Coverage Report

Created: 2025-06-13 06:43

/src/php-src/ext/standard/browscap.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
   +----------------------------------------------------------------------+
3
   | Copyright (c) The PHP Group                                          |
4
   +----------------------------------------------------------------------+
5
   | This source file is subject to version 3.01 of the PHP license,      |
6
   | that is bundled with this package in the file LICENSE, and is        |
7
   | available through the world-wide-web at the following url:           |
8
   | https://www.php.net/license/3_01.txt                                 |
9
   | If you did not receive a copy of the PHP license and are unable to   |
10
   | obtain it through the world-wide-web, please send a note to          |
11
   | license@php.net so we can mail you a copy immediately.               |
12
   +----------------------------------------------------------------------+
13
   | Author: Zeev Suraski <zeev@php.net>                                  |
14
   +----------------------------------------------------------------------+
15
 */
16
17
#include "php.h"
18
#include "php_browscap.h"
19
#include "php_ini.h"
20
21
#include "zend_ini_scanner.h"
22
#include "zend_globals.h"
23
24
0
#define BROWSCAP_NUM_CONTAINS 5
25
26
typedef struct {
27
  zend_string *key;
28
  zend_string *value;
29
} browscap_kv;
30
31
typedef struct {
32
  zend_string *pattern;
33
  zend_string *parent;
34
  uint32_t kv_start;
35
  uint32_t kv_end;
36
  /* We ensure that the length fits in 16 bits, so this is fine */
37
  uint16_t contains_start[BROWSCAP_NUM_CONTAINS];
38
  uint8_t contains_len[BROWSCAP_NUM_CONTAINS];
39
  uint8_t prefix_len;
40
} browscap_entry;
41
42
typedef struct {
43
  HashTable *htab;
44
  browscap_kv *kv;
45
  uint32_t kv_used;
46
  uint32_t kv_size;
47
  char filename[MAXPATHLEN];
48
} browser_data;
49
50
/* browser data defined in startup phase, eagerly loaded in MINIT */
51
static browser_data global_bdata = {0};
52
53
/* browser data defined in activation phase, lazily loaded in get_browser.
54
 * Per request and per thread, if applicable */
55
ZEND_BEGIN_MODULE_GLOBALS(browscap)
56
  browser_data activation_bdata;
57
ZEND_END_MODULE_GLOBALS(browscap)
58
59
ZEND_DECLARE_MODULE_GLOBALS(browscap)
60
300k
#define BROWSCAP_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(browscap, v)
61
62
0
#define DEFAULT_SECTION_NAME "Default Browser Capability Settings"
63
64
/* OBJECTS_FIXME: This whole extension needs going through. The use of objects looks pretty broken here */
65
66
static void browscap_entry_dtor(zval *zvalue)
67
0
{
68
0
  browscap_entry *entry = Z_PTR_P(zvalue);
69
0
  zend_string_release_ex(entry->pattern, 0);
70
0
  if (entry->parent) {
71
0
    zend_string_release_ex(entry->parent, 0);
72
0
  }
73
0
  efree(entry);
74
0
}
75
76
static void browscap_entry_dtor_persistent(zval *zvalue)
77
0
{
78
0
  browscap_entry *entry = Z_PTR_P(zvalue);
79
0
  zend_string_release_ex(entry->pattern, 1);
80
0
  if (entry->parent) {
81
0
    zend_string_release_ex(entry->parent, 1);
82
0
  }
83
0
  pefree(entry, 1);
84
0
}
85
86
0
static inline bool is_placeholder(char c) {
87
0
  return c == '?' || c == '*';
88
0
}
89
90
/* Length of prefix not containing any wildcards */
91
0
static uint8_t browscap_compute_prefix_len(const zend_string *pattern) {
92
0
  size_t i;
93
0
  for (i = 0; i < ZSTR_LEN(pattern); i++) {
94
0
    if (is_placeholder(ZSTR_VAL(pattern)[i])) {
95
0
      break;
96
0
    }
97
0
  }
98
0
  return (uint8_t)MIN(i, UINT8_MAX);
99
0
}
100
101
static size_t browscap_compute_contains(
102
    zend_string *pattern, size_t start_pos,
103
0
    uint16_t *contains_start, uint8_t *contains_len) {
104
0
  size_t i = start_pos;
105
  /* Find first non-placeholder character after prefix */
106
0
  for (; i < ZSTR_LEN(pattern); i++) {
107
0
    if (!is_placeholder(ZSTR_VAL(pattern)[i])) {
108
      /* Skip the case of a single non-placeholder character.
109
       * Let's try to find something longer instead. */
110
0
      if (i + 1 < ZSTR_LEN(pattern) &&
111
0
          !is_placeholder(ZSTR_VAL(pattern)[i + 1])) {
112
0
        break;
113
0
      }
114
0
    }
115
0
  }
116
0
  *contains_start = (uint16_t)i;
117
118
  /* Find first placeholder character after that */
119
0
  for (; i < ZSTR_LEN(pattern); i++) {
120
0
    if (is_placeholder(ZSTR_VAL(pattern)[i])) {
121
0
      break;
122
0
    }
123
0
  }
124
0
  *contains_len = (uint8_t)MIN(i - *contains_start, UINT8_MAX);
125
0
  return i;
126
0
}
127
128
/* Length of regex, including escapes, anchors, etc. */
129
0
static size_t browscap_compute_regex_len(const zend_string *pattern) {
130
0
  size_t i, len = ZSTR_LEN(pattern);
131
0
  for (i = 0; i < ZSTR_LEN(pattern); i++) {
132
0
    switch (ZSTR_VAL(pattern)[i]) {
133
0
      case '*':
134
0
      case '.':
135
0
      case '\\':
136
0
      case '(':
137
0
      case ')':
138
0
      case '~':
139
0
      case '+':
140
0
        len++;
141
0
        break;
142
0
    }
143
0
  }
144
145
0
  return len + sizeof("~^$~")-1;
146
0
}
147
148
static zend_string *browscap_convert_pattern(const zend_string *pattern, bool persistent) /* {{{ */
149
0
{
150
0
  size_t i, j=0;
151
0
  char *t;
152
0
  zend_string *res;
153
154
0
  res = zend_string_alloc(browscap_compute_regex_len(pattern), persistent);
155
0
  t = ZSTR_VAL(res);
156
157
0
  t[j++] = '~';
158
0
  t[j++] = '^';
159
160
0
  for (i = 0; i < ZSTR_LEN(pattern); i++, j++) {
161
0
    char c = ZSTR_VAL(pattern)[i];
162
0
    switch (c) {
163
0
      case '?':
164
0
        t[j] = '.';
165
0
        break;
166
0
      case '*':
167
0
        t[j++] = '.';
168
0
        t[j] = '*';
169
0
        break;
170
0
      case '.':
171
0
        t[j++] = '\\';
172
0
        t[j] = '.';
173
0
        break;
174
0
      case '\\':
175
0
        t[j++] = '\\';
176
0
        t[j] = '\\';
177
0
        break;
178
0
      case '(':
179
0
        t[j++] = '\\';
180
0
        t[j] = '(';
181
0
        break;
182
0
      case ')':
183
0
        t[j++] = '\\';
184
0
        t[j] = ')';
185
0
        break;
186
0
      case '~':
187
0
        t[j++] = '\\';
188
0
        t[j] = '~';
189
0
        break;
190
0
      case '+':
191
0
        t[j++] = '\\';
192
0
        t[j] = '+';
193
0
        break;
194
0
      default:
195
0
        t[j] = zend_tolower_ascii(c);
196
0
        break;
197
0
    }
198
0
  }
199
200
0
  t[j++] = '$';
201
0
  t[j++] = '~';
202
0
  t[j]=0;
203
204
0
  ZSTR_LEN(res) = j;
205
0
  return res;
206
0
}
207
/* }}} */
208
209
typedef struct _browscap_parser_ctx {
210
  browser_data *bdata;
211
  browscap_entry *current_entry;
212
  zend_string *current_section_name;
213
  HashTable str_interned;
214
} browscap_parser_ctx;
215
216
static zend_string *browscap_intern_str(
217
0
    browscap_parser_ctx *ctx, zend_string *str, bool persistent) {
218
0
  zend_string *interned = zend_hash_find_ptr(&ctx->str_interned, str);
219
0
  if (interned) {
220
0
    zend_string_addref(interned);
221
0
  } else {
222
0
    interned = zend_string_copy(str);
223
0
    if (persistent) {
224
0
      interned = zend_new_interned_string(interned);
225
0
    }
226
0
    zend_hash_add_new_ptr(&ctx->str_interned, interned, interned);
227
0
  }
228
229
0
  return interned;
230
0
}
231
232
static zend_string *browscap_intern_str_ci(
233
0
    browscap_parser_ctx *ctx, zend_string *str, bool persistent) {
234
0
  zend_string *lcname;
235
0
  zend_string *interned;
236
0
  ALLOCA_FLAG(use_heap);
237
238
0
