From fe16ad4939dd016e02c5430bc89ae19b0dc5425a Mon Sep 17 00:00:00 2001 From: Cvar1984 Date: Mon, 29 Jun 2020 13:13:25 +0800 Subject: [PATCH 1/4] auto log final hook --- .editorconfig | 17 ++++++ evalhook.c | 148 ++++++++++++++++++++++++++------------------------ 2 files changed, 93 insertions(+), 72 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..db3fa42 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,17 @@ +# This file is for unifying the coding style for different editors and IDEs +# editorconfig.org + +# PHP PSR-2 Coding Standards +# http://www.php-fig.org/psr/psr-2/ + +root = true + +[*] +end_of_line = lf +insert_final_newline = true + +[*.{php, c, cpp, cc}] +charset = utf-8 +trim_trailing_whitespace = true +indent_style = space +indent_size = 4 diff --git a/evalhook.c b/evalhook.c index 9235760..555e0ef 100644 --- a/evalhook.c +++ b/evalhook.c @@ -1,20 +1,20 @@ /* - +----------------------------------------------------------------------+ - | PHP Version 5 | - +----------------------------------------------------------------------+ - | Copyright (c) 1997-2010 The PHP Group | - +----------------------------------------------------------------------+ - | This source file is subject to version 3.01 of the PHP license, | - | that is bundled with this package in the file LICENSE, and is | - | available through the world-wide-web at the following url: | - | http://www.php.net/license/3_01.txt | - | If you did not receive a copy of the PHP license and are unable to | - | obtain it through the world-wide-web, please send a note to | - | license@php.net so we can mail you a copy immediately. | - +----------------------------------------------------------------------+ - | Author: Stefan Esser | - +----------------------------------------------------------------------+ -*/ + +----------------------------------------------------------------------+ + | PHP Version 5 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2010 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: Stefan Esser | + +----------------------------------------------------------------------+ + */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -28,88 +28,92 @@ zend_module_entry evalhook_module_entry = { #if ZEND_MODULE_API_NO >= 20010901 - STANDARD_MODULE_HEADER, + STANDARD_MODULE_HEADER, #endif - "evalhook", + "evalhook", NULL, - PHP_MINIT(evalhook), - PHP_MSHUTDOWN(evalhook), - NULL, - NULL, - PHP_MINFO(evalhook), + PHP_MINIT(evalhook), + PHP_MSHUTDOWN(evalhook), + NULL, + NULL, + PHP_MINFO(evalhook), #if ZEND_MODULE_API_NO >= 20010901 - "0.1", + "0.1", #endif - STANDARD_MODULE_PROPERTIES + STANDARD_MODULE_PROPERTIES }; #ifdef COMPILE_DL_EVALHOOK ZEND_GET_MODULE(evalhook) #endif -static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename TSRMLS_DC); -static zend_bool evalhook_hooked = 0; + static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename TSRMLS_DC); + static zend_bool evalhook_hooked = 0; static zend_op_array *evalhook_compile_string(zval *source_string, char *filename TSRMLS_DC) { - int c, len, yes; - char *copy; - - /* Ignore non string eval() */ - if (Z_TYPE_P(source_string) != IS_STRING) { - return orig_compile_string(source_string, filename TSRMLS_CC); - } - - len = Z_STRLEN_P(source_string); - copy = estrndup(Z_STRVAL_P(source_string), len); - if (len > strlen(copy)) { - for (c=0; c strlen(copy)) { + for (c=0; c Date: Tue, 7 Jul 2020 18:11:37 +0800 Subject: [PATCH 2/4] always prompt unless Y/N selected --- evalhook.c | 40 ++++++++++++++-------------------------- 1 file changed, 14 insertions(+), 26 deletions(-) diff --git a/evalhook.c b/evalhook.c index 555e0ef..8cc3484 100644 --- a/evalhook.c +++ b/evalhook.c @@ -49,49 +49,37 @@ ZEND_GET_MODULE(evalhook) static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename TSRMLS_DC); static zend_bool evalhook_hooked = 0; - static zend_op_array *evalhook_compile_string(zval *source_string, char *filename TSRMLS_DC) { - int c, len, yes; - char *copy; - /* Ignore non string eval() */ if (Z_TYPE_P(source_string) != IS_STRING) { return orig_compile_string(source_string, filename TSRMLS_CC); } - len = Z_STRLEN_P(source_string); - copy = estrndup(Z_STRVAL_P(source_string), len); - if (len > strlen(copy)) { - for (c=0; c Date: Mon, 3 Jun 2024 12:02:45 +0700 Subject: [PATCH 3/4] fix deprecated on php8 --- evalhook.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/evalhook.c b/evalhook.c index 8cc3484..849c291 100644 --- a/evalhook.c +++ b/evalhook.c @@ -47,13 +47,13 @@ zend_module_entry evalhook_module_entry = { ZEND_GET_MODULE(evalhook) #endif - static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename TSRMLS_DC); + static zend_op_array *(*orig_compile_string)(zval *source_string, char *filename); static zend_bool evalhook_hooked = 0; -static zend_op_array *evalhook_compile_string(zval *source_string, char *filename TSRMLS_DC) +static zend_op_array *evalhook_compile_string(zval *source_string, char *filename) { /* Ignore non string eval() */ if (Z_TYPE_P(source_string) != IS_STRING) { - return orig_compile_string(source_string, filename TSRMLS_CC); + return orig_compile_string(source_string, filename); } int len = Z_STRLEN_P(source_string); @@ -71,7 +71,7 @@ static zend_op_array *evalhook_compile_string(zval *source_string, char *filenam char c = getchar(); if (c == 'y' || c == 'Y') { - return orig_compile_string(source_string, filename TSRMLS_CC); + return orig_compile_string(source_string, filename); } else if (c == 'n' || c == 'N') { zend_error(E_ERROR, "evalhook: script abort due to disallowed eval()"); @@ -84,8 +84,10 @@ PHP_MINIT_FUNCTION(evalhook) { if (evalhook_hooked == 0) { evalhook_hooked = 1; - orig_compile_string = zend_compile_string; - zend_compile_string = evalhook_compile_string; + orig_compile_string = (zend_op_array *(*)(zval *, char *))zend_compile_string; + zend_compile_string = (zend_op_array *(*)(zend_string *, const char *, zend_compile_position))evalhook_compile_string; + + } return SUCCESS; } @@ -94,7 +96,8 @@ PHP_MSHUTDOWN_FUNCTION(evalhook) { if (evalhook_hooked == 1) { evalhook_hooked = 0; - zend_compile_string = orig_compile_string; + zend_compile_string = (zend_op_array *(*)(zend_string *, const char *, zend_compile_position))evalhook_compile_string; + } return SUCCESS; } From da44fc461ef72a39ad4cea7166e07cafe11827db Mon Sep 17 00:00:00 2001 From: Bellatrix Lugosi Date: Fri, 13 Jun 2025 18:17:36 +0700 Subject: [PATCH 4/4] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2f8209d..2ee20be 100644 --- a/README.md +++ b/README.md @@ -3,3 +3,5 @@ http://php-security.org/2010/05/13/article-decoding-a-user-space-encoded-php-scr phpize && ./configure && make php -d extension=evalhook.so encoded_script.php + +for php 8 use [eval-logger](https://github.com/Cvar1984/eval-logger)