Browse Source

Added the 'add_slashes' sanitization filter (FILTER_SANITIZE_ADD_SLASHES) as an alias to 'magic_quotes' (FILTER_SANITIZE_MAGIC_QUOTES) so we can move past our "magical" legacy.

pull/3378/head
Kalle Sommer Nielsen 8 years ago
parent
commit
a8dce31957
  1. 2
      NEWS
  2. 3
      UPGRADING
  3. 4
      ext/filter/filter.c
  4. 3
      ext/filter/filter_private.h
  5. 2
      ext/filter/php_filter.h
  6. 6
      ext/filter/sanitizing_filters.c
  7. 4
      ext/filter/tests/008.phpt
  8. 1
      ext/filter/tests/033.phpt

2
NEWS

@ -7,6 +7,8 @@ PHP NEWS
type 37). (Peter Kokot)
- Filter:
. Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).
(Kalle)
. Fixed bug #76366 (References in sub-array for filtering breaks the filter).
(ZiHang Gao)

3
UPGRADING

@ -374,6 +374,9 @@ JSON:
. FILTER_VALIDATE_FLOAT now also supports a `thousand` option, which
defines the set of allowed thousand separator chars. The default (`"',."`)
is fully backward compatible with former PHP versions.
. FILTER_SANITIZE_ADD_SLASHES has been added as an alias of the 'magic_quotes'
filter (FILTER_SANITIZE_MAGIC_QUOTES). The 'magic_quotes' filter is subject
to removal in future versions of PHP.
FTP:
. Set default transfer mode to binary

4
ext/filter/filter.c

@ -58,7 +58,8 @@ static const filter_list_entry filter_list[] = {
{ "url", FILTER_SANITIZE_URL, php_filter_url },
{ "number_int", FILTER_SANITIZE_NUMBER_INT, php_filter_number_int },
{ "number_float", FILTER_SANITIZE_NUMBER_FLOAT, php_filter_number_float },
{ "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_magic_quotes },
{ "magic_quotes", FILTER_SANITIZE_MAGIC_QUOTES, php_filter_add_slashes },
{ "add_slashes", FILTER_SANITIZE_ADD_SLASHES, php_filter_add_slashes },
{ "callback", FILTER_CALLBACK, php_filter_callback },
};
@ -253,6 +254,7 @@ PHP_MINIT_FUNCTION(filter)
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_INT", FILTER_SANITIZE_NUMBER_INT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_NUMBER_FLOAT", FILTER_SANITIZE_NUMBER_FLOAT, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_MAGIC_QUOTES", FILTER_SANITIZE_MAGIC_QUOTES, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ADD_SLASHES", FILTER_SANITIZE_ADD_SLASHES, CONST_CS | CONST_PERSISTENT);
REGISTER_LONG_CONSTANT("FILTER_CALLBACK", FILTER_CALLBACK, CONST_CS | CONST_PERSISTENT);

3
ext/filter/filter_private.h

@ -85,7 +85,8 @@
#define FILTER_SANITIZE_NUMBER_FLOAT 0x0208
#define FILTER_SANITIZE_MAGIC_QUOTES 0x0209
#define FILTER_SANITIZE_FULL_SPECIAL_CHARS 0x020a
#define FILTER_SANITIZE_LAST 0x020a
#define FILTER_SANITIZE_ADD_SLASHES 0x020b
#define FILTER_SANITIZE_LAST 0x020b
#define FILTER_SANITIZE_ALL 0x0200

2
ext/filter/php_filter.h

@ -91,7 +91,7 @@ void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_url(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_number_int(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL);
void php_filter_callback(PHP_INPUT_FILTER_PARAM_DECL);

6
ext/filter/sanitizing_filters.c

@ -368,9 +368,11 @@ void php_filter_number_float(PHP_INPUT_FILTER_PARAM_DECL)
}
/* }}} */
/* {{{ php_filter_magic_quotes */
void php_filter_magic_quotes(PHP_INPUT_FILTER_PARAM_DECL)
/* {{{ php_filter_add_slashes */
void php_filter_add_slashes(PHP_INPUT_FILTER_PARAM_DECL)
{
/* This filter is used by both 'add_slashes' & 'magic_quotes' (legacy) */
zend_string *buf;
/* just call php_addslashes quotes */

4
ext/filter/tests/008.phpt

@ -11,7 +11,7 @@ var_dump(filter_list(array()));
echo "Done\n";
?>
--EXPECTF--
array(21) {
array(22) {
[0]=>
string(3) "int"
[1]=>
@ -53,6 +53,8 @@ array(21) {
[19]=>
string(12) "magic_quotes"
[20]=>
string(11) "add_slashes"
[21]=>
string(8) "callback"
}

1
ext/filter/tests/033.phpt

@ -30,4 +30,5 @@ url PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 12
number_int 1 1234 123 123
number_float 1 1234 123 123
magic_quotes PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 123abc<>() O\'Henry 하퍼 aa:bb:cc:dd:ee:ff
add_slashes PHP 1 foo@bar.com http://a.b.c 1.2.3.4 123 123abc<>() O\'Henry 하퍼 aa:bb:cc:dd:ee:ff
callback PHP 1 FOO@BAR.COM HTTP://A.B.C 1.2.3.4 123 123ABC<>() O'HENRY 하퍼 AA:BB:CC:DD:EE:FF
Loading…
Cancel
Save