  ZSTR_ALLOCA_ALLOC(lcname, ZSTR_LEN(str), use_heap);
239
0
  zend_str_tolower_copy(ZSTR_VAL(lcname), ZSTR_VAL(str), ZSTR_LEN(str));
240
0
  interned = zend_hash_find_ptr(&ctx->str_interned, lcname);
241
242
0
  if (interned) {
243
0
    zend_string_addref(interned);
244
0
  } else {
245
0
    interned = zend_string_init(ZSTR_VAL(lcname), ZSTR_LEN(lcname), persistent);
246
0
    if (persistent) {
247
0
      interned = zend_new_interned_string(interned);
248
0
    }
249
0
    zend_hash_add_new_ptr(&ctx->str_interned, interned, interned);
250
0
  }
251
252
0
  ZSTR_ALLOCA_FREE(lcname, use_heap);
253
0
  return interned;
254
0
}
255
256
static void browscap_add_kv(
257
0
    browser_data *bdata, zend_string *key, zend_string *value, bool persistent) {
258
0
  if (bdata->kv_used == bdata->kv_size) {
259
0
    bdata->kv_size *= 2;
260
0
    bdata->kv = safe_perealloc(bdata->kv, sizeof(browscap_kv), bdata->kv_size, 0, persistent);
261
0
  }
262
263
0
  bdata->kv[bdata->kv_used].key = key;
264
0
  bdata->kv[bdata->kv_used].value = value;
265
0
  bdata->kv_used++;
266
0
}
267
268
0
static void browscap_entry_add_kv_to_existing_array(browser_data *bdata, browscap_entry *entry, HashTable *ht) {
269
0
  for (uint32_t i = entry->kv_start; i < entry->kv_end; i++) {
270
0
    zval tmp;
271
0
    ZVAL_STR_COPY(&tmp, bdata->kv[i].value);
272
0
    zend_hash_add(ht, bdata->kv[i].key, &tmp);
273
0
  }
274
0
}
275
276
0
static HashTable *browscap_entry_to_array(browser_data *bdata, browscap_entry *entry) {
277
0
  zval tmp;
278
0
  HashTable *ht = zend_new_array(2 + (entry->parent ? 1 : 0) + (entry->kv_end - entry->kv_start));
279
280
0
  ZVAL_STR(&tmp, browscap_convert_pattern(entry->pattern, 0));
281
0
  zend_string *key = ZSTR_INIT_LITERAL("browser_name_regex", 0);
282
0
  ZSTR_H(key) = zend_inline_hash_func("browser_name_regex", sizeof("browser_name_regex")-1);
283
0
  zend_hash_add_new(ht, key, &tmp);
284
0
  zend_string_release_ex(key, false);
285
286
0
  ZVAL_STR_COPY(&tmp, entry->pattern);
287
0
  key = ZSTR_INIT_LITERAL("browser_name_pattern", 0);
288
0
  ZSTR_H(key) = zend_inline_hash_func("browser_name_pattern", sizeof("browser_name_pattern")-1);
289
0
  zend_hash_add_new(ht, key, &tmp);
290
0
  zend_string_release_ex(key, false);
291
292
0
  if (entry->parent) {
293
0
    ZVAL_STR_COPY(&tmp, entry->parent);
294
0
    zend_hash_add_new(ht, ZSTR_KNOWN(ZEND_STR_PARENT), &tmp);
295
0
  }
296
297
0
  browscap_entry_add_kv_to_existing_array(bdata, entry, ht);
298
299
0
  return ht;
300
0
}
301
302
static void php_browscap_parser_cb(zval *arg1, zval *arg2, zval *arg3, int callback_type, void *arg) /* {{{ */
303
0
{
304
0
  browscap_parser_ctx *ctx = arg;
305
0
  browser_data *bdata = ctx->bdata;
306
0
  bool persistent = GC_FLAGS(bdata->htab) & IS_ARRAY_PERSISTENT;
307
308
0
  if (!arg1) {
309
0
    return;
310
0
  }
311
312
0
  switch (callback_type) {
313
0
    case ZEND_INI_PARSER_ENTRY:
314
0
      if (ctx->current_entry != NULL && arg2) {
315
0
        zend_string *new_value;
316
317
        /* Set proper value for true/false settings */
318
0
        if (zend_string_equals_literal_ci(Z_STR_P(arg2), "on")
319
0
          || zend_string_equals_literal_ci(Z_STR_P(arg2), "yes")
320
0
          || zend_string_equals_literal_ci(Z_STR_P(arg2), "true")
321
0
        ) {
322
0
          new_value = ZSTR_CHAR('1');
323
0
        } else if (zend_string_equals_literal_ci(Z_STR_P(arg2), "no")
324
0
          || zend_string_equals_literal_ci(Z_STR_P(arg2), "off")
325
0
          || zend_string_equals_literal_ci(Z_STR_P(arg2), "none")
