/src/php-src/ext/standard/html.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | http://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Rasmus Lerdorf <rasmus@php.net> | |
14 | | | Jaakko Hyvätti <jaakko.hyvatti@iki.fi> | |
15 | | | Wez Furlong <wez@thebrainroom.com> | |
16 | | | Gustavo Lopes <cataphract@php.net> | |
17 | | +----------------------------------------------------------------------+ |
18 | | */ |
19 | | |
20 | | /* |
21 | | * HTML entity resources: |
22 | | * |
23 | | * http://www.unicode.org/Public/MAPPINGS/OBSOLETE/UNI2SGML.TXT |
24 | | * |
25 | | * XHTML 1.0 DTD |
26 | | * http://www.w3.org/TR/2002/REC-xhtml1-20020801/dtds.html#h-A2 |
27 | | * |
28 | | * From HTML 4.01 strict DTD: |
29 | | * http://www.w3.org/TR/html4/HTMLlat1.ent |
30 | | * http://www.w3.org/TR/html4/HTMLsymbol.ent |
31 | | * http://www.w3.org/TR/html4/HTMLspecial.ent |
32 | | * |
33 | | * HTML 5: |
34 | | * http://dev.w3.org/html5/spec/Overview.html#named-character-references |
35 | | */ |
36 | | |
37 | | #include "php.h" |
38 | | #ifdef PHP_WIN32 |
39 | | #include "config.w32.h" |
40 | | #else |
41 | | #include <php_config.h> |
42 | | #endif |
43 | | #include "php_standard.h" |
44 | | #include "php_string.h" |
45 | | #include "SAPI.h" |
46 | | #include <locale.h> |
47 | | #if HAVE_LANGINFO_H |
48 | | #include <langinfo.h> |
49 | | #endif |
50 | | |
51 | | #include <zend_hash.h> |
52 | | #include "html_tables.h" |
53 | | |
54 | | /* Macro for disabling flag of translation of non-basic entities where this isn't supported. |
55 | | * Not appropriate for html_entity_decode/htmlspecialchars_decode */ |
56 | 0 | #define LIMIT_ALL(all, doctype, charset) do { \ |
57 | 0 | (all) = (all) && !CHARSET_PARTIAL_SUPPORT((charset)) && ((doctype) != ENT_HTML_DOC_XML1); \ |
58 | 0 | } while (0) |
59 | | |
60 | 0 | #define MB_FAILURE(pos, advance) do { \ |
61 | 0 | *cursor = pos + (advance); \ |
62 | 0 | *status = FAILURE; \ |
63 | 0 | return 0; \ |
64 | 0 | } while (0) |
65 | | |
66 | 0 | #define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need)) |
67 | | |
68 | | /* valid as single byte character or leading byte */ |
69 | 0 | #define utf8_lead(c) ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4)) |
70 | | /* whether it's actually valid depends on other stuff; |
71 | | * this macro cannot check for non-shortest forms, surrogates or |
72 | | * code points above 0x10FFFF */ |
73 | 0 | #define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF) |
74 | | |
75 | 0 | #define gb2312_lead(c) ((c) != 0x8E && (c) != 0x8F && (c) != 0xA0 && (c) != 0xFF) |
76 | 0 | #define gb2312_trail(c) ((c) >= 0xA1 && (c) <= 0xFE) |
77 | | |
78 | 0 | #define sjis_lead(c) ((c) != 0x80 && (c) != 0xA0 && (c) < 0xFD) |
79 | 0 | #define sjis_trail(c) ((c) >= 0x40 && (c) != 0x7F && (c) < 0xFD) |
80 | | |
81 | | /* {{{ get_default_charset |
82 | | */ |
83 | 0 | static char *get_default_charset(void) { |
84 | 0 | if (PG(internal_encoding) && PG(internal_encoding)[0]) { |
85 | 0 | return PG(internal_encoding); |
86 | 0 | } else if (SG(default_charset) && SG(default_charset)[0] ) { |
87 | 0 | return SG(default_charset); |
88 | 0 | } |
89 | 0 | return NULL; |
90 | 0 | } |
91 | | /* }}} */ |
92 | | |
93 | | /* {{{ get_next_char |
94 | | */ |
95 | | static inline unsigned int get_next_char( |
96 | | enum entity_charset charset, |
97 | | const unsigned char *str, |
98 | | size_t str_len, |
99 | | size_t *cursor, |
100 | | int *status) |
101 | 0 | { |
102 | 0 | size_t pos = *cursor; |
103 | 0 | unsigned int this_char = 0; |
104 | |
|
105 | 0 | *status = SUCCESS; |
106 | 0 | assert(pos <= str_len); |
107 | |
|
108 | 0 | if (!CHECK_LEN(pos, 1)) |
109 | 0 | MB_FAILURE(pos, 1); |
110 | |
|
111 | 0 | switch (charset) { |
112 | 0 | case cs_utf_8: |
113 | 0 | { |
114 | | /* We'll follow strategy 2. from section 3.6.1 of UTR #36: |
115 | | * "In a reported illegal byte sequence, do not include any |
116 | | * non-initial byte that encodes a valid character or is a leading |
117 | | * byte for a valid sequence." */ |
118 | 0 | unsigned char c; |
119 | 0 | c = str[pos]; |
120 | 0 | if (c < 0x80) { |
121 | 0 | this_char = c; |
122 | 0 | pos++; |
123 | 0 | } else if (c < 0xc2) { |
124 | 0 | MB_FAILURE(pos, 1); |
125 | 0 | } else if (c < 0xe0) { |
126 | 0 | if (!CHECK_LEN(pos, 2)) |
127 | 0 | MB_FAILURE(pos, 1); |
128 | |
|
129 | 0 | if (!utf8_trail(str[pos + 1])) { |
130 | 0 | MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2); |
131 | 0 | } |
132 | 0 | this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f); |
133 | 0 | if (this_char < 0x80) { /* non-shortest form */ |
134 | 0 | MB_FAILURE(pos, 2); |
135 | 0 | } |
136 | 0 | pos += 2; |
137 | 0 | } else if (c < 0xf0) { |
138 | 0 | size_t avail = str_len - pos; |
139 | |
|
140 | 0 | if (avail < 3 || |
141 | 0 | !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) { |
142 | 0 | if (avail < 2 || utf8_lead(str[pos + 1])) |
143 | 0 | MB_FAILURE(pos, 1); |
144 | 0 | else if (avail < 3 || utf8_lead(str[pos + 2])) |
145 | 0 | MB_FAILURE(pos, 2); |
146 | 0 | else |
147 | 0 | MB_FAILURE(pos, 3); |
148 | 0 | } |
149 | |
|
150 | 0 | this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f); |
151 | 0 | if (this_char < 0x800) { /* non-shortest form */ |
152 | 0 | MB_FAILURE(pos, 3); |
153 | 0 | } else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */ |
154 | 0 | MB_FAILURE(pos, 3); |
155 | 0 | } |
156 | 0 | pos += 3; |
157 | 0 | } else if (c < 0xf5) { |
158 | 0 | size_t avail = str_len - pos; |
159 | |
|
160 | 0 | if (avail < 4 || |
161 | 0 | !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) || |
162 | 0 | !utf8_trail(str[pos + 3])) { |
163 | 0 | if (avail < 2 || utf8_lead(str[pos + 1])) |
164 | 0 | MB_FAILURE(pos, 1); |
165 | 0 | else if (avail < 3 || utf8_lead(str[pos + 2])) |
166 | 0 | MB_FAILURE(pos, 2); |
167 | 0 | else if (avail < 4 || utf8_lead(str[pos + 3])) |
168 | 0 | MB_FAILURE(pos, 3); |
169 | 0 | else |
170 | 0 | MB_FAILURE(pos, 4); |
171 | 0 | } |
172 | |
|
173 | 0 | this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f); |
174 | 0 | if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */ |
175 | 0 | MB_FAILURE(pos, 4); |
176 | 0 | } |
177 | 0 | pos += 4; |
178 | 0 | } else { |
179 | 0 | MB_FAILURE(pos, 1); |
180 | 0 | } |
181 | 0 | } |
182 | 0 | break; |
183 | |
|
184 | 0 | case cs_big5: |
185 | | /* reference http://demo.icu-project.org/icu-bin/convexp?conv=big5 */ |
186 | 0 | { |
187 | 0 | unsigned char c = str[pos]; |
188 | 0 | if (c >= 0x81 && c <= 0xFE) { |
189 | 0 | unsigned char next; |
190 | 0 | if (!CHECK_LEN(pos, 2)) |
191 | 0 | MB_FAILURE(pos, 1); |
192 | |
|
193 | 0 | next = str[pos + 1]; |
194 | |
|
195 | 0 | if ((next >= 0x40 && next <= 0x7E) || |
196 | 0 | (next >= 0xA1 && next <= 0xFE)) { |
197 | 0 | this_char = (c << 8) | next; |
198 | 0 | } else { |
199 | 0 | MB_FAILURE(pos, 1); |
200 | 0 | } |
201 | 0 | pos += 2; |
202 | 0 | } else { |
203 | 0 | this_char = c; |
204 | 0 | pos += 1; |
205 | 0 | } |
206 | 0 | } |
207 | 0 | break; |
208 | |
|
209 | 0 | case cs_big5hkscs: |
210 | 0 | { |
211 | 0 | unsigned char c = str[pos]; |
212 | 0 | if (c >= 0x81 && c <= 0xFE) { |
213 | 0 | unsigned char next; |
214 | 0 | if (!CHECK_LEN(pos, 2)) |
215 | 0 | MB_FAILURE(pos, 1); |
216 | |
|
217 | 0 | next = str[pos + 1]; |
218 | |
|
219 | 0 | if ((next >= 0x40 && next <= 0x7E) || |
220 | 0 | (next >= 0xA1 && next <= 0xFE)) { |
221 | 0 | this_char = (c << 8) | next; |
222 | 0 | } else if (next != 0x80 && next != 0xFF) { |
223 | 0 | MB_FAILURE(pos, 1); |
224 | 0 | } else { |
225 | 0 | MB_FAILURE(pos, 2); |
