rasmus Wed, 31 Mar 2010 22:59:09 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=297245
Log:
full_special_chars filter from trunk - approved by johannes
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/filter/filter.c
U php/php-src/branches/PHP_5_3/ext/filter/filter_private.h
U php/php-src/branches/PHP_5_3/ext/filter/php_filter.h
U php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2010-03-31 22:49:08 UTC (rev 297244)
+++ php/php-src/branches/PHP_5_3/NEWS 2010-03-31 22:59:09 UTC (rev 297245)
@@ -6,6 +6,7 @@
- Added stream filter support to mcrypt extension (ported from
mcrypt_filter). (Stas)
+- Added full_special_chars filter to ext/filter (Rasmus)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
Modified: php/php-src/branches/PHP_5_3/ext/filter/filter.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/filter/filter.c 2010-03-31 22:49:08 UTC
(rev 297244)
+++ php/php-src/branches/PHP_5_3/ext/filter/filter.c 2010-03-31 22:59:09 UTC
(rev 297245)
@@ -52,6 +52,7 @@
{ "stripped", FILTER_SANITIZE_STRING, php_filter_string
},
{ "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded
},
{ "special_chars", FILTER_SANITIZE_SPECIAL_CHARS,
php_filter_special_chars },
+ { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS,
php_filter_full_special_chars },
{ "unsafe_raw", FILTER_UNSAFE_RAW,
php_filter_unsafe_raw },
{ "email", FILTER_SANITIZE_EMAIL, php_filter_email
},
{ "url", FILTER_SANITIZE_URL, php_filter_url
},
@@ -238,6 +239,7 @@
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED",
FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED",
FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS",
FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS",
FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL,
CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL,
CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT",
FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
Modified: php/php-src/branches/PHP_5_3/ext/filter/filter_private.h
===================================================================
--- php/php-src/branches/PHP_5_3/ext/filter/filter_private.h 2010-03-31
22:49:08 UTC (rev 297244)
+++ php/php-src/branches/PHP_5_3/ext/filter/filter_private.h 2010-03-31
22:59:09 UTC (rev 297245)
@@ -78,7 +78,8 @@
#define FILTER_SANITIZE_NUMBER_INT 0x0207
#define FILTER_SANITIZE_NUMBER_FLOAT 0x0208
#define FILTER_SANITIZE_MAGIC_QUOTES 0x0209
-#define FILTER_SANITIZE_LAST 0x0209
+#define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a
+#define FILTER_SANITIZE_LAST 0x020a
#define FILTER_SANITIZE_ALL 0x0200
Modified: php/php-src/branches/PHP_5_3/ext/filter/php_filter.h
===================================================================
--- php/php-src/branches/PHP_5_3/ext/filter/php_filter.h 2010-03-31
22:49:08 UTC (rev 297244)
+++ php/php-src/branches/PHP_5_3/ext/filter/php_filter.h 2010-03-31
22:59:09 UTC (rev 297245)
@@ -28,6 +28,7 @@
#include "php_ini.h"
#include "ext/standard/info.h"
#include "ext/standard/php_string.h"
+#include "ext/standard/html.h"
#include "php_variables.h"
extern zend_module_entry filter_module_entry;
@@ -81,6 +82,7 @@
void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);
Modified: php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c
2010-03-31 22:49:08 UTC (rev 297244)
+++ php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c
2010-03-31 22:59:09 UTC (rev 297245)
@@ -242,6 +242,24 @@
}
/* }}} */
+/* {{{ php_filter_full_special_chars */
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
+{
+ char *buf;
+ int len, quotes;
+
+ if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
+ quotes = ENT_QUOTES;
+ } else {
+ quotes = ENT_NOQUOTES;
+ }
+ buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value),
&len, 1, quotes, SG(default_charset), 0 TSRMLS_CC);
+ efree(Z_STRVAL_P(value));
+ Z_STRVAL_P(value) = buf;
+ Z_STRLEN_P(value) = len;
+}
+/* }}} */
+
/* {{{ php_filter_unsafe_raw */
void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
{
@@ -266,6 +284,8 @@
}
/* }}} */
+
+
/* {{{ php_filter_email */
#define SAFE "$-_.+"
#define EXTRA "!*'(),"
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
