Beispiel #1
0
        /// <summary>
        /// Filters a variable with a specified filter.
        /// </summary>
        /// <param name="ctx">Runtime context.</param>
        /// <param name="variable">Value to filter.</param>
        /// <param name="filter">The ID of the filter to apply.</param>
        /// <param name="options">Associative array of options or bitwise disjunction of flags. If filter accepts options, flags can be provided in "flags" field of array. For the "callback" filter, callback type should be passed. The callback must accept one argument, the value to be filtered, and return the value after filtering/sanitizing it.</param>
        /// <returns>Returns the filtered data, or <c>false</c> if the filter fails.</returns>
        public static PhpValue filter_var(Context ctx, PhpValue variable, int filter /*= FILTER_DEFAULT*/, PhpValue options /*= NULL*/)
        {
            switch (filter)
            {
            //
            // SANITIZE
            //

            case (int)FilterSanitize.FILTER_DEFAULT:
                return((PhpValue)variable.ToString(ctx));

            case (int)FilterSanitize.EMAIL:
                // Remove all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[].
                return((PhpValue)FilterSanitizeString(variable.ToString(ctx), (c) =>
                                                      (int)c <= 0x7f && (Char.IsLetterOrDigit(c) ||
                                                                         c == '!' || c == '#' || c == '$' || c == '%' || c == '&' || c == '\'' ||
                                                                         c == '*' || c == '+' || c == '-' || c == '/' || c == '=' || c == '!' ||
                                                                         c == '?' || c == '^' || c == '_' || c == '`' || c == '{' || c == '|' ||
                                                                         c == '}' || c == '~' || c == '@' || c == '.' || c == '[' || c == ']')));

            //
            // VALIDATE
            //

            case (int)FilterValidate.EMAIL:
            {
                var str = variable.ToString(ctx);
                return(RegexUtilities.IsValidEmail(str) ? (PhpValue)str : PhpValue.False);
            }

            case (int)FilterValidate.INT:
            {
                int result;
                if (int.TryParse((PhpVariable.AsString(variable) ?? string.Empty).Trim(), out result))
                {
                    if (!options.IsNull)
                    {
                        PhpException.ArgumentValueNotSupported("options", "!null");
                    }
                    return((PhpValue)result);         // TODO: options: min_range, max_range
                }
                else
                {
                    return(PhpValue.False);
                }
            }

            case (int)FilterValidate.REGEXP:
            {
                PhpArray optarray;
                // options = options['options']['regexp']
                if ((optarray = options.ArrayOrNull()) != null &&
                    optarray.TryGetValue("options", out options) && (optarray = options.ArrayOrNull()) != null &&
                    optarray.TryGetValue("regexp", out options))
                {
                    if (PCRE.preg_match(ctx, options.ToString(ctx), variable.ToString(ctx)) > 0)
                    {
                        return(variable);
                    }
                }
                else
                {
                    PhpException.InvalidArgument("options", string.Format(Resources.LibResources.option_missing, "regexp"));
                }

                return(PhpValue.False);
            }

            default:
                PhpException.ArgumentValueNotSupported(nameof(filter), filter);
                break;
            }

            return(PhpValue.False);
        }
Beispiel #2
0
        /// <summary>
        /// Filters a variable with a specified filter.
        /// </summary>
        /// <param name="ctx">Runtime context.</param>
        /// <param name="variable">Value to filter.</param>
        /// <param name="filter">The ID of the filter to apply.</param>
        /// <param name="options">Associative array of options or bitwise disjunction of flags. If filter accepts options, flags can be provided in "flags" field of array. For the "callback" filter, callback type should be passed. The callback must accept one argument, the value to be filtered, and return the value after filtering/sanitizing it.</param>
        /// <returns>Returns the filtered data, or <c>false</c> if the filter fails.</returns>
        public static PhpValue filter_var(Context ctx, PhpValue variable, int filter = FILTER_DEFAULT, PhpValue options = default(PhpValue))
        {
            var      @default    = PhpValue.False; // a default value
            PhpArray options_arr = null;
            long     flags       = 0;

