SAPIsSAPIs provide the glue for interfacing PHP into an application. They define the ways in which data is passed between an application and PHP. The following sections provide an in-depth look at a moderately simple SAPI, the PHP CGI SAPI, and the embed SAPI, for embedding PHP into an application with minimal custom needs. The CGI SAPIThe CGI SAPI provides a good introduction to how SAPIs are implemented. It is simple, in that it does not have to link against complicated external entities as mod_php does. Despite this relative simplicity, it supports reading in complex environment information, including POST, GET, and cookie data. This import of environmental information is one of the major duties of any SAPI implementation, so it is important to understand it. The defining structure in a SAPI is sapi_module_struct, which defines all the ways that the SAPI can bridge PHP and the environment so that it can set environment and query variables. sapi_module_struct is a collection of details and function pointers that tell the SAPI how to hand data to and from PHP. It is defined as follows: struct _sapi_module_struct {
char *name;
char *pretty_name;
int (*startup)(struct _sapi_module_struct *sapi_module);
int (*shutdown)(struct _sapi_module_struct *sapi_module);
int (*activate)(TSRMLS_D);
int (*deactivate)(TSRMLS_D);
int (*ub_write)(const char *str, unsigned int str_length TSRMLS_DC);
void (*flush)(void *server_context);
struct stat *(*get_stat)(TSRMLS_D);
char *(*getenv)(char *name, size_t name_len TSRMLS_DC);
void (*sapi_error)(int type, const char *error_msg, ...);
int (*header_handler)(sapi_header_struct *sapi_header,
sapi_headers_struct *sapi_headers TSRMLS_DC);
int (*send_headers)(sapi_headers_struct *sapi_headers TSRMLS_DC);
void (*send_header)(sapi_header_struct *sapi_header,
void *server_context TSRMLS_DC);
int (*read_post)(char *buffer, uint count_bytes TSRMLS_DC);
char *(*read_cookies)(TSRMLS_D);
void (*register_server_variables)(zval *track_vars_array TSRMLS_DC);
void (*log_message)(char *message);
char *php_ini_path_override;
void (*block_interruptions)(void);
void (*unblock_interruptions)(void);
void (*default_post_reader)(TSRMLS_D);
void (*treat_data)(int arg, char *str, zval *destArray TSRMLS_DC);
char *executable_location;
int php_ini_ignore;
int (*get_fd)(int *fd TSRMLS_DC);
int (*force_http_10)(TSRMLS_D);
int (*get_target_uid)(uid_t * TSRMLS_DC);
int (*get_target_gid)(gid_t * TSRMLS_DC);
unsigned int (*input_filter)(int arg, char *var, char **val,
unsigned int val_len TSRMLS_DC);
void (*ini_defaults)(HashTable *configuration_hash);
int phpinfo_as_text;
};
Here is the module structure for the CGI SAPI: static sapi_module_struct cgi_sapi_module = {
"cgi", /* name */
"CGI", /* pretty name */
php_cgi_startup, /* startup */
php_module_shutdown_wrapper, /* shutdown */
NULL, /* activate */
sapi_cgi_deactivate, /* deactivate */
sapi_cgibin_ub_write, /* unbuffered write */
sapi_cgibin_flush, /* flush */
NULL, /* get uid */
sapi_cgibin_getenv, /* getenv */
php_error, /* error handler */
NULL, /* header handler */
sapi_cgi_send_headers, /* send headers handler */
NULL, /* send header handler *=
sapi_cgi_read_post, /* read POST data */
sapi_cgi_read_cookies, /* read Cookies */
sapi_cgi_register_variables, /* register server variables */
sapi_cgi_log_message, /* Log message */
STANDARD_SAPI_MODULE_PROPERTIES
};
Notice that the last 14 fields of the struct have been replaced with the macro STANDARD_SAPI_PROPERTIES. This common technique used by SAPI authors takes advantage of the C language semantic of defining omitted struct elements in a declaration as NULL. The first two fields in the struct are the name of the SAPI. These are what is returned when you call phpinfo() or php_sapi_name() from a script. The third field is the function pointer sapi_module_struct.startup. When an application implementing a PHP SAPI is started, this function is called. An important task for this function is to bootstrap the rest of the loading by calling php_module_startup() on its module details. In the CGI module, only the bootstrapping procedure is performed, as shown here: static int php_cgi_startup(sapi_module_struct *sapi_module)
