diff options
| author | Gustavo André dos Santos Lopes <cataphract@php.net> | 2011-02-05 22:37:00 +0000 |
|---|---|---|
| committer | Gustavo André dos Santos Lopes <cataphract@php.net> | 2011-02-05 22:37:00 +0000 |
| commit | a888ee434ba046660394840cc15d59875c13a79d (patch) | |
| tree | 14d4627218898794e1712000dbec29b2d2bce5f0 | |
| parent | 218448bfa07b05494efacc1f5983dde91e16c251 (diff) | |
| download | php-git-a888ee434ba046660394840cc15d59875c13a79d.tar.gz | |
- Changed port validation introduced in commit #308035 to consider
negative ports and ports > 65535 as invalid.
The tests that fail due to #308035 in the standard ext were not
fixed. If the behavior in those tests turns out to be the
desirable one, both this commit and #308035 ought to be reverted
or at least adapted.
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/filter/tests/015.phpt | 10 | ||||
| -rw-r--r-- | ext/standard/url.c | 26 |
3 files changed, 25 insertions, 13 deletions
@@ -48,7 +48,7 @@ - Filter extension: . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). - (Ilia) + (Ilia, Gustavo) . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). (Ilia) . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia) diff --git a/ext/filter/tests/015.phpt b/ext/filter/tests/015.phpt index 7be849e76c..476615ae37 100644 --- a/ext/filter/tests/015.phpt +++ b/ext/filter/tests/015.phpt @@ -28,7 +28,10 @@ array(), 'news:news.php.net', 'file://foo/bar', "http://\r\n/bar", -"http://example.com:qq" +"http://example.com:qq", +"http://example.com:-2", +"http://example.com:65536", +"http://example.com:65537", ); foreach ($values as $value) { var_dump(filter_var($value, FILTER_VALIDATE_URL)); @@ -72,6 +75,9 @@ string(14) "file://foo/bar" bool(false) bool(false) bool(false) +bool(false) +bool(false) +bool(false) string(10) "http://qwe" bool(false) bool(false) @@ -80,4 +86,4 @@ bool(false) string(42) "http://www.example.com/path/at/the/server/" bool(false) string(40) "http://www.example.com/index.php?a=b&c=d" -Done
\ No newline at end of file +Done diff --git a/ext/standard/url.c b/ext/standard/url.c index 00f5694e07..e4f71b1460 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -176,7 +176,7 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length) } } } - } else if (e) { /* no scheme, look for port */ + } else if (e) { /* no scheme; starts with colon: look for port */ parse_port: p = e + 1; pp = p; @@ -185,11 +185,14 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length) pp++; } - if (pp-p < 6 && (*pp == '/' || *pp == '\0')) { - memcpy(port_buf, p, (pp-p)); - port_buf[pp-p] = '\0'; - ret->port = atoi(port_buf); - if (!ret->port && (pp - p) > 0) { + if (pp - p > 0 && pp - p < 6 && (*pp == '/' || *pp == '\0')) { + long port; + memcpy(port_buf, p, (pp - p)); + port_buf[pp - p] = '\0'; + port = strtol(port_buf, NULL, 10); + if (port > 0 && port <= 65535) { + ret->port = (unsigned short) port; + } else { STR_FREE(ret->scheme); efree(ret); return NULL; @@ -269,10 +272,13 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length) efree(ret); return NULL; } else if (e - p > 0) { - memcpy(port_buf, p, (e-p)); - port_buf[e-p] = '\0'; - ret->port = atoi(port_buf); - if (!ret->port && (e - p)) { + long port; + memcpy(port_buf, p, (e - p)); + port_buf[e - p] = '\0'; + port = strtol(port_buf, NULL, 10); + if (port > 0 && port <= 65535) { + ret->port = (unsigned short)port; + } else { STR_FREE(ret->scheme); STR_FREE(ret->user); STR_FREE(ret->pass); |