226 | 0 | } |
227 | 0 | pos += 2; |
228 | 0 | } else { |
229 | 0 | this_char = c; |
230 | 0 | pos += 1; |
231 | 0 | } |
232 | 0 | } |
233 | 0 | break; |
234 | |
|
235 | 0 | case cs_gb2312: /* EUC-CN */ |
236 | 0 | { |
237 | 0 | unsigned char c = str[pos]; |
238 | 0 | if (c >= 0xA1 && c <= 0xFE) { |
239 | 0 | unsigned char next; |
240 | 0 | if (!CHECK_LEN(pos, 2)) |
241 | 0 | MB_FAILURE(pos, 1); |
242 | |
|
243 | 0 | next = str[pos + 1]; |
244 | |
|
245 | 0 | if (gb2312_trail(next)) { |
246 | 0 | this_char = (c << 8) | next; |
247 | 0 | } else if (gb2312_lead(next)) { |
248 | 0 | MB_FAILURE(pos, 1); |
249 | 0 | } else { |
250 | 0 | MB_FAILURE(pos, 2); |
251 | 0 | } |
252 | 0 | pos += 2; |
253 | 0 | } else if (gb2312_lead(c)) { |
254 | 0 | this_char = c; |
255 | 0 | pos += 1; |
256 | 0 | } else { |
257 | 0 | MB_FAILURE(pos, 1); |
258 | 0 | } |
259 | 0 | } |
260 | 0 | break; |
261 | |
|
262 | 0 | case cs_sjis: |
263 | 0 | { |
264 | 0 | unsigned char c = str[pos]; |
265 | 0 | if ((c >= 0x81 && c <= 0x9F) || (c >= 0xE0 && c <= 0xFC)) { |
266 | 0 | unsigned char next; |
267 | 0 | if (!CHECK_LEN(pos, 2)) |
268 | 0 | MB_FAILURE(pos, 1); |
269 | |
|
270 | 0 | next = str[pos + 1]; |
271 | |
|
272 | 0 | if (sjis_trail(next)) { |
273 | 0 | this_char = (c << 8) | next; |
274 | 0 | } else if (sjis_lead(next)) { |
275 | 0 | MB_FAILURE(pos, 1); |
276 | 0 | } else { |
277 | 0 | MB_FAILURE(pos, 2); |
278 | 0 | } |
279 | 0 | pos += 2; |
280 | 0 | } else if (c < 0x80 || (c >= 0xA1 && c <= 0xDF)) { |
281 | 0 | this_char = c; |
282 | 0 | pos += 1; |
283 | 0 | } else { |
284 | 0 | MB_FAILURE(pos, 1); |
285 | 0 | } |
286 | 0 | } |
287 | 0 | break; |
288 | |
|
289 | 0 | case cs_eucjp: |
290 | 0 | { |
291 | 0 | unsigned char c = str[pos]; |
292 | |
|
293 | 0 | if (c >= 0xA1 && c <= 0xFE) { |
294 | 0 | unsigned next; |
295 | 0 | if (!CHECK_LEN(pos, 2)) |
296 | 0 | MB_FAILURE(pos, 1); |
297 | 0 | next = str[pos + 1]; |
298 | |
|
299 | 0 | if (next >= 0xA1 && next <= 0xFE) { |
300 | | /* this a jis kanji char */ |
301 | 0 | this_char = (c << 8) | next; |
302 | 0 | } else { |
303 | 0 | MB_FAILURE(pos, (next != 0xA0 && next != 0xFF) ? 1 : 2); |
304 | 0 | } |
305 | 0 | pos += 2; |
306 | 0 | } else if (c == 0x8E) { |
307 | 0 | unsigned next; |
308 | 0 | if (!CHECK_LEN(pos, 2)) |
309 | 0 | MB_FAILURE(pos, 1); |
310 | |
|
311 | 0 | next = str[pos + 1]; |
312 | 0 | if (next >= 0xA1 && next <= 0xDF) { |
313 | | /* JIS X 0201 kana */ |
314 | 0 | this_char = (c << 8) | next; |
315 | 0 | } else { |
316 | 0 | MB_FAILURE(pos, (next != 0xA0 && next != 0xFF) ? 1 : 2); |
317 | 0 | } |
318 | 0 | pos += 2; |
319 | 0 | } else if (c == 0x8F) { |
320 | 0 | size_t avail = str_len - pos; |
321 | |
|
322 | 0 | if (avail < 3 || !(str[pos + 1] >= 0xA1 && str[pos + 1] <= 0xFE) || |
323 | 0 | !(str[pos + 2] >= 0xA1 && str[pos + 2] <= 0xFE)) { |
324 | 0 | if (avail < 2 || (str[pos + 1] != 0xA0 && str[pos + 1] != 0xFF)) |
325 | 0 | MB_FAILURE(pos, 1); |
326 | 0 | else if (avail < 3 || (str[pos + 2] != 0xA0 && str[pos + 2] != 0xFF)) |
327 | 0 | MB_FAILURE(pos, 2); |
328 | 0 | else |
329 | 0 | MB_FAILURE(pos, 3); |
330 | 0 | } else { |
331 | | /* JIS X 0212 hojo-kanji */ |
332 | 0 | this_char = (c << 16) | (str[pos + 1] << 8) | str[pos + 2]; |
333 | 0 | } |
334 | 0 | pos += 3; |
335 | 0 | } else if (c != 0xA0 && c != 0xFF) { |
336 | | /* character encoded in 1 code unit */ |
337 | 0 | this_char = c; |
338 | 0 | pos += 1; |
339 | 0 | } else { |
340 | 0 | MB_FAILURE(pos, 1); |
341 | 0 | } |
342 | 0 | } |
343 | 0 | break; |
344 | 0 | default: |
345 | | /* single-byte charsets */ |
346 | 0 | this_char = str[pos++]; |
347 | 0 | break; |
348 | 0 | } |
349 | | |
350 | 0 | *cursor = pos; |
351 | 0 | return this_char; |
352 | 0 | } |
353 | | /* }}} */ |
354 | | |
355 | | /* {{{ php_next_utf8_char |
356 | | * Public interface for get_next_char used with UTF-8 */ |
357 | | PHPAPI unsigned int php_next_utf8_char( |
358 | | const unsigned char *str, |
359 | | size_t str_len, |
360 | | size_t *cursor, |
361 | | int *status) |
362 | 0 | { |
363 | 0 | return get_next_char(cs_utf_8, str, str_len, cursor, status); |
364 | 0 | } |
365 | | /* }}} */ |
366 | | |
367 | | /* {{{ entity_charset determine_charset |
368 | | * Returns the charset identifier based on an explicitly provided charset, |
369 | | * the internal_encoding and default_charset ini settings, or UTF-8 by default. */ |
370 | | static enum entity_charset determine_charset(const char *charset_hint, zend_bool quiet) |
371 | 0 | { |
372 | 0 | if (!charset_hint || !*charset_hint) { |
373 | 0 | charset_hint = get_default_charset(); |
374 | 0 | } |
375 | |
|
376 | 0 | if (charset_hint && *charset_hint) { |
377 | 0 | size_t len = strlen(charset_hint); |
378 | | /* now walk the charset map and look for the codeset */ |
379 | 0 | for (size_t i = 0; i < sizeof(charset_map)/sizeof(charset_map[0]); i++) { |
380 | 0 | if (len == charset_map[i].codeset_len && |
381 | 0 | zend_binary_strcasecmp(charset_hint, len, charset_map[i].codeset, len) == 0) { |
382 | 0 | return charset_map[i].charset; |
383 | 0 | } |
384 | 0 | } |
385 | |
|
386 | 0 | if (!quiet) { |
387 | 0 | php_error_docref(NULL, E_WARNING, "Charset `%s' not supported, assuming utf-8", |
388 | 0 | charset_hint); |
389 | 0 | } |
390 | 0 | } |
391 | |
|
392 | 0 | return cs_utf_8; |
393 | 0 | } |
394 | | /* }}} */ |
395 | | |
396 | | /* {{{ php_utf32_utf8 */ |
397 | | static inline size_t php_utf32_utf8(unsigned char *buf, unsigned k) |
398 | 0 | { |
399 | 0 | size_t retval = 0; |
400 | | |
401 | | /* assert(0x0 <= k <= 0x10FFFF); */ |
402 | |
|
403 | 0 | if (k < 0x80) { |
404 | 0 | buf[0] = k; |
405 | 0 | retval = 1; |
406 | 0 | } else if (k < 0x800) { |
407 | 0 | buf[0] = 0xc0 | (k >> 6); |
408 | 0 | buf[1] = 0x80 | (k & 0x3f); |
409 | 0 | retval = 2; |
410 | 0 | } else if (k < 0x10000) { |
411 | 0 | buf[0] = 0xe0 | (k >> 12); |
412 | 0 | buf[1] = 0x80 | ((k >> 6) & 0x3f); |
413 | 0 | buf[2] = 0x80 | (k & 0x3f); |
414 | 0 | retval = 3; |
415 | 0 | } else { |
416 | 0 | buf[0] = 0xf0 | (k >> 18); |
417 | 0 | buf[1] = 0x80 | ((k >> 12) & 0x3f); |
418 | 0 | buf[2] = 0x80 | ((k >> 6) & 0x3f); |
419 | 0 | buf[3] = 0x80 | (k & 0x3f); |
420 | 0 | retval = 4; |
421 | 0 | } |
422 | | /* UTF-8 has been restricted to max 4 bytes since RFC 3629 */ |
423 | |
|
424 | 0 | return retval; |
425 | 0 | } |
426 | | /* }}} */ |
427 | | |
428 | | /* {{{ unimap_bsearc_cmp |
429 | | * Binary search of unicode code points in unicode <--> charset mapping. |
430 | | * Returns the code point in the target charset (whose mapping table was given) or 0 if |
431 | | * the unicode code point is not in the table. |
432 | | */ |
433 | | static inline unsigned char unimap_bsearch(const uni_to_enc *table, unsigned code_key_a, size_t num) |
434 | 0 | { |
435 | 0 | const uni_to_enc *l = table, |
436 | 0 | *h = &table[num-1], |
437 | 0 | *m; |
438 | 0 | unsigned short code_key; |
439 | | |
440 | | /* we have no mappings outside the BMP */ |
441 | 0 | if (code_key_a > 0xFFFFU) |
442 | 0 | return 0; |
443 | | |
444 | 0 | code_key = (unsigned short) code_key_a; |
445 | |
|
446 | 0 | while (l <= h) { |
447 | 0 | m = l + (h - l) / 2; |
448 | 0 | if (code_key < m->un_code_point) |
449 | 0 | h = m - 1; |
450 | 0 | else if (code_key > m->un_code_point) |
451 | 0 | l = m + 1; |
452 | 0 | else |
453 | 0 | return m->cs_code; |
454 | 0 | } |
455 | 0 | return 0; |
456 | 0 | } |
457 | | /* }}} */ |
458 | | |
459 | | /* {{{ map_from_unicode */ |
460 | | static inline int map_from_unicode(unsigned code, enum entity_charset charset, unsigned *res) |
