Fixed bug #37045 (Fixed check for special chars for http redirects).

2 files changed, 6 insertions, 4 deletions

diff --git a/NEWS b/NEWS
index d7e8d68b54..7a3bfa581a 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ PHP                                                                        NEWS
 - Fixed bug #37053 (html_errors with internal classes produces wrong links). 
   (Tony)
 - Fixed bug #37046 (foreach breaks static scope). (Dmitry)
+- Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia)
 - Fixed bug #37002 (Have to quote literals in INI when concatenating with
   vars). (Dmitry)
 - Fixed bug #36513 (comment will be outputed in last line). (Dmitry)
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 04231cf6b9..771c9bc20d 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -639,10 +639,11 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
 	}	\
 }	\
 			/* check for control characters in login, password & path */
-			CHECK_FOR_CNTRL_CHARS(resource->user)
-			CHECK_FOR_CNTRL_CHARS(resource->pass)
-			CHECK_FOR_CNTRL_CHARS(resource->path)
-
+			if (strncasecmp(newpath, "http://", sizeof("http://") - 1) || strncasecmp(newpath, "https://", sizeof("https://") - 1) {
+				CHECK_FOR_CNTRL_CHARS(resource->user)
+				CHECK_FOR_CNTRL_CHARS(resource->pass)
+				CHECK_FOR_CNTRL_CHARS(resource->path)
+			}
 			stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
 		} else {
 			php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed! %s", tmp_line);