Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986

author: Ilia Alshanetsky <ilia@ilia.ws> 2015-10-27 12:40:53 -0400
committer: Stanislav Malyshev <stas@php.net> 2016-10-04 21:20:31 -0700
commit: 085dfca02b64588317a233eb191d07a75511fff2 (patch)
tree: 3d52a46ec9596d9f075cac59a95a8be8c6fb0531 /ext/standard/url.c
parent: 8ea01d5f19a68a3f062c1e5d735372f8a48cbba8 (diff)
download: php-git-085dfca02b64588317a233eb191d07a75511fff2.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/ext/standard/url.c b/ext/standard/url.c
index dd861a570d..92a3d1d712 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -242,6 +242,19 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 
 	/* check for login and password */
 	if ((p = zend_memrchr(s, '@', (e-s)))) {
+		/* check for invalid chars inside login/pass */
+		pp = s;
+		while (pp < p) {
+			if (!isalnum(*pp) && *pp != ':' && *pp != ';' && *pp != '=' && !(*pp >= '!' && *pp <= ',')) {
+				if (ret->scheme) {
+					efree(ret->scheme);
+				}
+				efree(ret);
+				return NULL;
+			}
+			pp++;
+		}
+
 		if ((pp = memchr(s, ':', (p-s)))) {
 			ret->user = estrndup(s, (pp-s));
 			php_replace_controlchars_ex(ret->user, (pp - s));
author	Ilia Alshanetsky <ilia@ilia.ws>	2015-10-27 12:40:53 -0400
committer	Stanislav Malyshev <stas@php.net>	2016-10-04 21:20:31 -0700
commit	085dfca02b64588317a233eb191d07a75511fff2 (patch)
tree	3d52a46ec9596d9f075cac59a95a8be8c6fb0531 /ext/standard/url.c
parent	8ea01d5f19a68a3f062c1e5d735372f8a48cbba8 (diff)
download	php-git-085dfca02b64588317a233eb191d07a75511fff2.tar.gz