{
if (php_module_startup(sapi_module, NULL, 0) == FAILURE) {
return FAILURE;
}
return SUCCESS;
}
The fourth element, sapi_module_struct.shutdown, is the corresponding function called when the SAPI is shut down (usually when the application is terminating). The CGI SAPI (like most of the SAPIs that ship with PHP) calls php_module_shutdown_wrapper as its shutdown function. This simply calls php_module_shutdown, as shown here: int php_module_shutdown_wrapper(sapi_module_struct *sapi_globals)
{
TSRMLS_FETCH();
php_module_shutdown(TSRMLS_C);
return SUCCESS;
}
As described in Chapter 20, "PHP and Zend Engine Internals," on every request, the SAPI performs startup and shutdown calls to clean up its running environment and to reset any resources it may require. These are the fifth and sixth sapi_module_struct elements. The CGI SAPI does not define sapi_module_struct.activate, meaning that it registers no generic request-startup code, but it does register sapi_module_struct.deactivate. In deactivate, the CGI SAPI flushes its output file streams to guarantee that the end user gets all the data before the SAPI closes its end of the socket. The following are the deactivation code and the flush helper function: static void sapi_cgibin_flush(void *server_context)
{
if (fflush(stdout)==EOF) {
php_handle_aborted_connection();
}
}
static int sapi_cgi_deactivate(TSRMLS_D)
{cdx
sapi_cgibin_flush(SG(server_context));
return SUCCESS;
}
Note that stdout is explicitly flushed; this is because the CGI SAPI is hard-coded to send output to stdout. A SAPI that implements more complex activate and deactivate functions is the Apache module mod_php. Its activate function registers memory cleanup functions in case Apache terminates the script prematurely (for instance, if the client clicks the Stop button in the browser or the script exceeds Apache's timeout setting). The seventh element, sapi_module_struct.ub_write, provides a callback for how PHP should write data to the user when output buffering is not on. This is the function that will actually send the data when you use print or echo on something in a PHP script. As mentioned earlier, the CGI SAPI writes directly to stdout. Here is its implementation, which writes data in 16KB chunks: static inline size_t sapi_cgibin_single_write(const char *str,
uint str_length TSRMLS_DC)
{
size_t ret;
ret = fwrite(str, 1, MIN(str_length, 16384), stdout);
return ret;
}
static int sapi_cgibin_ub_write(const char *str, uint str_length TSRMLS_DC)
{
const char *ptr = str;
uint remaining = str_length;
size_t ret;
while (remaining > 0) {
ret = sapi_cgibin_single_write(ptr, remaining TSRMLS_CC);
if (!ret) {
php_handle_aborted_connection();
return str_length - remaining;
}
ptr += ret;
remaining -= ret;
}
return str_length;
}
This method writes each individual character separately, which is inefficient but very cross-platform portable. On systems that support POSIX input/output, you could as easily consolidate this function into the following: static int sapi_cgibin_ub_write(const char *str, uint str_length TSRMLS_DC)
{
size_t ret;
ret = write(fileno(stdout), str, str_length);
return (ret >= 0)?ret:0;
}
The eighth element is sapi_module_struct.flush, which gives PHP a way to flush its stream buffers (for example, when you call flush() within a PHP script). This uses the function sapi_cgibin_flush, which you saw called earlier from within the deactivate function. The ninth element is sapi_module_struct.get_stat. This provides a callback to override the default stat() of the file performed to ensure that the script can be run in safe mode. The CGI SAPI does not implement this hook. The tenth element is sapi_module_struct.getenv.getenv provides an interface to look up environment variables by name. Because the CGI SAPI runs akin to a regular user shell script, its sapi_cgibin_getenv() function is just a simple gateway to the C function getenv(), as shown here: static char *sapi_cgibin_getenv(char *name, size_t name_len TSRMLS_DC)
