Coverage Report

Created: 2025-06-13 06:43

/src/php-src/main/SAPI.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
   +----------------------------------------------------------------------+
3
   | Copyright (c) The PHP Group                                          |
4
   +----------------------------------------------------------------------+
5
   | This source file is subject to version 3.01 of the PHP license,      |
6
   | that is bundled with this package in the file LICENSE, and is        |
7
   | available through the world-wide-web at the following url:           |
8
   | https://www.php.net/license/3_01.txt                                 |
9
   | If you did not receive a copy of the PHP license and are unable to   |
10
   | obtain it through the world-wide-web, please send a note to          |
11
   | license@php.net so we can mail you a copy immediately.               |
12
   +----------------------------------------------------------------------+
13
   | Original design:  Shane Caraveo <shane@caraveo.com>                  |
14
   | Authors: Andi Gutmans <andi@php.net>                                 |
15
   |          Zeev Suraski <zeev@php.net>                                 |
16
   +----------------------------------------------------------------------+
17
*/
18
19
#include <ctype.h>
20
#include <sys/stat.h>
21
#include <locale.h>
22
23
#include "php.h"
24
#include "SAPI.h"
25
#include "php_variables.h"
26
#include "php_ini.h"
27
#ifdef ZTS
28
#include "TSRM.h"
29
#endif
30
#ifdef HAVE_SYS_TIME_H
31
#include <sys/time.h>
32
#elif defined(PHP_WIN32)
33
#include "win32/time.h"
34
#endif
35
36
#include "rfc1867.h"
37
38
#include "php_content_types.h"
39
40
#ifdef ZTS
41
SAPI_API int sapi_globals_id;
42
SAPI_API size_t sapi_globals_offset;
43
#else
44
sapi_globals_struct sapi_globals;
45
#endif
46
47
static void _type_dtor(zval *zv)
48
0
{
49
0
  free(Z_PTR_P(zv));
50
0
}
51
52
static void sapi_globals_ctor(sapi_globals_struct *sapi_globals)
53
16
{
54
16
  memset(sapi_globals, 0, sizeof(*sapi_globals));
55
16
  zend_hash_init(&sapi_globals->known_post_content_types, 8, NULL, _type_dtor, 1);
56
16
  php_setup_sapi_content_types();
57
16
}
58
59
static void sapi_globals_dtor(sapi_globals_struct *sapi_globals)
60
0
{
61
0
  zend_hash_destroy(&sapi_globals->known_post_content_types);
62
0
}
63
64
/* True globals (no need for thread safety) */
65
SAPI_API sapi_module_struct sapi_module;
66
67
68
SAPI_API void sapi_startup(sapi_module_struct *sf)
69
16
{
70
16
  sf->ini_entries = NULL;
71
16
  sapi_module = *sf;
72
73
#ifdef ZTS
74
  ts_allocate_fast_id(&sapi_globals_id, &sapi_globals_offset, sizeof(sapi_globals_struct), (ts_allocate_ctor) sapi_globals_ctor, (ts_allocate_dtor) sapi_globals_dtor);
75
# ifdef PHP_WIN32
76
  _configthreadlocale(_ENABLE_PER_THREAD_LOCALE);
77
# endif
78
#else
79
16
  sapi_globals_ctor(&sapi_globals);
80
16
#endif
81
82
#ifdef PHP_WIN32
83
  tsrm_win32_startup();
84
#endif
85
86
16
  reentrancy_startup();
87
16
}
88
89
SAPI_API void sapi_shutdown(void)
90
0
{
91
#ifdef ZTS
92
  ts_free_id(sapi_globals_id);
93
#else
94
0
  sapi_globals_dtor(&sapi_globals);
95
0
#endif
96
97
0
  reentrancy_shutdown();
98
99
#ifdef PHP_WIN32
100
  tsrm_win32_shutdown();
101
#endif
102
0
}
103
104
105
SAPI_API void sapi_free_header(sapi_header_struct *sapi_header)
106
600k
{
107
600k
  efree(sapi_header->header);
108
600k
}
109
110
/* {{{ call a header function */
111
PHP_FUNCTION(header_register_callback)
112
0
{
113
0
  zend_fcall_info fci;
114
0
  zend_fcall_info_cache fcc;
115
116
0
  if (zend_parse_parameters(ZEND_NUM_ARGS(), "f", &fci, &fcc) == FAILURE) {
117
0
    RETURN_THROWS();
118
0
  }
119
120
0
  if (Z_TYPE(SG(callback_func)) != IS_UNDEF) {
121
0
    zval_ptr_dtor(&SG(callback_func));
122
0
    SG(fci_cache) = empty_fcall_info_cache;
123
0
  }
124
125
  /* Don't store callback if headers have already been sent:
126
   * It won't get used and we won't have a chance to release it. */
127
0
  if (!SG(headers_sent)) {
128
0
    ZVAL_COPY(&SG(callback_func), &fci.function_name);
129
0
  }
130
131
0
  RETURN_TRUE;
132
0
}
133
/* }}} */
134
135
static void sapi_run_header_callback(zval *callback)
136
0
{
137
0
  int   error;
138
0
  zend_fcall_info fci;
139
0
  char *callback_error = NULL;
140
0
  zval retval;
141
142
0
  if (zend_fcall_info_init(callback, 0, &fci, &SG(fci_cache), NULL, &callback_error) == SUCCESS) {
143
0
    fci.retval = &retval;
144
145
0
    error = zend_call_function(&fci, &SG(fci_cache));
146
0
    if (error == FAILURE) {
147
0
      goto callback_failed;
148
0
    } else {
149
0
      zval_ptr_dtor(&retval);
150
0
    }
151
0
  } else {
152
0
callback_failed:
153
0
    php_error_docref(NULL, E_WARNING, "Could not call the sapi_header_callback");
154
0
  }
155
156
0
  if (callback_error) {