461 | 0 | { |
462 | 0 | unsigned char found; |
463 | 0 | const uni_to_enc *table; |
464 | 0 | size_t table_size; |
465 | |
|
466 | 0 | switch (charset) { |
467 | 0 | case cs_8859_1: |
468 | | /* identity mapping of code points to unicode */ |
469 | 0 | if (code > 0xFF) { |
470 | 0 | return FAILURE; |
471 | 0 | } |
472 | 0 | *res = code; |
473 | 0 | break; |
474 | |
|
475 | 0 | case cs_8859_5: |
476 | 0 | if (code <= 0xA0 || code == 0xAD /* soft hyphen */) { |
477 | 0 | *res = code; |
478 | 0 | } else if (code == 0x2116) { |
479 | 0 | *res = 0xF0; /* numero sign */ |
480 | 0 | } else if (code == 0xA7) { |
481 | 0 | *res = 0xFD; /* section sign */ |
482 | 0 | } else if (code >= 0x0401 && code <= 0x044F) { |
483 | 0 | if (code == 0x040D || code == 0x0450 || code == 0x045D) |
484 | 0 | return FAILURE; |
485 | 0 | *res = code - 0x360; |
486 | 0 | } else { |
487 | 0 | return FAILURE; |
488 | 0 | } |
489 | 0 | break; |
490 | |
|
491 | 0 | case cs_8859_15: |
492 | 0 | if (code < 0xA4 || (code > 0xBE && code <= 0xFF)) { |
493 | 0 | *res = code; |
494 | 0 | } else { /* between A4 and 0xBE */ |
495 | 0 | found = unimap_bsearch(unimap_iso885915, |
496 | 0 | code, sizeof(unimap_iso885915) / sizeof(*unimap_iso885915)); |
497 | 0 | if (found) |
498 | 0 | *res = found; |
499 | 0 | else |
500 | 0 | return FAILURE; |
501 | 0 | } |
502 | 0 | break; |
503 | |
|
504 | 0 | case cs_cp1252: |
505 | 0 | if (code <= 0x7F || (code >= 0xA0 && code <= 0xFF)) { |
506 | 0 | *res = code; |
507 | 0 | } else { |
508 | 0 | found = unimap_bsearch(unimap_win1252, |
509 | 0 | code, sizeof(unimap_win1252) / sizeof(*unimap_win1252)); |
510 | 0 | if (found) |
511 | 0 | *res = found; |
512 | 0 | else |
513 | 0 | return FAILURE; |
514 | 0 | } |
515 | 0 | break; |
516 | |
|
517 | 0 | case cs_macroman: |
518 | 0 | if (code == 0x7F) |
519 | 0 | return FAILURE; |
520 | 0 | table = unimap_macroman; |
521 | 0 | table_size = sizeof(unimap_macroman) / sizeof(*unimap_macroman); |
522 | 0 | goto table_over_7F; |
523 | 0 | case cs_cp1251: |
524 | 0 | table = unimap_win1251; |
525 | 0 | table_size = sizeof(unimap_win1251) / sizeof(*unimap_win1251); |
526 | 0 | goto table_over_7F; |
527 | 0 | case cs_koi8r: |
528 | 0 | table = unimap_koi8r; |
529 | 0 | table_size = sizeof(unimap_koi8r) / sizeof(*unimap_koi8r); |
530 | 0 | goto table_over_7F; |
531 | 0 | case cs_cp866: |
532 | 0 | table = unimap_cp866; |
533 | 0 | table_size = sizeof(unimap_cp866) / sizeof(*unimap_cp866); |
534 | |
|
535 | 0 | table_over_7F: |
536 | 0 | if (code <= 0x7F) { |
537 | 0 | *res = code; |
538 | 0 | } else { |
539 | 0 | found = unimap_bsearch(table, code, table_size); |
540 | 0 | if (found) |
541 | 0 | *res = found; |
542 | 0 | else |
543 | 0 | return FAILURE; |
544 | 0 | } |
545 | 0 | break; |
546 | | |
547 | | /* from here on, only map the possible characters in the ASCII range. |
548 | | * to improve support here, it's a matter of building the unicode mappings. |
549 | | * See <http://www.unicode.org/Public/6.0.0/ucd/Unihan.zip> */ |
550 | 0 | case cs_sjis: |
551 | 0 | case cs_eucjp: |
552 | | /* we interpret 0x5C as the Yen symbol. This is not universal. |
553 | | * See <http://www.w3.org/Submission/japanese-xml/#ambiguity_of_yen> */ |
554 | 0 | if (code >= 0x20 && code <= 0x7D) { |
555 | 0 | if (code == 0x5C) |
556 | 0 | return FAILURE; |
557 | 0 | *res = code; |
558 | 0 | } else { |
559 | 0 | return FAILURE; |
560 | 0 | } |
561 | 0 | break; |
562 | |
|
563 | 0 | case cs_big5: |
564 | 0 | case cs_big5hkscs: |
565 | 0 | case cs_gb2312: |
566 | 0 | if (code >= 0x20 && code <= 0x7D) { |
567 | 0 | *res = code; |
568 | 0 | } else { |
569 | 0 | return FAILURE; |
570 | 0 | } |
571 | 0 | break; |
572 | |
|
573 | 0 | default: |
574 | 0 | return FAILURE; |
575 | 0 | } |
576 | | |
577 | 0 | return SUCCESS; |
578 | 0 | } |
579 | | /* }}} */ |
580 | | |
581 | | /* {{{ */ |
582 | | static inline void map_to_unicode(unsigned code, const enc_to_uni *table, unsigned *res) |
583 | 0 | { |
584 | | /* only single byte encodings are currently supported; assumed code <= 0xFF */ |
585 | 0 | *res = table->inner[ENT_ENC_TO_UNI_STAGE1(code)]->uni_cp[ENT_ENC_TO_UNI_STAGE2(code)]; |
586 | 0 | } |
587 | | /* }}} */ |
588 | | |
589 | | /* {{{ unicode_cp_is_allowed */ |
590 | | static inline int unicode_cp_is_allowed(unsigned uni_cp, int document_type) |
591 | 0 | { |
592 | | /* XML 1.0 HTML 4.01 HTML 5 |
593 | | * 0x09..0x0A 0x09..0x0A 0x09..0x0A |
594 | | * 0x0D 0x0D 0x0C..0x0D |
595 | | * 0x0020..0xD7FF 0x20..0x7E 0x20..0x7E |
596 | | * 0x00A0..0xD7FF 0x00A0..0xD7FF |
597 | | * 0xE000..0xFFFD 0xE000..0x10FFFF 0xE000..0xFDCF |
598 | | * 0x010000..0x10FFFF 0xFDF0..0x10FFFF (*) |
599 | | * |
600 | | * (*) exclude code points where ((code & 0xFFFF) >= 0xFFFE) |
601 | | * |
602 | | * References: |
603 | | * XML 1.0: <http://www.w3.org/TR/REC-xml/#charsets> |
604 | | * HTML 4.01: <http://www.w3.org/TR/1999/PR-html40-19990824/sgml/sgmldecl.html> |
605 | | * HTML 5: <http://dev.w3.org/html5/spec/Overview.html#preprocessing-the-input-stream> |
606 | | * |
607 | | * Not sure this is the relevant part for HTML 5, though. I opted to |
608 | | * disallow the characters that would result in a parse error when |
609 | | * preprocessing of the input stream. See also section 8.1.3. |
610 | | * |
611 | | * It's unclear if XHTML 1.0 allows C1 characters. I'll opt to apply to |
612 | | * XHTML 1.0 the same rules as for XML 1.0. |
613 | | * See <http://cmsmcq.com/2007/C1.xml>. |
614 | | */ |
615 | |
|
616 | 0 | switch (document_type) { |
617 | 0 | case ENT_HTML_DOC_HTML401: |
618 | 0 | return (uni_cp >= 0x20 && uni_cp <= 0x7E) || |
619 | 0 | (uni_cp == 0x0A || uni_cp == 0x09 || uni_cp == 0x0D) || |
620 | 0 | (uni_cp >= 0xA0 && uni_cp <= 0xD7FF) || |
621 | 0 | (uni_cp >= 0xE000 && uni_cp <= 0x10FFFF); |
622 | 0 | case ENT_HTML_DOC_HTML5: |
623 | 0 | return (uni_cp >= 0x20 && uni_cp <= 0x7E) || |
624 | 0 | (uni_cp >= 0x09 && uni_cp <= 0x0D && uni_cp != 0x0B) || /* form feed U+0C allowed */ |
625 | 0 | (uni_cp >= 0xA0 && uni_cp <= 0xD7FF) || |
626 | 0 | (uni_cp >= 0xE000 && uni_cp <= 0x10FFFF && |
627 | 0 | ((uni_cp & 0xFFFF) < 0xFFFE) && /* last two of each plane (nonchars) disallowed */ |
628 | 0 | (uni_cp < 0xFDD0 || uni_cp > 0xFDEF)); /* U+FDD0-U+FDEF (nonchars) disallowed */ |
629 | 0 | case ENT_HTML_DOC_XHTML: |
630 | 0 | case ENT_HTML_DOC_XML1: |
631 | 0 | return (uni_cp >= 0x20 && uni_cp <= 0xD7FF) || |
632 | 0 | (uni_cp == 0x0A || uni_cp == 0x09 || uni_cp == 0x0D) || |
633 | 0 | (uni_cp >= 0xE000 && uni_cp <= 0x10FFFF && uni_cp != 0xFFFE && uni_cp != 0xFFFF); |
634 | 0 | default: |
635 | 0 | return 1; |
636 | 0 | } |
637 | 0 | } |
638 | | /* }}} */ |
639 | | |
640 | | /* {{{ unicode_cp_is_allowed */ |
641 | | static inline int numeric_entity_is_allowed(unsigned uni_cp, int document_type) |
642 | 0 | { |
643 | | /* less restrictive than unicode_cp_is_allowed */ |
644 | 0 | switch (document_type) { |
645 | 0 | case ENT_HTML_DOC_HTML401: |
646 | | /* all non-SGML characters (those marked with UNUSED in DESCSET) should be |
647 | | * representable with numeric entities */ |
648 | 0 | return uni_cp <= 0x10FFFF; |
649 | 0 | case ENT_HTML_DOC_HTML5: |
650 | | /* 8.1.4. The numeric character reference forms described above are allowed to |
651 | | * reference any Unicode code point other than U+0000, U+000D, permanently |
652 | | * undefined Unicode characters (noncharacters), and control characters other |
653 | | * than space characters (U+0009, U+000A, U+000C and U+000D) */ |
654 | | /* seems to allow surrogate characters, then */ |
