diff options
| author | Sergey Akbarov <sergey@terranova.(none)> | 2013-03-15 09:54:18 -0700 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2013-03-30 21:22:30 -0700 |
| commit | 1d4fcdff9f8a5b183cd99295f330bb92dbcf1105 (patch) | |
| tree | 9d35984451a8d01ed569bd1b3459df5d54c25d4a | |
| parent | 92aa361bfc3bf9113f264e6700d8494ce4152897 (diff) | |
| download | php-git-1d4fcdff9f8a5b183cd99295f330bb92dbcf1105.tar.gz | |
Fix bug #64433: does not follow redirects for non-3xx response codes
| -rw-r--r-- | NEWS | 5 | ||||
| -rw-r--r-- | ext/standard/http_fopen_wrapper.c | 9 | ||||
| -rw-r--r-- | ext/standard/tests/streams/bug64433.phpt | 81 | ||||
| -rw-r--r-- | ext/standard/tests/streams/bug64433_srv.inc | 14 |
4 files changed, 105 insertions, 4 deletions
@@ -1,9 +1,12 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2013, PHP 5.4.15 +- Core: + . Fixed bug #64433 (follow_location parameter of context is ignored for most + response codes). (Sergey Akbarov) ?? ??? 2013, PHP 5.4.14 -- Core +- Core: . Fixed bug #64529 (Ran out of opcode space). (Dmitry) . Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration). (Laruence) diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 870f904e9c..b8676bbba4 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -731,12 +731,15 @@ finish: http_header_line[http_header_line_length] = '\0'; if (!strncasecmp(http_header_line, "Location: ", 10)) { - /* we only care about Location for 300, 301, 302, 303 and 307 */ - /* see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */ - if ((response_code >= 300 && response_code < 304 || 307 == response_code) && context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) { + if (context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_long_ex(tmpzval); follow_location = Z_LVAL_PP(tmpzval); + } else if (!(response_code >= 300 && response_code < 304 || 307 == response_code)) { + /* we shouldn't redirect automatically + if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307) + see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */ + follow_location = 0; } strlcpy(location, http_header_line + 10, sizeof(location)); } else if (!strncasecmp(http_header_line, "Content-Type: ", 14)) { diff --git a/ext/standard/tests/streams/bug64433.phpt b/ext/standard/tests/streams/bug64433.phpt new file mode 100644 index 0000000000..9f6e410a71 --- /dev/null +++ b/ext/standard/tests/streams/bug64433.phpt @@ -0,0 +1,81 @@ +--TEST-- +Bug #60180 ($_SERVER["PHP_SELF"] incorrect) +--SKIPIF-- +<?php +if(!file_exists(dirname(__FILE__)."/../../../../sapi/cli/tests/php_cli_server.inc")) die("skip"); +$res = @include dirname(__FILE__)."/../../../../sapi/cli/tests/php_cli_server.inc"; +if(!$res) { + die("skip"); +} +?> +--FILE-- +<?php +include dirname(__FILE__)."/../../../../sapi/cli/tests/php_cli_server.inc"; +php_cli_server_start(file_get_contents(dirname(__FILE__).'/bug64433_srv.inc')); + +echo file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php"); +echo "default\n"; +$codes = array(200, 201, 204, 301, 302, 303, 304, 305, 307, 404, 500); +foreach($codes as $code) { + echo "$code: ".file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php?status=$code&loc=1"); +} +echo "follow=0\n"; +$arr = array('http'=> + array( + 'follow_location'=>0, + ) + ); +$context = stream_context_create($arr); +foreach($codes as $code) { + echo "$code: ".file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php?status=$code&loc=1", false, $context); +} +echo "follow=1\n"; +$arr = array('http'=> + array( + 'follow_location'=>1, + ) + ); +$context = stream_context_create($arr); +foreach($codes as $code) { + echo "$code: ".file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php?status=$code&loc=1", false, $context); +} +--EXPECT-- +HELLO! +default +200: HELLO! +201: HELLO! +204: HELLO! +301: REDIRECTED +302: REDIRECTED +303: REDIRECTED +304: HELLO! +305: HELLO! +307: REDIRECTED +404: HELLO! +500: HELLO! +follow=0 +200: HELLO! +201: HELLO! +204: HELLO! +301: HELLO! +302: HELLO! +303: HELLO! +304: HELLO! +305: HELLO! +307: HELLO! +404: HELLO! +500: HELLO! +follow=1 +200: REDIRECTED +201: REDIRECTED +204: REDIRECTED +301: REDIRECTED +302: REDIRECTED +303: REDIRECTED +304: REDIRECTED +305: REDIRECTED +307: REDIRECTED +404: REDIRECTED +500: REDIRECTED + + diff --git a/ext/standard/tests/streams/bug64433_srv.inc b/ext/standard/tests/streams/bug64433_srv.inc new file mode 100644 index 0000000000..e79a2fd6d6 --- /dev/null +++ b/ext/standard/tests/streams/bug64433_srv.inc @@ -0,0 +1,14 @@ +if(!empty($_REQUEST["redir"])) { + echo "REDIRECTED\n"; + return; +} + +if(!empty($_REQUEST["loc"])) { + header("Location: index.php?redir=1"); +} + +if(!empty($_REQUEST["status"])) { + http_response_code($_REQUEST["status"]); +} + +echo "HELLO!\n";
\ No newline at end of file |