157
0
    efree(callback_error);
158
0
  }
159
0
}
160
161
SAPI_API void sapi_handle_post(void *arg)
162
0
{
163
0
  if (SG(request_info).post_entry && SG(request_info).content_type_dup) {
164
0
    SG(request_info).post_entry->post_handler(SG(request_info).content_type_dup, arg);
165
0
    efree(SG(request_info).content_type_dup);
166
0
    SG(request_info).content_type_dup = NULL;
167
0
  }
168
0
}
169
170
SAPI_API void sapi_read_post_data(void)
171
0
{
172
0
  sapi_post_entry *post_entry;
173
0
  uint32_t content_type_length = (uint32_t)strlen(SG(request_info).content_type);
174
0
  char *content_type = estrndup(SG(request_info).content_type, content_type_length);
175
0
  char *p;
176
0
  char oldchar=0;
177
0
  void (*post_reader_func)(void) = NULL;
178
179
180
  /* dedicated implementation for increased performance:
181
   * - Make the content type lowercase
182
   * - Trim descriptive data, stay with the content-type only
183
   */
184
0
  for (p = content_type; p < content_type + content_type_length; p++) {
185
0
    switch (*p) {
186
0
      case ';':
187
0
      case ',':
188
0
      case ' ':
189
0
        content_type_length = p-content_type;
190
0
        oldchar = *p;
191
0
        *p = 0;
192
0
        break;
193
0
      default:
194
0
        *p = tolower(*p);
195
0
        break;
196
0
    }
197
0
  }
198
199
  /* now try to find an appropriate POST content handler */
200
0
  if ((post_entry = zend_hash_str_find_ptr(&SG(known_post_content_types), content_type,
201
0
      content_type_length)) != NULL) {
202
    /* found one, register it for use */
203
0
    SG(request_info).post_entry = post_entry;
204
0
    post_reader_func = post_entry->post_reader;
205
0
  } else {
206
    /* fallback */
207
0
    SG(request_info).post_entry = NULL;
208
0
    if (UNEXPECTED(!sapi_module.default_post_reader)) {
209
      /* this should not happen as there should always be a default_post_reader */
210
0
      SG(request_info).content_type_dup = NULL;
211
0
      sapi_module.sapi_error(E_WARNING, "Unsupported content type:  '%s'", content_type);
212
0
      efree(content_type);
213
0
      return;
214
0
    }
215
0
  }
216
0
  if (oldchar) {
217
0
    *(p-1) = oldchar;
218
0
  }
219
220
  /* the content_type_dup is not set at this stage so no need to try to free it first */
221
0
  SG(request_info).content_type_dup = content_type;
222
223
0
  if(post_reader_func) {
224
0
    post_reader_func();
225
0
  }
226
227
0
  if(sapi_module.default_post_reader) {
228
0
    sapi_module.default_post_reader();
229
0
  }
230
0
}
231
232
SAPI_API size_t sapi_read_post_block(char *buffer, size_t buflen)
233
0
{
234
0
  size_t read_bytes;
235
236
0
  if (!sapi_module.read_post) {
237
0
    return 0;
238
0
  }
239
240
0
  read_bytes = sapi_module.read_post(buffer, buflen);
241
242
0
  if (read_bytes > 0) {
243
    /* gogo */
244
0
    SG(read_post_bytes) += read_bytes;
245
0
  }
246
0
  if (read_bytes < buflen) {
247
    /* done */
248
0
    SG(post_read) = 1;
249
0
  }
250
251
0
  return read_bytes;
252
0
}
253
254
SAPI_API SAPI_POST_READER_FUNC(sapi_read_standard_form_data)
255
0
{
256
0
  zend_long post_max_size = REQUEST_PARSE_BODY_OPTION_GET(post_max_size, SG(post_max_size));
257
258
0
  if (post_max_size > 0 && SG(request_info).content_length > post_max_size) {
259
0
    php_error_docref(NULL, E_WARNING, "POST Content-Length of " ZEND_LONG_FMT " bytes exceeds the limit of " ZEND_LONG_FMT " bytes",
260
0
          SG(request_info).content_length, post_max_size);
261
0
    return;
262
0
  }
263
264
265
0
  SG(request_info).request_body = php_stream_temp_create_ex(TEMP_STREAM_DEFAULT, SAPI_POST_BLOCK_SIZE, PG(upload_tmp_dir));
266
267
0
  if (sapi_module.read_post) {
268
0
    size_t read_bytes;
269
270
0
    for (;;) {
271
0
      char buffer[SAPI_POST_BLOCK_SIZE];
272
273
0
      read_bytes = sapi_read_post_block(buffer, SAPI_POST_BLOCK_SIZE);
274
275
0
      if (read_bytes > 0) {
276
0
        if (php_stream_write(SG(request_info).request_body, buffer, read_bytes) != read_bytes) {
277
          /* if parts of the stream can't be written, purge it completely */
278
0
          php_stream_truncate_set_size(SG(request_info).request_body, 0);
279
0
          php_error_docref(NULL, E_WARNING, "POST data can't be buffered; all data discarded");
280
0
          break;
281
0
        }
282
0
      }
283
284
0
      if (post_max_size > 0 && SG(read_post_bytes) > post_max_size) {
285
0
        php_error_docref(NULL, E_WARNING, "Actual POST length does not match Content-Length, and exceeds " ZEND_LONG_FMT " bytes", post_max_size);
286
0
        break;
287
0
      }
288
289
0
      if (read_bytes < SAPI_POST_BLOCK_SIZE) {
290
        /* done */
291
0
        break;
292
0
      }
293
0
    }
294
0
    php_stream_rewind(SG(request_info).request_body);
