From: Ilia Alshanetsky Date: Tue, 8 Apr 2008 00:03:34 +0000 (+0000) Subject: MFB: various bug fixes X-Git-Tag: php-5.2.6RC5~14 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b6151800219387de632ebeb371b4d8a624b6cb6e;p=php MFB: various bug fixes --- diff --git a/NEWS b/NEWS index 0c16d62587..78dda00fb1 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,11 @@ PHP NEWS - Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) - Fixed sending of uninitialized paddings which may contain some information. (Andrei Nigmatulin) +- Fixed bug #44663 (Crash in imap_mail_compose if "body" parameter invalid). + (Ilia) - Fixed bug #44613 (Crash inside imap_headerinfo()). (Ilia, jmessa) +- Fixed bug #44603 (Order issues with Content-Type/Length headers on + POST). (Ilia) - Fixed bug #44594 (imap_open() does not validate # of retries parameter). (Ilia) - Fixed bug #44557 (Crash in imap_setacl when supplied integer as username) diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c index 9fe4f4cbd9..a67e78b887 100644 --- a/ext/imap/php_imap.c +++ b/ext/imap/php_imap.c @@ -3041,8 +3041,8 @@ PHP_FUNCTION(imap_mail_compose) } zend_hash_internal_pointer_reset(Z_ARRVAL_PP(body)); - if (zend_hash_get_current_data(Z_ARRVAL_PP(body), (void **) &data) != SUCCESS) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "body parameter cannot be empty"); + if (zend_hash_get_current_data(Z_ARRVAL_PP(body), (void **) &data) != SUCCESS || Z_TYPE_PP(data) != IS_ARRAY) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "body parameter must be a non-empty array"); RETURN_FALSE; } diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 2834cf8e28..0a09b12528 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -105,6 +105,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, char *protocol_version = NULL; int protocol_version_len = 3; /* Default: "1.0" */ struct timeval timeout; + char *user_headers = NULL; tmp_line[0] = '\0'; @@ -351,10 +352,8 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, efree(tmp); tmp = tmp_c; } - - /* Output trimmed headers with \r\n at the end */ - php_stream_write(stream, tmp, strlen(tmp)); - php_stream_write(stream, "\r\n", sizeof("\r\n") - 1); + + user_headers = estrdup(tmp); /* Make lowercase for easy comparison against 'standard' headers */ php_strtolower(tmp, strlen(tmp)); @@ -452,6 +451,27 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, } } + if (user_headers) { + /* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST + * see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first. + */ + if ( + header_init && + context && + !(have_header & HTTP_HEADER_CONTENT_LENGTH) && + php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS && + Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0 + ) { + scratch_len = slprintf(scratch, scratch_len, "Content-Length: %d\r\n", Z_STRLEN_PP(tmpzval)); + php_stream_write(stream, scratch, scratch_len); + have_header |= HTTP_HEADER_CONTENT_LENGTH; + } + + php_stream_write(stream, user_headers, strlen(user_headers)); + php_stream_write(stream, "\r\n", sizeof("\r\n")-1); + efree(user_headers); + } + /* Request content, such as for POST requests */ if (header_init && context && php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS &&