Fix bug #64433: does not follow redirects for non-3xx response codes

1 files changed, 6 insertions, 3 deletions

diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 870f904e9c..b8676bbba4 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -731,12 +731,15 @@ finish:
 			http_header_line[http_header_line_length] = '\0';
 
 			if (!strncasecmp(http_header_line, "Location: ", 10)) {
-				/* we only care about Location for 300, 301, 302, 303 and 307 */
-				/* see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */
-				if ((response_code >= 300 && response_code < 304 || 307 == response_code) && context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) {
+				if (context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) {
 					SEPARATE_ZVAL(tmpzval);
 					convert_to_long_ex(tmpzval);
 					follow_location = Z_LVAL_PP(tmpzval);
+				} else if (!(response_code >= 300 && response_code < 304 || 307 == response_code)) { 
+					/* we shouldn't redirect automatically
+					if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307) 
+					see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */
+					follow_location = 0;
 				}
 				strlcpy(location, http_header_line + 10, sizeof(location));
 			} else if (!strncasecmp(http_header_line, "Content-Type: ", 14)) {