            // process options

            if (options.IsSet)
            {
                options_arr = options.AsArray();
                if (options_arr != null)
                {
                    // [flags]
                    if (options_arr.TryGetValue("flags", out var flagsval))
                    {
                        flagsval.IsLong(out flags);
                    }

                    // [default]
                    if (options_arr.TryGetValue("default", out var defaultval))
                    {
                        @default = defaultval;
                    }

                    // ...
                }
                else
                {
                    options.IsLong(out flags);
                }
            }

            switch (filter)
            {
            //
            // SANITIZE
            //

            case (int)FilterSanitize.FILTER_DEFAULT:
                return((PhpValue)variable.ToString(ctx));

            case (int)FilterSanitize.EMAIL:
                // Remove all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[].
                return((PhpValue)FilterSanitizeString(variable.ToString(ctx), (c) =>
                                                      (int)c <= 0x7f && (Char.IsLetterOrDigit(c) ||
                                                                         c == '!' || c == '#' || c == '$' || c == '%' || c == '&' || c == '\'' ||
                                                                         c == '*' || c == '+' || c == '-' || c == '/' || c == '=' || c == '!' ||
                                                                         c == '?' || c == '^' || c == '_' || c == '`' || c == '{' || c == '|' ||
                                                                         c == '}' || c == '~' || c == '@' || c == '.' || c == '[' || c == ']')));

            //
            // VALIDATE
            //

            case (int)FilterValidate.URL:
                return(Uri.TryCreate(variable.ToString(ctx), UriKind.Absolute, out var uri)
                        ? (PhpValue)uri.AbsoluteUri
                        : PhpValue.False);

            case (int)FilterValidate.EMAIL:
            {
                var str = variable.ToString(ctx);
                return(RegexUtilities.IsValidEmail(str)
                            ? (PhpValue)str
                            : PhpValue.False);
            }

            case (int)FilterValidate.INT:
            {
                int result;
                if (int.TryParse((PhpVariable.AsString(variable) ?? string.Empty).Trim(), out result))
                {
                    if (Operators.IsSet(options))
                    {
                        PhpException.ArgumentValueNotSupported("options", "!null");
                    }

                    return((PhpValue)result);         // TODO: options: min_range, max_range
                }
                else
                {
                    return(@default);
                }
            }

            case (int)FilterValidate.BOOLEAN:
            {
                if (variable.IsBoolean(out var b))
                {
                    return(b);
                }

                var varstr = variable.ToString(ctx);

                // TRUE for "1", "true", "on" and "yes".

                if (varstr.EqualsOrdinalIgnoreCase("1") ||
                    varstr.EqualsOrdinalIgnoreCase("true") ||
                    varstr.EqualsOrdinalIgnoreCase("on") ||
                    varstr.EqualsOrdinalIgnoreCase("yes"))
                {
                    return(PhpValue.True);
                }

                //
                if ((flags & FILTER_NULL_ON_FAILURE) == FILTER_NULL_ON_FAILURE)
                {
                    // FALSE is for "0", "false", "off", "no", and "",
                    // NULL for all non-boolean values

                    if (varstr.Length == 0 ||
                        varstr.EqualsOrdinalIgnoreCase("0") ||
                        varstr.EqualsOrdinalIgnoreCase("false") ||
                        varstr.EqualsOrdinalIgnoreCase("off"))
                    {
                        return(PhpValue.False);
                    }
                    else
                    {
                        return(PhpValue.Null);
                    }
                }
                else
                {
                    // FALSE otherwise
                    return(PhpValue.False);
                }
            }

            case (int)FilterValidate.REGEXP:
            {
                // options = options['regexp']
                if (options_arr != null &&
                    options_arr.TryGetValue("regexp", out var regexpval))
                {
                    if (PCRE.preg_match(ctx, regexpval.ToString(ctx), variable.ToString(ctx)) > 0)
                    {
                        return(variable);
                    }
                }
                else
                {
                    PhpException.InvalidArgument("options", string.Format(Resources.LibResources.option_missing, "regexp"));
                }

