]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 29254a4)
Fixed bug #37045 (Fixed check for special chars for http redirects).
authorIlia Alshanetsky <iliaa@php.net>
Sun, 16 Apr 2006 16:54:49 +0000 (16:54 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Sun, 16 Apr 2006 16:54:49 +0000 (16:54 +0000)
NEWS patch | blob | history
ext/standard/http_fopen_wrapper.c patch | blob | history

diff --git a/NEWS b/NEWS
index d7e8d68b5423294ec0797ec4a9fbfa817909bcf0..7a3bfa581aed44d46bb5304188405966594951dd 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
 - Fixed bug #37053 (html_errors with internal classes produces wrong links). 
   (Tony)
 - Fixed bug #37046 (foreach breaks static scope). (Dmitry)
+- Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia)
 - Fixed bug #37002 (Have to quote literals in INI when concatenating with
   vars). (Dmitry)
 - Fixed bug #36513 (comment will be outputed in last line). (Dmitry)
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 04231cf6b991ffa9631ff191bc7da94db1c29664..771c9bc20d8adcb38fa3acffc920cdcf9f1c3e03 100644 (file)
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -639,10 +639,11 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
        }       \
 }      \
                        /* check for control characters in login, password & path */
-                       CHECK_FOR_CNTRL_CHARS(resource->user)
-                       CHECK_FOR_CNTRL_CHARS(resource->pass)
-                       CHECK_FOR_CNTRL_CHARS(resource->path)
-
+                       if (strncasecmp(newpath, "http://", sizeof("http://") - 1) || strncasecmp(newpath, "https://", sizeof("https://") - 1) {
+                               CHECK_FOR_CNTRL_CHARS(resource->user)
+                               CHECK_FOR_CNTRL_CHARS(resource->pass)
+                               CHECK_FOR_CNTRL_CHARS(resource->path)
+                       }
                        stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
                } else {
                        php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed! %s", tmp_line);
Unnamed repository; edit this file 'description' to name the repository.