326
0
          || zend_string_equals_literal_ci(Z_STR_P(arg2), "false")
327
0
        ) {
328
0
          new_value = ZSTR_EMPTY_ALLOC();
329
0
        } else { /* Other than true/false setting */
330
0
          new_value = browscap_intern_str(ctx, Z_STR_P(arg2), persistent);
331
0
        }
332
333
0
        if (zend_string_equals_ci(Z_STR_P(arg1), ZSTR_KNOWN(ZEND_STR_PARENT))) {
334
          /* parent entry cannot be same as current section -> causes infinite loop! */
335
0
          if (ctx->current_section_name != NULL &&
336
0
            zend_string_equals_ci(ctx->current_section_name, Z_STR_P(arg2))
337
0
          ) {
338
0
            zend_error(E_CORE_ERROR, "Invalid browscap ini file: "
339
0
              "'Parent' value cannot be same as the section name: %s "
340
0
              "(in file %s)", ZSTR_VAL(ctx->current_section_name), INI_STR("browscap"));
341
0
            return;
342
0
          }
343
344
0
          if (ctx->current_entry->parent) {
345
0
            zend_string_release(ctx->current_entry->parent);
346
0
          }
347
348
0
          ctx->current_entry->parent = new_value;
349
0
        } else {
350
0
          zend_string *new_key = browscap_intern_str_ci(ctx, Z_STR_P(arg1), persistent);
351
0
          browscap_add_kv(bdata, new_key, new_value, persistent);
352
0
          ctx->current_entry->kv_end = bdata->kv_used;
353
0
        }
354
0
      }
355
0
      break;
356
0
    case ZEND_INI_PARSER_SECTION:
357
0
    {
358
0
      browscap_entry *entry;
359
0
      zend_string *pattern = Z_STR_P(arg1);
360
0
      size_t pos;
361
0
      int i;
362
363
0
      if (ZSTR_LEN(pattern) > UINT16_MAX) {
364
0
        php_error_docref(NULL, E_WARNING,
365
0
          "Skipping excessively long pattern of length %zd", ZSTR_LEN(pattern));
366
0
        break;
367
0
      }
368
369
0
      if (persistent) {
370
0
        pattern = zend_new_interned_string(zend_string_copy(pattern));
371
0
        if (ZSTR_IS_INTERNED(pattern)) {
372
0
          Z_TYPE_FLAGS_P(arg1) = 0;
373
0
        } else {
374
0
          zend_string_release(pattern);
375
0
        }
376
0
      }
377
378
0
      entry = ctx->current_entry
379
0
        = pemalloc(sizeof(browscap_entry), persistent);
380
0
      zend_hash_update_ptr(bdata->htab, pattern, entry);
381
382
0
      if (ctx->current_section_name) {
383
0
        zend_string_release(ctx->current_section_name);
384
0
      }
385
0
      ctx->current_section_name = zend_string_copy(pattern);
386
387
0
      entry->pattern = zend_string_copy(pattern);
388
0
      entry->kv_end = entry->kv_start = bdata->kv_used;
389
0
      entry->parent = NULL;
390
391
0
      pos = entry->prefix_len = browscap_compute_prefix_len(pattern);
392
0
      for (i = 0; i < BROWSCAP_NUM_CONTAINS; i++) {
393
0
        pos = browscap_compute_contains(pattern, pos,
394
0
          &entry->contains_start[i], &entry->contains_len[i]);
395
0
      }
396
0
      break;
397
0
    }
398
0
  }
399
0
}
400
/* }}} */
401
402
static zend_result browscap_read_file(char *filename, browser_data *browdata, bool persistent) /* {{{ */
403
0
{
404
0
  zend_file_handle fh;
405
0
  browscap_parser_ctx ctx = {0};
406
0
  FILE *fp;
407
408
0
  if (filename == NULL || filename[0] == '\0') {
409
0
    return FAILURE;
410
0
  }
411
412
0
  fp = VCWD_FOPEN(filename, "r");
413
0
  if (!fp) {
414
0
    zend_error(E_CORE_WARNING, "Cannot open \"%s\" for reading", filename);
415
0
    return FAILURE;
416
0
  }
417
0
  zend_stream_init_fp(&fh, fp, filename);
418
419