655 | 0 | return (uni_cp >= 0x20 && uni_cp <= 0x7E) || |
656 | 0 | (uni_cp >= 0x09 && uni_cp <= 0x0C && uni_cp != 0x0B) || /* form feed U+0C allowed, but not U+0D */ |
657 | 0 | (uni_cp >= 0xA0 && uni_cp <= 0x10FFFF && |
658 | 0 | ((uni_cp & 0xFFFF) < 0xFFFE) && /* last two of each plane (nonchars) disallowed */ |
659 | 0 | (uni_cp < 0xFDD0 || uni_cp > 0xFDEF)); /* U+FDD0-U+FDEF (nonchars) disallowed */ |
660 | 0 | case ENT_HTML_DOC_XHTML: |
661 | 0 | case ENT_HTML_DOC_XML1: |
662 | | /* OTOH, XML 1.0 requires "character references to match the production for Char |
663 | | * See <http://www.w3.org/TR/REC-xml/#NT-CharRef> */ |
664 | 0 | return unicode_cp_is_allowed(uni_cp, document_type); |
665 | 0 | default: |
666 | 0 | return 1; |
667 | 0 | } |
668 | 0 | } |
669 | | /* }}} */ |
670 | | |
671 | | /* {{{ process_numeric_entity |
672 | | * Auxiliary function to traverse_for_entities. |
673 | | * On input, *buf should point to the first character after # and on output, it's the last |
674 | | * byte read, no matter if there was success or insuccess. |
675 | | */ |
676 | | static inline int process_numeric_entity(const char **buf, unsigned *code_point) |
677 | 0 | { |
678 | 0 | zend_long code_l; |
679 | 0 | int hexadecimal = (**buf == 'x' || **buf == 'X'); /* TODO: XML apparently disallows "X" */ |
680 | 0 | char *endptr; |
681 | |
|
682 | 0 | if (hexadecimal && (**buf != '\0')) |
683 | 0 | (*buf)++; |
684 | | |
685 | | /* strtol allows whitespace and other stuff in the beginning |
686 | | * we're not interested */ |
687 | 0 | if ((hexadecimal && !isxdigit(**buf)) || |
688 | 0 | (!hexadecimal && !isdigit(**buf))) { |
689 | 0 | return FAILURE; |
690 | 0 | } |
691 | | |
692 | 0 | code_l = ZEND_STRTOL(*buf, &endptr, hexadecimal ? 16 : 10); |
693 | | /* we're guaranteed there were valid digits, so *endptr > buf */ |
694 | 0 | *buf = endptr; |
695 | |
|
696 | 0 | if (**buf != ';') |
697 | 0 | return FAILURE; |
698 | | |
699 | | /* many more are invalid, but that depends on whether it's HTML |
700 | | * (and which version) or XML. */ |
701 | 0 | if (code_l > Z_L(0x10FFFF)) |
702 | 0 | return FAILURE; |
703 | | |
704 | 0 | if (code_point != NULL) |
705 | 0 | *code_point = (unsigned)code_l; |
706 | |
|
707 | 0 | return SUCCESS; |
708 | 0 | } |
709 | | /* }}} */ |
710 | | |
711 | | /* {{{ process_named_entity */ |
712 | | static inline int process_named_entity_html(const char **buf, const char **start, size_t *length) |
713 | 0 | { |
714 | 0 | *start = *buf; |
715 | | |
716 | | /* "&" is represented by a 0x26 in all supported encodings. That means |
717 | | * the byte after represents a character or is the leading byte of an |
718 | | * sequence of 8-bit code units. If in the ranges below, it represents |
719 | | * necessarily a alpha character because none of the supported encodings |
720 | | * has an overlap with ASCII in the leading byte (only on the second one) */ |
721 | 0 | while ((**buf >= 'a' && **buf <= 'z') || |
722 | 0 | (**buf >= 'A' && **buf <= 'Z') || |
723 | 0 | (**buf >= '0' && **buf <= '9')) { |
724 | 0 | (*buf)++; |
725 | 0 | } |
726 | |
|
727 | 0 | if (**buf != ';') |
728 | 0 | return FAILURE; |
729 | | |
730 | | /* cast to size_t OK as the quantity is always non-negative */ |
731 | 0 | *length = *buf - *start; |
732 | |
|
733 | 0 | if (*length == 0) |
734 | 0 | return FAILURE; |
735 | | |
736 | 0 | return SUCCESS; |
737 | 0 | } |
738 | | /* }}} */ |
739 | | |
740 | | /* {{{ resolve_named_entity_html */ |
741 | | static int resolve_named_entity_html(const char *start, size_t length, const entity_ht *ht, unsigned *uni_cp1, unsigned *uni_cp2) |
742 | 0 | { |
743 | 0 | const entity_cp_map *s; |
744 | 0 | zend_ulong hash = zend_inline_hash_func(start, length); |
745 | |
|
746 | 0 | s = ht->buckets[hash % ht->num_elems]; |
747 | 0 | while (s->entity) { |
748 | 0 | if (s->entity_len == length) { |
749 | 0 | if (memcmp(start, s->entity, length) == 0) { |
750 | 0 | *uni_cp1 = s->codepoint1; |
751 | 0 | *uni_cp2 = s->codepoint2; |
752 | 0 | return SUCCESS; |
753 | 0 | } |
754 | 0 | } |
755 | 0 | s++; |
756 | 0 | } |
757 | 0 | return FAILURE; |
758 | 0 | } |
759 | | /* }}} */ |
760 | | |
761 | 0 | static inline size_t write_octet_sequence(unsigned char *buf, enum entity_charset charset, unsigned code) { |
762 | | /* code is not necessarily a unicode code point */ |
763 | 0 | switch (charset) { |
764 | 0 | case cs_utf_8: |
765 | 0 | return php_utf32_utf8(buf, code); |
766 | | |
767 | 0 | case cs_8859_1: |
768 | 0 | case cs_cp1252: |
769 | 0 | case cs_8859_15: |
770 | 0 | case cs_koi8r: |
771 | 0 | case cs_cp1251: |
772 | 0 | case cs_8859_5: |
773 | 0 | case cs_cp866: |
774 | 0 | case cs_macroman: |
775 | | /* single byte stuff */ |
776 | 0 | *buf = code; |
777 | 0 | return 1; |
778 | |
|
779 | 0 | case cs_big5: |
780 | 0 | case cs_big5hkscs: |
781 | 0 | case cs_sjis: |
782 | 0 | case cs_gb2312: |
783 | | /* we don't have complete unicode mappings for these yet in entity_decode, |
784 | | * and we opt to pass through the octet sequences for these in htmlentities |
785 | | * instead of converting to an int and then converting back. */ |
786 | | #if 0 |
787 | | return php_mb2_int_to_char(buf, code); |
788 | | #else |
789 | | #if ZEND_DEBUG |
790 | | assert(code <= 0xFFU); |
791 | | #endif |
792 | 0 | *buf = code; |
793 | 0 | return 1; |
794 | 0 | #endif |
795 | |
|
796 | 0 | case cs_eucjp: |
797 | | #if 0 /* idem */ |
798 | | return php_mb2_int_to_char(buf, code); |
799 | | #else |
800 | | #if ZEND_DEBUG |
801 | | assert(code <= 0xFFU); |
802 | | #endif |
803 | 0 | *buf = code; |
804 | 0 | return 1; |
805 | 0 | #endif |
806 | |
|
807 | 0 | default: |
808 | 0 | assert(0); |
809 | 0 | return 0; |
810 | 0 | } |
811 | 0 | } |
812 | | |
813 | | /* {{{ traverse_for_entities |
814 | | * Auxiliary function to php_unescape_html_entities(). |
815 | | * - The argument "all" determines if all numeric entities are decode or only those |
816 | | * that correspond to quotes (depending on quote_style). |
817 | | */ |
818 | | /* maximum expansion (factor 1.2) for HTML 5 with ≫⃒ and ≪⃒ */ |
819 | | /* +2 is 1 because of rest (probably unnecessary), 1 because of terminating 0 */ |
820 | 0 | #define TRAVERSE_FOR_ENTITIES_EXPAND_SIZE(oldlen) ((oldlen) + (oldlen) / 5 + 2) |
821 | | static void traverse_for_entities( |
822 | | const char *old, |
823 | | size_t oldlen, |
824 | | zend_string *ret, /* should have allocated TRAVERSE_FOR_ENTITIES_EXPAND_SIZE(olden) */ |
825 | | int all, |
826 | | int flags, |
827 | | const entity_ht *inv_map, |
828 | | enum entity_charset charset) |
829 | 0 | { |
830 | 0 | const char *p, |
831 | 0 | *lim; |
832 | 0 | char *q; |
833 | 0 | int doctype = flags & ENT_HTML_DOC_TYPE_MASK; |
834 | |
|
835 | 0 | lim = old + oldlen; /* terminator address */ |
836 | 0 | assert(*lim == '\0'); |
837 | |
|
838 | 0 | for (p = old, q = ZSTR_VAL(ret); p < lim;) { |
839 | 0 | unsigned code, code2 = 0; |
840 | 0 | const char *next = NULL; /* when set, next > p, otherwise possible inf loop */ |
841 | | |
842 | | /* Shift JIS, Big5 and HKSCS use multi-byte encodings where an |
843 | | * ASCII range byte can be part of a multi-byte sequence. |
844 | | * However, they start at 0x40, therefore if we find a 0x26 byte, |
845 | | * we're sure it represents the '&' character. */ |
846 | | |
847 | | /* assumes there are no single-char entities */ |
848 | 0 | if (p[0] != '&' || (p + 3 >= lim)) { |
849 | 0 | *(q++) = *(p++); |
850 | 0 | continue; |
851 | 0 | } |
852 | | |
853 | | /* now p[3] is surely valid and is no terminator */ |
854 | | |
855 | | /* numerical entity */ |
