--- parser3/src/classes/op.C 2009/05/04 09:26:19 1.185 +++ parser3/src/classes/op.C 2010/07/05 05:54:46 1.201 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_OP_C="$Date: 2009/05/04 09:26:19 $"; +static const char * const IDENT_OP_C="$Date: 2010/07/05 05:54:46 $"; #include "classes.h" #include "pa_vmethod_frame.h" @@ -38,15 +38,6 @@ public: VClassMAIN(); }; -// defines for globals - -#define CYCLE_DATA_NAME "CYCLE-DATA" - -// globals - -//^for & co -String cycle_data_name(CYCLE_DATA_NAME); - // defines for statics #define SWITCH_DATA_NAME "SWITCH-DATA" @@ -70,11 +61,12 @@ static const String exception_var_name(E // helpers -class Untaint_lang_name2enum: public Hash { +class Untaint_lang_name2enum: public HashString { public: Untaint_lang_name2enum() { #define ULN(name, LANG) \ put(String::Body(name), (value_type)(String::L_##LANG)); + ULN("clean", CLEAN); ULN("as-is", AS_IS); ULN("optimized-as-is", AS_IS|String::L_OPTIMIZE_BIT); ULN("file-spec", FILE_SPEC); @@ -88,6 +80,7 @@ public: ULN("html", HTML); ULN("optimized-html", HTML|String::L_OPTIMIZE_BIT); ULN("regex", REGEX); + ULN("parser-code", PARSER_CODE); #undef ULN } } untaint_lang_name2enum; @@ -95,11 +88,19 @@ public: // methods static void _if(Request& r, MethodParams& params) { - bool condition=params.as_bool(0, "condition must be expression", r); - if(condition) - r.process_write(*params.get(1)); - else if(params.count()>2) - r.process_write(*params.get(2)); + size_t max_param=params.count()-1; + size_t i=0; + do { + bool condition=params.as_bool(i, "condition must be expression", r); + if(condition) { + r.process_write(*params.get(i+1)); + return; + } + i+=2; + } while (i < max_param); + + if(i == max_param) + r.process_write(*params.get(i)); } static String::Language get_untaint_lang(MethodParams& params, int index){ @@ -123,7 +124,8 @@ static void _untaint(Request& r, MethodP Value& vbody=params.as_junction(params.count()-1, "body must be code"); Temp_lang temp_lang(r, lang); // set temporarily specified ^untaint[language; - r.write_pass_lang(r.process(vbody)); // process marking tainted with that lang + StringOrValue result=r.process(vbody); // process marking tainted with that lang + r.write_assign_lang(result); } } @@ -137,11 +139,8 @@ static void _taint(Request& r, MethodPar { Value& vbody=params.as_no_junction(params.count()-1, "body must not be code"); - String result; - result.append( - vbody.as_string(), // process marking tainted with that lang - lang, true); // force result language to specified - r.write_pass_lang(result); + String result(vbody.as_string(), lang); // force result language to specified + r.write_assign_lang(result); } } @@ -158,14 +157,14 @@ static void _process(Request& r, MethodP } { - VStateless_class *target_class=target_self->get_last_derived_class(); + VStateless_class *target_class=target_self->get_class(); if(!target_class) throw Exception(PARSER_RUNTIME, 0, "no target class"); // temporary remove language change - Temp_lang temp_lang(r, String::L_PASS_APPENDED); + Temp_lang temp_lang(r, String::L_PARSER_CODE); // temporary zero @main so to maybe-replace it in processed code Temp_method temp_method_main(*target_class, main_method_name, 0); // temporary zero @auto so it wouldn't be auto-called in Request::use_buf @@ -174,12 +173,10 @@ static void _process(Request& r, MethodP size_t options_index=index+1; HashStringValue* options=0; if(options_indexcount()) - throw Exception(PARSER_RUNTIME, - 0, - "called with invalid option"); + throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION); } uint processe_file_no=file_alias? @@ -214,7 +209,7 @@ static void _process(Request& r, MethodP // evaluate source to process const String& source=r.process_to_string(vjunction); r.use_buf(*target_class, - source.cstr(String::L_UNSPECIFIED, r.connection(false)), + source.untaint_cstr(String::L_AS_IS, r.connection(false)), main_alias, processe_file_no, line_no_alias_offset); @@ -237,8 +232,7 @@ static void _rem(Request&, MethodParams& } static void _while(Request& r, MethodParams& params) { - Temp_hash_value - cycle_data_setter(r.classes_conf, cycle_data_name, /*any not null flag*/&r); + InCycle temp(r); Value& vcondition=params.as_expression(0, "condition must be number, bool or expression"); @@ -247,7 +241,7 @@ static void _while(Request& r, MethodPar // while... int endless_loop_count=0; - if(delim_maybe_code){ + if(delim_maybe_code){ // delimiter set bool need_delim=false; while(true) { if(++endless_loop_count>=MAX_LOOPS) // endless loop? @@ -260,8 +254,9 @@ static void _while(Request& r, MethodPar StringOrValue sv_processed=r.process(body_code); Request::Skip lskip=r.get_skip(); r.set_skip(Request::SKIP_NOTHING); + const String* s_processed=sv_processed.get_string(); - if(delim_maybe_code && s_processed && s_processed->length()) { // delimiter set and we have body + if(s_processed && !s_processed->is_empty()) { // we have body if(need_delim) // need delim & iteration produced string? r.write_pass_lang(r.process(*delim_maybe_code)); else @@ -293,12 +288,13 @@ static void _while(Request& r, MethodPar static void _use(Request& r, MethodParams& params) { Value& vfile=params.as_no_junction(0, FILE_NAME_MUST_NOT_BE_CODE); - r.use_file(r.main_class, vfile.as_string()); + + // _use could be called from the parser3 method only, so caller is always defined + r.use_file(r.main_class, vfile.as_string(), r.get_method_filename(r.get_method_frame()->caller()->junction.method)); } static void set_skip(Request& r, Request::Skip askip) { - void* data=r.classes_conf.get(cycle_data_name); - if(!data) + if(!r.get_in_cycle()) throw Exception(PARSER_RUNTIME, 0, "without cycle"); @@ -315,13 +311,12 @@ static void _continue(Request& r, Method } static void _for(Request& r, MethodParams& params) { - Temp_hash_value - cycle_data_setter(r.classes_conf, cycle_data_name, /*any not null flag*/&r); + InCycle temp(r); const String& var_name=params.as_string(0, "var name must be string"); int from=params.as_int(1, "from must be int", r); int to=params.as_int(2, "to must be int", r); - Value& body_code=params.as_junction(3, "body must be code"); + Value& body_code=params.as_junction(3, "body must be code"); Value* delim_maybe_code=params.count()>4?¶ms[4]:0; if(to-from>=MAX_LOOPS) // too long loop? @@ -332,8 +327,8 @@ static void _for(Request& r, MethodParam VInt* vint=new VInt(0); VMethodFrame& caller=*r.get_method_frame()->caller(); - caller.put_element(caller, var_name, vint, false); - if(delim_maybe_code){ + caller.put_element(var_name, vint, false); + if(delim_maybe_code){ // delimiter set bool need_delim=false; for(int i=from; i<=to; i++) { @@ -341,8 +336,9 @@ static void _for(Request& r, MethodParam StringOrValue sv_processed=r.process(body_code); Request::Skip lskip=r.get_skip(); r.set_skip(Request::SKIP_NOTHING); + const String* s_processed=sv_processed.get_string(); - if(s_processed && s_processed->length()) { // delimiter set and we have body + if(s_processed && !s_processed->is_empty()) { // we have body if(need_delim) // need delim & iteration produced string? r.write_pass_lang(r.process(*delim_maybe_code)); else @@ -390,8 +386,8 @@ struct timeval mt[2]; Value& body_code=params.as_junction(1, "body must be code"); Table* protocol2driver_and_client=0; - if(Value* sql=r.main_class.get_element(String(MAIN_SQL_NAME), r.main_class, false)) { - if(Value* element=sql->get_element(String(MAIN_SQL_DRIVERS_NAME), *sql, false)) { + if(Value* sql=r.main_class.get_element(String(MAIN_SQL_NAME))) { + if(Value* element=sql->get_element(String(MAIN_SQL_DRIVERS_NAME))) { protocol2driver_and_client=element->get_table(); } } @@ -419,7 +415,7 @@ r.sql_connect_time+=t[1]-t[0]; Temp_connection temp_connection(r, connection); // execute body try { - r.write_assign_lang(r.process(body_code)); + r.process_write(body_code); connection->commit(); connection->close(); } catch(...) { // process problem @@ -539,15 +535,15 @@ static Try_catch_result try_catch(Reques Junction* junction=catch_code->get_junction(); Value* method_frame=junction->method_frame; - Value* saved_exception_var_value=method_frame->get_element(exception_var_name, *method_frame, false); + Value* saved_exception_var_value=method_frame->get_element(exception_var_name); VMethodFrame& frame=*junction->method_frame; - frame.put_element(frame, exception_var_name, &details.vhash, false); + frame.put_element(exception_var_name, &details.vhash, false); result.processed_code=r.process(*catch_code); // retriving $exception.handled, restoring $exception var Value* vhandled=details.vhash.hash().get(exception_handled_part_name); - frame.put_element(frame, exception_var_name, saved_exception_var_value, false); + frame.put_element(exception_var_name, saved_exception_var_value, false); bool bhandled=false; if(vhandled) { @@ -710,7 +706,7 @@ static Cache_get_result cache_get(Reques static time_t as_expires(Request& r, MethodParams& params, int index, time_t now) { time_t result; - if(Value* vdate=params[index].as(VDATE_TYPE, false)) + if(Value* vdate=params[index].as(VDATE_TYPE)) result=static_cast(vdate)->get_time(); else result=now+(time_t)params.as_double(index, "lifespan must be date or number", r); @@ -894,13 +890,14 @@ VClassMAIN::VClassMAIN(): VClass() { // ^if(condition){code-when-true} // ^if(condition){code-when-true}{code-when-false} - add_native_method("if", Method::CT_ANY, _if, 2, 3, Method::CO_WITHOUT_FRAME); + // ^if(condition){code-when-true} (another condition){code-when-true} ... {code-when-false} + add_native_method("if", Method::CT_ANY, _if, 2, 10000, Method::CO_WITHOUT_FRAME); - // ^untaint[as-is|uri|sql|js|html|html-typo|regex]{code} - add_native_method("untaint", Method::CT_ANY, _untaint, 1, 2, Method::CO_NONE); + // ^untaint[as-is|uri|sql|js|html|html-typo|regex|parser-code]{code} + add_native_method("untaint", Method::CT_ANY, _untaint, 1, 2, Method::CO_WITHOUT_FRAME); - // ^taint[as-is|uri|sql|js|html|html-typo|regex]{code} - add_native_method("taint", Method::CT_ANY, _taint, 1, 2, Method::CO_NONE); + // ^taint[as-is|uri|sql|js|html|html-typo|regex|parser-code]{code} + add_native_method("taint", Method::CT_ANY, _taint, 1, 2, Method::CO_WITHOUT_FRAME); // ^process[code] add_native_method("process", Method::CT_ANY, _process, 1, 3);