Permalink
Browse files

Added the full htmlspecialchars() functionality which includes utf-8

validation as a default filter.
  • Loading branch information...
1 parent 9692a36 commit 4d75c644157b33d4d63aec4b757fc6d09cca9813 @rlerdorf rlerdorf committed Mar 31, 2010
Showing with 27 additions and 1 deletion.
  1. +1 −0 NEWS
  2. +2 −0 ext/filter/filter.c
  3. +2 −1 ext/filter/filter_private.h
  4. +2 −0 ext/filter/php_filter.h
  5. +20 −0 ext/filter/sanitizing_filters.c
View
1 NEWS
@@ -11,6 +11,7 @@ PHP NEWS
ReflectionExtension::isPersistent(). (Johannes)
- Added ReflectionZendExtension class. (Johannes)
- Added command line option --rz to CLI. (Johannes)
+- Added full_special_chars filter to ext/filter (Rasmus)
- default_charset if not specified is now UTF-8 instead of ISO-8859-1. (Rasmus)
- default session.entropy_file is now /dev/urandom or /dev/arandom if either
View
2 ext/filter/filter.c
@@ -52,6 +52,7 @@ static const filter_list_entry filter_list[] = {
{ "stripped", FILTER_SANITIZE_STRING, php_filter_string },
{ "encoded", FILTER_SANITIZE_ENCODED, php_filter_encoded },
{ "special_chars", FILTER_SANITIZE_SPECIAL_CHARS, php_filter_special_chars },
+ { "full_special_chars", FILTER_SANITIZE_FULL_SPECIAL_CHARS, php_filter_full_special_chars },
{ "unsafe_raw", FILTER_UNSAFE_RAW, php_filter_unsafe_raw },
{ "email", FILTER_SANITIZE_EMAIL, php_filter_email },
{ "url", FILTER_SANITIZE_URL, php_filter_url },
@@ -238,6 +239,7 @@ PHP_MINIT_FUNCTION(filter)
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
+ REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_EMAIL", FILTER_SANITIZE_EMAIL, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_URL", FILTER_SANITIZE_URL, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
View
3 ext/filter/filter_private.h
@@ -78,7 +78,8 @@
#define FILTER_SANITIZE_NUMBER_INT 0x0207
#define FILTER_SANITIZE_NUMBER_FLOAT 0x0208
#define FILTER_SANITIZE_MAGIC_QUOTES 0x0209
-#define FILTER_SANITIZE_LAST 0x0209
+#define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a
+#define FILTER_SANITIZE_LAST 0x020a
#define FILTER_SANITIZE_ALL 0x0200
View
2 ext/filter/php_filter.h
@@ -28,6 +28,7 @@
#include "php_ini.h"
#include "ext/standard/info.h"
#include "ext/standard/php_string.h"
+#include "ext/standard/html.h"
#include "php_variables.h"
extern zend_module_entry filter_module_entry;
@@ -81,6 +82,7 @@ void php_filter_validate_ip(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_encoded(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);
View
20 ext/filter/sanitizing_filters.c
@@ -242,6 +242,24 @@ void php_filter_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
}
/* }}} */
+/* {{{ php_filter_full_special_chars */
+void php_filter_full_special_chars(PHP_INPUT_FILTER_PARAM_DECL)
+{
+ char *buf;
+ int len, quotes;
+
+ if (!(flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
+ quotes = ENT_QUOTES;
+ } else {
+ quotes = ENT_NOQUOTES;
+ }
+ buf = php_escape_html_entities_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), &len, 1, quotes, SG(default_charset), 0 TSRMLS_CC);
+ efree(Z_STRVAL_P(value));
+ Z_STRVAL_P(value) = buf;
+ Z_STRLEN_P(value) = len;
+}
+/* }}} */
+
/* {{{ php_filter_unsafe_raw */
void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
{
@@ -266,6 +284,8 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
}
/* }}} */
+
+
/* {{{ php_filter_email */
#define SAFE "$-_.+"
#define EXTRA "!*'(),"

0 comments on commit 4d75c64

Please sign in to comment.