295
0
  }
296
0
}
297
298
299
static inline char *get_default_content_type(uint32_t prefix_len, uint32_t *len)
300
300k
{
301
300k
  char *mimetype, *charset, *content_type;
302
300k
  uint32_t mimetype_len, charset_len;
303
304
300k
  if (SG(default_mimetype)) {
305
300k
    mimetype = SG(default_mimetype);
306
300k
    mimetype_len = (uint32_t)strlen(SG(default_mimetype));
307
300k
  } else {
308
0
    mimetype = SAPI_DEFAULT_MIMETYPE;
309
0
    mimetype_len = sizeof(SAPI_DEFAULT_MIMETYPE) - 1;
310
0
  }
311
300k
  if (SG(default_charset)) {
312
300k
    charset = SG(default_charset);
313
300k
    charset_len = (uint32_t)strlen(SG(default_charset));
314
300k
  } else {
315
0
    charset = SAPI_DEFAULT_CHARSET;
316
0
    charset_len = sizeof(SAPI_DEFAULT_CHARSET) - 1;
317
0
  }
318
319
300k
  if (*charset && strncasecmp(mimetype, "text/", 5) == 0) {
320
300k
    char *p;
321
322
300k
    *len = prefix_len + mimetype_len + sizeof("; charset=") - 1 + charset_len;
323
300k
    content_type = (char*)emalloc(*len + 1);
324
300k
    p = content_type + prefix_len;
325
300k
    p = zend_mempcpy(p, mimetype, mimetype_len);
326
300k
    p = zend_mempcpy(p, "; charset=", sizeof("; charset=") - 1);
327
300k
    memcpy(p, charset, charset_len + 1);
328
300k
  } else {
329
0
    *len = prefix_len + mimetype_len;
330
0
    content_type = (char*)emalloc(*len + 1);
331
0
    memcpy(content_type + prefix_len, mimetype, mimetype_len + 1);
332
0
  }
333
300k
  return content_type;
334
300k
}
335
336
337
SAPI_API char *sapi_get_default_content_type(void)
338
0
{
339
0
  uint32_t len;
340
341
0
  return get_default_content_type(0, &len);
342
0
}
343
344
345
SAPI_API void sapi_get_default_content_type_header(sapi_header_struct *default_header)
346
300k
{
347
300k
  uint32_t len;
348
349
300k
  default_header->header = get_default_content_type(sizeof("Content-type: ")-1, &len);
350
300k
  default_header->header_len = len;
351
300k
  memcpy(default_header->header, "Content-type: ", sizeof("Content-type: ") - 1);
352
300k
}
353
354
/*
355
 * Add charset on content-type header if the MIME type starts with
356
 * "text/", the default_charset directive is not empty and
357
 * there is not already a charset option in there.
358
 *
359
 * If "mimetype" is non-NULL, it should point to a pointer allocated
360
 * with emalloc(). If a charset is added, the string will be
361
 * re-allocated and the new length is returned.  If mimetype is
362
 * unchanged, 0 is returned.
363
 *
364
 */
365
SAPI_API size_t sapi_apply_default_charset(char **mimetype, size_t len)
366
0
{
367
0
  char *charset, *newtype;
368
0
  size_t newlen;
369
0
  charset = SG(default_charset) ? SG(default_charset) : SAPI_DEFAULT_CHARSET;
370
371
0
  if (*mimetype != NULL) {
372
0
    if (*charset && strncmp(*mimetype, "text/", 5) == 0 && strstr(*mimetype, "charset=") == NULL) {
373
0
      newlen = len + (sizeof(";charset=")-1) + strlen(charset);
374
0
      newtype = emalloc(newlen + 1);
375
0
      PHP_STRLCPY(newtype, *mimetype, newlen + 1, len);
376
0
      strlcat(newtype, ";charset=", newlen + 1);
377
0
      strlcat(newtype, charset, newlen + 1);
378
0
      efree(*mimetype);
379
0
      *mimetype = newtype;
380
0
      return newlen;
381
0
    }
382
0
  }
383
0
  return 0;
384
0
}
385
386
SAPI_API void sapi_activate_headers_only(void)
387
0
{
388
0
  if (SG(request_info).headers_read == 1)
389
0
    return;
390
0
  SG(request_info).headers_read = 1;
391
0
  zend_llist_init(&SG(sapi_headers).headers, sizeof(sapi_header_struct),
392
0
      (void (*)(void *)) sapi_free_header, 0);
393
0
  SG(sapi_headers).send_default_content_type = 1;
394
395
  /* SG(sapi_headers).http_response_code = 200; */
396
0
  SG(sapi_headers).http_status_line = NULL;
397
0
  SG(sapi_headers).mimetype = NULL;
398
0
  SG(read_post_bytes) = 0;
399
0
  SG(request_info).request_body = NULL;
400
0
  SG(request_info).current_user = NULL;
401
0
  SG(request_info).current_user_length = 0;
402
0
  SG(request_info).no_headers = 0;
403
0
  SG(request_info).post_entry = NULL;
404
0
  SG(global_request_time) = 0;
405
406
  /*
407
   * It's possible to override this general case in the activate() callback,
408
   * if necessary.
409
   */
410
0
  if (SG(request_info).request_method && !strcmp(SG(request_info).request_method, "HEAD")) {
411
0
    SG(request_info).headers_only = 1;
412
0
  } else {
413
0
    SG(request_info).headers_only = 0;
414
0
  }
415
0
  if (SG(server_context)) {
416
0
    SG(request_info).cookie_data = sapi_module.read_cookies();
417
0
    if (sapi_module.activate) {
418
0
      sapi_module.activate();
419
0
    }
420
0
  }
421
0
  if (sapi_module.input_filter_init ) {
422
0
    sapi_module.input_filter_init();
423
0
  }
424
0
}
425
426
/*
427
 * Called from php_request_startup() for every request.
