From: Pierrick Charron Date: Sun, 13 Mar 2011 04:02:56 +0000 (+0000) Subject: Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment) X-Git-Tag: php-5.3.6~12 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ee832705d1e3e86ceecc056ec3533a60d035d9c5;p=php Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment) --- diff --git a/NEWS b/NEWS index 935e2334dd..f5b275f9f8 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 10 Mar 2011, PHP 5.3.6RC3 +- Core: + . Fixed bug #54180 (parse_url() incorrectly parses path when ? in fragment). + (tomas dot brastavicius at quantum dot lt, Pierrick) + - Shmop extension: . Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) Reported by Jose Carlos Norte (CVE-2011-1092) diff --git a/ext/standard/tests/url/bug54180.phpt b/ext/standard/tests/url/bug54180.phpt new file mode 100644 index 0000000000..2e64e27d07 --- /dev/null +++ b/ext/standard/tests/url/bug54180.phpt @@ -0,0 +1,32 @@ +--TEST-- +Bug #54180 (parse_url() incorrectly parses path when ? in fragment) +--FILE-- + +--EXPECTF-- +array(5) { + ["scheme"]=> + string(4) "http" + ["host"]=> + string(11) "example.com" + ["path"]=> + string(17) "/path/script.html" + ["query"]=> + string(3) "t=1" + ["fragment"]=> + string(13) "fragment?data" +} +array(4) { + ["scheme"]=> + string(4) "http" + ["host"]=> + string(11) "example.com" + ["path"]=> + string(17) "/path/script.html" + ["fragment"]=> + string(13) "fragment?data" +} diff --git a/ext/standard/url.c b/ext/standard/url.c index e4f71b1460..0f4b836e62 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -316,6 +316,10 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length) pp = strchr(s, '#'); if (pp && pp < p) { + if (pp - s) { + ret->path = estrndup(s, (pp-s)); + php_replace_controlchars_ex(ret->path, (pp - s)); + } p = pp; goto label_parse; }