rasmus Wed, 31 Mar 2010 21:50:36 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=297239
Log: Added the full htmlspecialchars() functionality which includes utf-8 validation as a default filter. Changed paths: U php/php-src/trunk/NEWS U php/php-src/trunk/ext/filter/filter.c U php/php-src/trunk/ext/filter/filter_private.h U php/php-src/trunk/ext/filter/php_filter.h U php/php-src/trunk/ext/filter/sanitizing_filters.c Modified: php/php-src/trunk/NEWS =================================================================== --- php/php-src/trunk/NEWS 2010-03-31 21:38:38 UTC (rev 297238) +++ php/php-src/trunk/NEWS 2010-03-31 21:50:36 UTC (rev 297239) @@ -11,6 +11,7 @@ ReflectionExtension::isPersistent(). (Johannes) - Added ReflectionZendExtension class. (Johannes) - Added command line option --rz to CLI. (Johannes) +- Added full_special_chars filter to ext/filter (Rasmus) - default_charset if not specified is now UTF-8 instead of ISO-8859-1. (Rasmus) - default session.entropy_file is now /dev/urandom or /dev/arandom if either Modified: php/php-src/trunk/ext/filter/filter.c =================================================================== --- php/php-src/trunk/ext/filter/filter.c 2010-03-31 21:38:38 UTC (rev 297238) +++ php/php-src/trunk/ext/filter/filter.c 2010-03-31 21:50:36 UTC (rev 297239) @@ -52,6 +52,7 @@ { "stripped", FILTER_SANITIZE_STRING, php_filter_string }, { "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded }, { "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars }, + { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars }, { "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw }, { "email", FILTER_SANITIZE_EMAIL, php_filter_email }, { "url", FILTER_SANITIZE_URL, php_filter_url }, @@ -238,6 +239,7 @@ REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT); REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT); Modified: php/php-src/trunk/ext/filter/filter_private.h =================================================================== --- php/php-src/trunk/ext/filter/filter_private.h 2010-03-31 21:38:38 UTC (rev 297238) +++ php/php-src/trunk/ext/filter/filter_private.h 2010-03-31 21:50:36 UTC (rev 297239) @@ -78,7 +78,8 @@ #define FILTER_SANITIZE_NUMBER_INT 0x0207 #define FILTER_SANITIZE_NUMBER_FLOAT 0x0208 #define FILTER_SANITIZE_MAGIC_QUOTES 0x0209 -#define FILTER_SANITIZE_LAST 0x0209 +#define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a +#define FILTER_SANITIZE_LAST 0x020a #define FILTER_SANITIZE_ALL 0x0200 Modified: php/php-src/trunk/ext/filter/php_filter.h =================================================================== --- php/php-src/trunk/ext/filter/php_filter.h 2010-03-31 21:38:38 UTC (rev 297238) +++ php/php-src/trunk/ext/filter/php_filter.h 2010-03-31 21:50:36 UTC (rev 297239) @@ -28,6 +28,7 @@ #include "php_ini.h" #include "ext/standard/info.h" #include "ext/standard/php_string.h" +#include "ext/standard/html.h" #include "php_variables.h" extern zend_module_entry filter_module_entry; @@ -81,6 +82,7 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL); +void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL); void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL); Modified: php/php-src/trunk/ext/filter/sanitizing_filters.c =================================================================== --- php/php-src/trunk/ext/filter/sanitizing_filters.c 2010-03-31 21:38:38 UTC (rev 297238) +++ php/php-src/trunk/ext/filter/sanitizing_filters.c 2010-03-31 21:50:36 UTC (rev 297239) @@ -242,6 +242,24 @@ } /* }}} */ +/* {{{ php_filter_full_special_chars */ +void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL) +{ + char *buf; + int len, quotes; + + if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) { + quotes = ENT_QUOTES; + } else { + quotes = ENT_NOQUOTES; + } + buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 1, quotes, SG(default_charset), 0 TSRMLS_CC); + efree(Z_STRVAL_P(value)); + Z_STRVAL_P(value) = buf; + Z_STRLEN_P(value) = len; +} +/* }}} */ + /* {{{ php_filter_unsafe_raw */ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL) { @@ -266,6 +284,8 @@ } /* }}} */ + + /* {{{ php_filter_email */ #define SAFE "$-_.+" #define EXTRA "!*'(),"
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php