From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 4 Nov 2009 13:44:10 +0000 (+0000)
Subject: Fixed bug #50073 (parse_url() incorrect when ? in fragment).
X-Git-Tag: php-5.2.12RC1~21
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=18a433f0d9e1bf6875392d550861a0c9d456e4c9;p=php

Fixed bug #50073 (parse_url() incorrect when ? in fragment).
---

diff --git a/NEWS b/NEWS
index b8d3e9575d..6a034b1933 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,7 @@ PHP                                                                        NEWS
   (Felipe)
 - Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
 
+- Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
 - Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
 - Fixed bug #49990 (SNMP3 warning message about security level printed twice).
   (Jani)
diff --git a/ext/standard/url.c b/ext/standard/url.c
index 11b5eb0d0e..cc9cd99052 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -201,10 +201,21 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 	e = ue;
 	
 	if (!(p = memchr(s, '/', (ue - s)))) {
-		if ((p = memchr(s, '?', (ue - s)))) {
-			e = p;
-		} else if ((p = memchr(s, '#', (ue - s)))) {
-			e = p;
+		char *query, *fragment;
+
+		query = memchr(s, '?', (ue - s));
+		fragment = memchr(s, '#', (ue - s));
+
+		if (query && fragment) {
+			if (query > fragment) {
+				p = e = fragment;
+			} else {
+				p = e = query;
+			}
+		} else if (query) {
+			p = e = query;
+		} else if (fragment) {
+			p = e = fragment;
 		}
 	} else {
 		e = p;
@@ -285,10 +296,10 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 	
 	if ((p = memchr(s, '?', (ue - s)))) {
 		pp = strchr(s, '#');
-		
+
 		if (pp && pp < p) {
 			p = pp;
-			pp = strchr(pp+2, '#');
+			goto label_parse;
 		}
 	
 		if (p - s) {