{
return getenv(name);
}
In more complex applications, such as mod_php, the SAPI should implement sapi_module_struct.getenv on top of the application's internal environment facilities. The eleventh element is the callback sapi_module_struct.sapi_error. This sets the function to be called whenever a userspace error or an internal call to zend_error() occurs. Most SAPIs set this to php_error, which is the built-in PHP error handler. The twelfth element is sapi_module_struct.header_handler. This function is called anytime you call header() inside code or when PHP sets its own internal headers. The CGI SAPI does not set its own header_handler, which means that it falls back on the default SAPI behavior, which is to append it to an internal list that PHP manages. This callback is mainly used in Web server SAPIs such as mod_php, where the Web server wants to maintain the headers itself instead of having PHP do so. The thirteenth element is sapi_module_struct.send_headers. This is called when it is time to send all the headers that have been set in PHP (that is, immediately before the first content is sent). This callback can choose to send all the headers itself, in which case it returns SAPI_HEADER_SENT_SUCCESSFULLY, or it can delegate the task of sending individual headers to the fourteenth sapi_module_struct element, send_header, in which case it should return SAPI_HEADER_DO_SEND. The CGI SAPI chooses the first methodology and writes all its headers in a send_headers function, defined as follows: static int sapi_cgi_send_headers(sapi_headers_struct *sapi_headers TSRMLS_DC)
{
char buf[SAPI_CGI_MAX_HEADER_LENGTH];
sapi_header_struct *h;
zend_llist_position pos;
long rfc2616_headers = 0;
if(SG(request_info).no_headers == 1) {
return SAPI_HEADER_SENT_SUCCESSFULLY;
}
if (SG(sapi_headers).http_response_code != 200) {
int len;
len = sprintf(buf, "Status: %d\r\n", SG(sapi_headers).http_response_code);
PHPWRITE_H(buf, len);
}
if (SG(sapi_headers).send_default_content_type) {
char *hd;
hd = sapi_get_default_content_type(TSRMLS_C);
PHPWRITE_H("Content-type:", sizeof("Content-type: ")-1);
PHPWRITE_H(hd, strlen(hd));
PHPWRITE_H("\r\n", 2);
efree(hd);
}
h = zend_llist_get_first_ex(&sapi_headers->headers, &pos);
while (h) {
PHPWRITE_H(h->header, h->header_len);
PHPWRITE_H("\r\n", 2);
h = zend_llist_get_next_ex(&sapi_headers->headers, &pos);
}
PHPWRITE_H("\r\n", 2);
return SAPI_HEADER_SENT_SUCCESSFULLY;
}
PHPWRITE_H is a macro wrapper that handles output buffering, which might potentially be on. The fifteenth element is sapi_module_struct.read_post, which specifies how POST data should be read. The function is passed a buffer and a buffer size, and it is expected to fill out the buffer and return the length of the data within. Here is the CGI SAPI's implementation, which simply reads up to the specified buffer size of data from stdin (file descriptor 0): static int sapi_cgi_read_post(char *buffer, uint count_bytes TSRMLS_DC)
{
uint read_bytes=0, tmp_read_bytes;
count_bytes = MIN(count_bytes,
(uint)SG(request_info).content_length-SG(read_post_bytes));
while (read_bytes < count_bytes) {
tmp_read_bytes = read(0, buffer+read_bytes, count_bytes-read_bytes);
if (tmp_read_bytes<=0) {
break;
}
read_bytes += tmp_read_bytes;
}
return read_bytes;
}
Note that no parsing is done here: read_post only provides the facility to read in raw post data. If you want to modify the way PHP parses POST data, you can do so in sapi_module_struct.default_post_reader, which is covered later in this chapter, in the section "SAPI Input Filters." The sixteenth element is sapi_module_struct.read_cookies. This performs the same function as read_post, except on cookie data. In the CGI specification, cookie data is passed in as an environment variable, so the CGI SAPI cookie reader just uses the getenv callback to extract it, as shown here: static char *sapi_cgi_read_cookies(TSRMLS_D)
