[PHP-CVS] svn: /php/php-src/trunk/ NEWS ext/filter/filter.c ext/filter/filter_private.h ext/filter/php_filter.h ext/filter/sanitizing_filters.c

Wed, 31 Mar 2010 14:50:57 -0700 

rasmus                                   Wed, 31 Mar 2010 21:50:36 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=297239

Log:
Added the full htmlspecialchars() functionality which includes utf-8
validation as a default filter.

Changed paths:
    U   php/php-src/trunk/NEWS
    U   php/php-src/trunk/ext/filter/filter.c
    U   php/php-src/trunk/ext/filter/filter_private.h
    U   php/php-src/trunk/ext/filter/php_filter.h
    U   php/php-src/trunk/ext/filter/sanitizing_filters.c

Modified: php/php-src/trunk/NEWS
===================================================================
--- php/php-src/trunk/NEWS      2010-03-31 21:38:38 UTC (rev 297238)
+++ php/php-src/trunk/NEWS      2010-03-31 21:50:36 UTC (rev 297239)
@@ -11,6 +11,7 @@
   ReflectionExtension::isPersistent(). (Johannes)
 - Added ReflectionZendExtension class. (Johannes)
 - Added command line option --rz to CLI. (Johannes)
+- Added full_special_chars filter to ext/filter (Rasmus)

 - default_charset if not specified is now UTF-8 instead of ISO-8859-1. (Rasmus)
 - default session.entropy_file is now /dev/urandom or /dev/arandom if either

Modified: php/php-src/trunk/ext/filter/filter.c
===================================================================
--- php/php-src/trunk/ext/filter/filter.c       2010-03-31 21:38:38 UTC (rev 
297238)
+++ php/php-src/trunk/ext/filter/filter.c       2010-03-31 21:50:36 UTC (rev 
297239)
@@ -52,6 +52,7 @@
        { "stripped",        FILTER_SANITIZE_STRING,        php_filter_string   
       },
        { "encoded",         FILTER_SANITIZE_ENCODED,       php_filter_encoded  
       },
        { "special_chars",   FILTER_SANITIZE_SPECIAL_CHARS, 
php_filter_special_chars   },
+       { "full_special_chars",   FILTER_SANITIZE_FULL_SPECIAL_CHARS, 
php_filter_full_special_chars   },
        { "unsafe_raw",      FILTER_UNSAFE_RAW,             
php_filter_unsafe_raw      },
        { "email",           FILTER_SANITIZE_EMAIL,         php_filter_email    
       },
        { "url",             FILTER_SANITIZE_URL,           php_filter_url      
       },
@@ -238,6 +239,7 @@
        REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", 
FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", 
FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", 
FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
+       REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", 
FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, 
CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, 
CONST_CS | CONST_PERSISTENT);
        REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", 
FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);

Modified: php/php-src/trunk/ext/filter/filter_private.h
===================================================================
--- php/php-src/trunk/ext/filter/filter_private.h       2010-03-31 21:38:38 UTC 
(rev 297238)
+++ php/php-src/trunk/ext/filter/filter_private.h       2010-03-31 21:50:36 UTC 
(rev 297239)
@@ -78,7 +78,8 @@
 #define FILTER_SANITIZE_NUMBER_INT    0x0207
 #define FILTER_SANITIZE_NUMBER_FLOAT  0x0208
 #define FILTER_SANITIZE_MAGIC_QUOTES  0x0209
-#define FILTER_SANITIZE_LAST          0x0209
+#define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a
+#define FILTER_SANITIZE_LAST          0x020a

 #define FILTER_SANITIZE_ALL           0x0200


Modified: php/php-src/trunk/ext/filter/php_filter.h
===================================================================
--- php/php-src/trunk/ext/filter/php_filter.h   2010-03-31 21:38:38 UTC (rev 
297238)
+++ php/php-src/trunk/ext/filter/php_filter.h   2010-03-31 21:50:36 UTC (rev 
297239)
@@ -28,6 +28,7 @@
 #include "php_ini.h"
 #include "ext/standard/info.h"
 #include "ext/standard/php_string.h"
+#include "ext/standard/html.h"
 #include "php_variables.h"

 extern zend_module_entry filter_module_entry;
@@ -81,6 +82,7 @@
 void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);

Modified: php/php-src/trunk/ext/filter/sanitizing_filters.c
===================================================================
--- php/php-src/trunk/ext/filter/sanitizing_filters.c   2010-03-31 21:38:38 UTC 
(rev 297238)
+++ php/php-src/trunk/ext/filter/sanitizing_filters.c   2010-03-31 21:50:36 UTC 
(rev 297239)
@@ -242,6 +242,24 @@
 }
 /* }}} */

+/* {{{ php_filter_full_special_chars */
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
+{
+       char *buf;
+       int   len, quotes;
+
+       if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
+               quotes = ENT_QUOTES;
+       } else {
+               quotes = ENT_NOQUOTES;
+       }
+       buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), 
&len, 1, quotes, SG(default_charset), 0 TSRMLS_CC);
+       efree(Z_STRVAL_P(value));
+       Z_STRVAL_P(value) = buf;
+       Z_STRLEN_P(value) = len;
+}
+/* }}} */
+
 /* {{{ php_filter_unsafe_raw */
 void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 {
@@ -266,6 +284,8 @@
 }
 /* }}} */

+
+
 /* {{{ php_filter_email */
 #define SAFE        "$-_.+"
 #define EXTRA       "!*'(),"


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to