version 1.1, 2012/02/21 23:47:51
|
version 1.1.1.2, 2012/05/29 12:34:34
|
Line 19 A simple implementation might look like the following.
|
Line 19 A simple implementation might look like the following.
|
original raw user data and adds a my_get_raw() function while the normal |
original raw user data and adds a my_get_raw() function while the normal |
$_POST, $_GET and $_COOKIE arrays are only populated with stripped |
$_POST, $_GET and $_COOKIE arrays are only populated with stripped |
data. In this simple example all I am doing is calling strip_tags() on |
data. In this simple example all I am doing is calling strip_tags() on |
the data. If register_globals is turned on, the default globals that | the data. |
are created will be stripped ($foo) while a $RAW_foo is created with the | |
original user input. | |
|
|
ZEND_BEGIN_MODULE_GLOBALS(my_input_filter) |
ZEND_BEGIN_MODULE_GLOBALS(my_input_filter) |
zval *post_array; |
zval *post_array; |
Line 88 PHP_MINFO_FUNCTION(my_input_filter)
|
Line 86 PHP_MINFO_FUNCTION(my_input_filter)
|
{ |
{ |
php_info_print_table_start(); |
php_info_print_table_start(); |
php_info_print_table_row( 2, "My Input Filter Support", "enabled" ); |
php_info_print_table_row( 2, "My Input Filter Support", "enabled" ); |
php_info_print_table_row( 2, "Revision", "$Revision$"); | php_info_print_table_row( 2, "Revision", "$Id$"); |
php_info_print_table_end(); |
php_info_print_table_end(); |
} |
} |
|
|
Line 155 PHP_FUNCTION(my_get_raw)
|
Line 153 PHP_FUNCTION(my_get_raw)
|
int var_len; |
int var_len; |
zval **tmp; |
zval **tmp; |
zval *array_ptr = NULL; |
zval *array_ptr = NULL; |
HashTable *hash_ptr; |
|
char *raw_var; |
|
|
|
if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) { |
if(zend_parse_parameters(2 TSRMLS_CC, "ls", &arg, &var, &var_len) == FAILURE) { |
return; |
return; |
Line 174 PHP_FUNCTION(my_get_raw)
|
Line 170 PHP_FUNCTION(my_get_raw)
|
break; |
break; |
} |
} |
|
|
if(!array_ptr) RETURN_FALSE; | if(!array_ptr) { |
| RETURN_FALSE; |
| } |
|
|
/* | if(zend_hash_find(HASH_OF(array_ptr), var, var_len+5, (void **)&tmp) == SUCCESS) { |
* I'm changing the variable name here because when running with register_globals on, | |
* the variable will end up in the global symbol table | |
*/ | |
raw_var = emalloc(var_len+5); /* RAW_ and a \0 */ | |
strcpy(raw_var, "RAW_"); | |
strlcat(raw_var,var,var_len+5); | |
hash_ptr = HASH_OF(array_ptr); | |
| |
if(zend_hash_find(hash_ptr, raw_var, var_len+5, (void **)&tmp) == SUCCESS) { | |
*return_value = **tmp; |
*return_value = **tmp; |
zval_copy_ctor(return_value); |
zval_copy_ctor(return_value); |
} else { |
} else { |
RETVAL_FALSE; |
RETVAL_FALSE; |
} |
} |
efree(raw_var); |
|
} |
} |
|
|