0
  browdata->htab = pemalloc(sizeof *browdata->htab, persistent);
420
0
  zend_hash_init(browdata->htab, 0, NULL,
421
0
    persistent ? browscap_entry_dtor_persistent : browscap_entry_dtor, persistent);
422
423
0
  browdata->kv_size = 16 * 1024;
424
0
  browdata->kv_used = 0;
425
0
  browdata->kv = pemalloc(sizeof(browscap_kv) * browdata->kv_size, persistent);
426
427
  /* Create parser context */
428
0
  ctx.bdata = browdata;
429
0
  ctx.current_entry = NULL;
430
0
  ctx.current_section_name = NULL;
431
  /* No dtor because we don't inc the refcount for the reference stored within the hash table's entry value
432
   * as the hash table is only temporary anyway. */
433
0
  zend_hash_init(&ctx.str_interned, 8, NULL, NULL, persistent);
434
435
0
  zend_parse_ini_file(&fh, persistent, ZEND_INI_SCANNER_RAW,
436
0
      (zend_ini_parser_cb_t) php_browscap_parser_cb, &ctx);
437
438
  /* Destroy parser context */
439
0
  if (ctx.current_section_name) {
440
0
    zend_string_release(ctx.current_section_name);
441
0
  }
442
0
  zend_hash_destroy(&ctx.str_interned);
443
0
  zend_destroy_file_handle(&fh);
444
445
0
  return SUCCESS;
446
0
}
447
/* }}} */
448
449
#ifdef ZTS
450
static void browscap_globals_ctor(zend_browscap_globals *browscap_globals) /* {{{ */
451
{
452
  browscap_globals->activation_bdata.htab = NULL;
453
  browscap_globals->activation_bdata.kv = NULL;
454
  browscap_globals->activation_bdata.filename[0] = '\0';
455
}
456
/* }}} */
457
#endif
458
459
static void browscap_bdata_dtor(browser_data *bdata, bool persistent) /* {{{ */
460
0
{
461
0
  if (bdata->htab != NULL) {
462
0
    uint32_t i;
463
464
0
    zend_hash_destroy(bdata->htab);
465
0
    pefree(bdata->htab, persistent);
466
0
    bdata->htab = NULL;
467
468
0
    for (i = 0; i < bdata->kv_used; i++) {
469
0
      zend_string_release(bdata->kv[i].key);
470
0
      zend_string_release(bdata->kv[i].value);
471
0
    }
472
0
    pefree(bdata->kv, persistent);
473
0
    bdata->kv = NULL;
474
0
  }
475
0
  bdata->filename[0] = '\0';
476
0
}
477
/* }}} */
478
479
/* {{{ PHP_INI_MH */
480
PHP_INI_MH(OnChangeBrowscap)
481
16
{
482
16
  if (stage == PHP_INI_STAGE_STARTUP) {
483
    /* value handled in browscap.c's MINIT */
484
16
    return SUCCESS;
485
16
  } else if (stage == PHP_INI_STAGE_ACTIVATE) {
486
0
    browser_data *bdata = &BROWSCAP_G(activation_bdata);
487
0
    if (bdata->filename[0] != '\0') {
488
0
      browscap_bdata_dtor(bdata, 0);
489
0
    }
490
0
    if (VCWD_REALPATH(ZSTR_VAL(new_value), bdata->filename) == NULL) {
491
0
      return FAILURE;
492
0
    }
493
0
    return SUCCESS;
494
0
  }
495
496
0
  return FAILURE;
497
16
}
498
/* }}} */
499
500
PHP_MINIT_FUNCTION(browscap) /* {{{ */
501
16
{
502
16
  char *browscap = INI_STR("browscap");
503
504
#ifdef ZTS
505
  ts_allocate_id(&browscap_globals_id, sizeof(browser_data), (ts_allocate_ctor) browscap_globals_ctor, NULL);
506
#endif
507
  /* ctor call not really needed for non-ZTS */
508
509
16
  if (browscap && browscap[0]) {
510
0
    if (browscap_read_file(browscap, &global_bdata, true) == FAILURE) {
511
0
      return FAILURE;
512
0
    }
513
0
  }
514
515
16
  return SUCCESS;
516
16
}
517
/* }}} */
518
519
PHP_RSHUTDOWN_FUNCTION(browscap) /* {{{ */
520
300k
{
521
300k
  browser_data *bdata = &BROWSCAP_G(activation_bdata);
522
300k
  if (bdata->filename[0] != '\0') {
523
0
    browscap_bdata_dtor(bdata, 0);
524
0
  }
525
526
300k
  return SUCCESS;
527
300k
}
528
/* }}} */
529
530
PHP_MSHUTDOWN_FUNCTION(browscap) /* {{{ */
531
0
{
532
0