{
return sapi_cgibin_getenv((char *)"HTTP_COOKIE",0 TSRMLS_CC);
}
Again, filtering this data is covered in the section "SAPI Input Filters." Next comes sapi_module_struct.register_server_variables. As the name implies, this function is passed in what will become the $_SERVER autoglobal array, and the SAPI has the option of adding elements to the array. The following is the top-level register_server_variables callback for the CGI SAPI: static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
{
php_import_environment_variables(track_vars_array TSRMLS_CC);
php_register_variable("PHP_SELF",
(SG(request_info).request_uri ? SG(request_info).request_uri:""),
track_vars_array TSRMLS_CC);
}
This calls php_import_environment_variables(), which loops through all the shell environment variables and creates entries for them in $_SERVER. Then it sets $_SERVER['PHP_SELF'] to be the requested script. The last declared element in the CGI module is sapi_module_struct.log_message. This is a fallback function when no other error logging facility is specified. If error_log is not set in the php.ini file, then this is the function that will be called to print out any errors you receive. The CGI module implements this by printing to stderr, as follows: static void sapi_cgi_log_message(char *message)
{
fprintf(stderr, "%s\n", message);
}
We've now covered the standard sapi_module_struct elements. The filtering callbacks default_post_reader, treat_data, and input_filter are covered later in this chapter, in the section "SAPI Input Filters." The others are special-purpose elements that are not covered here. The CGI SAPI ApplicationYou need to incorporate the CGI SAPI into an application that can actually run it. The actual CGI main() routine is very long, as it supports a wide variety of options and flags. Instead of covering that (which could easily take an entire chapter), this section provides a very stripped-down version of the main() routine that implements no optional flags. Here is the stripped-down version of the CGI main() routine: int main(int argc, char **argv)
{
int exit_status = SUCCESS;
zend_file_handle file_handle;
int retval = FAILURE;
signal(SIGPIPE, SIG_IGN); /* ignore disconnecting clients */
sapi_startup(&cgi_sapi_module);
cgi_sapi_module.executable_location = argv[0];
if (php_module_startup(&cgi_sapi_module, NULL, 0) == FAILURE) {
return FAILURE;
}
zend_first_try {
SG(server_context) = (void *) 1; /* avoid server_context==NULL checks */
init_request_info(TSRMLS_C);
file_handle.type = ZEND_HANDLE_FILENAME;
file_handle.filename = SG(request_info).path_translated;
file_handle.handle.fp = NULL;
file_handle.opened_path = NULL;
file_handle.free_filename = 0;
if (php_request_startup(TSRMLS_C)==FAILURE) {
php_module_shutdown(TSRMLS_C);
return FAILURE;
}
retval = php_fopen_primary_script(&file_handle TSRMLS_CC);
if (retval == FAILURE && file_handle.handle.fp == NULL) {
SG(sapi_headers).http_response_code = 404;
PUTS("No input file specified.\n");
php_request_shutdown((void *) 0);
php_module_shutdown(TSRMLS_C);
return FAILURE;
}
php_execute_script(&file_handle TSRMLS_CC);
if (SG(request_info).path_translated) {
char *path_translated;
path_translated = strdup(SG(request_info).path_translated);
efree(SG(request_info).path_translated);
SG(request_info).path_translated = path_translated;
}
php_request_shutdown((void *) 0);
if (exit_status == 0) {
exit_status = EG(exit_status);
}
if (SG(request_info).path_translated) {
free(SG(request_info).path_translated);
SG(request_info).path_translated = NULL;
}
} zend_catch {
exit_status = 255;
} zend_end_try();
php_module_shutdown(TSRMLS_C);
sapi_shutdown();
return exit_status;
}
The following is the helper function init_request_info(), which sets the SAPI globals for script locations and query string parameters from the environment as per the CGI specification: static void init_request_info(TSRMLS_D)
{
char *env_script_filename = sapi_cgibin_getenv("SCRIPT_FILENAME",0 TSRMLS_CC);