856 | 0 | if (p[1] == '#') { |
857 | 0 | next = &p[2]; |
858 | 0 | if (process_numeric_entity(&next, &code) == FAILURE) |
859 | 0 | goto invalid_code; |
860 | | |
861 | | /* If we're in htmlspecialchars_decode, we're only decoding entities |
862 | | * that represent &, <, >, " and '. Is this one of them? */ |
863 | 0 | if (!all && (code > 63U || |
864 | 0 | stage3_table_be_apos_00000[code].data.ent.entity == NULL)) |
865 | 0 | goto invalid_code; |
866 | | |
867 | | /* are we allowed to decode this entity in this document type? |
868 | | * HTML 5 is the only that has a character that cannot be used in |
869 | | * a numeric entity but is allowed literally (U+000D). The |
870 | | * unoptimized version would be ... || !numeric_entity_is_allowed(code) */ |
871 | 0 | if (!unicode_cp_is_allowed(code, doctype) || |
872 | 0 | (doctype == ENT_HTML_DOC_HTML5 && code == 0x0D)) |
873 | 0 | goto invalid_code; |
874 | 0 | } else { |
875 | 0 | const char *start; |
876 | 0 | size_t ent_len; |
877 | |
|
878 | 0 | next = &p[1]; |
879 | 0 | start = next; |
880 | |
|
881 | 0 | if (process_named_entity_html(&next, &start, &ent_len) == FAILURE) |
882 | 0 | goto invalid_code; |
883 | | |
884 | 0 | if (resolve_named_entity_html(start, ent_len, inv_map, &code, &code2) == FAILURE) { |
885 | 0 | if (doctype == ENT_HTML_DOC_XHTML && ent_len == 4 && start[0] == 'a' |
886 | 0 | && start[1] == 'p' && start[2] == 'o' && start[3] == 's') { |
887 | | /* uses html4 inv_map, which doesn't include apos;. This is a |
888 | | * hack to support it */ |
889 | 0 | code = (unsigned) '\''; |
890 | 0 | } else { |
891 | 0 | goto invalid_code; |
892 | 0 | } |
893 | 0 | } |
894 | 0 | } |
895 | | |
896 | 0 | assert(*next == ';'); |
897 | |
|
898 | 0 | if (((code == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || |
899 | 0 | (code == '"' && !(flags & ENT_HTML_QUOTE_DOUBLE))) |
900 | 0 | /* && code2 == '\0' always true for current maps */) |
901 | 0 | goto invalid_code; |
902 | | |
903 | | /* UTF-8 doesn't need mapping (ISO-8859-1 doesn't either, but |
904 | | * the call is needed to ensure the codepoint <= U+00FF) */ |
905 | 0 | if (charset != cs_utf_8) { |
906 | | /* replace unicode code point */ |
907 | 0 | if (map_from_unicode(code, charset, &code) == FAILURE || code2 != 0) |
908 | 0 | goto invalid_code; /* not representable in target charset */ |
909 | 0 | } |
910 | | |
911 | 0 | q += write_octet_sequence((unsigned char*)q, charset, code); |
912 | 0 | if (code2) { |
913 | 0 | q += write_octet_sequence((unsigned char*)q, charset, code2); |
914 | 0 | } |
915 | | |
916 | | /* jump over the valid entity; may go beyond size of buffer; np */ |
917 | 0 | p = next + 1; |
918 | 0 | continue; |
919 | | |
920 | 0 | invalid_code: |
921 | 0 | for (; p < next; p++) { |
922 | 0 | *(q++) = *p; |
923 | 0 | } |
924 | 0 | } |
925 | |
|
926 | 0 | *q = '\0'; |
927 | 0 | ZSTR_LEN(ret) = (size_t)(q - ZSTR_VAL(ret)); |
928 | 0 | } |
929 | | /* }}} */ |
930 | | |
931 | | /* {{{ unescape_inverse_map */ |
932 | | static const entity_ht *unescape_inverse_map(int all, int flags) |
933 | 0 | { |
934 | 0 | int document_type = flags & ENT_HTML_DOC_TYPE_MASK; |
935 | |
|
936 | 0 | if (all) { |
937 | 0 | switch (document_type) { |
938 | 0 | case ENT_HTML_DOC_HTML401: |
939 | 0 | case ENT_HTML_DOC_XHTML: /* but watch out for '...*/ |
940 | 0 | return &ent_ht_html4; |
941 | 0 | case ENT_HTML_DOC_HTML5: |
942 | 0 | return &ent_ht_html5; |
943 | 0 | default: |
944 | 0 | return &ent_ht_be_apos; |
945 | 0 | } |
946 | 0 | } else { |
947 | 0 | switch (document_type) { |
948 | 0 | case ENT_HTML_DOC_HTML401: |
949 | 0 | return &ent_ht_be_noapos; |
950 | 0 | default: |
951 | 0 | return &ent_ht_be_apos; |
952 | 0 | } |
953 | 0 | } |
954 | 0 | } |
955 | | /* }}} */ |
956 | | |
957 | | /* {{{ determine_entity_table |
958 | | * Entity table to use. Note that entity tables are defined in terms of |
959 | | * unicode code points */ |
960 | | static entity_table_opt determine_entity_table(int all, int doctype) |
961 | 0 | { |
962 | 0 | entity_table_opt retval = {0}; |
963 | |
|
964 | 0 | assert(!(doctype == ENT_HTML_DOC_XML1 && all)); |
965 | |
|
966 | 0 | if (all) { |
967 | 0 | retval.ms_table = (doctype == ENT_HTML_DOC_HTML5) ? |
968 | 0 | entity_ms_table_html5 : entity_ms_table_html4; |
969 | 0 | } else { |
970 | 0 | retval.table = (doctype == ENT_HTML_DOC_HTML401) ? |
971 | 0 | stage3_table_be_noapos_00000 : stage3_table_be_apos_00000; |
972 | 0 | } |
973 | 0 | return retval; |
974 | 0 | } |
975 | | /* }}} */ |
976 | | |
977 | | /* {{{ php_unescape_html_entities |
978 | | * The parameter "all" should be true to decode all possible entities, false to decode |
979 | | * only the basic ones, i.e., those in basic_entities_ex + the numeric entities |
980 | | * that correspond to quotes. |
981 | | */ |
982 | | PHPAPI zend_string *php_unescape_html_entities(zend_string *str, int all, int flags, const char *hint_charset) |
983 | 0 | { |
984 | 0 | zend_string *ret; |
985 | 0 | enum entity_charset charset; |
986 | 0 | const entity_ht *inverse_map; |
987 | 0 | size_t new_size; |
988 | |
|
989 | 0 | if (!memchr(ZSTR_VAL(str), '&', ZSTR_LEN(str))) { |
990 | 0 | return zend_string_copy(str); |
991 | 0 | } |
992 | | |
993 | 0 | if (all) { |
994 | 0 | charset = determine_charset(hint_charset, /* quiet */ 0); |
995 | 0 | } else { |
996 | 0 | charset = cs_8859_1; /* charset shouldn't matter, use ISO-8859-1 for performance */ |
997 | 0 | } |
998 | | |
999 | | /* don't use LIMIT_ALL! */ |
1000 | |
|
1001 | 0 | new_size = TRAVERSE_FOR_ENTITIES_EXPAND_SIZE(ZSTR_LEN(str)); |
1002 | 0 | if (ZSTR_LEN(str) > new_size) { |
1003 | | /* overflow, refuse to do anything */ |
1004 | 0 | return zend_string_copy(str); |
1005 | 0 | } |
1006 | | |
1007 | 0 | ret = zend_string_alloc(new_size, 0); |
1008 | |
|
1009 | 0 | inverse_map = unescape_inverse_map(all, flags); |
1010 | | |
1011 | | /* replace numeric entities */ |
1012 | 0 | traverse_for_entities(ZSTR_VAL(str), ZSTR_LEN(str), ret, all, flags, inverse_map, charset); |
1013 | |
|
1014 | 0 | return ret; |
1015 | 0 | } |
1016 | | /* }}} */ |
1017 | | |
1018 | | PHPAPI zend_string *php_escape_html_entities(const unsigned char *old, size_t oldlen, int all, int flags, const char *hint_charset) |
1019 | 0 | { |
1020 | 0 | return php_escape_html_entities_ex(old, oldlen, all, flags, hint_charset, 1, /* quiet */ 0); |
1021 | 0 | } |
1022 | | |
1023 | | /* {{{ find_entity_for_char */ |
1024 | | static inline void find_entity_for_char( |
1025 | | unsigned int k, |
1026 | | enum entity_charset charset, |
1027 | | const entity_stage1_row *table, |
1028 | | const unsigned char **entity, |
1029 | | size_t *entity_len, |
1030 | | const unsigned char *old, |
1031 | | size_t oldlen, |
1032 | | size_t *cursor) |
1033 | 0 | { |
1034 | 0 | unsigned stage1_idx = ENT_STAGE1_INDEX(k); |
1035 | 0 | const entity_stage3_row *c; |
1036 | |
|
1037 | 0 | if (stage1_idx > 0x1D) { |
1038 | 0 | *entity = NULL; |
1039 | 0 | *entity_len = 0; |
1040 | 0 | return; |
1041 | 0 | } |
1042 | | |
1043 | 0 | c = &table[stage1_idx][ENT_STAGE2_INDEX(k)][ENT_STAGE3_INDEX(k)]; |
1044 | |
|
1045 | 0 | if (!c->ambiguous) { |
1046 | 0 | *entity = (const unsigned char *)c->data.ent.entity; |
1047 | 0 | *entity_len = c->data.ent.entity_len; |
1048 | 0 | } else { |
1049 | | /* peek at next char */ |
1050 | 0 | size_t cursor_before = *cursor; |
1051 | 0 | int status = SUCCESS; |
1052 | 0 | unsigned next_char; |
1053 | |
|
1054 | 0 | if (!(*cursor < oldlen)) |
1055 | 0 | goto no_suitable_2nd; |
1056 | | |
1057 | 0 | next_char = get_next_char(charset, old, oldlen, cursor, &status); |
