From e49922d3f8060e47f810a24ce48d4e622b493699 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmb@php.net>
Date: Wed, 1 Jul 2015 23:45:52 +0200
Subject: [PATCH] Fix #69976: Unable to parse "all" urls with colon char

If a colon occurs in a query string or fragment of a partial URL without
scheme, parse_url() tries to regard it as port separator. If up to 5 digits
follow and then a slash or the end of the string, parse_url() fails.

We're fixing this by checking whether the colon is part of the query string or
the fragment, under the assumption that question marks and hash signs are only
allowed as separators of query string and fragments, respectively, what is
guarenteed for URIs (RFC 3986), but not necessarily for URLs (RFC 1738) where
question marks are allowed for usernames and passwords.

Anyhow, this constitutes a minor BC, so the fix is applied to master only.
---
 ext/standard/tests/url/bug69976.phpt | 34 ++++++++++++++++++++++++++++
 ext/standard/url.c                   |  2 +-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 ext/standard/tests/url/bug69976.phpt

diff --git a/ext/standard/tests/url/bug69976.phpt b/ext/standard/tests/url/bug69976.phpt
new file mode 100644
index 0000000000..8c8ceac9c4
--- /dev/null
+++ b/ext/standard/tests/url/bug69976.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Bug #69976 (Unable to parse "all" urls with colon char)
+--FILE--
+<?php
+var_dump(parse_url("/busca/?fq=B:20001"));
+var_dump(parse_url("/busca/?fq=B:200013"));
+var_dump(parse_url("/busca/?fq=home:01234"));
+var_dump(parse_url("/busca/?fq=home:012345"));
+?>
+--EXPECT--
+array(2) {
+  ["path"]=>
+  string(7) "/busca/"
+  ["query"]=>
+  string(10) "fq=B:20001"
+}
+array(2) {
+  ["path"]=>
+  string(7) "/busca/"
+  ["query"]=>
+  string(11) "fq=B:200013"
+}
+array(2) {
+  ["path"]=>
+  string(7) "/busca/"
+  ["query"]=>
+  string(13) "fq=home:01234"
+}
+array(2) {
+  ["path"]=>
+  string(7) "/busca/"
+  ["query"]=>
+  string(14) "fq=home:012345"
+}
diff --git a/ext/standard/url.c b/ext/standard/url.c
index fe38c2d993..2531a0ff9a 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -110,7 +110,7 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
 		while (p < e) {
 			/* scheme = 1*[ lowalpha | digit | "+" | "-" | "." ] */
 			if (!isalpha(*p) && !isdigit(*p) && *p != '+' && *p != '.' && *p != '-') {
-				if (e + 1 < ue) {
+				if (e + 1 < ue && e < s + strcspn(s, "?#")) {
 					goto parse_port;
 				} else {
 					goto just_path;
-- 
2.50.1