--- parser3/src/classes/op.C 2009/05/04 09:26:19 1.185 +++ parser3/src/classes/op.C 2009/06/04 12:30:01 1.188 @@ -5,7 +5,7 @@ Author: Alexandr Petrosian (http://paf.design.ru) */ -static const char * const IDENT_OP_C="$Date: 2009/05/04 09:26:19 $"; +static const char * const IDENT_OP_C="$Date: 2009/06/04 12:30:01 $"; #include "classes.h" #include "pa_vmethod_frame.h" @@ -70,7 +70,7 @@ static const String exception_var_name(E // helpers -class Untaint_lang_name2enum: public Hash { +class Untaint_lang_name2enum: public HashString { public: Untaint_lang_name2enum() { #define ULN(name, LANG) \ @@ -122,8 +122,12 @@ static void _untaint(Request& r, MethodP { Value& vbody=params.as_junction(params.count()-1, "body must be code"); - Temp_lang temp_lang(r, lang); // set temporarily specified ^untaint[language; - r.write_pass_lang(r.process(vbody)); // process marking tainted with that lang + StringOrValue result; + { + Temp_lang temp_lang(r, lang); // set temporarily specified ^untaint[language; + result=r.process(vbody); // process marking tainted with that lang + } + r.write_assign_lang(result); } } @@ -141,7 +145,7 @@ static void _taint(Request& r, MethodPar result.append( vbody.as_string(), // process marking tainted with that lang lang, true); // force result language to specified - r.write_pass_lang(result); + r.write_assign_lang(result); } } @@ -247,7 +251,7 @@ static void _while(Request& r, MethodPar // while... int endless_loop_count=0; - if(delim_maybe_code){ + if(delim_maybe_code){ // delimiter set bool need_delim=false; while(true) { if(++endless_loop_count>=MAX_LOOPS) // endless loop? @@ -260,8 +264,9 @@ static void _while(Request& r, MethodPar StringOrValue sv_processed=r.process(body_code); Request::Skip lskip=r.get_skip(); r.set_skip(Request::SKIP_NOTHING); + const String* s_processed=sv_processed.get_string(); - if(delim_maybe_code && s_processed && s_processed->length()) { // delimiter set and we have body + if(s_processed && !s_processed->is_empty()) { // we have body if(need_delim) // need delim & iteration produced string? r.write_pass_lang(r.process(*delim_maybe_code)); else @@ -321,7 +326,7 @@ static void _for(Request& r, MethodParam const String& var_name=params.as_string(0, "var name must be string"); int from=params.as_int(1, "from must be int", r); int to=params.as_int(2, "to must be int", r); - Value& body_code=params.as_junction(3, "body must be code"); + Value& body_code=params.as_junction(3, "body must be code"); Value* delim_maybe_code=params.count()>4?¶ms[4]:0; if(to-from>=MAX_LOOPS) // too long loop? @@ -333,7 +338,7 @@ static void _for(Request& r, MethodParam VMethodFrame& caller=*r.get_method_frame()->caller(); caller.put_element(caller, var_name, vint, false); - if(delim_maybe_code){ + if(delim_maybe_code){ // delimiter set bool need_delim=false; for(int i=from; i<=to; i++) { @@ -341,8 +346,9 @@ static void _for(Request& r, MethodParam StringOrValue sv_processed=r.process(body_code); Request::Skip lskip=r.get_skip(); r.set_skip(Request::SKIP_NOTHING); + const String* s_processed=sv_processed.get_string(); - if(s_processed && s_processed->length()) { // delimiter set and we have body + if(s_processed && !s_processed->is_empty()) { // we have body if(need_delim) // need delim & iteration produced string? r.write_pass_lang(r.process(*delim_maybe_code)); else @@ -897,10 +903,10 @@ VClassMAIN::VClassMAIN(): VClass() { add_native_method("if", Method::CT_ANY, _if, 2, 3, Method::CO_WITHOUT_FRAME); // ^untaint[as-is|uri|sql|js|html|html-typo|regex]{code} - add_native_method("untaint", Method::CT_ANY, _untaint, 1, 2, Method::CO_NONE); + add_native_method("untaint", Method::CT_ANY, _untaint, 1, 2); // ^taint[as-is|uri|sql|js|html|html-typo|regex]{code} - add_native_method("taint", Method::CT_ANY, _taint, 1, 2, Method::CO_NONE); + add_native_method("taint", Method::CT_ANY, _taint, 1, 2); // ^process[code] add_native_method("process", Method::CT_ANY, _process, 1, 3);