1058 | |
|
1059 | 0 | if (status == FAILURE) |
1060 | 0 | goto no_suitable_2nd; |
1061 | | |
1062 | 0 | { |
1063 | 0 | const entity_multicodepoint_row *s, *e; |
1064 | |
|
1065 | 0 | s = &c->data.multicodepoint_table[1]; |
1066 | 0 | e = s - 1 + c->data.multicodepoint_table[0].leading_entry.size; |
1067 | | /* we could do a binary search but it's not worth it since we have |
1068 | | * at most two entries... */ |
1069 | 0 | for ( ; s <= e; s++) { |
1070 | 0 | if (s->normal_entry.second_cp == next_char) { |
1071 | 0 | *entity = (const unsigned char *) s->normal_entry.entity; |
1072 | 0 | *entity_len = s->normal_entry.entity_len; |
1073 | 0 | return; |
1074 | 0 | } |
1075 | 0 | } |
1076 | 0 | } |
1077 | 0 | no_suitable_2nd: |
1078 | 0 | *cursor = cursor_before; |
1079 | 0 | *entity = (const unsigned char *) |
1080 | 0 | c->data.multicodepoint_table[0].leading_entry.default_entity; |
1081 | 0 | *entity_len = c->data.multicodepoint_table[0].leading_entry.default_entity_len; |
1082 | 0 | } |
1083 | 0 | } |
1084 | | /* }}} */ |
1085 | | |
1086 | | /* {{{ find_entity_for_char_basic */ |
1087 | | static inline void find_entity_for_char_basic( |
1088 | | unsigned int k, |
1089 | | const entity_stage3_row *table, |
1090 | | const unsigned char **entity, |
1091 | | size_t *entity_len) |
1092 | 0 | { |
1093 | 0 | if (k >= 64U) { |
1094 | 0 | *entity = NULL; |
1095 | 0 | *entity_len = 0; |
1096 | 0 | return; |
1097 | 0 | } |
1098 | | |
1099 | 0 | *entity = (const unsigned char *) table[k].data.ent.entity; |
1100 | 0 | *entity_len = table[k].data.ent.entity_len; |
1101 | 0 | } |
1102 | | /* }}} */ |
1103 | | |
1104 | | /* {{{ php_escape_html_entities |
1105 | | */ |
1106 | | PHPAPI zend_string *php_escape_html_entities_ex(const unsigned char *old, size_t oldlen, int all, int flags, const char *hint_charset, zend_bool double_encode, zend_bool quiet) |
1107 | 0 | { |
1108 | 0 | size_t cursor, maxlen, len; |
1109 | 0 | zend_string *replaced; |
1110 | 0 | enum entity_charset charset = determine_charset(hint_charset, quiet); |
1111 | 0 | int doctype = flags & ENT_HTML_DOC_TYPE_MASK; |
1112 | 0 | entity_table_opt entity_table; |
1113 | 0 | const enc_to_uni *to_uni_table = NULL; |
1114 | 0 | const entity_ht *inv_map = NULL; /* used for !double_encode */ |
1115 | | /* only used if flags includes ENT_HTML_IGNORE_ERRORS or ENT_HTML_SUBSTITUTE_DISALLOWED_CHARS */ |
1116 | 0 | const unsigned char *replacement = NULL; |
1117 | 0 | size_t replacement_len = 0; |
1118 | |
|
1119 | 0 | if (all) { /* replace with all named entities */ |
1120 | 0 | if (!quiet && CHARSET_PARTIAL_SUPPORT(charset)) { |
1121 | 0 | php_error_docref(NULL, E_NOTICE, "Only basic entities " |
1122 | 0 | "substitution is supported for multi-byte encodings other than UTF-8; " |
1123 | 0 | "functionality is equivalent to htmlspecialchars"); |
1124 | 0 | } |
1125 | 0 | LIMIT_ALL(all, doctype, charset); |
1126 | 0 | } |
1127 | 0 | entity_table = determine_entity_table(all, doctype); |
1128 | 0 | if (all && !CHARSET_UNICODE_COMPAT(charset)) { |
1129 | 0 | to_uni_table = enc_to_uni_index[charset]; |
1130 | 0 | } |
1131 | |
|
1132 | 0 | if (!double_encode) { |
1133 | | /* first arg is 1 because we want to identify valid named entities |
1134 | | * even if we are only encoding the basic ones */ |
1135 | 0 | inv_map = unescape_inverse_map(1, flags); |
1136 | 0 | } |
1137 | |
|
1138 | 0 | if (flags & (ENT_HTML_SUBSTITUTE_ERRORS | ENT_HTML_SUBSTITUTE_DISALLOWED_CHARS)) { |
1139 | 0 | if (charset == cs_utf_8) { |
1140 | 0 | replacement = (const unsigned char*)"\xEF\xBF\xBD"; |
1141 | 0 | replacement_len = sizeof("\xEF\xBF\xBD") - 1; |
1142 | 0 | } else { |
1143 | 0 | replacement = (const unsigned char*)"�"; |
1144 | 0 | replacement_len = sizeof("�") - 1; |
1145 | 0 | } |
1146 | 0 | } |
1147 | | |
1148 | | /* initial estimate */ |
1149 | 0 | if (oldlen < 64) { |
1150 | 0 | maxlen = 128; |
1151 | 0 | } else { |
1152 | 0 | maxlen = zend_safe_addmult(oldlen, 2, 0, "html_entities"); |
1153 | 0 | } |
1154 | |
|
1155 | 0 | replaced = zend_string_alloc(maxlen, 0); |
1156 | 0 | len = 0; |
1157 | 0 | cursor = 0; |
1158 | 0 | while (cursor < oldlen) { |
1159 | 0 | const unsigned char *mbsequence = NULL; |
1160 | 0 | size_t mbseqlen = 0, |
1161 | 0 | cursor_before = cursor; |
1162 | 0 | int status = SUCCESS; |
1163 | 0 | unsigned int this_char = get_next_char(charset, old, oldlen, &cursor, &status); |
1164 | | |
1165 | | /* guarantee we have at least 40 bytes to write. |
1166 | | * In HTML5, entities may take up to 33 bytes */ |
1167 | 0 | if (len > maxlen - 40) { /* maxlen can never be smaller than 128 */ |
1168 | 0 | replaced = zend_string_safe_realloc(replaced, maxlen, 1, 128, 0); |
1169 | 0 | maxlen += 128; |
1170 | 0 | } |
1171 | |
|
1172 | 0 | if (status == FAILURE) { |
1173 | | /* invalid MB sequence */ |
1174 | 0 | if (flags & ENT_HTML_IGNORE_ERRORS) { |
1175 | 0 | continue; |
1176 | 0 | } else if (flags & ENT_HTML_SUBSTITUTE_ERRORS) { |
1177 | 0 | memcpy(&ZSTR_VAL(replaced)[len], replacement, replacement_len); |
1178 | 0 | len += replacement_len; |
1179 | 0 | continue; |
1180 | 0 | } else { |
1181 | 0 | zend_string_efree(replaced); |
1182 | 0 | return ZSTR_EMPTY_ALLOC(); |
1183 | 0 | } |
1184 | 0 | } else { /* SUCCESS */ |
1185 | 0 | mbsequence = &old[cursor_before]; |
1186 | 0 | mbseqlen = cursor - cursor_before; |
1187 | 0 | } |
1188 | |
|
1189 | 0 | if (this_char != '&') { /* no entity on this position */ |
1190 | 0 | const unsigned char *rep = NULL; |
1191 | 0 | size_t rep_len = 0; |
1192 | |
|
1193 | 0 | if (((this_char == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || |
1194 | 0 | (this_char == '"' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) |
1195 | 0 | goto pass_char_through; |
1196 | | |
1197 | 0 | if (all) { /* false that CHARSET_PARTIAL_SUPPORT(charset) */ |
1198 | 0 | if (to_uni_table != NULL) { |
1199 | | /* !CHARSET_UNICODE_COMPAT therefore not UTF-8; since UTF-8 |
1200 | | * is the only multibyte encoding with !CHARSET_PARTIAL_SUPPORT, |
1201 | | * we're using a single byte encoding */ |
1202 | 0 | map_to_unicode(this_char, to_uni_table, &this_char); |
1203 | 0 | if (this_char == 0xFFFF) /* no mapping; pass through */ |
1204 | 0 | goto pass_char_through; |
1205 | 0 | } |
1206 | | /* the cursor may advance */ |
1207 | 0 | find_entity_for_char(this_char, charset, entity_table.ms_table, &rep, |
1208 | 0 | &rep_len, old, oldlen, &cursor); |
1209 | 0 | } else { |
1210 | 0 | find_entity_for_char_basic(this_char, entity_table.table, &rep, &rep_len); |
1211 | 0 | } |
1212 | |
|
1213 | 0 | if (rep != NULL) { |
1214 | 0 | ZSTR_VAL(replaced)[len++] = '&'; |
1215 | 0 | memcpy(&ZSTR_VAL(replaced)[len], rep, rep_len); |
1216 | 0 | len += rep_len; |
1217 | 0 | ZSTR_VAL(replaced)[len++] = ';'; |
1218 | 0 | } else { |
1219 | | /* we did not find an entity for this char. |
1220 | | * check for its validity, if its valid pass it unchanged */ |
1221 | 0 | if (flags & ENT_HTML_SUBSTITUTE_DISALLOWED_CHARS) { |
1222 | 0 | if (CHARSET_UNICODE_COMPAT(charset)) { |
1223 | 0 | if (!unicode_cp_is_allowed(this_char, doctype)) { |
1224 | 0 | mbsequence = replacement; |
1225 | 0 | mbseqlen = replacement_len; |
1226 | 0 | } |
1227 | 0 | } else if (to_uni_table) { |
1228 | 0 | if (!all) /* otherwise we already did this */ |
1229 | 0 | map_to_unicode(this_char, to_uni_table, &this_char); |
1230 | 0 | if (!unicode_cp_is_allowed(this_char, doctype)) { |
1231 | 0 | mbsequence = replacement; |
1232 | 0 | mbseqlen = replacement_len; |
1233 | 0 | } |
1234 | 0 | } else { |
