diff options
author | Andrew Nester <andrew.nester.dev@gmail.com> | 2017-07-11 21:50:38 +0300 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2018-04-12 17:28:35 +0200 |
commit | 68296c4055642940503c57d850f00e07a1b64618 (patch) | |
tree | 7857af2f40633af26ca84b554902f8f293136cda | |
parent | 0d87a0ba576e2aa981ce096c2ce1a317ae629577 (diff) | |
download | php-git-68296c4055642940503c57d850f00e07a1b64618.tar.gz |
Fixed #74892 - Fixed URL rewriting for urls started with #
(cherry picked from commit 6c32d271d238a18cfc19d98877cdead1ab38f417)
This should have already been merged via
9cd82df0bbb1f9a1407ffb749292576be1b91c07, but that merge went wrong.
-rw-r--r-- | ext/session/tests/bug74892.phpt | 23 | ||||
-rw-r--r-- | ext/standard/url_scanner_ex.c | 98 | ||||
-rw-r--r-- | ext/standard/url_scanner_ex.re | 10 |
3 files changed, 83 insertions, 48 deletions
diff --git a/ext/session/tests/bug74892.phpt b/ext/session/tests/bug74892.phpt new file mode 100644 index 0000000000..a4c977828a --- /dev/null +++ b/ext/session/tests/bug74892.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #74892 Url Rewriting (trans_sid) not working on urls that start with # +--FILE-- +<?php +ini_set('session.use_cookies', '0'); +ini_set('session.use_only_cookies',0); +ini_set('session.use_trans_sid',1); +ini_set('session.trans_sid_hosts','php.net'); +session_id('sessionidhere'); +session_start(); + +?> +<p><a href="index.php">Click This Anchor Tag!</a></p> +<p><a href="index.php#place">External link with anchor</a></p> +<p><a href="http://php.net#foo">External link with anchor 2</a></p> +<p><a href="#place">Internal link</a></p> +===DONE=== +--EXPECT-- +<p><a href="index.php?PHPSESSID=sessionidhere">Click This Anchor Tag!</a></p> +<p><a href="index.php?PHPSESSID=sessionidhere#place">External link with anchor</a></p> +<p><a href="http://php.net?PHPSESSID=sessionidhere#foo">External link with anchor 2</a></p> +<p><a href="#place">Internal link</a></p> +===DONE=== diff --git a/ext/standard/url_scanner_ex.c b/ext/standard/url_scanner_ex.c index 54d89512ea..5784de98d2 100644 --- a/ext/standard/url_scanner_ex.c +++ b/ext/standard/url_scanner_ex.c @@ -194,6 +194,13 @@ static inline void append_modified_url(smart_str *url, smart_str *dest, smart_st return; } + /* Don't modify URLs of the format "#mark" */ + if (url_parts->fragment && '#' == ZSTR_VAL(url->s)[0]) { + smart_str_append_smart_str(dest, url); + php_url_free(url_parts); + return; + } + /* Check protocol. Only http/https is allowed. */ if (url_parts->scheme && strcasecmp("http", url_parts->scheme) @@ -217,13 +224,12 @@ static inline void append_modified_url(smart_str *url, smart_str *dest, smart_st * When URL does not have path and query string add "/?". * i.e. If URL is only "?foo=bar", should not add "/?". */ - if (!url_parts->path && !url_parts->query) { + if (!url_parts->path && !url_parts->query && !url_parts->fragment) { /* URL is http://php.net or like */ smart_str_append_smart_str(dest, url); smart_str_appendc(dest, '/'); smart_str_appendc(dest, '?'); smart_str_append_smart_str(dest, url_app); - /* There should not be fragment. Just return */ php_url_free(url_parts); return; } @@ -513,7 +519,7 @@ state_plain_begin: state_plain: start = YYCURSOR; -#line 517 "ext/standard/url_scanner_ex.c" +#line 523 "ext/standard/url_scanner_ex.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -563,22 +569,22 @@ yy2: if (yybm[0+yych] & 128) { goto yy2; } -#line 520 "ext/standard/url_scanner_ex.re" +#line 526 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); goto state_plain; } -#line 569 "ext/standard/url_scanner_ex.c" +#line 575 "ext/standard/url_scanner_ex.c" yy5: ++YYCURSOR; -#line 519 "ext/standard/url_scanner_ex.re" +#line 525 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); STATE = STATE_TAG; goto state_tag; } -#line 574 "ext/standard/url_scanner_ex.c" +#line 580 "ext/standard/url_scanner_ex.c" } -#line 521 "ext/standard/url_scanner_ex.re" +#line 527 "ext/standard/url_scanner_ex.re" state_tag: start = YYCURSOR; -#line 582 "ext/standard/url_scanner_ex.c" +#line 588 "ext/standard/url_scanner_ex.