char *env_path_translated = sapi_cgibin_getenv("PATH_TRANSLATED",0 TSRMLS_CC);
char *script_path_translated = env_script_filename;
/* initialize the defaults */
SG(request_info).path_translated = NULL;
SG(request_info).request_method = NULL;
SG(request_info).query_string = NULL;
SG(request_info).request_uri = NULL;
SG(request_info).content_type = NULL;
SG(request_info).content_length = 0;
SG(sapi_headers).http_response_code = 200;
/* script_path_translated being set is a good indication that
we are running in a cgi environment, since it is always
null otherwise. otherwise, the filename
of the script will be retrieved later via argc/argv */
if (script_path_translated) {
const char *auth;
char *content_length = sapi_cgibin_getenv("CONTENT_LENGTH",0 TSRMLS_CC);
char *content_type = sapi_cgibin_getenv("CONTENT_TYPE",0 TSRMLS_CC);
SG(request_info).request_method =
sapi_cgibin_getenv("REQUEST_METHOD",0 TSRMLS_CC);
SG(request_info).query_string =
sapi_cgibin_getenv("QUERY_STRING",0 TSRMLS_CC);
if (script_path_translated && !strstr(script_path_translated, "..")) {
SG(request_info).path_translated = estrdup(script_path_translated);
}
SG(request_info).content_type = (content_type ? content_type : "" );
SG(request_info).content_length = (content_length?atoi(content_length):0);
/* The CGI RFC allows servers to pass on unvalidated Authorization data */
auth = sapi_cgibin_getenv("HTTP_AUTHORIZATION",0 TSRMLS_CC);
php_handle_auth_data(auth TSRMLS_CC);
}
}
The following is the basic execution order of this script:
This is the complete process of embedding the PHP interpreter into an application, using the SAPI interface. The Embed SAPIThe CGI SAPI seems like quite a bit of work, but the majority of it involves handling automatic importing of data from the caller's environment. PHP goes to great trouble to allow transparent access to user environment data, and much of that work has to be done in the SAPI implementation. If your goals are less ambitious than full custom PHP integration and you only want to execute PHP code as part of an application, the embed SAPI may be the right solution for you. The embed SAPI exposes PHP as a shared library that you can link against and run code. To build the embed library, you need to compile PHP with the following configuration line: --enable-embed This creates libphp5.so. The embed SAPI exposes two macros to the user: PHP_EMBED_START_BLOCK(int argc, char **argv) PHP_EMBED_END_BLOCK() Inside the block defined by those macros is a running PHP environment where you can execute scripts with this: php_execute_script(zend_file_handle *primary_file TSRMLS_DC); or this: zend_eval_string(char *str, zval *retval_ptr,
char *string_name TSRMLS_DC);
As an example of just how simple this is, here is a working PHP shell that interactively executes anything you pass to it: #include <php_embed.h>
#include <stdio.h>
#include <readline/readline.h>
#include <readline/history.h>
int main(int argc, char **argv) {
char *code;
PHP_EMBED_START_BLOCK(argc,argv);
while((code = readline(">")) != NULL) {
zend_eval_string(code, NULL, argv[0] TSRMLS_CC);
}
PHP_EMBED_END_BLOCK();
return 0;
}
You then compile this, as shown here: > gcc -pipe -g -O2 -I/usr/local/include/php -I/usr/local/include/php/Zend \ -I/usr/local/include/php/TSRM -I/usr/local/include/php/main -c psh.c > gcc -pipe -g -O2 -L/usr/local/lib -lreadline -lncurses -lphp5 psh.o -o psh Note that the embed SAPI sets the $argc and $argv autoglobals from what is passed to PHP_EMBED_START_BLOCK(). Check out the following psh session: > ./psh foo bar
> print_r($argv);
Array
(
[0] => ./psh
[1] => foo
[2] => bar
)
> $a = 1;
> print "$a\n";
1
>
