--- parser3/src/classes/math.C	2019/11/11 20:57:18	1.87
+++ parser3/src/classes/math.C	2024/12/06 21:43:35	1.109
@@ -1,8 +1,8 @@
 /** @file
 	Parser: @b math parser class.
 
-	Copyright (c) 2001-2017 Art. Lebedev Studio (http://www.artlebedev.com)
-	Author: Alexandr Petrosian <paf@design.ru>(http://paf.design.ru)
+	Copyright (c) 2001-2024 Art. Lebedev Studio (http://www.artlebedev.com)
+	Authors: Konstantin Morshnev <moko@design.ru>, Alexandr Petrosian <paf@design.ru>
 
 	portions from gen_uuid.c,
 	Copyright (C) 1996, 1997, 1998, 1999 Theodore Ts'o.
@@ -10,6 +10,7 @@
 
 #include "pa_vmethod_frame.h"
 #include "pa_common.h"
+#include "pa_base64.h"
 #include "pa_vint.h"
 #include "pa_vmath.h"
 #include "pa_vfile.h"
@@ -22,7 +23,7 @@
 extern "C" char *crypt(const char* , const char* );
 #endif
 
-volatile const char * IDENT_MATH_C="$Id: math.C,v 1.87 2019/11/11 20:57:18 moko Exp $";
+volatile const char * IDENT_MATH_C="$Id: math.C,v 1.109 2024/12/06 21:43:35 moko Exp $";
 
 // defines
 
@@ -46,8 +47,8 @@ DECLARE_CLASS_VAR(math, new MMath);
 
 static void _random(Request& r, MethodParams& params) {
 	double top=params.as_double(0, "range must be expression", r);
-	if(top<1 || top>INT32_MAX)
-		throw Exception(PARSER_RUNTIME, 0, "top(%.15g) must be [1..%u]", top, INT32_MAX);
+	if(top<1 || top>INT_MAX)
+		throw Exception(PARSER_RUNTIME, 0, "top(%.15g) must be [1..%u]", top, INT_MAX);
 	r.write(*new VInt(_random(uint(top))));
 }
 
@@ -108,6 +109,7 @@ static void math2(Request& r, MethodPara
 	}
 
 MATH2(pow)
+MATH2(atan2)
 
 inline bool is_salt_body_char(unsigned char c) {
 	return pa_isalnum(c) || c == '.' || c=='/';
@@ -133,7 +135,7 @@ static void _crypt(Request& r, MethodPar
 	const char* normal_salt;
 	char normalize_buf[MAX_STRING];
 	if(prefix_size==strlen(maybe_bodyless_salt)) { // bodyless?
-		strncpy(normalize_buf, maybe_bodyless_salt, MAX_STRING-MAX_SALT-1);
+		pa_strncpy(normalize_buf, maybe_bodyless_salt, MAX_STRING-MAX_SALT);
 		char *cur=normalize_buf+strlen(normalize_buf);
 		// sould add up MAX_SALT random chars
 		static unsigned char itoa64[] =         /* 0 ... 63 => ASCII - 64 */
@@ -316,7 +318,7 @@ void SHA1PadMessage(SHA1Context *context
 void SHA1ReadDigest(void *buf, SHA1Context *c)
 {
 	if(!SHA1Result(c))
-		throw Exception (PARSER_RUNTIME, 0, "Can not compute SHA1");
+		throw Exception (PARSER_RUNTIME, 0, "Cannot compute SHA1");
 
 	((uint32_t *)buf)[0] = SWAP(c->Message_Digest[0]);
 	((uint32_t *)buf)[1] = SWAP(c->Message_Digest[1]);
@@ -342,7 +344,7 @@ String::C getData(Value& vdata, Request&
 		String::Body body=sdata->cstr_to_string_body_untaint(String::L_AS_IS, r.connection(false), &r.charsets); // explode content, honor tainting changes
 		return String::C(body.cstr(), body.length());
 	} else {
-		VFile *file=vdata.as_vfile(String::L_AS_IS);
+		VFile *file=vdata.as_vfile();
 		return String::C(file->value_ptr(),file->value_size());
 	}
 }
@@ -354,13 +356,12 @@ void memxor(char *dest, const char *src,
 #define IPAD 0x36
 #define OPAD 0x5c
 