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -621,9 +627,9 @@ state_tag: goto yy11; } ++YYCURSOR; -#line 527 "ext/standard/url_scanner_ex.re" +#line 533 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); goto state_plain_begin; } -#line 627 "ext/standard/url_scanner_ex.c" +#line 633 "ext/standard/url_scanner_ex.c" yy11: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); @@ -631,11 +637,11 @@ yy11: if (yybm[0+yych] & 128) { goto yy11; } -#line 526 "ext/standard/url_scanner_ex.re" +#line 532 "ext/standard/url_scanner_ex.re" { handle_tag(STD_ARGS); /* Sets STATE */; passthru(STD_ARGS); if (STATE == STATE_PLAIN) goto state_plain; else goto state_next_arg; } -#line 637 "ext/standard/url_scanner_ex.c" +#line 643 "ext/standard/url_scanner_ex.c" } -#line 528 "ext/standard/url_scanner_ex.re" +#line 534 "ext/standard/url_scanner_ex.re" state_next_arg_begin: @@ -644,7 +650,7 @@ state_next_arg_begin: state_next_arg: start = YYCURSOR; -#line 648 "ext/standard/url_scanner_ex.c" +#line 654 "ext/standard/url_scanner_ex.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -700,9 +706,9 @@ state_next_arg: yy16: ++YYCURSOR; yy17: -#line 539 "ext/standard/url_scanner_ex.re" +#line 545 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); goto state_plain_begin; } -#line 706 "ext/standard/url_scanner_ex.c" +#line 712 "ext/standard/url_scanner_ex.c" yy18: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); @@ -710,30 +716,30 @@ yy18: if (yybm[0+yych] & 128) { goto yy18; } -#line 537 "ext/standard/url_scanner_ex.re" +#line 543 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); goto state_next_arg; } -#line 716 "ext/standard/url_scanner_ex.c" +#line 722 "ext/standard/url_scanner_ex.c" yy21: yych = *++YYCURSOR; if (yych != '>') goto yy17; yy22: ++YYCURSOR; -#line 536 "ext/standard/url_scanner_ex.re" +#line 542 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); handle_form(STD_ARGS); goto state_plain_begin; } -#line 724 "ext/standard/url_scanner_ex.c" +#line 730 "ext/standard/url_scanner_ex.c" yy24: ++YYCURSOR; -#line 538 "ext/standard/url_scanner_ex.re" +#line 544 "ext/standard/url_scanner_ex.re" { --YYCURSOR; STATE = STATE_ARG; goto state_arg; } -#line 729 "ext/standard/url_scanner_ex.c" +#line 735 "ext/standard/url_scanner_ex.c" } -#line 540 "ext/standard/url_scanner_ex.re" +#line 546 "ext/standard/url_scanner_ex.re" state_arg: start = YYCURSOR; -#line 737 "ext/standard/url_scanner_ex.c" +#line 743 "ext/standard/url_scanner_ex.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -778,9 +784,9 @@ state_arg: if (yych <= 'z') goto yy30; yy28: ++YYCURSOR; -#line 546 "ext/standard/url_scanner_ex.re" +#line 552 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); STATE = STATE_NEXT_ARG; goto state_next_arg; } -#line 784 "ext/standard/url_scanner_ex.c" +#line 790 "ext/standard/url_scanner_ex.c" yy30: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); @@ -788,17 +794,17 @@ yy30: if (yybm[0+yych] & 128) { goto yy30; } -#line 545 "ext/standard/url_scanner_ex.re" +#line 551 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); handle_arg(STD_ARGS); STATE = STATE_BEFORE_VAL; goto state_before_val; } -#line 794 "ext/standard/url_scanner_ex.c" +#line 800 "ext/standard/url_scanner_ex.c" } -#line 547 "ext/standard/url_scanner_ex.re" +#line 553 "ext/standard/url_scanner_ex.re" state_before_val: start = YYCURSOR; -#line 802 "ext/standard/url_scanner_ex.c" +#line 808 "ext/standard/url_scanner_ex.