Skip to content

Commit 91becb3

Browse files
devnexendevnexen
committed
ext/tidy: config options checks strengthening.
close GH-18751
1 parent 9ae5b4e commit 91becb3

File tree

4 files changed

+66
-22
lines changed

4 files changed

+66
-22
lines changed

NEWS

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,10 @@ PHP NEWS
244244
- Tests:
245245
. Allow to shuffle tests even in non-parallell mode. (dhuang00)
246246

247+
- Tidy:
248+
. tidy::__construct/parseFile/parseString methods throw an exception if
249+
the configuration argument is invalid. (David Carlier)
250+
247251
- Windows:
248252
. Fixed bug GH-10992 (Improper long path support for relative paths). (cmb,
249253
nielsdos)

UPGRADING

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -316,6 +316,12 @@ PHP 8.5 UPGRADE NOTES
316316
. socket_getsockname gets the interface index and its string
317317
representation with AF_PACKET socket.
318318

319+
- Tidy:
320+
. tidy::__construct/parseFile/parseString now throws a ValueError
321+
if the configuration contains an invalid or set a read-only
322+
internal entry, a TypeError contains, at least, one element
323+
when the key is not a string.
324+
319325
- Zlib:
320326
. The "use_include_path" argument for the
321327
gzfile, gzopen and readgzfile functions had been changed

ext/tidy/tests/tidy_error1.phpt

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,12 +7,42 @@ tidy
77
--FILE--
88
<?php
99
$buffer = '<html></html>';
10-
$config = array('bogus' => 'willnotwork');
10+
$config = ['bogus' => 'willnotwork'];
1111

1212
$tidy = new tidy();
13-
var_dump($tidy->parseString($buffer, $config));
13+
14+
try {
15+
$tidy->parseString($buffer, $config);
16+
} catch (\ValueError $e) {
17+
echo $e::class, ": ", $e->getMessage(), PHP_EOL;
18+
}
19+
20+
$config = ['neither'];
21+
try {
22+
$tidy->parseString($buffer, $config);
23+
} catch (\TypeError $e) {
24+
echo $e::class, ": ", $e->getMessage(), PHP_EOL;
25+
}
26+
27+
$config = ['doctype-mode' => 'customtag'];
28+
29+
try {
30+
var_dump($tidy->parseString($buffer, $config));
31+
} catch (\ValueError $e) {
32+
echo $e::class, ": ", $e->getMessage(), PHP_EOL;
33+
}
34+
35+
$config = ['doctype' => 'php', 0 => 'value2'];
36+
37+
try {
38+
var_dump($tidy->parseString($buffer, $config));
39+
} catch (\TypeError $e) {
40+
echo $e::class, ": ", $e->getMessage(), PHP_EOL;
41+
}
1442

1543
?>
16-
--EXPECTF--
17-
Warning: tidy::parseString(): Unknown Tidy configuration option "bogus" in %s on line %d
18-
bool(true)
44+
--EXPECT--
45+
ValueError: tidy::parseString(): Argument #2 ($config) Unknown Tidy configuration option "bogus"
46+
TypeError: tidy::parseString(): Argument #2 ($config) must be of type array with keys as string
47+
ValueError: tidy::parseString(): Argument #2 ($config) Attempting to set read-only option "doctype-mode"
48+
TypeError: tidy::parseString(): Argument #2 ($config) must be of type array with keys as string

ext/tidy/tidy.c

Lines changed: 21 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -130,8 +130,8 @@ static void tidy_doc_update_properties(PHPTidyObj *);
130130
static void tidy_add_node_default_properties(PHPTidyObj *);
131131
static void *php_tidy_get_opt_val(PHPTidyDoc *, TidyOption, TidyOptionType *);
132132
static void php_tidy_create_node(INTERNAL_FUNCTION_PARAMETERS, tidy_base_nodetypes);
133-
static int _php_tidy_set_tidy_opt(TidyDoc, const char *, zval *);
134-
static int _php_tidy_apply_config_array(TidyDoc doc, const HashTable *ht_options);
133+
static zend_result _php_tidy_set_tidy_opt(TidyDoc, const char *, zval *, uint32_t arg);
134+
static zend_result _php_tidy_apply_config_array(TidyDoc doc, const HashTable *ht_options, uint32_t arg);
135135
static PHP_INI_MH(php_tidy_set_clean_output);
136136
static void php_tidy_clean_output_start(const char *name, size_t name_len);
137137
static php_output_handler *php_tidy_output_handler_init(const char *handler_name, size_t handler_name_len, size_t chunk_size, int flags);
@@ -209,10 +209,10 @@ static void php_tidy_load_config(TidyDoc doc, const char *path)
209209
}
210210
}
211211

212-
static zend_result php_tidy_apply_config(TidyDoc doc, const zend_string *str_string, const HashTable *ht_options)
212+
static zend_result php_tidy_apply_config(TidyDoc doc, const zend_string *str_string, const HashTable *ht_options, uint32_t arg)
213213
{
214214
if (ht_options) {
215-
return _php_tidy_apply_config_array(doc, ht_options);
215+
return _php_tidy_apply_config_array(doc, ht_options, arg);
216216
} else if (str_string) {
217217
if (php_check_open_basedir(ZSTR_VAL(str_string))) {
218218
return FAILURE;
@@ -222,14 +222,14 @@ static zend_result php_tidy_apply_config(TidyDoc doc, const zend_string *str_str
222222
return SUCCESS;
223223
}
224224

225-
static int _php_tidy_set_tidy_opt(TidyDoc doc, const char *optname, zval *value)
225+
static zend_result _php_tidy_set_tidy_opt(TidyDoc doc, const char *optname, zval *value, uint32_t arg)
226226
{
227227
TidyOption opt = tidyGetOptionByName(doc, optname);
228228
zend_string *str, *tmp_str;
229229
zend_long lval;
230230