  browscap_bdata_dtor(&global_bdata, 1);
533
534
0
  return SUCCESS;
535
0
}
536
/* }}} */
537
538
0
static inline size_t browscap_get_minimum_length(const browscap_entry *entry) {
539
0
  size_t len = entry->prefix_len;
540
0
  int i;
541
0
  for (i = 0; i < BROWSCAP_NUM_CONTAINS; i++) {
542
0
    len += entry->contains_len[i];
543
0
  }
544
0
  return len;
545
0
}
546
547
static bool browscap_match_string_wildcard(const char *s, const char *s_end, const char *pattern, const char *pattern_end)
548
0
{
549
0
  const char *pattern_current = pattern;
550
0
  const char *s_current = s;
551
552
0
  const char *wildcard_pattern_restore_pos = NULL;
553
0
  const char *wildcard_s_restore_pos = NULL;
554
555
0
  while (s_current < s_end) {
556
0
    char pattern_char = *pattern_current;
557
0
    char s_char = *s_current;
558
559
0
    if (pattern_char == '*') {
560
      /* Collapse wildcards */
561
0
      pattern_current++;
562
0
      while (pattern_current < pattern_end && *pattern_current == '*') {
563
0
        pattern_current++;
564
0
      }
565
566
      /* If we're at the end of the pattern, it means that the ending was just '*', so this is a trivial match */
567
0
      if (pattern_current == pattern_end) {
568
0
        return true;
569
0
      }
570
571
      /* Optimization: if there is a non-wildcard character X after a *, then we can immediately jump to the first
572
       * character X in s starting from s_current because it is the only way to match beyond the *. */
573
0
      if (*pattern_current != '?') {
574
0
        while (s_current < s_end && *s_current != *pattern_current) {
575
0
          s_current++;
576
0
        }
577
0
      }
578
579
      /* We will first assume the skipped part by * is a 0-length string (or n-length if the optimization above skipped n characters).
580
       * When a mismatch happens we will backtrack and move s one position to assume * skipped a 1-length string.
581
       * Then 2, 3, 4, ... */
582
0
      wildcard_pattern_restore_pos = pattern_current;
583
0
      wildcard_s_restore_pos = s_current;
584
585
0
      continue;
586
0
    } else if (pattern_char == s_char || pattern_char == '?') {
587
      /* Match */
588
0
      pattern_current++;
589
0
      s_current++;
590
591
      /* If this was the last character of the pattern, we either fully matched s, or we have a mismatch */
592
0
      if (pattern_current == pattern_end) {
593
0
        if (s_current == s_end) {
594
0
          return true;
595
0
        }
596
        /* Fallthrough to mismatch */
597
0
      } else {
598
0
        continue;
599
0
      }
600
0
    }
601
602
    /* Mismatch */
603
0
    if (wildcard_pattern_restore_pos) {
604
0
      pattern_current = wildcard_pattern_restore_pos;
605
0
      wildcard_s_restore_pos++;
606
0
      s_current = wildcard_s_restore_pos;
607
0
    } else {
608
      /* No wildcard is active, so it is impossible to match */
609
0
      return false;
610
0
    }
611
0
  }
612
613
  /* Skip remaining * wildcards, they match nothing here as we are at the end of s */
614
0
  while (pattern_current < pattern_end && *pattern_current == '*') {
615
0
    pattern_current++;
616
0
  }
617
618
0
  ZEND_ASSERT(s_current == s_end);
619
0
  return pattern_current == pattern_end;
620
0
}
621
622
static int browser_reg_compare(browscap_entry *entry, const zend_string *agent_name, browscap_entry **found_entry_ptr, size_t *cached_prev_len) /* {{{ */
623
0
{
624
0
  browscap_entry *found_entry = *found_entry_ptr;
625
0
  ALLOCA_FLAG(use_heap)
626
0
  zend_string *pattern_lc;
