From aa34fda7eedb527e67656adf64b569e1a6a9cc11 Mon Sep 17 00:00:00 2001 From: Arnaud Le Blanc Date: Mon, 28 Jul 2008 19:03:57 +0000 Subject: [PATCH] When automatically redirecting an HTTP request, use the GET method when the original method was not HEAD or GET (fixes #45540) # # The RFC says that in case of 3xx code, "The action required MAY be # carried out [...] *only if the method used in the second request is GET or # HEAD*". # # This may not break anything as actually POST requests replying # with a Location header never worked as the redirecting request was sent using # the POST method, but without Entity-Body (and without Content-Length header, # which caused the server to reply with a "411 Length Required" or to treat # the request as GET). # --- ext/standard/http_fopen_wrapper.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index ad1bc2c1c9..a928e48174 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -294,10 +294,17 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, if (context && php_stream_context_get_option(context, "http", "method", &tmpzval) == SUCCESS) { if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) { - scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); - scratch = emalloc(scratch_len); - strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + /* As per the RFC, automatically redirected requests MUST NOT use other methods than + * GET and HEAD unless it can be confirmed by the user */ + if (redirect_max == PHP_URL_REDIRECT_MAX + || (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET", Z_STRVAL_PP(tmpzval), 3) == 0) + || (Z_STRLEN_PP(tmpzval) == 4 && memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0) + ) { + scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); + scratch = emalloc(scratch_len); + strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); + strcat(scratch, " "); + } } } -- 2.40.0