231231
if (!opt) {
232-
php_error_docref(NULL, E_WARNING, "Unknown Tidy configuration option \"%s\"", optname);
232+
zend_argument_value_error(arg, "Unknown Tidy configuration option \"%s\"", optname);
233233
return FAILURE;
234234
}
235235

@@ -238,7 +238,7 @@ static int _php_tidy_set_tidy_opt(TidyDoc doc, const char *optname, zval *value)
238238
#else
239239
if (tidyOptIsReadOnly(opt)) {
240240
#endif
241-
php_error_docref(NULL, E_WARNING, "Attempting to set read-only option \"%s\"", optname);
241+
zend_argument_value_error(arg, "Attempting to set read-only option \"%s\"", optname);
242242
return FAILURE;
243243
}
244244

@@ -345,7 +345,7 @@ static void php_tidy_quick_repair(INTERNAL_FUNCTION_PARAMETERS, bool is_file)
345345

346346
TIDY_SET_DEFAULT_CONFIG(doc);
347347

348-
if (php_tidy_apply_config(doc, config_str, config_ht) != SUCCESS) {
348+
if (php_tidy_apply_config(doc, config_str, config_ht, 2) != SUCCESS) {
349349
RETVAL_FALSE;
350350
} else if (enc_len) {
351351
if (tidySetCharEncoding(doc, enc) < 0) {
@@ -783,20 +783,24 @@ static void php_tidy_create_node(INTERNAL_FUNCTION_PARAMETERS, tidy_base_nodetyp
783783
tidy_create_node_object(return_value, obj->ptdoc, node);
784784
}
785785

786-
static int _php_tidy_apply_config_array(TidyDoc doc, const HashTable *ht_options)
786+
static zend_result _php_tidy_apply_config_array(TidyDoc doc, const HashTable *ht_options, uint32_t arg)
787787
{
788788
zval *opt_val;
789789
zend_string *opt_name;
790790

791791
if (!HT_IS_PACKED(ht_options)) {
792792
ZEND_HASH_MAP_FOREACH_STR_KEY_VAL(ht_options, opt_name, opt_val) {
793793
if (opt_name == NULL) {
794-
continue;
794+
zend_argument_type_error(arg, "must be of type array with keys as string");
795+
return FAILURE;
795796
}
796-
_php_tidy_set_tidy_opt(doc, ZSTR_VAL(opt_name), opt_val);
797+
_php_tidy_set_tidy_opt(doc, ZSTR_VAL(opt_name), opt_val, arg);
797798
} ZEND_HASH_FOREACH_END();
799+
return SUCCESS;
800+
} else {
801+
zend_argument_type_error(arg, "must be of type array with keys as string");
802+
return FAILURE;
798803
}
799-
return SUCCESS;
800804
}
801805

802806
static int php_tidy_parse_string(PHPTidyObj *obj, const char *string, uint32_t len, const char *enc)
@@ -1018,7 +1022,7 @@ PHP_FUNCTION(tidy_parse_string)
10181022
object_init_ex(return_value, tidy_ce_doc);
10191023
obj = Z_TIDY_P(return_value);
10201024

1021-
if (php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht) != SUCCESS
1025+
if (php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht, 2) != SUCCESS
10221026
|| php_tidy_parse_string(obj, ZSTR_VAL(input), (uint32_t)ZSTR_LEN(input), enc) != SUCCESS) {
10231027
zval_ptr_dtor(return_value);
10241028
RETURN_FALSE;
@@ -1086,7 +1090,7 @@ PHP_FUNCTION(tidy_parse_file)
10861090
object_init_ex(return_value, tidy_ce_doc);
10871091
obj = Z_TIDY_P(return_value);
10881092

1089-
if (php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht) != SUCCESS
1093+
if (php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht, 2) != SUCCESS
10901094
|| php_tidy_parse_string(obj, ZSTR_VAL(contents), (uint32_t)ZSTR_LEN(contents), enc) != SUCCESS) {
10911095
zval_ptr_dtor(return_value);
10921096
RETVAL_FALSE;
@@ -1381,7 +1385,7 @@ PHP_METHOD(tidy, __construct)
13811385

13821386
zend_error_handling error_handling;
13831387
zend_replace_error_handling(EH_THROW, NULL, &error_handling);
1384-
if (php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht) != SUCCESS) {
1388+
if (php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht, 2) != SUCCESS) {
13851389
zend_restore_error_handling(&error_handling);
13861390
zend_string_release_ex(contents, 0);
13871391
RETURN_THROWS();
@@ -1425,7 +1429,7 @@ PHP_METHOD(tidy, parseFile)
14251429
RETURN_THROWS();
14261430
}
14271431

1428-
RETVAL_BOOL(php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht) == SUCCESS
1432+
RETVAL_BOOL(php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht, 2) == SUCCESS
14291433
&& php_tidy_parse_string(obj, ZSTR_VAL(contents), (uint32_t)ZSTR_LEN(contents), enc) == SUCCESS);
14301434

14311435
zend_string_release_ex(contents, 0);
@@ -1454,7 +1458,7 @@ PHP_METHOD(tidy, parseString)
14541458
TIDY_SET_CONTEXT;
14551459
obj = Z_TIDY_P(object);
14561460

1457-
RETURN_BOOL(php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht) == SUCCESS
1461+
RETURN_BOOL(php_tidy_apply_config(obj->ptdoc->doc, options_str, options_ht, 2) == SUCCESS
14581462
&& php_tidy_parse_string(obj, ZSTR_VAL(input), (uint32_t)ZSTR_LEN(input), enc) == SUCCESS);
14591463
}
14601464

0 commit comments

Comments
 (0)