428
 */
429
430
SAPI_API void sapi_activate(void)
431
300k
{
432
300k
  zend_llist_init(&SG(sapi_headers).headers, sizeof(sapi_header_struct), (void (*)(void *)) sapi_free_header, 0);
433
300k
  SG(sapi_headers).send_default_content_type = 1;
434
435
  /*
436
  SG(sapi_headers).http_response_code = 200;
437
  */
438
300k
  SG(sapi_headers).http_status_line = NULL;
439
300k
  SG(sapi_headers).mimetype = NULL;
440
300k
  SG(headers_sent) = 0;
441
300k
  ZVAL_UNDEF(&SG(callback_func));
442
300k
  SG(read_post_bytes) = 0;
443
300k
  SG(request_info).request_body = NULL;
444
300k
  SG(request_info).current_user = NULL;
445
300k
  SG(request_info).current_user_length = 0;
446
300k
  SG(request_info).no_headers = 0;
447
300k
  SG(request_info).post_entry = NULL;
448
300k
  SG(request_info).proto_num = 1000; /* Default to HTTP 1.0 */
449
300k
  SG(global_request_time) = 0;
450
300k
  SG(post_read) = 0;
451
  /* It's possible to override this general case in the activate() callback, if necessary. */
452
300k
  if (SG(request_info).request_method && !strcmp(SG(request_info).request_method, "HEAD")) {
453
0
    SG(request_info).headers_only = 1;
454
300k
  } else {
455
300k
    SG(request_info).headers_only = 0;
456
300k
  }
457
300k
  SG(rfc1867_uploaded_files) = NULL;
458
300k
  SG(request_parse_body_context).throw_exceptions = false;
459
300k
  memset(&SG(request_parse_body_context).options_cache, 0, sizeof(SG(request_parse_body_context).options_cache));
460
461
  /* Handle request method */
462
300k
  if (SG(server_context)) {
463
0
    if (PG(enable_post_data_reading)
464
0
    &&  SG(request_info).content_type
465
0
    &&  SG(request_info).request_method
466
0
    && !strcmp(SG(request_info).request_method, "POST")) {
467
      /* HTTP POST may contain form data to be processed into variables
468
       * depending on given content type */
469
0
      sapi_read_post_data();
470
0
    } else {
471
0
      SG(request_info).content_type_dup = NULL;
472
0
    }
473
474
    /* Cookies */
475
0
    SG(request_info).cookie_data = sapi_module.read_cookies();
476
0
  }
477
300k
  if (sapi_module.activate) {
478
0
    sapi_module.activate();
479
0
  }
480
300k
  if (sapi_module.input_filter_init) {
481
0
    sapi_module.input_filter_init();
482
0
  }
483
300k
}
484
485
486
static void sapi_send_headers_free(void)
487
600k
{
488
600k
  if (SG(sapi_headers).http_status_line) {
489
5
    efree(SG(sapi_headers).http_status_line);
490
5
    SG(sapi_headers).http_status_line = NULL;
491
5
  }
492
600k
}
493
494
SAPI_API void sapi_deactivate_module(void)
495
300k
{
496
300k
  zend_llist_destroy(&SG(sapi_headers).headers);
497
300k
  if (SG(request_info).request_body) {
498
0
    SG(request_info).request_body = NULL;
499
300k
  } else if (SG(server_context)) {
500
0
    if (!SG(post_read)) {
501
      /* make sure we've consumed all request input data */
502
0
      char dummy[SAPI_POST_BLOCK_SIZE];
503
0
      size_t read_bytes;
504
505
0
      do {
506
0
        read_bytes = sapi_read_post_block(dummy, SAPI_POST_BLOCK_SIZE);
507
0
      } while (SAPI_POST_BLOCK_SIZE == read_bytes);
508
0
    }
509
0
  }
510
300k
  if (SG(request_info).auth_user) {
511
0
    efree(SG(request_info).auth_user);
512
0
    SG(request_info).auth_user = NULL;
513
0
  }
514
300k
  if (SG(request_info).auth_password) {
515
0
    efree(SG(request_info).auth_password);
516
0
    SG(request_info).auth_password = NULL;
517
0
  }
518
300k
  if (SG(request_info).auth_digest) {
519
0
    efree(SG(request_info).auth_digest);
520
0
    SG(request_info).auth_digest = NULL;
521
0
  }
522
300k
  if (SG(request_info).content_type_dup) {
523
0
    efree(SG(request_info).content_type_dup);
524
0
  }
525
300k
  if (SG(request_info).current_user) {
526
0
    efree(SG(request_info).current_user);
527
0
  }
528
300k
  if (sapi_module.deactivate) {
529
0
    sapi_module.deactivate();
530
0
  }
531
300k
}
532
533
SAPI_API void sapi_deactivate_destroy(void)
534
300k
{
535
300k
  if (SG(rfc1867_uploaded_files)) {
536
0
    destroy_uploaded_files_hash();
537
0
  }
538
300k
  if (SG(sapi_headers).mimetype) {
539
0
    efree(SG(sapi_headers).mimetype);
540
0
    SG(sapi_headers).mimetype = NULL;
541
0
  }
542
300k
  sapi_send_headers_free();
543
300k
  SG(sapi_started) = 0;
544
300k
  SG(headers_sent) = 0;
545
300k
  SG(request_info).headers_read = 0;
546
300k
  SG(global_request_time) = 0;
547
300k
}
548
549
SAPI_API void sapi_deactivate(void)
550
16
{
551
16
  sapi_deactivate_module();
552
16
  sapi_deactivate_destroy();
553
16
}
554
555
556
SAPI_API void sapi_initialize_empty_request(void)
557
16
{
558
16
  SG(server_context) = NULL;
559
16
  SG(request_info).request_method = NULL;
560
16
  SG(request_info).auth_digest = SG(request_info).auth_user = SG(request_info).auth_password = NULL;
561
16
  SG(request_info).content_type_dup = NULL;
562
16
}
563
564
565
static int sapi_extract_response_code(const char *header_line)
566
31
{
567
31
  int code = 200;
568
31
  const char *ptr;
569
570
1.48k
  for (ptr = header_line; *ptr; ptr++) {
571
1.48k
    if (*ptr == ' ' && *(ptr + 1) != ' ') {
572
30
      code = atoi(ptr + 1);
573
30
      break;
574
30
    }
575
1.48k
  }
576
577
31
  return code;
578
31
}
579
580
581
static void sapi_update_response_code(int ncode)
582
39
{
583
  /* if the status code did not change, we do not want