627
0
  const char *cur;
628
629
  /* Lowercase the pattern, the agent name is already lowercase */
630
0
  ZSTR_ALLOCA_ALLOC(pattern_lc, ZSTR_LEN(entry->pattern), use_heap);
631
0
  zend_str_tolower_copy(ZSTR_VAL(pattern_lc), ZSTR_VAL(entry->pattern), ZSTR_LEN(entry->pattern));
632
633
  /* Check if the agent contains the "contains" portions */
634
0
  cur = ZSTR_VAL(agent_name) + entry->prefix_len;
635
0
  for (int i = 0; i < BROWSCAP_NUM_CONTAINS; i++) {
636
0
    if (entry->contains_len[i] != 0) {
637
0
      cur = zend_memnstr(cur,
638
0
        ZSTR_VAL(pattern_lc) + entry->contains_start[i],
639
0
        entry->contains_len[i],
640
0
        ZSTR_VAL(agent_name) + ZSTR_LEN(agent_name));
641
0
      if (!cur) {
642
0
        ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
643
0
        return 0;
644
0
      }
645
0
      cur += entry->contains_len[i];
646
0
    }
647
0
  }
648
649
  /* See if we have an exact match, if so, we're done... */
650
0
  if (zend_string_equals(agent_name, pattern_lc)) {
651
0
    *found_entry_ptr = entry;
652
    /* cached_prev_len doesn't matter here because we end the search when an exact match is found. */
653
0
    ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
654
0
    return 1;
655
0
  }
656
657
0
  if (browscap_match_string_wildcard(
658
0
    ZSTR_VAL(agent_name) + entry->prefix_len,
659
0
    ZSTR_VAL(agent_name) + ZSTR_LEN(agent_name),
660
0
    ZSTR_VAL(pattern_lc) + entry->prefix_len,
661
0
    ZSTR_VAL(pattern_lc) + ZSTR_LEN(pattern_lc)
662
0
  )) {
663
    /* If we've found a possible browser, we need to do a comparison of the
664
       number of characters changed in the user agent being checked versus
665
       the previous match found and the current match. */
666
0
    size_t curr_len = entry->prefix_len; /* Start from the prefix because the prefix is free of wildcards */
667
0
    const zend_string *current_match = entry->pattern;
668
0
    for (size_t i = curr_len; i < ZSTR_LEN(current_match); i++) {
669
0
      switch (ZSTR_VAL(current_match)[i]) {
670
0
        case '?':
671
0
        case '*':
672
          /* do nothing, ignore these characters in the count */
673
0
        break;
674
675
0
        default:
676
0
          ++curr_len;
677
0
      }
678
0
    }
679
680
0
    if (found_entry) {
681
      /* Pick which browser pattern replaces the least amount of
682
         characters when compared to the original user agent string... */
683
0
      if (*cached_prev_len < curr_len) {
684
0
        *found_entry_ptr = entry;
685
0
        *cached_prev_len = curr_len;
686
0
      }
687
0
    } else {
688
0
      *found_entry_ptr = entry;
689
0
      *cached_prev_len = curr_len;
690
0
    }
691
0
  }
692
693
0
  ZSTR_ALLOCA_FREE(pattern_lc, use_heap);
694
0
  return 0;
695
0
}
696
/* }}} */
697
698
/* {{{ Get information about the capabilities of a browser. If browser_name is omitted or null, HTTP_USER_AGENT is used. Returns an object by default; if return_array is true, returns an array. */
699
PHP_FUNCTION(get_browser)
700
0
{
701
0
  zend_string *agent_name = NULL, *lookup_browser_name;
702
0
  bool return_array = 0;
703
0
  browser_data *bdata;
704
0
  browscap_entry *found_entry = NULL;
705
0
  HashTable *agent_ht;
706
707
0
  ZEND_PARSE_PARAMETERS_START(0, 2)
708
0
    Z_PARAM_OPTIONAL
709
0
    Z_PARAM_STR_OR_NULL(agent_name)
710
0
    Z_PARAM_BOOL(return_array)
711
0
  ZEND_PARSE_PARAMETERS_END();
712
713
0
  if (BROWSCAP_G(activation_bdata).filename[0] != '\0') {
714
0
    bdata = &BROWSCAP_G(activation_bdata);
