Index: ext/mbstring/mbstring.c =================================================================== RCS file: /repository/php4/ext/mbstring/mbstring.c,v retrieving revision 1.142.2.11 diff -u -p -r1.142.2.11 mbstring.c --- ext/mbstring/mbstring.c 1 Apr 2003 11:50:31 -0000 1.142.2.11 +++ ext/mbstring/mbstring.c 14 Apr 2003 16:15:51 -0000 @@ -1364,7 +1364,7 @@ PHP_FUNCTION(mb_preferred_mime_name) /* {{{ static void php_mbstr_encoding_handler() */ static void -php_mbstr_encoding_handler(zval *arg, char *res, char *separator TSRMLS_DC) +php_mbstr_encoding_handler(int data_type, zval *arg, char *res, char *separator TSRMLS_DC) { char *var, *val, *s1, *s2; char *strtok_buf = NULL, **val_list; @@ -1490,6 +1490,7 @@ php_mbstr_encoding_handler(zval *arg, ch val_len = len_list[n]; } n++; + val_len = sapi_module.input_filter(data_type, var, &val, val_len TSRMLS_CC); /* add variable to symbol table */ php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); if (convd != NULL){ @@ -1517,7 +1518,7 @@ SAPI_POST_HANDLER_FUNC(php_mbstr_post_ha { MBSTRG(http_input_identify_post) = mbfl_no_encoding_invalid; - php_mbstr_encoding_handler(arg, SG(request_info).post_data, "&" TSRMLS_CC); + php_mbstr_encoding_handler(PARSE_POST, arg, SG(request_info).post_data, "&" TSRMLS_CC); if (MBSTRG(http_input_identify) != mbfl_no_encoding_invalid) { MBSTRG(http_input_identify_post) = MBSTRG(http_input_identify); @@ -1617,7 +1618,7 @@ MBSTRING_API SAPI_TREAT_DATA_FUNC(mbstr_ break; } - php_mbstr_encoding_handler(array_ptr, res, separator TSRMLS_CC); + php_mbstr_encoding_handler(arg, array_ptr, res, separator TSRMLS_CC); if (MBSTRG(http_input_identify) != mbfl_no_encoding_invalid) { switch(arg){ Index: main/SAPI.c =================================================================== RCS file: /repository/php4/main/SAPI.c,v retrieving revision 1.155.2.9 diff -u -p -r1.155.2.9 SAPI.c --- main/SAPI.c 11 Feb 2003 23:30:13 -0000 1.155.2.9 +++ main/SAPI.c 14 Apr 2003 16:15:52 -0000 @@ -823,6 +823,11 @@ SAPI_API int sapi_register_treat_data(vo return SUCCESS; } +SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC)) +{ + sapi_module.input_filter = input_filter; + return SUCCESS; +} SAPI_API int sapi_flush(TSRMLS_D) { Index: main/SAPI.h =================================================================== RCS file: /repository/php4/main/SAPI.h,v retrieving revision 1.87.2.6 diff -u -p -r1.87.2.6 SAPI.h --- main/SAPI.h 9 Apr 2003 20:27:55 -0000 1.87.2.6 +++ main/SAPI.h 14 Apr 2003 16:15:52 -0000 @@ -177,6 +177,7 @@ SAPI_API int sapi_register_post_entry(sa SAPI_API void sapi_unregister_post_entry(sapi_post_entry *post_entry); SAPI_API int sapi_register_default_post_reader(void (*default_post_reader)(TSRMLS_D)); SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zval *destArray TSRMLS_DC)); +SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC)); SAPI_API int sapi_flush(TSRMLS_D); SAPI_API struct stat *sapi_get_stat(TSRMLS_D); @@ -238,6 +239,8 @@ struct _sapi_module_struct { int (*get_target_uid)(uid_t * TSRMLS_DC); int (*get_target_gid)(gid_t * TSRMLS_DC); + unsigned int (*input_filter)(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC); + void (*ini_defaults)(HashTable *configuration_hash); int phpinfo_as_text; }; @@ -268,10 +271,12 @@ struct _sapi_post_entry { #define SAPI_POST_HANDLER_FUNC(post_handler) void post_handler(char *content_type_dup, void *arg TSRMLS_DC) #define SAPI_TREAT_DATA_FUNC(treat_data) void treat_data(int arg, char *str, zval* destArray TSRMLS_DC) +#define SAPI_INPUT_FILTER_FUNC(input_filter) unsigned int input_filter(int arg, char *var, char **val, unsigned int val_len TSRMLS_DC) SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data); SAPI_API SAPI_POST_READER_FUNC(php_default_post_reader); SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data); +SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter); #define STANDARD_SAPI_MODULE_PROPERTIES Index: main/php_content_types.c =================================================================== RCS file: /repository/php4/main/php_content_types.c,v retrieving revision 1.24.2.2 diff -u -p -r1.24.2.2 php_content_types.c --- main/php_content_types.c 31 Dec 2002 16:26:14 -0000 1.24.2.2 +++ main/php_content_types.c 14 Apr 2003 16:15:52 -0000 @@ -77,6 +77,7 @@ int php_startup_sapi_content_types(void) sapi_register_post_entries(php_post_entries); sapi_register_default_post_reader(php_default_post_reader); sapi_register_treat_data(php_default_treat_data); + sapi_register_input_filter(php_default_input_filter); return SUCCESS; } /* }}} */ Index: main/php_variables.c =================================================================== RCS file: /repository/php4/main/php_variables.c,v retrieving revision 1.45.2.3 diff -u -p -r1.45.2.3 php_variables.c --- main/php_variables.c 31 Dec 2002 16:26:23 -0000 1.45.2.3 +++ main/php_variables.c 14 Apr 2003 16:15:52 -0000 @@ -225,12 +225,19 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_ *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); + val_len = sapi_module.input_filter(PARSE_POST, var, &val, val_len TSRMLS_CC); php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); } var = php_strtok_r(NULL, "&", &strtok_buf); } } +SAPI_API SAPI_INPUT_FILTER_FUNC(php_default_input_filter) +{ + /* TODO: check .ini setting here and apply user-defined input filter */ + return val_len; +} + SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) { char *res = NULL, *var, *val, *separator=NULL; @@ -313,6 +320,7 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul *val++ = '\0'; php_url_decode(var, strlen(var)); val_len = php_url_decode(val, strlen(val)); + val_len = sapi_module.input_filter(arg, var, &val, val_len TSRMLS_CC); php_register_variable_safe(var, val, val_len, array_ptr TSRMLS_CC); } else { php_url_decode(var, strlen(var)); Index: main/rfc1867.c =================================================================== RCS file: /repository/php-src/main/rfc1867.c,v retrieving revision 1.122.2.11 diff -u -r1.122.2.11 rfc1867.c --- main/rfc1867.c 28 Jun 2003 08:51:05 -0000 1.122.2.11 +++ main/rfc1867.c 25 Jul 2003 19:58:33 -0000 @@ -892,6 +892,7 @@ safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); } #else + sapi_module.input_filter(PARSE_POST, param, &value, strlen(value) TSRMLS_CC); safe_php_register_variable(param, value, array_ptr, 0 TSRMLS_CC); #endif if (!strcasecmp(param, "MAX_FILE_SIZE")) {