Fixed bug #49144 (import of schema from different host transmits original authenticat...

diff --git a/NEWS b/NEWS
index 8a909fe2759382f622e57f3f01b33a645ae0f547..6b2d9be403baee1b0d6ba352ef6a1dc088de778a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,8 @@ PHP                                                                        NEWS
 - Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies
   wrong type in declaration). (Ilia)
 - Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre)
+- Fixed bug #49144     (import of schema from different host transmits original
+  authentication details). (Dmitry)
 - Fixed bug #49132 (posix_times returns false without error).
   (phpbugs at gunnu dot us)
 - Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)

diff --git a/ext/soap/php_schema.c b/ext/soap/php_schema.c
index 975efce0585d53d8d08acd817f9154aeafb28369..1d4631cf53e761a304cbde86517e2a74acd8ba6d 100644 (file)
--- a/ext/soap/php_schema.c
+++ b/ext/soap/php_schema.c
@@ -102,7 +102,10 @@ static void schema_load_file(sdlCtx *ctx, xmlAttrPtr ns, xmlChar *location, xmlA
                xmlNodePtr schema;
                xmlAttrPtr new_tns;
 
+               sdl_set_uri_credentials(ctx, (char*)location TSRMLS_CC);
                doc = soap_xmlParseFile((char*)location TSRMLS_CC);
+               sdl_restore_uri_credentials(ctx TSRMLS_CC);
+
                if (doc == NULL) {
                        soap_error1(E_ERROR, "Parsing Schema: can't import schema from '%s'", location);
                }

diff --git a/ext/soap/php_sdl.c b/ext/soap/php_sdl.c
index 97ddb02d32d373a97076ff97d32de5ea96c77b09..d3d13bf5045fa12bc627a1e150a2dfcdf61d943b 100644 (file)
--- a/ext/soap/php_sdl.c
+++ b/ext/soap/php_sdl.c
@@ -226,6 +226,64 @@ static int is_wsdl_element(xmlNodePtr node)
        return 1;
 }
 
+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC)
+{
+       char *s;
+       int l1, l2;
+       zval *context = NULL;
+       zval **header = NULL;
+
+       /* check if we load xsd from the same server */
+       s = strstr(ctx->sdl->source, "://");
+       if (!s) return;
+       s = strchr(s+3, '/');
+       l1 = s - ctx->sdl->source;
+       s = strstr((char*)uri, "://");
+       if (!s) return;
+       s = strchr(s+3, '/');
+       l2 = s - (char*)uri;
+       if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) {
+               /* another server. clear authentication credentals */
+               context = php_libxml_switch_context(NULL TSRMLS_CC);
+               php_libxml_switch_context(context TSRMLS_CC);
+               if (context) {
+                       ctx->context = php_stream_context_from_zval(context, 1);
+
+                       if (ctx->context &&
+                           php_stream_context_get_option(ctx->context, "http", "header", &header) == SUCCESS) {
+                               s = strstr(Z_STRVAL_PP(header), "Authorization: Basic");
+                               if (s && (s == Z_STRVAL_PP(header) || *(s-1) == '\n' || *(s-1) == '\r')) {
+                                       char *rest = strstr(s, "\r\n");
+                                       if (rest) {
+                                               zval new_header;
+                                       
+                                               rest += 2;
+                                               Z_TYPE(new_header) = IS_STRING;
+                                               Z_STRLEN(new_header) = Z_STRLEN_PP(header) - (rest - s);
+                                               Z_STRVAL(new_header) = emalloc(Z_STRLEN_PP(header) + 1);
+                                               memcpy(Z_STRVAL(new_header), Z_STRVAL_PP(header), s - Z_STRVAL_PP(header));
+                                               memcpy(Z_STRVAL(new_header) + (s - Z_STRVAL_PP(header)), rest, Z_STRLEN_PP(header) - (rest - Z_STRVAL_PP(header)) + 1);
+                                               ctx->old_header = *header;
+                                               Z_ADDREF_P(ctx->old_header);
+                                               php_stream_context_set_option(ctx->context, "http", "header", &new_header);
+                                               zval_dtor(&new_header);
+                                       }
+                               }
+                       }
+               }
+       }
+}
+
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC)
+{
+       if (ctx->old_header) {
+           php_stream_context_set_option(ctx->context, "http", "header", ctx->old_header);
+           zval_ptr_dtor(&ctx->old_header);
+               ctx->old_header = NULL;
+       }
+       ctx->context = NULL;
+}
+
 static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include TSRMLS_DC)
 {
        sdlPtr tmpsdl = ctx->sdl;
@@ -237,7 +295,9 @@ static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include
                return;
        }
        
+       sdl_set_uri_credentials(ctx, struri TSRMLS_CC);
        wsdl = soap_xmlParseFile(struri TSRMLS_CC);
+       sdl_restore_uri_credentials(ctx TSRMLS_CC);
        
        if (!wsdl) {
                xmlErrorPtr xmlErrorPtr = xmlGetLastError();

diff --git a/ext/soap/php_sdl.h b/ext/soap/php_sdl.h
index afaf303f60b43b21a75c24bec8433d1096d7411e..73056096e9b915e40c4ef5ce685fb68a21135f1d 100644 (file)
--- a/ext/soap/php_sdl.h
+++ b/ext/soap/php_sdl.h
@@ -76,6 +76,8 @@ typedef struct sdlCtx {
 
        HashTable *attributes;       /* array of sdlAttributePtr */
        HashTable *attributeGroups;  /* array of sdlTypesPtr */
+       php_stream_context *context;
+       zval               *old_header;
 } sdlCtx;
 
 struct _sdlBinding {
@@ -264,4 +266,7 @@ sdlBindingPtr get_binding_from_name(sdlPtr sdl, char *name, char *ns);
 void delete_sdl(void *handle);
 void delete_sdl_impl(void *handle);
 
+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC);
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC);
+
 #endif