584
     to change the status line, and no need to change the code */
585
39
  if (SG(sapi_headers).http_response_code == ncode) {
586
35
    return;
587
35
  }
588
589
4
  if (SG(sapi_headers).http_status_line) {
590
2
    efree(SG(sapi_headers).http_status_line);
591
2
    SG(sapi_headers).http_status_line = NULL;
592
2
  }
593
4
  SG(sapi_headers).http_response_code = ncode;
594
4
}
595
596
/*
597
 * since zend_llist_del_element only removes one matched item once,
598
 * we should remove them manually
599
 */
600
300k
static void sapi_remove_header(zend_llist *l, char *name, size_t len) {
601
300k
  sapi_header_struct *header;
602
300k
  zend_llist_element *next;
603
300k
  zend_llist_element *current=l->head;
604
605
300k
  while (current) {
606
106
    header = (sapi_header_struct *)(current->data);
607
106
    next = current->next;
608
106
    if (header->header_len > len && header->header[len] == ':'
609
106
        && !strncasecmp(header->header, name, len)) {
610
28
      if (current->prev) {
611
28
        current->prev->next = next;
612
28
      } else {
613
0
        l->head = next;
614
0
      }
615
28
      if (next) {
616
21
        next->prev = current->prev;
617
21
      } else {
618
7
        l->tail = current->prev;
619
7
      }
620
28
      sapi_free_header(header);
621
28
      efree(current);
622
28
      --l->count;
623
28
    }
624
106
    current = next;
625
106
  }
626
300k
}
627
628
SAPI_API int sapi_add_header_ex(const char *header_line, size_t header_line_len, bool duplicate, bool replace)
629
300k
{
630
300k
  sapi_header_line ctr = {0};
631
300k
  int r;
632
633
300k
  ctr.line = header_line;
634
300k
  ctr.line_len = header_line_len;
635
636
300k
  r = sapi_header_op(replace ? SAPI_HEADER_REPLACE : SAPI_HEADER_ADD,
637
300k
      &ctr);
638
639
300k
  if (!duplicate)
640
0
    efree((void *) header_line);
641
642
300k
  return r;
643
300k
}
644
645
static void sapi_header_add_op(sapi_header_op_enum op, sapi_header_struct *sapi_header)
646
300k
{
647
300k
  if (!sapi_module.header_handler ||
648
300k
    (SAPI_HEADER_ADD & sapi_module.header_handler(sapi_header, op, &SG(sapi_headers)))) {
649
300k
    if (op == SAPI_HEADER_REPLACE) {
650
300k
      char *colon_offset = strchr(sapi_header->header, ':');
651
652
300k
      if (colon_offset) {
653
300k
        char sav = *colon_offset;
654
655
300k
        *colon_offset = 0;
656
300k
            sapi_remove_header(&SG(sapi_headers).headers, sapi_header->header, strlen(sapi_header->header));
657
300k
        *colon_offset = sav;
658
300k
      }
659
300k
    }
660
300k
    zend_llist_add_element(&SG(sapi_headers).headers, (void *) sapi_header);
661
300k
  } else {
662
0
    sapi_free_header(sapi_header);
663
0
  }
664
300k
}
665
666
SAPI_API int sapi_header_op(sapi_header_op_enum op, void *arg)
667
300k
{
668
300k
  sapi_header_struct sapi_header;
669
300k
  char *colon_offset;
670
300k
  char *header_line;
671
300k
  size_t header_line_len;
672
300k
  int http_response_code;
673
674
300k
  if (SG(headers_sent) && !SG(request_info).no_headers) {
675
11
    const char *output_start_filename = php_output_get_start_filename();
676
11
    int output_start_lineno = php_output_get_start_lineno();
677
678
11
    if (output_start_filename) {
679
11
      sapi_module.sapi_error(E_WARNING, "Cannot modify header information - headers already sent by (output started at %s:%d)",
680
11
        output_start_filename, output_start_lineno);
681
11
    } else {
682
0
      sapi_module.sapi_error(E_WARNING, "Cannot modify header information - headers already sent");
683
0
    }
684
11
    return FAILURE;
685
11
  }
686
687
300k
  switch (op) {
688
0
    case SAPI_HEADER_SET_STATUS:
689
0
      sapi_update_response_code((int)(intptr_t) arg);
690
0
      return SUCCESS;
691
692
21
    case SAPI_HEADER_ADD:
693
300k
    case SAPI_HEADER_REPLACE:
694
300k
    case SAPI_HEADER_DELETE: {
695
300k
        sapi_header_line *p = arg;
696
697
300k
        if (!p->line || !p->line_len) {
698
0
          return FAILURE;
699
0
        }
700
300k
        header_line = estrndup(p->line, p->line_len);
701
300k
        header_line_len = p->line_len;
702
300k
        http_response_code = p->response_code;
703
300k
        break;
704
300k
      }
705
706
0
    case SAPI_HEADER_DELETE_ALL:
707
0
      if (sapi_module.header_handler) {
708
0
        sapi_module.header_handler(&sapi_header, op, &SG(sapi_headers));
709
0
      }
710
0
      zend_llist_clean(&SG(sapi_headers).headers);
711
0
      return SUCCESS;
712
713
0
    default:
714
0
      return FAILURE;
715
300k
  }
716
717
  /* cut off trailing spaces, linefeeds and carriage-returns */
718
300k
  if (header_line_len && isspace(header_line[header_line_len-1])) {
719
49
    do {
720
49
      header_line_len--;
721
49
    } while(header_line_len && isspace(header_line[header_line_len-1]));
722
49
    header_line[header_line_len]='\0';
723
49
  }
724
725
300k
  if (op == SAPI_HEADER_DELETE) {
726
0
    if (strchr(header_line, ':')) {
727
0
      efree(header_line);
728
0
      sapi_module.sapi_error(E_WARNING, "Header to delete may not contain colon.");
729
0
      return FAILURE;
730
0
    }
731
0
    if (sapi_module.header_handler) {
732
0
      sapi_header.header = header_line;
733
0
      sapi_header.header_len = header_line_len;
734
0
