MFH: Fixed bug #37045 (Fixed check for special chars for http redirects).

diff --git a/NEWS b/NEWS
index 486f2b974c9a5ae19942da3b0c6b07a4ab7ca164..eb0a2f62a55de186ad6379a86b04fff3cd694d55 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ PHP 4                                                                      NEWS
 - Added overflow checks to wordwrap() function. (Ilia)
 - Added a check for special characters in the session name. (Ilia)
 - Fixed bug #37046 (foreach breaks static scope). (Dmitry)
+- Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia)
 - Fixed bug #36857 (Added support for partial content fetching to the HTTP
   streams wrapper). (Ilia)
 - Fixed bug #36776 (node_list_wrapper_dtor segfault). (Rob)

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 1df04b4928a73d1817daba39a5a79c28fdfb3e9d..9fe3876d5667299f0aefb279407ab5804c7ec6f5 100644 (file)
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -503,9 +503,11 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
        }       \
 }      \
                        /* check for control characters in login, password & path */
-                       CHECK_FOR_CNTRL_CHARS(resource->user)
-                       CHECK_FOR_CNTRL_CHARS(resource->pass)
-                       CHECK_FOR_CNTRL_CHARS(resource->path)
+                       if (strncasecmp(newpath, "http://", sizeof("http://") - 1) || strncasecmp(newpath, "https://", sizeof("https://") - 1) {
+                               CHECK_FOR_CNTRL_CHARS(resource->user)
+                               CHECK_FOR_CNTRL_CHARS(resource->pass)
+                               CHECK_FOR_CNTRL_CHARS(resource->path)
+                       }
 
                        stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
                        if (stream && stream->wrapperdata)      {