-#define HMAC(key,init,update,final,blocklen,digestlen){				\
+#define HMAC(key,keylen,init,update,final,blocklen,digestlen){			\
 	unsigned char tempdigest[digestlen], keydigest[digestlen];		\
-	size_t keylen=strlen(key);						\
 	/* Reduce the key's size, so that it becomes <= blocklen bytes. */	\
 	if (keylen > blocklen){							\
 		init(&c);							\
-		update(&c,(const unsigned char*)hmac, keylen);			\
+		update(&c,(const unsigned char*)key, keylen);			\
 		final(keydigest, &c);						\
 		key = (char *)keydigest;					\
 		keylen = digestlen;						\
@@ -395,19 +396,28 @@ static void _digest(Request& r, MethodPa
 	else throw Exception(PARSER_RUNTIME, &smethod, "must be 'md5' or 'sha1' or 'sha256' or 'sha512'");
 
 	const char *hmac=0;
-	enum Format { F_HEX, F_BASE64 } format = F_HEX;
+	size_t hmac_len=0;
+
+	enum Format { F_HEX, F_BASE64, F_FILE } format = F_HEX;
 
 	if(params.count() == 3)
 		if(HashStringValue* options=params.as_hash(2)) {
 			int valid_options=0;
 			if(Value* value=options->get("hmac")) {
-				hmac=value->as_string().cstr();
+				if(VFile* vfile=dynamic_cast<VFile *>(value)){
+					hmac=(const char* )vfile->value_ptr();
+					hmac_len=vfile->value_size();
+				} else {
+					hmac=value->as_string().cstr();
+					hmac_len=strlen(hmac);
+				}
 				valid_options++;
 			}
 			if(Value* value=options->get("format")) {
 				const String& sformat=value->as_string();
 				if (sformat == "hex") format = F_HEX;
 				else if (sformat == "base64" ) format = F_BASE64;
+				else if (sformat == "file" ) format = F_FILE;
 				else throw Exception(PARSER_RUNTIME, &sformat, "must be 'hex' or 'base64'");
 				valid_options++;
 			}
@@ -420,7 +430,7 @@ static void _digest(Request& r, MethodPa
 	if(method == M_MD5){
 		PA_MD5_CTX c;
 		if(hmac){
-			HMAC(hmac, pa_MD5Init, pa_MD5Update, pa_MD5Final, 64, 16);
+			HMAC(hmac, hmac_len, pa_MD5Init, pa_MD5Update, pa_MD5Final, 64, 16);
 		} else {
 			pa_MD5Init(&c);
 			pa_MD5Update(&c, (const unsigned char*)data.str, data.length);
@@ -433,7 +443,7 @@ static void _digest(Request& r, MethodPa
 	if(method == M_SHA1){
 		SHA1Context c;
 		if(hmac){
-			HMAC(hmac, SHA1Reset, SHA1Input, SHA1ReadDigest, 64, 20);
+			HMAC(hmac, hmac_len, SHA1Reset, SHA1Input, SHA1ReadDigest, 64, 20);
 		} else {
 			SHA1Reset(&c);
 			SHA1Input(&c, (const unsigned char*)data.str, data.length);
@@ -446,7 +456,7 @@ static void _digest(Request& r, MethodPa
 	if(method == M_SHA256){
 		SHA256_CTX c;
 		if(hmac){
-			HMAC(hmac, pa_SHA256_Init, pa_SHA256_Update, pa_SHA256_Final, 64, SHA256_DIGEST_LENGTH);
+			HMAC(hmac, hmac_len, pa_SHA256_Init, pa_SHA256_Update, pa_SHA256_Final, 64, SHA256_DIGEST_LENGTH);
 		} else {
 			pa_SHA256_Init(&c);
 			pa_SHA256_Update(&c, (const unsigned char*)data.str, data.length);
@@ -459,7 +469,7 @@ static void _digest(Request& r, MethodPa
 	if(method == M_SHA512){
 		SHA512_CTX c;
 		if(hmac){
-			HMAC(hmac, pa_SHA512_Init, pa_SHA512_Update, pa_SHA512_Final, 128, SHA512_DIGEST_LENGTH);
+			HMAC(hmac, hmac_len, pa_SHA512_Init, pa_SHA512_Update, pa_SHA512_Final, 128, SHA512_DIGEST_LENGTH);
 		} else {
 			pa_SHA512_Init(&c);
 			pa_SHA512_Update(&c, (const unsigned char*)data.str, data.length);
@@ -473,29 +483,87 @@ static void _digest(Request& r, MethodPa
 		r.write(*new String(hex_string((unsigned char *)digest.str, digest.length, false)));
 	}
 	if(format == F_BASE64){
-		r.write(*new String(pa_base64_encode(digest.str, digest.length)));
+		r.write(*new String(pa_base64_encode(digest.str, digest.length, Base64Options(false /*no wrap*/))));
+	}
+	if(format == F_FILE){
+		VFile& result=*new VFile;
+		result.set_binary(true, digest.str, digest.length);
+		r.write(result);
 	}
 }
 
