13:04:13 masugata Exp $ */ > > /* > * PHP4 Multibyte String module "mbstring" > @@ -253,6 +253,7 @@ > PHP_FE(mb_decode_numericentity, NULL) > PHP_FE(mb_send_mail, NULL) > PHP_FE(mb_get_info, NULL) > + PHP_FE(mb_check_encoding, NULL) > PHP_FALIAS(mbstrlen, mb_strlen, NULL) > PHP_FALIAS(mbstrpos, mb_strpos, NULL) > PHP_FALIAS(mbstrrpos, mb_strrpos, NULL) > @@ -3812,6 +3813,65 @@ > } > /* }}} */ > > +/* {{{ proto bool mb_check_encoding([string var[, string encoding]]) > + Check if the string is valid for the specified encoding */ > +PHP_FUNCTION(mb_check_encoding) > +{ > + char *var = NULL; > + int var_len; > + char *enc = NULL; > + int enc_len; > + mbfl_buffer_converter *convd; > + enum mbfl_no_encoding no_encoding = MBSTRG(current_internal_encoding); > + mbfl_string string, result, *ret = NULL; > + long illegalchars = 0; > + > + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|ss", &var, > &var_len, &enc, &enc_len) == FAILURE) { > + RETURN_FALSE; > + } > + > + if (var == NULL) { > + RETURN_BOOL(MBSTRG(illegalchars) == 0); > + } > + > + if (enc != NULL) { > + no_encoding = mbfl_name2no_encoding(enc); > + if (no_encoding == mbfl_no_encoding_invalid || no_encoding == > mbfl_no_encoding_pass) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid > encoding \"%s\"", enc); > + RETURN_FALSE; > + } > + } > + > + convd = mbfl_buffer_converter_new(no_encoding, no_encoding, 0); > + if (convd == NULL) { > + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to create > converter"); > + RETURN_FALSE; > + } > + mbfl_buffer_converter_illegal_mode(convd, > MBSTRG(current_filter_illegal_mode)); > + mbfl_buffer_converter_illegal_substchar(convd, > MBSTRG(current_filter_illegal_substchar)); > + > + /* initialize string */ > + mbfl_string_init(&string); > + mbfl_string_init(&result); > + string.no_encoding = no_encoding; > + string.no_language = MBSTRG(current_language); > + > + string.val = (unsigned char *)var; > + string.len = var_len; > + ret = mbfl_buffer_converter_feed_result(convd, &string, &result); > + illegalchars = mbfl_buffer_illegalchars(convd); > + mbfl_buffer_converter_delete(convd); > + > + if (ret != NULL) { > + MBSTRG(illegalchars) += illegalchars; > + efree(ret->val); > + RETURN_BOOL(illegalchars == 0); > + } else { > + RETURN_FALSE; > + } > +} > +/* }}} */ > + > /* {{{ MBSTRING_API int php_mb_encoding_translation() */ > MBSTRING_API int php_mb_encoding_translation(TSRMLS_D) > { > http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/mbstring.h?r1=1.40.2.12.4.4&r2=1.40.2.12.4.5&diff_format=u > Index: php-src/ext/mbstring/mbstring.h > diff -u php-src/ext/mbstring/mbstring.h:1.40.2.12.4.4 > php-src/ext/mbstring/mbstring.h:1.40.2.12.4.5 > --- php-src/ext/mbstring/mbstring.h:1.40.2.12.4.4 Thu Mar 23 02:17:42 2006 > +++ php-src/ext/mbstring/mbstring.h Mon Apr 3 13:04:13 2006 > @@ -16,7 +16,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: mbstring.h,v 1.40.2.12.4.4 2006/03/23 02:17:42 masugata Exp $ */ > +/* $Id: mbstring.h,v 1.40.2.12.4.5 2006/04/03 13:04:13 masugata Exp $ */ > > /* > * PHP4 Multibyte String module "mbstring" (currently only for Japanese) > @@ -117,6 +117,7 @@ > PHP_FUNCTION(mb_decode_numericentity); > PHP_FUNCTION(mb_send_mail); > PHP_FUNCTION(mb_get_info); > +PHP_FUNCTION(mb_check_encoding); > > MBSTRING_API int php_mb_encoding_translation(TSRMLS_D); > > http://cvs.php.net/viewcvs.cgi/php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c?r1=1.1.2.7.2.5&r2=1.1.2.7.2.6&diff_format=u > Index: php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c > diff -u php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c:1.1.2.7.2.5 > php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c:1.1.2.7.2.6 > --- php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c:1.1.2.7.2.5 Thu Mar 23 > 02:17:42 2006 > +++ php-src/ext/mbstring/libmbfl/mbfl/mbfilter.c Mon Apr 3 13:04:13 2006 > @@ -335,6 +335,10 @@ > { > int num_illegalchars = 0; > > + if (convd == NULL) { > + return 0; > + } > + > if (convd->filter1 != NULL) { > num_illegalchars += convd->filter1->num_illegalchar; > } > > -- > PHP CVS Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