      sapi_module.header_handler(&sapi_header, op, &SG(sapi_headers));
735
0
    }
736
0
    sapi_remove_header(&SG(sapi_headers).headers, header_line, header_line_len);
737
0
    efree(header_line);
738
0
    return SUCCESS;
739
300k
  } else {
740
    /* new line/NUL character safety check */
741
300k
    uint32_t i;
742
8.41M
    for (i = 0; i < header_line_len; i++) {
743
      /* RFC 7230 ch. 3.2.4 deprecates folding support */
744
8.11M
      if (header_line[i] == '\n' || header_line[i] == '\r') {
745
3
        efree(header_line);
746
3
        sapi_module.sapi_error(E_WARNING, "Header may not contain "
747
3
            "more than a single header, new line detected");
748
3
        return FAILURE;
749
3
      }
750
8.11M
      if (header_line[i] == '\0') {
751
36
        efree(header_line);
752
36
        sapi_module.sapi_error(E_WARNING, "Header may not contain NUL bytes");
753
36
        return FAILURE;
754
36
      }
755
8.11M
    }
756
300k
  }
757
758
300k
  sapi_header.header = header_line;
759
300k
  sapi_header.header_len = header_line_len;
760
761
  /* Check the header for a few cases that we have special support for in SAPI */
762
300k
  if (header_line_len>=5
763
300k
    && !strncasecmp(header_line, "HTTP/", 5)) {
764
    /* filter out the response code */
765
31
    sapi_update_response_code(sapi_extract_response_code(header_line));
766
    /* sapi_update_response_code doesn't free the status line if the code didn't change */
767
31
    if (SG(sapi_headers).http_status_line) {
768
24
      efree(SG(sapi_headers).http_status_line);
769
24
    }
770
31
    SG(sapi_headers).http_status_line = header_line;
771
31
    return SUCCESS;
772
300k
  } else {
773
300k
    colon_offset = strchr(header_line, ':');
774
300k
    if (colon_offset) {
775
300k
      *colon_offset = 0;
776
300k
      if (!strcasecmp(header_line, "Content-Type")) {
777
0
        char *ptr = colon_offset+1, *mimetype = NULL, *newheader;
778
0
        size_t len = header_line_len - (ptr - header_line), newlen;
779
0
        while (*ptr == ' ') {
780
0
          ptr++;
781
0
          len--;
782
0
        }
783
784
0
        mimetype = estrdup(ptr);
785
0
        newlen = sapi_apply_default_charset(&mimetype, len);
786
0
        if (!SG(sapi_headers).mimetype){
787
0
          SG(sapi_headers).mimetype = estrdup(mimetype);
788
0
        }
789
790
0
        if (newlen != 0) {
791
0
          newlen += sizeof("Content-type: ");
792
0
          newheader = emalloc(newlen);
793
0
          PHP_STRLCPY(newheader, "Content-type: ", newlen, sizeof("Content-type: ")-1);
794
0
          strlcat(newheader, mimetype, newlen);
795
0
          sapi_header.header = newheader;
796
0
          sapi_header.header_len = (uint32_t)(newlen - 1);
797
0
          efree(header_line);
798
0
        }
799
0
        efree(mimetype);
800
0
        SG(sapi_headers).send_default_content_type = 0;
801
300k
      } else if (!strcasecmp(header_line, "Content-Length")) {
802
        /* Script is setting Content-length. The script cannot reasonably
803
         * know the size of the message body after compression, so it's best
804
         * to disable compression altogether. This contributes to making scripts
805
         * portable between setups that have and don't have zlib compression
806
         * enabled globally. See req #44164 */
807
0
        zend_string *key = ZSTR_INIT_LITERAL("zlib.output_compression", 0);
808
0
        zend_alter_ini_entry_chars(key,
809
0
          "0", sizeof("0") - 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
810
0
        zend_string_release_ex(key, 0);
811
300k
      } else if (!strcasecmp(header_line, "Location")) {
812
0
        if ((SG(sapi_headers).http_response_code < 300 ||
813
0
          SG(sapi_headers).http_response_code > 399) &&
814
0
          SG(sapi_headers).http_response_code != 201) {
815
          /* Return a Found Redirect if one is not already specified */
816
0
          if (http_response_code) { /* user specified redirect code */
817
0
            sapi_update_response_code(http_response_code);
818
0
          } else if (SG(request_info).proto_num > 1000 &&
819
0
             SG(request_info).request_method &&
820
0
             strcmp(SG(request_info).request_method, "HEAD") &&
821
0
             strcmp(SG(request_info).request_method, "GET")) {
822
0
            sapi_update_response_code(303);
823
0
          } else {
824
0
            sapi_update_response_code(302);
825
0
          }
826
0
        }
827
300k
      } else if (!strcasecmp(header_line, "WWW-Authenticate")) { /* HTTP Authentication */
828
0
        sapi_update_response_code(401); /* authentication-required */
829
0
      }
830
300k
      if (sapi_header.header==header_line) {
831
300k
        *colon_offset = ':';
832
300k
      }
833
300k
    }
834
300k
  }
835
300k
  if (http_response_code) {
836
8
    sapi_update_response_code(http_response_code);
837
8
  }
838
300k
  sapi_header_add_op(op, &sapi_header);
839
300k
  return SUCCESS;
840
300k
}
841
842
843
SAPI_API int sapi_send_headers(void)
844
300k
{
845
300k
  int retval;
846
300k
  int ret = FAILURE;
847
848
300k
  if (SG(headers_sent) || SG(request_info).no_headers) {
849
0
    return SUCCESS;
850
0
  }
851
852
  /* Success-oriented. We set headers_sent to 1 here to avoid an infinite loop
853
   * in case of an error situation.