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -841,9 +847,9 @@ state_before_val: if (yych == '=') goto yy38; ++YYCURSOR; yy36: -#line 553 "ext/standard/url_scanner_ex.re" +#line 559 "ext/standard/url_scanner_ex.re" { --YYCURSOR; goto state_next_arg_begin; } -#line 847 "ext/standard/url_scanner_ex.c" +#line 853 "ext/standard/url_scanner_ex.c" yy37: yych = *(YYMARKER = ++YYCURSOR); if (yych == ' ') goto yy41; @@ -855,9 +861,9 @@ yy38: if (yybm[0+yych] & 128) { goto yy38; } -#line 552 "ext/standard/url_scanner_ex.re" +#line 558 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); STATE = STATE_VAL; goto state_val; } -#line 861 "ext/standard/url_scanner_ex.c" +#line 867 "ext/standard/url_scanner_ex.c" yy41: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); @@ -867,14 +873,14 @@ yy41: YYCURSOR = YYMARKER; goto yy36; } -#line 554 "ext/standard/url_scanner_ex.re" +#line 560 "ext/standard/url_scanner_ex.re" state_val: start = YYCURSOR; -#line 878 "ext/standard/url_scanner_ex.c" +#line 884 "ext/standard/url_scanner_ex.c" { YYCTYPE yych; static const unsigned char yybm[] = { @@ -927,15 +933,15 @@ yy46: if (yybm[0+yych] & 32) { goto yy46; } -#line 562 "ext/standard/url_scanner_ex.re" +#line 568 "ext/standard/url_scanner_ex.re" { handle_val(STD_ARGS, 0, ' '); goto state_next_arg_begin; } -#line 933 "ext/standard/url_scanner_ex.c" +#line 939 "ext/standard/url_scanner_ex.c" yy49: ++YYCURSOR; yy50: -#line 563 "ext/standard/url_scanner_ex.re" +#line 569 "ext/standard/url_scanner_ex.re" { passthru(STD_ARGS); goto state_next_arg_begin; } -#line 939 "ext/standard/url_scanner_ex.c" +#line 945 "ext/standard/url_scanner_ex.c" yy51: yych = *(YYMARKER = ++YYCURSOR); if (yych == '>') goto yy50; @@ -958,9 +964,9 @@ yy55: goto yy50; yy56: ++YYCURSOR; -#line 560 "ext/standard/url_scanner_ex.re" +#line 566 "ext/standard/url_scanner_ex.re" { handle_val(STD_ARGS, 1, '"'); goto state_next_arg_begin; } -#line 964 "ext/standard/url_scanner_ex.c" +#line 970 "ext/standard/url_scanner_ex.c" yy58: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); @@ -971,11 +977,11 @@ yy59: } if (yych >= '(') goto yy55; ++YYCURSOR; -#line 561 "ext/standard/url_scanner_ex.re" +#line 567 "ext/standard/url_scanner_ex.re" { handle_val(STD_ARGS, 1, '\''); goto state_next_arg_begin; } -#line 977 "ext/standard/url_scanner_ex.c" +#line 983 "ext/standard/url_scanner_ex.c" } -#line 564 "ext/standard/url_scanner_ex.re" +#line 570 "ext/standard/url_scanner_ex.re" stop: diff --git a/ext/standard/url_scanner_ex.re b/ext/standard/url_scanner_ex.re index 9addd9c924..628a7fee58 100644 --- a/ext/standard/url_scanner_ex.re +++ b/ext/standard/url_scanner_ex.re @@ -197,6 +197,13 @@ static inline void append_modified_url(smart_str *url, smart_str *dest, smart_st return; } + /* Don't modify URLs of the format "#mark" */ + if (url_parts->fragment && '#' == ZSTR_VAL(url->s)[0]) { + smart_str_append_smart_str(dest, url); + php_url_free(url_parts); + return; + } + /* Check protocol. Only http/https is allowed. */ if (url_parts->scheme && strcasecmp("http", url_parts->scheme) @@ -220,13 +227,12 @@ static inline void append_modified_url(smart_str *url, smart_str *dest, smart_st * When URL does not have path and query string add "/?". * i.e. If URL is only "?foo=bar", should not add "/?". */ - if (!url_parts->path && !url_parts->query) { + if (!url_parts->path && !url_parts->query && !url_parts->fragment) { /* URL is http://php.net or like */ smart_str_append_smart_str(dest, url); smart_str_appendc(dest, '/'); smart_str_appendc(dest, '?'); smart_str_append_smart_str(dest, url_app); - /* There should not be fragment. Just return */ php_url_free(url_parts); return; } |