                return(PhpValue.False);
            }

            default:
                PhpException.ArgumentValueNotSupported(nameof(filter), filter);
                break;
            }

            return(PhpValue.False);
        }
Beispiel #3
0
        /// <summary>
        /// Filters a variable with a specified filter.
        /// </summary>
        /// <param name="ctx">Runtime context.</param>
        /// <param name="variable">Value to filter.</param>
        /// <param name="filter">The ID of the filter to apply.</param>
        /// <param name="options">Associative array of options or bitwise disjunction of flags. If filter accepts options, flags can be provided in "flags" field of array. For the "callback" filter, callback type should be passed. The callback must accept one argument, the value to be filtered, and return the value after filtering/sanitizing it.</param>
        /// <returns>Returns the filtered data, or <c>false</c> if the filter fails.</returns>
        public static PhpValue filter_var(Context ctx, PhpValue variable, int filter = FILTER_DEFAULT, PhpValue options = default(PhpValue))
        {
            var      @default    = PhpValue.False; // a default value
            PhpArray options_arr = null;
            long     flags       = 0;

            // process options

            if (Operators.IsSet(options))
            {
                options_arr = options.AsArray();
                if (options_arr != null)
                {
                    // [flags]
                    if (options_arr.TryGetValue("flags", out var flagsval))
                    {
                        flagsval.IsLong(out flags);
                    }

                    // [options] => { "min_range" => ??, "default" => ?? }
                    if (options_arr.TryGetValue("options", out var optionsval) && optionsval.IsPhpArray(out var opts_arr))
                    {
                        // [default]
                        if (opts_arr.TryGetValue("default", out var defaultval))
                        {
                            @default = defaultval;
                        }
                    }
                }
                else
                {
                    options.IsLong(out flags);
                }
            }

            switch (filter)
            {
            //
            // SANITIZE
            //

            case (int)FilterSanitize.FILTER_DEFAULT:
                return((PhpValue)variable.ToString(ctx));

            case (int)FilterSanitize.EMAIL:
                // Remove all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[].
                return((PhpValue)FilterSanitizeString(variable.ToString(ctx), (c) =>
                                                      (int)c <= 0x7f && (Char.IsLetterOrDigit(c) ||
                                                                         c == '!' || c == '#' || c == '$' || c == '%' || c == '&' || c == '\'' ||
                                                                         c == '*' || c == '+' || c == '-' || c == '/' || c == '=' || c == '!' ||
                                                                         c == '?' || c == '^' || c == '_' || c == '`' || c == '{' || c == '|' ||
                                                                         c == '}' || c == '~' || c == '@' || c == '.' || c == '[' || c == ']')));

            //
            // VALIDATE
            //

            case (int)FilterValidate.URL:

                // TODO: protocol may be ommited, try to add "http://" if fails

                if (Uri.TryCreate(variable.ToString(ctx), UriKind.Absolute, out var uri))
                {
                    if (uri.IsFile && !uri.OriginalString.StartsWith(uri.Scheme, StringComparison.OrdinalIgnoreCase))
                    {
                        // quick check the file:// was just added on linux impl. of Uri.Parse
                        return(@default);
                    }

                    if (flags != 0)
                    {
                        // CONSIDER: rather use `Web.parse_url()` ...
                        var uriflags = (FilterFlag)flags;
                        //if ((uriflags & FilterFlag.PATH_REQUIRED) == FilterFlag.PATH_REQUIRED && ...)
                    }

                    return(uri.AbsoluteUri);
                }
                return(@default);

            case (int)FilterValidate.EMAIL:
            {
                return(variable.IsString(out var str) && RegexUtilities.IsValidEmail(str)
                            ? (PhpValue)str
                            : @default);
            }

            case (int)FilterValidate.IP:
                if (System.Net.IPAddress.TryParse(variable.ToString(ctx), out var addr))
                {
                    if (flags != 0)
                    {
                        // validate flags:
                        if ((addr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 && (flags & (int)FilterFlag.IPV6) == 0) ||
                            (addr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork && (flags & (int)FilterFlag.IPV4) == 0))
                        {
                            return(@default);
                        }