1235 | | /* not a unicode code point, unless, coincidentally, it's in |
1236 | | * the 0x20..0x7D range (except 0x5C in sjis). We know nothing |
1237 | | * about other code points, because we have no tables. Since |
1238 | | * Unicode code points in that range are not disallowed in any |
1239 | | * document type, we could do nothing. However, conversion |
1240 | | * tables frequently map 0x00-0x1F to the respective C0 code |
1241 | | * points. Let's play it safe and admit that's the case */ |
1242 | 0 | if (this_char <= 0x7D && |
1243 | 0 | !unicode_cp_is_allowed(this_char, doctype)) { |
1244 | 0 | mbsequence = replacement; |
1245 | 0 | mbseqlen = replacement_len; |
1246 | 0 | } |
1247 | 0 | } |
1248 | 0 | } |
1249 | 0 | pass_char_through: |
1250 | 0 | if (mbseqlen > 1) { |
1251 | 0 | memcpy(ZSTR_VAL(replaced) + len, mbsequence, mbseqlen); |
1252 | 0 | len += mbseqlen; |
1253 | 0 | } else { |
1254 | 0 | ZSTR_VAL(replaced)[len++] = mbsequence[0]; |
1255 | 0 | } |
1256 | 0 | } |
1257 | 0 | } else { /* this_char == '&' */ |
1258 | 0 | if (double_encode) { |
1259 | 0 | encode_amp: |
1260 | 0 | memcpy(&ZSTR_VAL(replaced)[len], "&", sizeof("&") - 1); |
1261 | 0 | len += sizeof("&") - 1; |
1262 | 0 | } else { /* no double encode */ |
1263 | | /* check if entity is valid */ |
1264 | 0 | size_t ent_len; /* not counting & or ; */ |
1265 | | /* peek at next char */ |
1266 | 0 | if (old[cursor] == '#') { /* numeric entity */ |
1267 | 0 | unsigned code_point; |
1268 | 0 | int valid; |
1269 | 0 | char *pos = (char*)&old[cursor+1]; |
1270 | 0 | valid = process_numeric_entity((const char **)&pos, &code_point); |
1271 | 0 | if (valid == FAILURE) |
1272 | 0 | goto encode_amp; |
1273 | 0 | if (flags & ENT_HTML_SUBSTITUTE_DISALLOWED_CHARS) { |
1274 | 0 | if (!numeric_entity_is_allowed(code_point, doctype)) |
1275 | 0 | goto encode_amp; |
1276 | 0 | } |
1277 | 0 | ent_len = pos - (char*)&old[cursor]; |
1278 | 0 | } else { /* named entity */ |
1279 | | /* check for vality of named entity */ |
1280 | 0 | const char *start = (const char *) &old[cursor], |
1281 | 0 | *next = start; |
1282 | 0 | unsigned dummy1, dummy2; |
1283 | |
|
1284 | 0 | if (process_named_entity_html(&next, &start, &ent_len) == FAILURE) |
1285 | 0 | goto encode_amp; |
1286 | 0 | if (resolve_named_entity_html(start, ent_len, inv_map, &dummy1, &dummy2) == FAILURE) { |
1287 | 0 | if (!(doctype == ENT_HTML_DOC_XHTML && ent_len == 4 && start[0] == 'a' |
1288 | 0 | && start[1] == 'p' && start[2] == 'o' && start[3] == 's')) { |
1289 | | /* uses html4 inv_map, which doesn't include apos;. This is a |
1290 | | * hack to support it */ |
1291 | 0 | goto encode_amp; |
1292 | 0 | } |
1293 | 0 | } |
1294 | 0 | } |
1295 | | /* checks passed; copy entity to result */ |
1296 | | /* entity size is unbounded, we may need more memory */ |
1297 | | /* at this point maxlen - len >= 40 */ |
1298 | 0 | if (maxlen - len < ent_len + 2 /* & and ; */) { |
1299 | | /* ent_len < oldlen, which is certainly <= SIZE_MAX/2 */ |
1300 | 0 | replaced = zend_string_safe_realloc(replaced, maxlen, 1, ent_len + 128, 0); |
1301 | 0 | maxlen += ent_len + 128; |
1302 | 0 | } |
1303 | 0 | ZSTR_VAL(replaced)[len++] = '&'; |
1304 | 0 | memcpy(&ZSTR_VAL(replaced)[len], &old[cursor], ent_len); |
1305 | 0 | len += ent_len; |
1306 | 0 | ZSTR_VAL(replaced)[len++] = ';'; |
1307 | 0 | cursor += ent_len + 1; |
1308 | 0 | } |
1309 | 0 | } |
1310 | 0 | } |
1311 | 0 | ZSTR_VAL(replaced)[len] = '\0'; |
1312 | 0 | ZSTR_LEN(replaced) = len; |
1313 | |
|
1314 | 0 | return replaced; |
1315 | 0 | } |
1316 | | /* }}} */ |
1317 | | |
1318 | | /* {{{ php_html_entities |
1319 | | */ |
1320 | | static void php_html_entities(INTERNAL_FUNCTION_PARAMETERS, int all) |
1321 | 0 | { |
1322 | 0 | zend_string *str, *hint_charset = NULL; |
1323 | 0 | zend_long flags = ENT_COMPAT; |
1324 | 0 | zend_string *replaced; |
1325 | 0 | zend_bool double_encode = 1; |
1326 | |
|
1327 | 0 | ZEND_PARSE_PARAMETERS_START(1, 4) |
1328 | 0 | Z_PARAM_STR(str) |
1329 | 0 | Z_PARAM_OPTIONAL |
1330 | 0 | Z_PARAM_LONG(flags) |
1331 | 0 | Z_PARAM_STR_EX(hint_charset, 1, 0) |
1332 | 0 | Z_PARAM_BOOL(double_encode); |
1333 | 0 | ZEND_PARSE_PARAMETERS_END(); |
1334 | |
|
1335 | 0 | replaced = php_escape_html_entities_ex( |
1336 | 0 | (unsigned char*)ZSTR_VAL(str), ZSTR_LEN(str), all, (int) flags, |
1337 | 0 | hint_charset ? ZSTR_VAL(hint_charset) : NULL, double_encode, /* quiet */ 0); |
1338 | 0 | RETVAL_STR(replaced); |
1339 | 0 | } |
1340 | | /* }}} */ |
1341 | | |
1342 | 0 | #define HTML_SPECIALCHARS 0 |
1343 | | #define HTML_ENTITIES 1 |
1344 | | |
1345 | | /* {{{ register_html_constants |
1346 | | */ |
1347 | | void register_html_constants(INIT_FUNC_ARGS) |
1348 | 3.68k | { |
1349 | 3.68k | REGISTER_LONG_CONSTANT("HTML_SPECIALCHARS", HTML_SPECIALCHARS, CONST_PERSISTENT|CONST_CS); |
1350 | 3.68k | REGISTER_LONG_CONSTANT("HTML_ENTITIES", HTML_ENTITIES, CONST_PERSISTENT|CONST_CS); |
1351 | 3.68k | REGISTER_LONG_CONSTANT("ENT_COMPAT", ENT_COMPAT, CONST_PERSISTENT|CONST_CS); |
1352 | 3.68k | REGISTER_LONG_CONSTANT("ENT_QUOTES", ENT_QUOTES, CONST_PERSISTENT|CONST_CS); |
1353 | 3.68k | REGISTER_LONG_CONSTANT("ENT_NOQUOTES", ENT_NOQUOTES, CONST_PERSISTENT|CONST_CS); |
1354 | 3.68k | REGISTER_LONG_CONSTANT("ENT_IGNORE", ENT_IGNORE, CONST_PERSISTENT|CONST_CS); |
1355 | 3.68k | REGISTER_LONG_CONSTANT("ENT_SUBSTITUTE", ENT_SUBSTITUTE, CONST_PERSISTENT|CONST_CS); |
1356 | 3.68k | REGISTER_LONG_CONSTANT("ENT_DISALLOWED", ENT_DISALLOWED, CONST_PERSISTENT|CONST_CS); |
1357 | 3.68k | REGISTER_LONG_CONSTANT("ENT_HTML401", ENT_HTML401, CONST_PERSISTENT|CONST_CS); |
1358 | 3.68k | REGISTER_LONG_CONSTANT("ENT_XML1", ENT_XML1, CONST_PERSISTENT|CONST_CS); |
1359 | 3.68k | REGISTER_LONG_CONSTANT("ENT_XHTML", ENT_XHTML, CONST_PERSISTENT|CONST_CS); |
1360 | 3.68k | REGISTER_LONG_CONSTANT("ENT_HTML5", ENT_HTML5, CONST_PERSISTENT|CONST_CS); |
1361 | 3.68k | } |
1362 | | /* }}} */ |
1363 | | |
1364 | | /* {{{ proto string htmlspecialchars(string string [, int quote_style[, string encoding[, bool double_encode]]]) |
1365 | | Convert special characters to HTML entities */ |
1366 | | PHP_FUNCTION(htmlspecialchars) |
1367 | 0 | { |
1368 | 0 | php_html_entities(INTERNAL_FUNCTION_PARAM_PASSTHRU, 0); |
1369 | 0 | } |
1370 | | /* }}} */ |
1371 | | |
1372 | | /* {{{ proto string htmlspecialchars_decode(string string [, int quote_style]) |
1373 | | Convert special HTML entities back to characters */ |
1374 | | PHP_FUNCTION(htmlspecialchars_decode) |
1375 | 0 | { |
1376 | 0 | zend_string *str; |
1377 | 0 | zend_long quote_style = ENT_COMPAT; |
1378 | 0 | zend_string *replaced; |
1379 | |
|
1380 | 0 | ZEND_PARSE_PARAMETERS_START(1, 2) |
1381 | 0 | Z_PARAM_STR(str) |
1382 | 0 | Z_PARAM_OPTIONAL |
1383 | 0 | Z_PARAM_LONG(quote_style) |
1384 | 0 | ZEND_PARSE_PARAMETERS_END(); |
1385 | |
|
1386 | 0 | replaced = php_unescape_html_entities(str, 0 /*!all*/, (int)quote_style, NULL); |
1387 | 0 | if (replaced) { |
1388 | 0 | RETURN_STR(replaced); |
1389 | 0 | } |
1390 | 0 | RETURN_FALSE; |
1391 | 0 | } |
1392 | | /* }}} */ |
1393 | | |
1394 | | /* {{{ proto string html_entity_decode(string string [, int quote_style][, string encoding]) |
1395 | | Convert all HTML entities to their applicable characters */ |
1396 | | PHP_FUNCTION(html_entity_decode) |
1397 | 0 | { |
1398 | 0 | zend_string *str, *hint_charset = NULL; |
1399 | 0 | zend_long quote_style = ENT_COMPAT; |
1400 | 0 | zend_string *replaced; |
1401 | |
|
1402 | 0 | ZEND_PARSE_PARAMETERS_START(1, 3) |
1403 | 0 | Z_PARAM_STR(str) |
1404 | 0 | Z_PARAM_OPTIONAL |