854
   */
855
300k
  if (SG(sapi_headers).send_default_content_type && sapi_module.send_headers) {
856
0
      uint32_t len = 0;
857
0
    char *default_mimetype = get_default_content_type(0, &len);
858
859
0
    if (default_mimetype && len) {
860
0
      sapi_header_struct default_header;
861
862
0
      SG(sapi_headers).mimetype = default_mimetype;
863
864
0
      default_header.header_len = sizeof("Content-type: ") - 1 + len;
865
0
      default_header.header = emalloc(default_header.header_len + 1);
866
867
0
      memcpy(default_header.header, "Content-type: ", sizeof("Content-type: ") - 1);
868
0
      memcpy(default_header.header + sizeof("Content-type: ") - 1, SG(sapi_headers).mimetype, len + 1);
869
870
0
      sapi_header_add_op(SAPI_HEADER_ADD, &default_header);
871
0
    } else {
872
0
      efree(default_mimetype);
873
0
    }
874
0
    SG(sapi_headers).send_default_content_type = 0;
875
0
  }
876
877
300k
  if (Z_TYPE(SG(callback_func)) != IS_UNDEF) {
878
0
    zval cb;
879
0
    ZVAL_COPY_VALUE(&cb, &SG(callback_func));
880
0
    ZVAL_UNDEF(&SG(callback_func));
881
0
    sapi_run_header_callback(&cb);
882
0
    zval_ptr_dtor(&cb);
883
0
  }
884
885
300k
  SG(headers_sent) = 1;
886
887
300k
  if (sapi_module.send_headers) {
888
0
    retval = sapi_module.send_headers(&SG(sapi_headers));
889
300k
  } else {
890
300k
    retval = SAPI_HEADER_DO_SEND;
891
300k
  }
892
893
300k
  switch (retval) {
894
0
    case SAPI_HEADER_SENT_SUCCESSFULLY:
895
0
      ret = SUCCESS;
896
0
      break;
897
300k
    case SAPI_HEADER_DO_SEND: {
898
300k
        sapi_header_struct http_status_line;
899
300k
        char buf[255];
900
901
300k
        if (SG(sapi_headers).http_status_line) {
902
5
          http_status_line.header = SG(sapi_headers).http_status_line;
903
5
          http_status_line.header_len = (uint32_t)strlen(SG(sapi_headers).http_status_line);
904
300k
        } else {
905
300k
          http_status_line.header = buf;
906
300k
          http_status_line.header_len = slprintf(buf, sizeof(buf), "HTTP/1.0 %d X", SG(sapi_headers).http_response_code);
907
300k
        }
908
300k
        sapi_module.send_header(&http_status_line, SG(server_context));
909
300k
      }
910
300k
      zend_llist_apply_with_argument(&SG(sapi_headers).headers, (llist_apply_with_arg_func_t) sapi_module.send_header, SG(server_context));
911
300k
      if(SG(sapi_headers).send_default_content_type) {
912
300k
        sapi_header_struct default_header;
913
914
300k
        sapi_get_default_content_type_header(&default_header);
915
300k
        sapi_module.send_header(&default_header, SG(server_context));
916
300k
        sapi_free_header(&default_header);
917
300k
      }
918
300k
      sapi_module.send_header(NULL, SG(server_context));
919
300k
      ret = SUCCESS;
920
300k
      break;
921
0
    case SAPI_HEADER_SEND_FAILED:
922
0
      SG(headers_sent) = 0;
923
0
      ret = FAILURE;
924
0
      break;
925
300k
  }
926
927
300k
  sapi_send_headers_free();
928
929
300k
  return ret;
930
300k
}
931
932
933
SAPI_API int sapi_register_post_entries(const sapi_post_entry *post_entries)
934
16
{
935
16
  const sapi_post_entry *p=post_entries;
936
937
48
  while (p->content_type) {
938
32
    if (sapi_register_post_entry(p) == FAILURE) {
939
0
      return FAILURE;
940
0
    }
941
32
    p++;
942
32
  }
943
16
  return SUCCESS;
944
16
}
945
946
947
SAPI_API int sapi_register_post_entry(const sapi_post_entry *post_entry)
948
32
{
949
32
  int ret;
950
32
  zend_string *key;
951
32
  if (SG(sapi_started) && EG(current_execute_data)) {
952
0
    return FAILURE;
953
0
  }
954
32
  key = zend_string_init(post_entry->content_type, post_entry->content_type_len, 1);
955
32
  GC_MAKE_PERSISTENT_LOCAL(key);
956
32
  ret = zend_hash_add_mem(&SG(known_post_content_types), key,
957
32
      (void *) post_entry, sizeof(sapi_post_entry)) ? SUCCESS : FAILURE;
958
32
  zend_string_release_ex(key, 1);
959
32
  return ret;
960
32
}
961
962
SAPI_API void sapi_unregister_post_entry(const sapi_post_entry *post_entry)
963
0
{
964
0
  if (SG(sapi_started) && EG(current_execute_data)) {
965
0
    return;
966
0
  }
967
0
  zend_hash_str_del(&SG(known_post_content_types), post_entry->content_type,
968
0
      post_entry->content_type_len);
969
0
}
970
971
972
SAPI_API int sapi_register_default_post_reader(void (*default_post_reader)(void))
973
16
{
974
16
  if (SG(sapi_started) && EG(current_execute_data)) {
975
0
    return FAILURE;
976
0
  }
977
16
  sapi_module.default_post_reader = default_post_reader;
978
16
  return SUCCESS;
979
16
}
980
981
982
SAPI_API int sapi_register_treat_data(void (*treat_data)(int arg, char *str, zval *destArray))
983
16
{
984
16
  if (SG(sapi_started) && EG(current_execute_data)) {
985
0
    return FAILURE;
986
0
  }
987
16
  sapi_module.treat_data = treat_data;
988
16
  return SUCCESS;
989
16
}
990
991
SAPI_API int sapi_register_input_filter(unsigned int (*input_filter)(int arg, const char *var, char **val, size_t val_len, size_t *new_val_len), unsigned int (*input_filter_init)(void))