This is a toy example in that psh is pretty featureless, but it demonstrates how you can leverage all of PHP in under 15 lines of C. Later in this chapter you will use the embed SAPI to build a more significant application: the opcode dumper described in Chapter 20. SAPI Input FiltersIn Chapter 13, "User Authentication and Session Security," you learned a bit about cross-site scripting and SQL injection attacks. Although they manifest differently, both attacks involve getting a Web application to accidentally execute (or in the case of cross-site scripting, getting a third-party user to execute) malicious code in your application's space. The solution to all attacks of this sort is simple: You must be fanatical about validating and sanitizing any input a user gives you. The responsibility for this sanitization process lies with the developer, but leaving it at that can be unsatisfactory for two reasons:
To help address this issue, the SAPI interface provides a set of three callbacks that can be used to automatically sanitize data on every incoming request: input_filter, treat_data, and default_post_reader. Because they are registered at the SAPI level, they are invisible to the developer and are executed automatically. This makes it impossible to forget to apply them on a page. Further, because they are implemented in C and occur before data is inserted into the autoglobal arrays, the implementations can be much faster than anything written in PHP. input_filter The most useful of the filter callbacks is sapi_module_struct.input_filter. A registered input_filter callback is called on the input to be populated into the auto-globals $_POST, $_GET, and $_COOKIE before the input data is actually inserted into the arrays. An input_filter callback provides a blanket mechanism for sanitizing all user-submitted data before it is available to userspace code. This section describes an input_filter that removes all HTML from POST, GET, and COOKIE data using the C code from the strip_tags() PHP function. This is a variation of the input_filter example in the PHP distribution, with a few extra bells and whistles. A new set of autoglobal arrays$_RAW_POST, $_RAW_GET, and $_RAW_COOOKIEis created, and the original contents of each variable are placed in that new array, with the cleaned data going into the standard arrays. That way, if a developer needs access to the original source, he or she can still have access to it, but the standard arrays will be free of HTML. Input filters of all kinds can be registered post-SAPI startup, and this one is implemented as an extension. This is nice because it means you do not have to actually modify the code of the SAPI you use. First is the standard module header. You add a global zval * for each of the new autoglobal arrays you are creating. Here is the code for this: #ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include "php.h"
#include "php_globals.h"
#include "php_variables.h"
#include "ext/standard/info.h"
#include "ext/standard/php_string.h"
ZEND_BEGIN_MODULE_GLOBALS(raw_filter)
zval *post_array;
zval *get_array;
zval *cookie_array;
ZEND_END_MODULE_GLOBALS(raw_filter)
#ifdef ZTS
#define IF_G(v) TSRMG(raw_filter_globals_id, zend_raw_filter_globals *, v)
#else
#define IF_G(v) (raw_filter_globals.v)
#endif
ZEND_DECLARE_MODULE_GLOBALS(raw_filter)
unsigned int raw_filter(int arg, char *var, char **val, unsigned int val_len,
unsigned int *new_val_len TSRMLS_DC)
static void php_raw_filter_init_globals(zend_raw_filter_globals *globals)
{
memset(globals, 0, sizeof(zend_raw_filter_globals *));
}
PHP_MINIT_FUNCTION(raw_filter)
{
ZEND_INIT_MODULE_GLOBALS(raw_filter, php_raw_filter_init_globals, NULL);
zend_register_auto_global("_RAW_GET", sizeof("_RAW_GET")-1, NULL TSRMLS_CC);
zend_register_auto_global("_RAW_POST", sizeof("_RAW_POST")-1, NULL TSRMLS_CC);
zend_register_auto_global("_RAW_COOKIE", sizeof("_RAW_COOKIE")-1,
NULL TSRMLS_CC);
sapi_register_input_filter(raw_filter);
return SUCCESS;
}
PHP_MSHUTDOWN_FUNCTION(raw_filter)
{
return SUCCESS;
}
PHP_RSHUTDOWN_FUNCTION(raw_filter)
{
if(IF_G(get_array)) {
zval_ptr_dtor(&IF_G(get_array));
IF_G(get_array) = NULL;
}
if(IF_G(post_array)) {
zval_ptr_dtor(&IF_G(post_array));
IF_G(post_array) = NULL;
}
if(IF_G(cookie_array)) {
zval_ptr_dtor(&IF_G(cookie_array));
IF_G(cookie_array) = NULL;
}
return SUCCESS;
}
PHP_MINFO_FUNCTION(raw_filter)
{
php_info_print_table_start();
