]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fec135a)
When automatically redirecting an HTTP request, use the GET method when the
authorArnaud Le Blanc <lbarnaud@php.net>
Mon, 28 Jul 2008 19:03:57 +0000 (19:03 +0000)
committerArnaud Le Blanc <lbarnaud@php.net>
Mon, 28 Jul 2008 19:03:57 +0000 (19:03 +0000)
original method was not HEAD or GET (fixes #45540)
#
# The RFC says that in case of 3xx code, "The action required MAY be
# carried out [...] *only if the method used in the second request is GET or
# HEAD*".
#
# This may not break anything as actually POST requests replying
# with a Location header never worked as the redirecting request was sent using
# the POST method, but without Entity-Body (and without Content-Length header,
# which caused the server to reply with a "411 Length Required" or to treat
# the request as GET).
#

ext/standard/http_fopen_wrapper.c patch | blob | history

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index ad1bc2c1c92ef4d8363c1e8a8142c429c593bc57..a928e48174f1c2231b814aaf90358b21913af059 100644 (file)
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -294,10 +294,17 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
 
        if (context && php_stream_context_get_option(context, "http", "method", &tmpzval) == SUCCESS) {
                if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) {
-                       scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
-                       scratch = emalloc(scratch_len);
-                       strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
-                       strcat(scratch, " ");
+                       /* As per the RFC, automatically redirected requests MUST NOT use other methods than
+                        * GET and HEAD unless it can be confirmed by the user */
+                       if (redirect_max == PHP_URL_REDIRECT_MAX
+                               || (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET", Z_STRVAL_PP(tmpzval), 3) == 0)
+                               || (Z_STRLEN_PP(tmpzval) == 4 && memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0)
+                       ) {
+                               scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
+                               scratch = emalloc(scratch_len);
+                               strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
+                               strcat(scratch, " ");
+                       }
                }
        }
  
Unnamed repository; edit this file 'description' to name the repository.