Count number of filters, raise deprecation warning

Limit number of filters that can be chained in a php://filter URL.

Count number of filters already on the stream, instead of counting iterations on the loop. When filters are separated by slash instead of pipe, php_stream_apply_filter_list is called muliple times, so counting iterations won't work. Instead, count numbers of filters already on the chain.
Add more elaborate test that tests:
- file read
- file include
- no warning on stream_filter_append

Related to:
#10453
#16699

Author: Sjoerd Langkemper

ext/standard/php_fopen_wrapper.c

@@ -26,7 +26,6 @@
 #include "php_memory_streams.h"
 #include "php_fopen_wrappers.h"
 #include "SAPI.h"
-#include "zend_exceptions.h"
 
 static ssize_t php_stream_output_write(php_stream *stream, const char *buf, size_t count) /* {{{ */
 {
@@ -145,31 +144,30 @@ static const php_stream_ops php_stream_input_ops = {
 	NULL  /* set_option */
 };
 
-static const char max_stream_filters = 5;
+static const int max_stream_filters = 16;
 
 static void php_stream_apply_filter_list(php_stream *stream, char *filterlist, int read_chain, int write_chain) /* {{{ */
 {
 	char *p, *token = NULL;
 	php_stream_filter *temp_filter;
-	char nb_filters = 0;
 
 	p = php_strtok_r(filterlist, "|", &token);
 	while (p) {
-		if (nb_filters >= max_stream_filters) {
-			zend_throw_exception_ex(NULL, 0, "Unable to apply filter, maximum number (%d) reached", max_stream_filters);
-			return;
-		}
-		nb_filters++;
-
 		php_url_decode(p, strlen(p));
 		if (read_chain) {
+			if (php_stream_filter_count(&stream->readfilters) == max_stream_filters) {
+				zend_error(E_DEPRECATED, "Using more than %d filters in a php://filter URL is deprecated, use stream_filter_append to chain more than %d filters", max_stream_filters, max_stream_filters);
+			}
 			if ((temp_filter = php_stream_filter_create(p, NULL, php_stream_is_persistent(stream)))) {
 				php_stream_filter_append(&stream->readfilters, temp_filter);
 			} else {
 				php_error_docref(NULL, E_WARNING, "Unable to create filter (%s)", p);
 			}
 		}
 		if (write_chain) {
+			if (php_stream_filter_count(&stream->writefilters) == max_stream_filters) {
+				zend_error(E_DEPRECATED, "Using more than %d filters in a php://filter URL is deprecated, use stream_filter_append to chain more than %d filters", max_stream_filters, max_stream_filters);
+			}
 			if ((temp_filter = php_stream_filter_create(p, NULL, php_stream_is_persistent(stream)))) {
 				php_stream_filter_append(&stream->writefilters, temp_filter);
 			} else {

ext/standard/tests/filters/max_filter_chain.phpt

@@ -0,0 +1,85 @@
+--TEST--
+At most 16 filters can be chained in one stream
+--EXTENSIONS--
+filter
+--FILE--
+<?php
+
+function createFilterChains($n, $resource) {
+    $filter = 'string.toupper';
+    $pipes = 'php://filter/' . implode('|', array_fill(0, $n, $filter)) . "/resource=$resource";
+    $slashes = 'php://filter/' . implode('/', array_fill(0, $n, $filter)) . "/resource=$resource";
+    $resources = str_repeat("php://filter/$filter/resource=", $n) . $resource;
+    return [$pipes, $slashes, $resources];
+}
+
+$allowed_read = createFilterChains(16, 'data:text/plain,sixteen');
+foreach ($allowed_read as $chain) {
+    var_dump(file_get_contents($chain));
+}
+
+$allowed_include = createFilterChains(16, 'php://temp');
+foreach ($allowed_include as $chain) {
+    var_dump(include $chain);
+}
+
+$blocked_read = createFilterChains(17, 'data:text/plain,seventeen');
+foreach ($blocked_read as $chain) {
+    var_dump(file_get_contents($chain));
+}
+
+$blocked_include = createFilterChains(17, 'php://temp');
+foreach ($blocked_include as $chain) {
+    var_dump(include $chain);
+}
+
+// Test that the warning is only given once, even when we add two filters over the limit.
+$blocked_read = createFilterChains(18, 'data:text/plain,eighteen');
+foreach ($blocked_read as $chain) {
+    var_dump(file_get_contents($chain));
+}
+
+// many filters with stream_filter_append still works
+$fp = fopen('data:text/plain,stream_filter_append', 'r');
+for ($i = 0; $i < 80; $i++) {
+    stream_filter_append($fp, 'string.toupper');
+}
+var_dump(fread($fp, 30));
+fclose($fp);
+
+?>
+--EXPECTF--
+string(7) "SIXTEEN"
+string(7) "SIXTEEN"
+string(7) "SIXTEEN"
+int(1)
+int(1)
+int(1)
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+string(9) "SEVENTEEN"
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+string(9) "SEVENTEEN"
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+string(9) "SEVENTEEN"
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+int(1)
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+int(1)
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+int(1)
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+string(8) "EIGHTEEN"
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+string(8) "EIGHTEEN"
+
+Deprecated: Using more than 16 filters in a php://filter URL is deprecated, use stream_filter_append to chain more than 16 filters in %smax_filter_chain.php on line %d
+string(8) "EIGHTEEN"
+string(20) "STREAM_FILTER_APPEND"

main/streams/filter.c

@@ -447,6 +447,20 @@ PHPAPI void _php_stream_filter_append(php_stream_filter_chain *chain, php_stream
 	}
 }
 
+PHPAPI int php_stream_filter_count(php_stream_filter_chain *chain) {
+    if (chain->head == NULL) {
+        return 0;
+    }
+
+    int count = 1;
+    php_stream_filter *node = chain->head;
+    while (node != chain->tail) {
+        count += 1;
+        node = node->next;
+    }
+    return count;
+}
+
 PHPAPI zend_result _php_stream_filter_flush(php_stream_filter *filter, bool finish)
 {
 	php_stream_bucket_brigade brig_a = { NULL, NULL }, brig_b = { NULL, NULL }, *inp = &brig_a, *outp = &brig_b, *brig_temp;

main/streams/php_stream_filter_api.h

@@ -138,6 +138,7 @@ PHPAPI void _php_stream_filter_prepend(php_stream_filter_chain *chain, php_strea
 PHPAPI void php_stream_filter_prepend_ex(php_stream_filter_chain *chain, php_stream_filter *filter);
 PHPAPI void _php_stream_filter_append(php_stream_filter_chain *chain, php_stream_filter *filter);
 PHPAPI zend_result php_stream_filter_append_ex(php_stream_filter_chain *chain, php_stream_filter *filter);
+PHPAPI int php_stream_filter_count(php_stream_filter_chain *chain);
 PHPAPI zend_result _php_stream_filter_flush(php_stream_filter *filter, bool finish);
 PHPAPI php_stream_filter *php_stream_filter_remove(php_stream_filter *filter, bool call_dtor);
 PHPAPI void php_stream_filter_free(php_stream_filter *filter);