From: Dmitry Stogov <dmitry@php.net>
Date: Mon, 17 Aug 2009 18:23:48 +0000 (+0000)
Subject: Fixed bug #49144 (import of schema from different host transmits original authenticat... 
X-Git-Tag: php-5.2.11RC2~45
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=161dbf90ad84d8e0864c6a429d778ec8b3556c43;p=php

Fixed bug #49144 (import of schema from different host transmits original authentication details)
---

diff --git a/NEWS b/NEWS
index abcd9ce778..593d6c9e7f 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ PHP                                                                        NEWS
 - Fixed bug #49269 (Ternary operator fails on Iterator object when used inside
   foreach declaration). (Etienne, Dmitry)
 - Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
+- Fixed bug #49144 	(import of schema from different host transmits original
+  authentication details). (Dmitry)
 
 13 Aug 2009, PHP 5.2.11RC1
 - Fixed regression in cURL extension that prevented flush of data to output
diff --git a/ext/soap/php_schema.c b/ext/soap/php_schema.c
index 975efce058..1d4631cf53 100644
--- a/ext/soap/php_schema.c
+++ b/ext/soap/php_schema.c
@@ -102,7 +102,10 @@ static void schema_load_file(sdlCtx *ctx, xmlAttrPtr ns, xmlChar *location, xmlA
 		xmlNodePtr schema;
 		xmlAttrPtr new_tns;
 
+		sdl_set_uri_credentials(ctx, (char*)location TSRMLS_CC);
 		doc = soap_xmlParseFile((char*)location TSRMLS_CC);
+		sdl_restore_uri_credentials(ctx TSRMLS_CC);
+
 		if (doc == NULL) {
 			soap_error1(E_ERROR, "Parsing Schema: can't import schema from '%s'", location);
 		}
diff --git a/ext/soap/php_sdl.c b/ext/soap/php_sdl.c
index ecf196f811..d6a00f4c47 100644
--- a/ext/soap/php_sdl.c
+++ b/ext/soap/php_sdl.c
@@ -226,6 +226,64 @@ static int is_wsdl_element(xmlNodePtr node)
 	return 1;
 }
 
+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC)
+{
+	char *s;
+	int l1, l2;
+	zval *context = NULL;
+	zval **header = NULL;
+
+	/* check if we load xsd from the same server */
+	s = strstr(ctx->sdl->source, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l1 = s - ctx->sdl->source;
+	s = strstr((char*)uri, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l2 = s - (char*)uri;
+	if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) {
+		/* another server. clear authentication credentals */
+		context = php_libxml_switch_context(NULL TSRMLS_CC);
+		php_libxml_switch_context(context TSRMLS_CC);
+		if (context) {
+			ctx->context = php_stream_context_from_zval(context, 1);
+
+			if (ctx->context &&
+			    php_stream_context_get_option(ctx->context, "http", "header", &header) == SUCCESS) {
+				s = strstr(Z_STRVAL_PP(header), "Authorization: Basic");
+				if (s && (s == Z_STRVAL_PP(header) || *(s-1) == '\n' || *(s-1) == '\r')) {
+					char *rest = strstr(s, "\r\n");
+					if (rest) {
+						zval new_header;
+				    	
+						rest += 2;
+						Z_TYPE(new_header) = IS_STRING;
+						Z_STRLEN(new_header) = Z_STRLEN_PP(header) - (rest - s);
+						Z_STRVAL(new_header) = emalloc(Z_STRLEN_PP(header) + 1);
+						memcpy(Z_STRVAL(new_header), Z_STRVAL_PP(header), s - Z_STRVAL_PP(header));
+						memcpy(Z_STRVAL(new_header) + (s - Z_STRVAL_PP(header)), rest, Z_STRLEN_PP(header) - (rest - Z_STRVAL_PP(header)) + 1);
+						ctx->old_header = *header;
+						ctx->old_header->refcount++;
+						php_stream_context_set_option(ctx->context, "http", "header", &new_header);
+						zval_dtor(&new_header);
+					}
+				}
+			}
+		}
+	}
+}
+
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC)
+{
+	if (ctx->old_header) {
+	    php_stream_context_set_option(ctx->context, "http", "header", ctx->old_header);
+	    zval_ptr_dtor(&ctx->old_header);
+		ctx->old_header = NULL;
+	}
+	ctx->context = NULL;
+}
+
 static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include TSRMLS_DC)
 {
 	sdlPtr tmpsdl = ctx->sdl;
@@ -237,7 +295,9 @@ static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include
 		return;
 	}
 	
+	sdl_set_uri_credentials(ctx, struri TSRMLS_CC);
 	wsdl = soap_xmlParseFile(struri TSRMLS_CC);
+	sdl_restore_uri_credentials(ctx TSRMLS_CC);
 	
 	if (!wsdl) {
 		xmlErrorPtr xmlErrorPtr = xmlGetLastError();
diff --git a/ext/soap/php_sdl.h b/ext/soap/php_sdl.h
index afaf303f60..73056096e9 100644
--- a/ext/soap/php_sdl.h
+++ b/ext/soap/php_sdl.h
@@ -76,6 +76,8 @@ typedef struct sdlCtx {
 
 	HashTable *attributes;       /* array of sdlAttributePtr */
 	HashTable *attributeGroups;  /* array of sdlTypesPtr */
+	php_stream_context *context;
+	zval               *old_header;
 } sdlCtx;
 
 struct _sdlBinding {
@@ -264,4 +266,7 @@ sdlBindingPtr get_binding_from_name(sdlPtr sdl, char *name, char *ns);
 void delete_sdl(void *handle);
 void delete_sdl_impl(void *handle);
 
+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC);
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC);
+
 #endif