-static void _uuid(Request& r, MethodParams& /*params*/) {
-	r.write(*new String(get_uuid_cstr()));
+static void _uuid(Request& r, MethodParams& params) {
+	bool lower=false;
+	bool solid=false;
+
+	if (params.count() == 1)
+		if (HashStringValue* options = params.as_hash(0)) {
+			int valid_options = 0;
+			if (Value* vlower = options->get("lower")) {
+				lower = r.process(*vlower).as_bool();
+				valid_options++;
+			}
+			if (Value* vsolid = options->get("solid")) {
+				solid = r.process(*vsolid).as_bool();
+				valid_options++;
+			}
+			if (valid_options != options->count())
+				throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION);
+		}
+	
+	r.write(*new String(get_uuid_cstr(lower, solid)));
 }
 
-static void _uid64(Request& r, MethodParams& /*params*/) {
+static void _uuid7(Request& r, MethodParams& params) {
+	bool lower=false;
+	bool solid=false;
+
+	if (params.count() == 1)
+		if (HashStringValue* options = params.as_hash(0)) {
+			int valid_options = 0;
+			if (Value* vlower = options->get("lower")) {
+				lower = r.process(*vlower).as_bool();
+				valid_options++;
+			}
+			if (Value* vsolid = options->get("solid")) {
+				solid = r.process(*vsolid).as_bool();
+				valid_options++;
+			}
+			if (valid_options != options->count())
+				throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION);
+		}
+
+	r.write(*new String(get_uuid7_cstr(lower, solid)));
+}
+
+static void _uid64(Request& r, MethodParams& params) {
+	bool lower = false;
+
+	if (params.count() == 1)
+		if (HashStringValue* options = params.as_hash(0)) {
+			int valid_options = 0;
+			if (Value* vlower = options->get("lower")) {
+				lower = r.process(*vlower).as_bool();
+				valid_options++;
+			}
+			if (valid_options != options->count())
+				throw Exception(PARSER_RUNTIME, 0, CALLED_WITH_INVALID_OPTION);
+		}
+
 	unsigned char id[64/8];
 	random(&id, sizeof(id));
 
-	r.write(*new String(hex_string(id, sizeof(id), true)));
+	r.write(*new String(hex_string(id, sizeof(id), !lower)));
 }
 
 static void _crc32(Request& r, MethodParams& params) {
 	const char *string=params.as_string(0, PARAMETER_MUST_BE_STRING).cstr();
-	r.write(*new VInt(pa_crc32(string, strlen(string))));
+	r.write(*new VDouble((uint)pa_crc32(string, strlen(string))));
 }
 
-static const char* abc_hex="0123456789ABCDEF";
+static const char* abc_hex = "0123456789ABCDEF";
 
-static unsigned char hex_lookup[256]={
+static unsigned char hex_lookup[256] = {
 	 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 	 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -505,11 +573,12 @@ static unsigned char hex_lookup[256]={
 	 0,10,11,12,13,14,15, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
 
-static unsigned char abc_lookup[256]={};
-static unsigned char abc_256_lookup[256]={};
+static unsigned char abc_lookup[256] = {};
+static unsigned char abc_256_lookup[256] = {};
 