                        if ((flags & (int)FilterFlag.NO_PRIV_RANGE) == (int)FilterFlag.NO_PRIV_RANGE)
                        {
                            /*
                             * Fails validation for the IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
                             * Fails validation for the IPv6 addresses starting with FD or FC.
                             */
                            throw new NotImplementedException();
                        }

                        if ((flags & (int)FilterFlag.NO_PRIV_RANGE) == (int)FilterFlag.NO_RES_RANGE)
                        {
                            /*
                             * Fails validation for IPv4 ranges: 0.0.0.0/8, 169.254.0.0/16, 127.0.0.0/8 and 240.0.0.0/4.
                             * Fails validation for IPv6 ranges: ::1/128, ::/128, ::ffff:0:0/96 and fe80::/10.
                             */
                            throw new NotImplementedException();
                        }
                    }

                    return(addr.ToString());
                }
                else
                {
                    return(@default);
                }

            case (int)FilterValidate.INT:
            {
                int result;
                if (int.TryParse((PhpVariable.AsString(variable) ?? string.Empty).Trim(), out result))
                {
                    if (Operators.IsSet(options))
                    {
                        PhpException.ArgumentValueNotSupported("options", "!null");
                    }

                    return((PhpValue)result);         // TODO: options: min_range, max_range
                }
                else
                {
                    return(@default);
                }
            }

            case (int)FilterValidate.BOOLEAN:
            {
                if (variable.IsBoolean(out var b))
                {
                    return(b);
                }

                var varstr = variable.ToString(ctx);

                // TRUE for "1", "true", "on" and "yes".

                if (varstr.EqualsOrdinalIgnoreCase("1") ||
                    varstr.EqualsOrdinalIgnoreCase("true") ||
                    varstr.EqualsOrdinalIgnoreCase("on") ||
                    varstr.EqualsOrdinalIgnoreCase("yes"))
                {
                    return(PhpValue.True);
                }

                //
                if ((flags & FILTER_NULL_ON_FAILURE) == FILTER_NULL_ON_FAILURE)
                {
                    // FALSE is for "0", "false", "off", "no", and "",
                    // NULL for all non-boolean values

                    if (varstr.Length == 0 ||
                        varstr.EqualsOrdinalIgnoreCase("0") ||
                        varstr.EqualsOrdinalIgnoreCase("false") ||
                        varstr.EqualsOrdinalIgnoreCase("off"))
                    {
                        return(PhpValue.False);
                    }
                    else
                    {
                        return(PhpValue.Null);
                    }
                }
                else
                {
                    // FALSE otherwise
                    return(PhpValue.False);
                }
            }

            case (int)FilterValidate.REGEXP:
            {
                // options = options['regexp']
                if (options_arr != null &&
                    options_arr.TryGetValue("regexp", out var regexpval))
                {
                    if (PCRE.preg_match(ctx, regexpval.ToString(ctx), variable.ToString(ctx)) > 0)
                    {
                        return(variable);
                    }
                }
                else
                {
                    PhpException.InvalidArgument("options", string.Format(Resources.LibResources.option_missing, "regexp"));
                }

                return(@default);
            }

            case FILTER_CALLBACK:
                // options = ['options' => $callback]
                if (options_arr != null &&
                    options_arr.TryGetValue("options", out var callbackvar))
                {
                    return(callbackvar.AsCallable().Invoke(ctx, variable));
                }

                return(@default);

            default:
                PhpException.ArgumentValueNotSupported(nameof(filter), filter);
                break;
            }

            return(PhpValue.False);
        }