--- parser3/src/classes/Attic/root.C 2001/03/13 13:43:28 1.38 +++ parser3/src/classes/Attic/root.C 2001/03/24 15:57:57 1.49 @@ -3,16 +3,16 @@ Copyright (c) 2001 ArtLebedev Group (http://www.artlebedev.com) Author: Alexander Petrosyan (http://design.ru/paf) - $Id: root.C,v 1.38 2001/03/13 13:43:28 paf Exp $ + $Id: root.C,v 1.49 2001/03/24 15:57:57 paf Exp $ */ -#include +#include "pa_config_includes.h" #include +#include "pa_common.h" #include "pa_request.h" #include "_root.h" #include "pa_vint.h" -#include "pa_common.h" static void _if(Request& r, const String& method_name, Array *params) { Value& condition_code=*static_cast(params->get(0)); @@ -43,21 +43,45 @@ static void _untaint(Request& r, const S String::Untaint_lang lang=static_cast( untaint_lang_name2enum->get_int(lang_name)); if(!lang) - R_THROW(0, 0, + RTHROW(0, 0, &lang_name, "invalid untaint language"); { - Temp_lang temp_lang(r, lang); Value *vbody=static_cast(params->get(1)); // forcing ^untaint[]{this param type} r.fail_if_junction_(false, *vbody, method_name, "body must be junction"); - r.write_pass_lang(r.process(*vbody)); + Temp_lang temp_lang(r, lang); // set temporarily specified ^untaint[language; + r.write_pass_lang(r.process(*vbody)); // process marking tainted with that lang + } +} + +static void _taint(Request& r, const String& method_name, Array *params) { + const String& lang_name=r.process(*static_cast(params->get(0))).as_string(); + String::Untaint_lang lang=static_cast( + untaint_lang_name2enum->get_int(lang_name)); + if(!lang) + RTHROW(0, 0, + &lang_name, + "invalid taint language"); + + { + Value *vbody=static_cast(params->get(1)); + // forcing ^untaint[]{this param type} + r.fail_if_junction_(true, *vbody, + method_name, "body must not be junction"); + + // set temporarily as-is language + Temp_lang temp_lang(r, String::UL_AS_IS); + String result(r.pool()); + result.append( + r.process(*vbody).as_string(), // process marking tainted with that lang + lang, true); // force result language to specified + r.write_pass_lang(result); } } - static void _process(Request& r, const String& method_name, Array *params) { // calculate pseudo file name of processed chars @@ -114,7 +138,7 @@ static void _while(Request& r, const Str int endless_loop_count=0; while(true) { if(++endless_loop_count>=1973) // endless loop? - R_THROW(0, 0, + RTHROW(0, 0, &method_name, "endless loop detected"); @@ -137,8 +161,7 @@ static void _use(Request& r, const Strin r.fail_if_junction_(true, vfile, method_name, "file name must not be junction"); - char *file=vfile.as_string().cstr(); - r.use_file(r.absolute(file)); + r.use_file(r.absolute(vfile.as_string())); } static void _for(Request& r, const String& method_name, Array *params) { @@ -159,7 +182,7 @@ static void _for(Request& r, const Strin int endless_loop_count=0; for(int i=from; i<=to; i++) { if(++endless_loop_count>=2001) // endless loop? - R_THROW(0, 0, + RTHROW(0, 0, &method_name, "endless loop detected"); vint->set_int(i); @@ -191,11 +214,11 @@ static void _eval(Request& r, const Stri method_name, "fmt must not be junction"); Pool& pool=r.pool(); - String *string=new(pool) String(pool); - string->APPEND_CONST(format(pool, result->get_double(), fmt.as_string().cstr())); - result=new(pool) VString(*string); + String& string=*new(pool) String(pool); + string.APPEND_CONST(format(pool, result->get_double(), fmt.as_string().cstr())); + result=new(pool) VString(string); } - r.wcontext->write(*result, String::Untaint_lang::NO /*always object, not string*/); + r.write_no_lang(*result); } @@ -215,7 +238,7 @@ static void double_one_op( method_name, "parameter must be expression"); Value& result=*new(pool) VDouble(pool, (*func)(r.process(param).get_double())); - r.wcontext->write(result, String::Untaint_lang::NO /*always object, not string*/); + r.write_no_lang(result); } static void _round(Request& r, const String& method_name, Array *params) { @@ -238,14 +261,19 @@ static void _sign(Request& r, const Stri double_one_op(r, method_name, params, &sign); } +// initialize + void initialize_root_class(Pool& pool, VStateless_class& vclass) { // ^if(condition){code-when-true} // ^if(condition){code-when-true}{code-when-false} vclass.add_native_method("if", _if, 2, 3); - // ^untaint[as-is|sql|js|html|html-typo]{code} + // ^untaint[as-is|uri|sql|js|html|html-typo]{code} vclass.add_native_method("untaint", _untaint, 2, 2); + // ^taint[as-is|uri|sql|js|html|html-typo]{code} + vclass.add_native_method("taint", _taint, 2, 2); + // ^process[code] vclass.add_native_method("process", _process, 1, 1);