]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d34e9a3)
Fixed bug #32936 (http redirects URLs are not checked for control chars).
authorIlia Alshanetsky <iliaa@php.net>
Fri, 6 May 2005 02:13:46 +0000 (02:13 +0000)
committerIlia Alshanetsky <iliaa@php.net>
Fri, 6 May 2005 02:13:46 +0000 (02:13 +0000)
ext/standard/http_fopen_wrapper.c patch | blob | history

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index db7e5ee54c0bb4495a74862bf2f664b609d8763c..066af3cb24145d94b8eee31f28f9eba24068805c 100644 (file)
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -551,6 +551,34 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
                        } else {
                                strlcpy(new_path, location, sizeof(new_path));
                        }
+
+                       php_url_free(resource);
+                       /* check for invalid redirection URLs */
+                       if ((resource = php_url_parse(new_path)) == NULL) {
+                               php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect url! %s", new_path);
+                               goto out;
+                       }
+
+#define CHECK_FOR_CNTRL_CHARS(val) {   \
+       if (val) {      \
+               unsigned char *s, *e;   \
+               int l;  \
+               l = php_url_decode(val, strlen(val));   \
+               s = val; e = s + l;     \
+               while (s < e) { \
+                       if (iscntrl(*s)) {      \
+                               php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect url! %s", new_path); \
+                               goto out;       \
+                       }       \
+                       s++;    \
+               }       \
+       }       \
+}      \
+                       /* check for control characters in login, password & path */
+                       CHECK_FOR_CNTRL_CHARS(resource->user)
+                       CHECK_FOR_CNTRL_CHARS(resource->pass)
+                       CHECK_FOR_CNTRL_CHARS(resource->path)
+
                        stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
                        if (stream && stream->wrapperdata)      {
                                entryp = &entry;
Unnamed repository; edit this file 'description' to name the repository.