From: Christoph M. Becker Date: Wed, 1 Jul 2015 21:45:52 +0000 (+0200) Subject: Fix #69976: Unable to parse "all" urls with colon char X-Git-Tag: php-7.1.0alpha3~25^2~72 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e49922d3f8060e47f810a24ce48d4e622b493699;p=php Fix #69976: Unable to parse "all" urls with colon char If a colon occurs in a query string or fragment of a partial URL without scheme, parse_url() tries to regard it as port separator. If up to 5 digits follow and then a slash or the end of the string, parse_url() fails. We're fixing this by checking whether the colon is part of the query string or the fragment, under the assumption that question marks and hash signs are only allowed as separators of query string and fragments, respectively, what is guarenteed for URIs (RFC 3986), but not necessarily for URLs (RFC 1738) where question marks are allowed for usernames and passwords. Anyhow, this constitutes a minor BC, so the fix is applied to master only. --- diff --git a/ext/standard/tests/url/bug69976.phpt b/ext/standard/tests/url/bug69976.phpt new file mode 100644 index 0000000000..8c8ceac9c4 --- /dev/null +++ b/ext/standard/tests/url/bug69976.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug #69976 (Unable to parse "all" urls with colon char) +--FILE-- + +--EXPECT-- +array(2) { + ["path"]=> + string(7) "/busca/" + ["query"]=> + string(10) "fq=B:20001" +} +array(2) { + ["path"]=> + string(7) "/busca/" + ["query"]=> + string(11) "fq=B:200013" +} +array(2) { + ["path"]=> + string(7) "/busca/" + ["query"]=> + string(13) "fq=home:01234" +} +array(2) { + ["path"]=> + string(7) "/busca/" + ["query"]=> + string(14) "fq=home:012345" +} diff --git a/ext/standard/url.c b/ext/standard/url.c index fe38c2d993..2531a0ff9a 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -110,7 +110,7 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length) while (p < e) { /* scheme = 1*[ lowalpha | digit | "+" | "-" | "." ] */ if (!isalpha(*p) && !isdigit(*p) && *p != '+' && *p != '.' && *p != '-') { - if (e + 1 < ue) { + if (e + 1 < ue && e < s + strcspn(s, "?#")) { goto parse_port; } else { goto just_path;