715
0
    if (bdata->htab == NULL) { /* not initialized yet */
716
0
      if (browscap_read_file(bdata->filename, bdata, false) == FAILURE) {
717
0
        RETURN_FALSE;
718
0
      }
719
0
    }
720
0
  } else {
721
0
    if (!global_bdata.htab) {
722
0
      php_error_docref(NULL, E_WARNING, "browscap ini directive not set");
723
0
      RETURN_FALSE;
724
0
    }
725
0
    bdata = &global_bdata;
726
0
  }
727
728
0
  if (agent_name == NULL) {
729
0
    zval *http_user_agent = NULL;
730
0
    if (Z_TYPE(PG(http_globals)[TRACK_VARS_SERVER]) == IS_ARRAY
731
0
        || zend_is_auto_global(ZSTR_KNOWN(ZEND_STR_AUTOGLOBAL_SERVER))) {
732
0
      http_user_agent = zend_hash_str_find(
733
0
        Z_ARRVAL_P(&PG(http_globals)[TRACK_VARS_SERVER]),
734
0
        "HTTP_USER_AGENT", sizeof("HTTP_USER_AGENT")-1);
735
0
    }
736
0
    if (http_user_agent == NULL) {
737
0
      php_error_docref(NULL, E_WARNING, "HTTP_USER_AGENT variable is not set, cannot determine user agent name");
738
0
      RETURN_FALSE;
739
0
    }
740
0
    agent_name = Z_STR_P(http_user_agent);
741
0
  }
742
743
0
  lookup_browser_name = zend_string_tolower(agent_name);
744
0
  found_entry = zend_hash_find_ptr(bdata->htab, lookup_browser_name);
745
0
  if (found_entry == NULL) {
746
0
    browscap_entry *entry;
747
0
    size_t cached_prev_len = 0; /* silence compiler warning */
748
749
0
    ZEND_HASH_MAP_FOREACH_PTR(bdata->htab, entry) {
750
      /* The following two early-skip checks are inside this loop instead of inside browser_reg_compare().
751
       * That's because we want to avoid the call frame overhead, especially as browser_reg_compare() is
752
       * a function that uses alloca(). */
753
754
      /* Agent name too short */
755
0
      if (ZSTR_LEN(lookup_browser_name) < browscap_get_minimum_length(entry)) {
756
0
        continue;
757
0
      }
758
759
      /* Quickly discard patterns where the prefix doesn't match. */
760
0
      bool prefix_matches = true;
761
0
      for (size_t i = 0; i < entry->prefix_len; i++) {
762
0
        if (ZSTR_VAL(lookup_browser_name)[i] != zend_tolower_ascii(ZSTR_VAL(entry->pattern)[i])) {
763
0
          prefix_matches = false;
764
0
          break;
765
0
        }
766
0
      }
767
0
      if (!prefix_matches) {
768
0
        continue;
769
0
      }
770
771
0
      if (browser_reg_compare(entry, lookup_browser_name, &found_entry, &cached_prev_len)) {
772
0
        break;
773
0
      }
774
0
    } ZEND_HASH_FOREACH_END();
775
776
0
    if (found_entry == NULL) {
777
0
      found_entry = zend_hash_str_find_ptr(bdata->htab,
778
0
        DEFAULT_SECTION_NAME, sizeof(DEFAULT_SECTION_NAME)-1);
779
0
      if (found_entry == NULL) {
780
0
        zend_string_release_ex(lookup_browser_name, false);
781
0
        RETURN_FALSE;
782
0
      }
783
0
    }
784
0
  }
785
786
0
  zend_string_release_ex(lookup_browser_name, false);
787
788
0
  agent_ht = browscap_entry_to_array(bdata, found_entry);
789
790
0
  if (return_array) {
791
0
    RETVAL_ARR(agent_ht);
792
0
  } else {
793
0
    object_and_properties_init(return_value, zend_standard_class_def, agent_ht);
794
0
  }
795
796
0
  HashTable *target_ht = return_array ? Z_ARRVAL_P(return_value) : Z_OBJPROP_P(return_value);
797
798
0
  while (found_entry->parent) {
799
0
    found_entry = zend_hash_find_ptr(bdata->htab, found_entry->parent);
800
0
    if (found_entry == NULL) {
801
0
      break;
802
0
    }
803
804
0
    browscap_entry_add_kv_to_existing_array(bdata, found_entry, target_ht);
805
0
  }
806
0
}
807
/* }}} */