1405 | 0 | Z_PARAM_LONG(quote_style) |
1406 | 0 | Z_PARAM_STR(hint_charset) |
1407 | 0 | ZEND_PARSE_PARAMETERS_END(); |
1408 | |
|
1409 | 0 | replaced = php_unescape_html_entities( |
1410 | 0 | str, 1 /*all*/, (int)quote_style, hint_charset ? ZSTR_VAL(hint_charset) : NULL); |
1411 | |
|
1412 | 0 | if (replaced) { |
1413 | 0 | RETURN_STR(replaced); |
1414 | 0 | } |
1415 | 0 | RETURN_FALSE; |
1416 | 0 | } |
1417 | | /* }}} */ |
1418 | | |
1419 | | |
1420 | | /* {{{ proto string htmlentities(string string [, int quote_style[, string encoding[, bool double_encode]]]) |
1421 | | Convert all applicable characters to HTML entities */ |
1422 | | PHP_FUNCTION(htmlentities) |
1423 | 0 | { |
1424 | 0 | php_html_entities(INTERNAL_FUNCTION_PARAM_PASSTHRU, 1); |
1425 | 0 | } |
1426 | | /* }}} */ |
1427 | | |
1428 | | /* {{{ write_s3row_data */ |
1429 | | static inline void write_s3row_data( |
1430 | | const entity_stage3_row *r, |
1431 | | unsigned orig_cp, |
1432 | | enum entity_charset charset, |
1433 | | zval *arr) |
1434 | 0 | { |
1435 | 0 | char key[9] = ""; /* two unicode code points in UTF-8 */ |
1436 | 0 | char entity[LONGEST_ENTITY_LENGTH + 2] = {'&'}; |
1437 | 0 | size_t written_k1; |
1438 | |
|
1439 | 0 | written_k1 = write_octet_sequence((unsigned char*)key, charset, orig_cp); |
1440 | |
|
1441 | 0 | if (!r->ambiguous) { |
1442 | 0 | size_t l = r->data.ent.entity_len; |
1443 | 0 | memcpy(&entity[1], r->data.ent.entity, l); |
1444 | 0 | entity[l + 1] = ';'; |
1445 | 0 | add_assoc_stringl_ex(arr, key, written_k1, entity, l + 2); |
1446 | 0 | } else { |
1447 | 0 | unsigned i, |
1448 | 0 | num_entries; |
1449 | 0 | const entity_multicodepoint_row *mcpr = r->data.multicodepoint_table; |
1450 | |
|
1451 | 0 | if (mcpr[0].leading_entry.default_entity != NULL) { |
1452 | 0 | size_t l = mcpr[0].leading_entry.default_entity_len; |
1453 | 0 | memcpy(&entity[1], mcpr[0].leading_entry.default_entity, l); |
1454 | 0 | entity[l + 1] = ';'; |
1455 | 0 | add_assoc_stringl_ex(arr, key, written_k1, entity, l + 2); |
1456 | 0 | } |
1457 | 0 | num_entries = mcpr[0].leading_entry.size; |
1458 | 0 | for (i = 1; i <= num_entries; i++) { |
1459 | 0 | size_t l, |
1460 | 0 | written_k2; |
1461 | 0 | unsigned uni_cp, |
1462 | 0 | spe_cp; |
1463 | |
|
1464 | 0 | uni_cp = mcpr[i].normal_entry.second_cp; |
1465 | 0 | l = mcpr[i].normal_entry.entity_len; |
1466 | |
|
1467 | 0 | if (!CHARSET_UNICODE_COMPAT(charset)) { |
1468 | 0 | if (map_from_unicode(uni_cp, charset, &spe_cp) == FAILURE) |
1469 | 0 | continue; /* non representable in this charset */ |
1470 | 0 | } else { |
1471 | 0 | spe_cp = uni_cp; |
1472 | 0 | } |
1473 | |
|
1474 | 0 | written_k2 = write_octet_sequence((unsigned char*)&key[written_k1], charset, spe_cp); |
1475 | 0 | memcpy(&entity[1], mcpr[i].normal_entry.entity, l); |
1476 | 0 | entity[l + 1] = ';'; |
1477 | 0 | add_assoc_stringl_ex(arr, key, written_k1 + written_k2, entity, l + 2); |
1478 | 0 | } |
1479 | 0 | } |
1480 | 0 | } |
1481 | | /* }}} */ |
1482 | | |
1483 | | /* {{{ proto array get_html_translation_table([int table [, int flags [, string encoding]]]) |
1484 | | Returns the internal translation table used by htmlspecialchars and htmlentities */ |
1485 | | PHP_FUNCTION(get_html_translation_table) |
1486 | 0 | { |
1487 | 0 | zend_long all = HTML_SPECIALCHARS, |
1488 | 0 | flags = ENT_COMPAT; |
1489 | 0 | int doctype; |
1490 | 0 | entity_table_opt entity_table; |
1491 | 0 | const enc_to_uni *to_uni_table = NULL; |
1492 | 0 | char *charset_hint = NULL; |
1493 | 0 | size_t charset_hint_len; |
1494 | 0 | enum entity_charset charset; |
1495 | | |
1496 | | /* in this function we have to jump through some loops because we're |
1497 | | * getting the translated table from data structures that are optimized for |
1498 | | * random access, not traversal */ |
1499 | |
|
1500 | 0 | ZEND_PARSE_PARAMETERS_START(0, 3) |
1501 | 0 | Z_PARAM_OPTIONAL |
1502 | 0 | Z_PARAM_LONG(all) |
1503 | 0 | Z_PARAM_LONG(flags) |
1504 | 0 | Z_PARAM_STRING(charset_hint, charset_hint_len) |
1505 | 0 | ZEND_PARSE_PARAMETERS_END(); |
1506 | |
|
1507 | 0 | charset = determine_charset(charset_hint, /* quiet */ 0); |
1508 | 0 | doctype = flags & ENT_HTML_DOC_TYPE_MASK; |
1509 | 0 | LIMIT_ALL(all, doctype, charset); |
1510 | |
|
1511 | 0 | array_init(return_value); |
1512 | |
|
1513 | 0 | entity_table = determine_entity_table((int)all, doctype); |
1514 | 0 | if (all && !CHARSET_UNICODE_COMPAT(charset)) { |
1515 | 0 | to_uni_table = enc_to_uni_index[charset]; |
1516 | 0 | } |
1517 | |
|
1518 | 0 | if (all) { /* HTML_ENTITIES (actually, any non-zero value for 1st param) */ |
1519 | 0 | const entity_stage1_row *ms_table = entity_table.ms_table; |
1520 | |
|
1521 | 0 | if (CHARSET_UNICODE_COMPAT(charset)) { |
1522 | 0 | unsigned i, j, k, |
1523 | 0 | max_i, max_j, max_k; |
1524 | | /* no mapping to unicode required */ |
1525 | 0 | if (CHARSET_SINGLE_BYTE(charset)) { /* ISO-8859-1 */ |
1526 | 0 | max_i = 1; max_j = 4; max_k = 64; |
1527 | 0 | } else { |
1528 | 0 | max_i = 0x1E; max_j = 64; max_k = 64; |
1529 | 0 | } |
1530 | |
|
1531 | 0 | for (i = 0; i < max_i; i++) { |
1532 | 0 | if (ms_table[i] == empty_stage2_table) |
1533 | 0 | continue; |
1534 | 0 | for (j = 0; j < max_j; j++) { |
1535 | 0 | if (ms_table[i][j] == empty_stage3_table) |
1536 | 0 | continue; |
1537 | 0 | for (k = 0; k < max_k; k++) { |
1538 | 0 | const entity_stage3_row *r = &ms_table[i][j][k]; |
1539 | 0 | unsigned code; |
1540 | |
|
1541 | 0 | if (r->data.ent.entity == NULL) |
1542 | 0 | continue; |
1543 | | |
1544 | 0 | code = ENT_CODE_POINT_FROM_STAGES(i, j, k); |
1545 | 0 | if (((code == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || |
1546 | 0 | (code == '"' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) |
1547 | 0 | continue; |
1548 | 0 | write_s3row_data(r, code, charset, return_value); |
1549 | 0 | } |
1550 | 0 | } |
1551 | 0 | } |
1552 | 0 | } else { |
1553 | | /* we have to iterate through the set of code points for this |
1554 | | * encoding and map them to unicode code points */ |
1555 | 0 | unsigned i; |
1556 | 0 | for (i = 0; i <= 0xFF; i++) { |
1557 | 0 | const entity_stage3_row *r; |
1558 | 0 | unsigned uni_cp; |
1559 | | |
1560 | | /* can be done before mapping, they're invariant */ |
1561 | 0 | if (((i == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || |
1562 | 0 | (i == '"' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) |
1563 | 0 | continue; |
1564 | | |
1565 | 0 | map_to_unicode(i, to_uni_table, &uni_cp); |
1566 | 0 | r = &ms_table[ENT_STAGE1_INDEX(uni_cp)][ENT_STAGE2_INDEX(uni_cp)][ENT_STAGE3_INDEX(uni_cp)]; |
1567 | 0 | if (r->data.ent.entity == NULL) |
1568 | 0 | continue; |
1569 | | |
1570 | 0 | write_s3row_data(r, i, charset, return_value); |
1571 | 0 | } |
1572 | 0 | } |
1573 | 0 | } else { |
1574 | | /* we could use sizeof(stage3_table_be_apos_00000) as well */ |
1575 | 0 | unsigned j, |
1576 | 0 | numelems = sizeof(stage3_table_be_noapos_00000) / |
1577 | 0 | sizeof(*stage3_table_be_noapos_00000); |
1578 | |
|
1579 | 0 | for (j = 0; j < numelems; j++) { |
1580 | 0 | const entity_stage3_row *r = &entity_table.table[j]; |
1581 | 0 | if (r->data.ent.entity == NULL) |
1582 | 0 | continue; |
1583 | | |
1584 | 0 | if (((j == '\'' && !(flags & ENT_HTML_QUOTE_SINGLE)) || |
1585 | 0 | (j == '"' && !(flags & ENT_HTML_QUOTE_DOUBLE)))) |
1586 | 0 | continue; |
1587 | | |
1588 | | /* charset is indifferent, used cs_8859_1 for efficiency */ |
1589 | 0 | write_s3row_data(r, j, cs_8859_1, return_value); |
1590 | 0 | } |
1591 | 0 | } |
1592 | 0 | } |
1593 | | /* }}} */ |