diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2006-04-16 16:56:26 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2006-04-16 16:56:26 +0000 |
commit | 687ebaa97760ea803010af7a57a5048c8d1775a6 (patch) | |
tree | 36857372a550a9fb61d5c81dc69c143b201aa033 | |
parent | fa431b2bd56b5ac529428a2ab426b4abe82c302b (diff) | |
download | php-git-687ebaa97760ea803010af7a57a5048c8d1775a6.tar.gz |
MFH: Fixed bug #37045 (Fixed check for special chars for http redirects).
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | ext/standard/http_fopen_wrapper.c | 8 |
2 files changed, 6 insertions, 3 deletions
@@ -5,6 +5,7 @@ PHP 4 NEWS - Added overflow checks to wordwrap() function. (Ilia) - Added a check for special characters in the session name. (Ilia) - Fixed bug #37046 (foreach breaks static scope). (Dmitry) +- Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia) - Fixed bug #36857 (Added support for partial content fetching to the HTTP streams wrapper). (Ilia) - Fixed bug #36776 (node_list_wrapper_dtor segfault). (Rob) diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 1df04b4928..9fe3876d56 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -503,9 +503,11 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, } \ } \ /* check for control characters in login, password & path */ - CHECK_FOR_CNTRL_CHARS(resource->user) - CHECK_FOR_CNTRL_CHARS(resource->pass) - CHECK_FOR_CNTRL_CHARS(resource->path) + if (strncasecmp(newpath, "http://", sizeof("http://") - 1) || strncasecmp(newpath, "https://", sizeof("https://") - 1) { + CHECK_FOR_CNTRL_CHARS(resource->user) + CHECK_FOR_CNTRL_CHARS(resource->pass) + CHECK_FOR_CNTRL_CHARS(resource->path) + } stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC); if (stream && stream->wrapperdata) { |