Added the 'add_slashes' sanitization filter (FILTER_SANITIZE_ADD_SLASHES) as an alias to 'magic_quotes' (FILTER_SANITIZE_MAGIC_QUOTES) so we can move past our "magical" legacy.

KalleZ · KalleZ · commit a8dce319572e · 2018-07-09T03:58:20.000+02:00
diff --git a/NEWS b/NEWS
@@ -7,6 +7,8 @@ PHP                                                                        NEWS
     type 37). (Peter Kokot)
 
 - Filter:
+  . Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES). 
+	(Kalle)
   . Fixed bug #76366 (References in sub-array for filtering breaks the filter).
     (ZiHang Gao)
 
diff --git a/UPGRADING b/UPGRADING
@@ -374,6 +374,9 @@ JSON:
   . FILTER_VALIDATE_FLOAT now also supports a `thousand` option, which
     defines the set of allowed thousand separator chars.  The default (`"',."`)
     is fully backward compatible with former PHP versions.
+  . FILTER_SANITIZE_ADD_SLASHES has been added as an alias of the 'magic_quotes' 
+    filter (FILTER_SANITIZE_MAGIC_QUOTES). The 'magic_quotes' filter is subject 
+	to removal in future versions of PHP.
 
  FTP:
   . Set default transfer mode to binary
diff --git a/ext/filter/filter.c b/ext/filter/filter.c
@@ -58,7 +58,8 @@ static const filter_list_entry filter_list[] = {
 	{ "url",             FILTER_SANITIZE_URL,           php_filter_url             },
 	{ "number_int",      FILTER_SANITIZE_NUMBER_INT,    php_filter_number_int      },
 	{ "number_float",    FILTER_SANITIZE_NUMBER_FLOAT,  php_filter_number_float    },
-	{ "magic_quotes",    FILTER_SANITIZE_MAGIC_QUOTES,  php_filter_magic_quotes    },
+	{ "magic_quotes",    FILTER_SANITIZE_MAGIC_QUOTES,  php_filter_add_slashes     },
+	{ "add_slashes",     FILTER_SANITIZE_ADD_SLASHES,   php_filter_add_slashes     },
 
 	{ "callback",        FILTER_CALLBACK,               php_filter_callback        },
 };
@@ -253,6 +254,7 @@ PHP_MINIT_FUNCTION(filter)
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ADD_SLASHES", FILTER_SANITIZE_ADD_SLASHES, CONST_CS | CONST_PERSISTENT);
 
 	REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);
 
diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h
@@ -85,7 +85,8 @@
 #define FILTER_SANITIZE_NUMBER_FLOAT  0x0208
 #define FILTER_SANITIZE_MAGIC_QUOTES  0x0209
 #define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a
-#define FILTER_SANITIZE_LAST          0x020a
+#define FILTER_SANITIZE_ADD_SLASHES   0x020b
+#define FILTER_SANITIZE_LAST          0x020b
 
 #define FILTER_SANITIZE_ALL           0x0200
 
diff --git a/ext/filter/php_filter.h b/ext/filter/php_filter.h
@@ -91,7 +91,7 @@ void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_number_int(PHP_INPUT_FILTER_PARAM_DECL);
 void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL);
-void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL);
+void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL);
 
 void php_filter_callback(PHP_INPUT_FILTER_PARAM_DECL);
 
diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
@@ -368,9 +368,11 @@ void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL)
 }
 /* }}} */
 
-/* {{{ php_filter_magic_quotes */
-void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL)
+/* {{{ php_filter_add_slashes */
+void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL)
 {
+	/* This filter is used by both 'add_slashes' & 'magic_quotes' (legacy) */
+
 	zend_string *buf;
 
 	/* just call php_addslashes quotes */
diff --git a/ext/filter/tests/008.phpt b/ext/filter/tests/008.phpt
@@ -11,7 +11,7 @@ var_dump(filter_list(array()));
 echo "Done\n";
 ?>
 --EXPECTF--	
-array(21) {
+array(22) {
   [0]=>
   string(3) "int"
   [1]=>
@@ -53,6 +53,8 @@ array(21) {
   [19]=>
   string(12) "magic_quotes"
   [20]=>
+  string(11) "add_slashes"
+  [21]=>
   string(8) "callback"
 }
 
diff --git a/ext/filter/tests/033.phpt b/ext/filter/tests/033.phpt
@@ -30,4 +30,5 @@ url                 PHP  1  foo@bar.com    http://a.b.c        1.2.3.4   123  12
 number_int               1                                     1234      123  123                                                    
 number_float             1                                     1234      123  123                                                    
 magic_quotes        PHP  1  foo@bar.com    http://a.b.c        1.2.3.4   123  123abc<>()          O\'Henry       하퍼    aa:bb:cc:dd:ee:ff
+add_slashes         PHP  1  foo@bar.com    http://a.b.c        1.2.3.4   123  123abc<>()          O\'Henry       하퍼    aa:bb:cc:dd:ee:ff
 callback            PHP  1  FOO@BAR.COM    HTTP://A.B.C        1.2.3.4   123  123ABC<>()          O'HENRY        하퍼    AA:BB:CC:DD:EE:FF

Original file line number	Diff line number	Diff line change
`@@ -368,9 +368,11 @@ void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL)`
`368`	`368`	`}`
`369`	`369`	`/* }}} */`
`370`	`370`
`371`		`-/* {{{ php_filter_magic_quotes */`
`372`		`-void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL)`
	`371`	`+/* {{{ php_filter_add_slashes */`
	`372`	`+void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL)`
`373`	`373`	`{`
	`374`	`+ /* This filter is used by both 'add_slashes' & 'magic_quotes' (legacy) */`
	`375`	`+`
`374`	`376`	`zend_string *buf;`
`375`	`377`
`376`	`378`	`/* just call php_addslashes quotes */`