php_info_print_table_row( 2, "strip_tags() Filter Support", "enabled" );
php_info_print_table_end();
}
zend_module_entry raw_filter_module_entry = {
STANDARD_MODULE_HEADER,
"raw_filter",
NULL,
PHP_MINIT(raw_filter),
PHP_MSHUTDOWN(raw_filter),
NULL,
PHP_RSHUTDOWN(raw_filter),
PHP_MINFO(raw_filter),
"0.1",
STANDARD_MODULE_PROPERTIES
};
#ifdef COMPILE_DL_RAW_FILTER
ZEND_GET_MODULE(raw_filter);
#endif
This is largely a standard module. There are two new things to notice, though. The first is that you call this in the MINIT phase to register the new $_RAW arrays as autoglobals: zend_register_auto_global("_RAW_GET", sizeof("_RAW_GET")-1, NULL TSRMLS_CC);
The second is that you register raw_filter as a SAPI input filter in MINIT via the following call: sapi_register_input_filter(raw_filter); The input filter forward declaration is as follows: unsigned int raw_filter(int arg, char *var, char **val, unsigned int val_len, unsigned int *new_val_len TSRMLS_DC); The arguments to the input filters are as follows:
Here is the code for the raw_filter input filter itself: unsigned int raw_filter(int arg, char *var, char **val, unsigned int val_len,
unsigned int *new_val_len TSRMLS_DC)
{
zval new_var;
zval *array_ptr = NULL;
char *raw_var;
int var_len;
switch(arg) {
case PARSE_GET:
if(!IF_G(get_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
zend_hash_update(&EG(symbol_table),"_RAW_GET", sizeof("_RAW_GET"),
&array_ptr, sizeof(zval *), NULL);
}
IF_G(get_array) = array_ptr;
break;
case PARSE_POST:
if(!IF_G(post_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
zend_hash_update(&EG(symbol_table), "_RAW_POST", sizeof("_RAW_POST"),
&array_ptr, sizeof(zval *), NULL);
}
IF_G(post_array) = array_ptr;
break;
case PARSE_COOKIE:
if(!IF_G(cookie_array)) {
ALLOC_ZVAL(array_ptr);
array_init(array_ptr);
INIT_PZVAL(array_ptr);
zend_hash_update(&EG(symbol_table), "_RAW_COOKIE",sizeof("_RAW_COOKIE"),
&array_ptr, sizeof(zval *), NULL);
}
IF_G(cookie_array) = array_ptr;
break;
}
Z_STRLEN(new_var) = val_len;
Z_STRVAL(new_var) = estrndup(*val, val_len);
Z_TYPE(new_var) = IS_STRING;
php_register_variable_ex(var, &new_var, array_ptr TSRMLS_DC);
php_strip_tags(*val, val_len, NULL, NULL, 0);
*new_val_len = strlen(*val);
return 1;
}
When raw_filter is called, it looks to see whether the appropriate $_RAW array exists, and if it does not, it creates it. It then assigns a copy of the original value of *val into that array. Next, it removes all the HTML tags from *val by using php_strip_tags() (the C underpinning of the PHP function strip_tags()) and sets the new (possibly shortened) length of *val. treat_data and default_post_reader Although the input_filter callback allows you to modify incoming variables, it does not give you complete control of the variable import process. For example, it does not allow you to avoid inserting certain variables or to change the way they are parsed from their raw form. If you need more control, you can use two other hooks that the SAPI interface provides:
sapi_module_struct.treat_data is called by the engine when it parses the raw POST, COOKIE, and GET query string data. The default implementation breaks the raw data into key/value pairs, sanitizes the values with any registered input_filter callbacks, and inserts the values into the appropriate symbol tables. sapi_module_struct.default_post_reader is called to parse any POST data that does not have a content type handler already associated with it. The default action is to simply swallow the entire POST contents into $HTTP_RAW_POST_DATA. If, for instance, you need to ban certain file types from ever being uploaded under any circumstances, defining a custom sapi_module_struct.default_post_reader callback might make sense. Like input_filter, both of these callbacks can be registered at runtime in extensions by using the sapi_register_treat_data() and sapi_register_default_post_reader() functions. In general, though, these are both very special-purpose functions. In most cases, an input_filter callback can meet your needs. |