-inline unsigned char *init_abc_256(){
-	if(!abc_256_lookup[255]) for(int i=0; i<256; i++) abc_256_lookup[i] = (unsigned char)i;
+inline unsigned char *init_abc_256() {
+	if(!abc_256_lookup[255])
+		for(int i=0; i<256; i++) abc_256_lookup[i] = (unsigned char)i;
 	return abc_256_lookup;
 }
 
@@ -521,7 +590,7 @@ static void _convert(Request& r, MethodP
 	const char *abc_from;
 	int base_from;
 
-	if(params[1].is_string()){
+	if(params[1].is_string()) {
 		abc_from = params[1].get_string()->cstr();
 		base_from = strlen(abc_from);
 		if(base_from < 2)
@@ -533,7 +602,7 @@ static void _convert(Request& r, MethodP
 		base_from=params.as_int(1, "base 'from' must be integer or string", r);
 		if(base_from < 2 || base_from > 16 && base_from != 256)
 			throw Exception(PARSER_RUNTIME, 0, "base 'from' must be an integer from 2 to 16 or 256");
-		if (base_from == 256){
+		if (base_from == 256) {
 			abc_from = "";
 			lookup = init_abc_256();
 		} else {
@@ -546,7 +615,7 @@ static void _convert(Request& r, MethodP
 	const char *abc_to;
 	int base_to;
 
-	if(params[2].is_string()){
+	if(params[2].is_string()) {
 		abc_to=params[2].get_string()->cstr();
 		base_to=strlen(abc_to);
 		if(base_to < 2)
@@ -555,7 +624,7 @@ static void _convert(Request& r, MethodP
 		base_to=params.as_int(2, "base 'to' must be integer or string", r);
 		if(base_to < 2 || base_to > 16 && base_to != 256)
 			throw Exception(PARSER_RUNTIME, 0, "base 'to' must be an integer from 2 to 16 or 256");
-		if (base_to == 256){
+		if (base_to == 256) {
 			abc_to = (char *)init_abc_256();
 		} else {
 			abc_to = abc_hex;
@@ -578,7 +647,6 @@ static void _convert(Request& r, MethodP
 		}
 
 	bool negative=false;
-	bool sign=false;
 
 	// converting digits to their numeric values
 
@@ -589,10 +657,10 @@ static void _convert(Request& r, MethodP
 
 	if(abc_mode){
 
-		for(c=src;c<src_end;c++){
+		for(c=src;c<src_end;c++) {
 			unsigned char digit=lookup[*c];
 			if(!digit && *c != abc_from[0])
-				throw Exception("number.format", 0, "'%c' is invalid digit", *c);
+				throw Exception("number.format", 0, "'%c' is an invalid digit", *c);
 			*c=digit;
 		}
 
@@ -604,11 +672,13 @@ static void _convert(Request& r, MethodP
 
 		if(src[0]=='-') {
 			negative=true;
-			sign=true;
 			src++;
+			if(!*src || isspace(*src))
+				throw Exception("number.format", 0,  "'-' is an invalid number");
 		} else if(src[0]=='+') {
-			sign=true;
 			src++;
+			if(!*src || isspace(*src))
+				throw Exception("number.format", 0,  "'+' is an invalid number");
 		}
 
 		for(c=src;c<src_end;c++) {
@@ -616,7 +686,7 @@ static void _convert(Request& r, MethodP
 			if(!digit && *c != abc_from[0] || digit>=base_from) {
 				for(unsigned char *s=c;s<src_end;s++)
 					if(!isspace(*s))
-						throw Exception("number.format", 0, "'%c' is invalid digit", *s);
+						throw Exception("number.format", 0, "'%c' is an invalid digit", *s);
 				src_end=c;
 				break;
 			}
@@ -625,17 +695,15 @@ static void _convert(Request& r, MethodP
 
 	}
 
-	if(src==src_end){
-		if(sign)
-			throw Exception("number.format", 0,  "'%c' is invalid number", negative ? '-' : '+');
+	if(src==src_end) {
 		if(result_file)
 			r.write(*result_file);
 		return;
 	}
 
