diff options
author | Ilia Alshanetsky <ilia@ilia.ws> | 2015-10-27 12:40:53 -0400 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2016-10-04 21:20:31 -0700 |
commit | 085dfca02b64588317a233eb191d07a75511fff2 (patch) | |
tree | 3d52a46ec9596d9f075cac59a95a8be8c6fb0531 /ext/standard/url.c | |
parent | 8ea01d5f19a68a3f062c1e5d735372f8a48cbba8 (diff) | |
download | php-git-085dfca02b64588317a233eb191d07a75511fff2.tar.gz |
Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986
Diffstat (limited to 'ext/standard/url.c')
-rw-r--r-- | ext/standard/url.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ext/standard/url.c b/ext/standard/url.c index dd861a570d..92a3d1d712 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c @@ -242,6 +242,19 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length) /* check for login and password */ if ((p = zend_memrchr(s, '@', (e-s)))) { + /* check for invalid chars inside login/pass */ + pp = s; + while (pp < p) { + if (!isalnum(*pp) && *pp != ':' && *pp != ';' && *pp != '=' && !(*pp >= '!' && *pp <= ',')) { + if (ret->scheme) { + efree(ret->scheme); + } + efree(ret); + return NULL; + } + pp++; + } + if ((pp = memchr(s, ':', (p-s)))) { ret->user = estrndup(s, (pp-s)); php_replace_controlchars_ex(ret->user, (pp - s)); |