992
16
{
993
16
  if (SG(sapi_started) && EG(current_execute_data)) {
994
0
    return FAILURE;
995
0
  }
996
16
  sapi_module.input_filter = input_filter;
997
16
  sapi_module.input_filter_init = input_filter_init;
998
16
  return SUCCESS;
999
16
}
1000
1001
SAPI_API int sapi_flush(void)
1002
55.6M
{
1003
55.6M
  if (sapi_module.flush) {
1004
55.6M
    sapi_module.flush(SG(server_context));
1005
55.6M
    return SUCCESS;
1006
55.6M
  } else {
1007
0
    return FAILURE;
1008
0
  }
1009
55.6M
}
1010
1011
SAPI_API zend_stat_t *sapi_get_stat(void)
1012
0
{
1013
0
  if (sapi_module.get_stat) {
1014
0
    return sapi_module.get_stat();
1015
0
  } else {
1016
0
    if (!SG(request_info).path_translated || (VCWD_STAT(SG(request_info).path_translated, &SG(global_stat)) == -1)) {
1017
0
      return NULL;
1018
0
    }
1019
0
    return &SG(global_stat);
1020
0
  }
1021
0
}
1022
1023
SAPI_API char *sapi_getenv(const char *name, size_t name_len)
1024
20
{
1025
20
  char *value, *tmp;
1026
1027
20
  if (!sapi_module.getenv) {
1028
20
    return NULL;
1029
20
  }
1030
0
  if (!strncasecmp(name, "HTTP_PROXY", name_len)) {
1031
    /* Ugly fix for HTTP_PROXY issue, see bug #72573 */
1032
0
    return NULL;
1033
0
  }
1034
0
  tmp = sapi_module.getenv(name, name_len);
1035
0
  if (!tmp) {
1036
0
    return NULL;
1037
0
  }
1038
0
  value = estrdup(tmp);
1039
#ifdef PHP_WIN32
1040
  if (strlen(sapi_module.name) == sizeof("cgi-fcgi") - 1 && !strcmp(sapi_module.name, "cgi-fcgi")) {
1041
    /* XXX more modules to go, if needed. */
1042
    free(tmp);
1043
  }
1044
#endif
1045
0
  if (sapi_module.input_filter) {
1046
0
    sapi_module.input_filter(PARSE_STRING, name, &value, strlen(value), NULL);
1047
0
  }
1048
0
  return value;
1049
0
}
1050
1051
SAPI_API int sapi_get_fd(int *fd)
1052
0
{
1053
0
  if (sapi_module.get_fd) {
1054
0
    return sapi_module.get_fd(fd);
1055
0
  } else {
1056
0
    return FAILURE;
1057
0
  }
1058
0
}
1059
1060
SAPI_API int sapi_force_http_10(void)
1061
0
{
1062
0
  if (sapi_module.force_http_10) {
1063
0
    return sapi_module.force_http_10();
1064
0
  } else {
1065
0
    return FAILURE;
1066
0
  }
1067
0
}
1068
1069
1070
SAPI_API int sapi_get_target_uid(uid_t *obj)
1071
0
{
1072
0
  if (sapi_module.get_target_uid) {
1073
0
    return sapi_module.get_target_uid(obj);
1074
0
  } else {
1075
0
    return FAILURE;
1076
0
  }
1077
0
}
1078
1079
SAPI_API int sapi_get_target_gid(gid_t *obj)
1080
0
{
1081
0
  if (sapi_module.get_target_gid) {
1082
0
    return sapi_module.get_target_gid(obj);
1083
0
  } else {
1084
0
    return FAILURE;
1085
0
  }
1086
0
}
1087
1088
SAPI_API double sapi_get_request_time(void)
1089
98.6k
{
1090
98.6k
  if(SG(global_request_time)) return SG(global_request_time);
1091
1092
98.6k
  if (!sapi_module.get_request_time
1093
98.6k
      || sapi_module.get_request_time(&SG(global_request_time)) == FAILURE) {
1094
98.6k
    struct timeval tp = {0};
1095
98.6k
    if (!gettimeofday(&tp, NULL)) {
1096
98.6k
      SG(global_request_time) = (double)(tp.tv_sec + tp.tv_usec / 1000000.00);
1097
98.6k
    } else {
1098
0
      SG(global_request_time) = (double)time(0);
1099
0
    }
1100
98.6k
  }
1101
98.6k
  return SG(global_request_time);
1102
98.6k
}
1103
1104
0
SAPI_API void sapi_terminate_process(void) {
1105
0
  if (sapi_module.terminate_process) {
1106
0
    sapi_module.terminate_process();
1107
0
  }
1108
0
}
1109
1110
SAPI_API void sapi_add_request_header(const char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
1111
0
{
1112
0
  zval *return_value = (zval*)arg;
1113
0
  char *buf = NULL;
1114
1115
0
  ALLOCA_FLAG(use_heap)
1116
1117
0
  if (var_len > 5 &&
1118
0
      var[0] == 'H' &&
1119
0
      var[1] == 'T' &&
1120
0
      var[2] == 'T' &&
1121
0
      var[3] == 'P' &&
1122
0
      var[4] == '_') {
1123
1124
0
    const char *p;
1125
0
    char *str;
1126
1127
0
    var_len -= 5;
1128
0
    p = var + 5;
1129
0
    var = str = buf = do_alloca(var_len + 1, use_heap);
1130
0
    *str++ = *p++;
1131
0
    while (*p) {
1132
0
      if (*p == '_') {
1133
0
        *str++ = '-';
1134
0
        p++;
1135
0
        if (*p) {
1136
0
          *str++ = *p++;
1137
0
        }
1138
0
      } else if (*p >= 'A' && *p <= 'Z') {
1139
0
        *str++ = (*p++ - 'A' + 'a');
1140
0
      } else {
1141
0
        *str++ = *p++;
1142
0
      }
1143
0
    }
1144
0
    *str = 0;
1145
0
  } else if (var_len == sizeof("CONTENT_TYPE")-1 &&
1146
0
             memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
1147
0
    var = "Content-Type";
1148
0
  } else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
1149
0
             memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
1150
0
    var = "Content-Length";
1151
0
  } else {
1152
0
    return;
1153
0
  }
1154
0
  add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
1155
0
  if (buf) {
1156
0
    free_alloca(buf, use_heap);
1157
0
  }
1158
0
}
1159
/* }}} */