-	// core
+	// core, using log since log2 is not present in FreeBSD < 8.X
 
-	Array<char> remainders(round(data.length * log2(base_from) / log2(base_to)) + 1);
+	Array<char> remainders((size_t)round(data.length * log((double)base_from) / log((double)base_to)) + 1);
 
 	do {
 		int carry = 0;
@@ -643,7 +711,7 @@ static void _convert(Request& r, MethodP
 		for (c=src; c<src_end; c++) {
 			carry = carry * base_from + *c;
 			if (carry >= base_to) {
-				*(dst++) = carry / base_to;
+				*(dst++) = (unsigned char)(carry / base_to);
 				carry %= base_to;
 			} else if (dst > src) {
 				*(dst++) = 0;
@@ -659,15 +727,21 @@ static void _convert(Request& r, MethodP
 	char *result_str = (char *)pa_malloc_atomic(result_length+1);
 	if(negative)
 		result_str[0] = '-';
-	for(int i=0; i<remainders.count(); i++)
+	for(size_t i=0; i<remainders.count(); i++)
 		result_str[result_length - 1 - i] = remainders[i];
 	result_str[result_length]='\0';
 
-	if(result_file){
-		result_file->set(true/*tainted*/, 0 /*binary*/, result_str, result_length, 0, 0, &r);
+	if(result_file) {
+		result_file->set(true /*tainted*/, 0 /*binary*/, result_str, result_length, 0, 0, &r);
 		r.write(*result_file);
 	} else {
-		r.write(*new String(result_str)); // no length as there can be '\0' inside
+		if(memchr(result_str, 0, result_length))
+			throw Exception(PARSER_RUNTIME, 0, "Invalid \\x00 character found while converting to string. Convert to file instead.");
+
+		fix_line_breaks(result_str, result_length);
+
+		if(result_length)
+			r.write(*new String(result_str, String::L_TAINTED));
 	}
 }
 
@@ -675,11 +749,9 @@ static void _convert(Request& r, MethodP
 
 MMath::MMath(): Methoded("math") {
 	// ^FUNC(expr)	
-#define ADDX(name, X) \
-	add_native_method(#name, Method::CT_STATIC, _##name, X, X)
-#define ADD0(name) ADDX(name, 0)
-#define ADD1(name) ADDX(name, 1)
-#define ADD2(name) ADDX(name, 2)
+#define ADDN(name, N) \
+	add_native_method(#name, Method::CT_STATIC, _##name, N, N)
+#define ADD1(name) ADDN(name, 1)
 
 	ADD1(round);	ADD1(floor);	ADD1(ceiling);
 	ADD1(trunc);	ADD1(frac);
@@ -688,16 +760,16 @@ MMath::MMath(): Methoded("math") {
 	ADD1(log);	ADD1(log10);
 	ADD1(sin);	ADD1(asin);
 	ADD1(cos);	ADD1(acos);
-	ADD1(tan);	ADD1(atan);
+	ADD1(tan);	ADD1(atan);	ADDN(atan2, 2);
 	ADD1(degrees);	ADD1(radians);
 	ADD1(sqrt);
 	ADD1(random);
 
 	// ^math:pow(x;y)
-	ADD2(pow);
+	ADDN(pow, 2);
 
 	// ^math:crypt[password;salt]
-	ADD2(crypt);
+	ADDN(crypt, 2);
 
 	// ^math:md5[string]
 	ADD1(md5);
@@ -712,10 +784,16 @@ MMath::MMath(): Methoded("math") {
 	ADD1(crc32);
 
 	// ^math:uuid[]
-	ADD0(uuid);
+	// ^math:uuid[options hash]
+	add_native_method("uuid", Method::CT_STATIC, _uuid, 0, 1);
+
+	// ^math:uuid7[]
+	// ^math:uuid7[options hash]
+	add_native_method("uuid7", Method::CT_STATIC, _uuid7, 0, 1);
 
 	// ^math:uid64[]
-	ADD0(uid64);
+	// ^math:uid64[options hash]
+	add_native_method("uid64", Method::CT_STATIC, _uid64, 0, 1);
 
 	// ^math:convert[number|file](base-from)|[abc_from](base-to)|[abc_to][options]
 	add_native_method("convert", Method::CT_STATIC, _convert, 3, 4);