From 42a4264f8e3596c2798c283ab42e56092889fd80 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Johannes=20Schl=C3=BCter?= Date: Mon, 25 Jan 2010 16:14:28 +0000 Subject: [PATCH] merge r292611: Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (iliaa) --- NEWS | 3 +++ ext/filter/logical_filters.c | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/NEWS b/NEWS index 93284c5f94..08ac360f76 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 20??, PHP 5.3.2 RC 2 +- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. + (Ilia) + - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index 269f4839a2..0b27a641f2 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -456,12 +456,35 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ RETURN_VALIDATION_FAILED } + if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) { + char *e, *s; + + if (url->host == NULL) { + goto bad_url; + } + + e = url->host + strlen(url->host); + s = url->host; + + while (s < e) { + if (!isalnum((int)*(unsigned char *)s) && *s != '_' && *s != '.') { + goto bad_url; + } + s++; + } + + if (*(e - 1) == '.') { + goto bad_url; + } + } + if ( url->scheme == NULL || /* some schemas allow the host to be empty */ (url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) || ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL) ) { +bad_url: php_url_free(url); RETURN_VALIDATION_FAILED } -- 2.40.0