diff options
Diffstat (limited to 'ext/filter')
-rw-r--r-- | ext/filter/logical_filters.c | 23 | ||||
-rw-r--r-- | ext/filter/tests/bug77423.phpt | 15 |
2 files changed, 38 insertions, 0 deletions
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c index 392156b539..4a66d685e9 100644 --- a/ext/filter/logical_filters.c +++ b/ext/filter/logical_filters.c @@ -556,6 +556,22 @@ void php_filter_validate_domain(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ } /* }}} */ +static int is_userinfo_valid(zend_string *str) +{ + const char *valid = "-._~!$&'()*+,;=:"; + const char *p = ZSTR_VAL(str); + while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; + } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { + p += 3; + } else { + return 0; + } + } + return 1; +} + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; @@ -611,6 +627,13 @@ bad_url: php_url_free(url); RETURN_VALIDATION_FAILED } + + if (url->user != NULL && !is_userinfo_valid(url->user)) { + php_url_free(url); + RETURN_VALIDATION_FAILED + + } + php_url_free(url); } /* }}} */ diff --git a/ext/filter/tests/bug77423.phpt b/ext/filter/tests/bug77423.phpt new file mode 100644 index 0000000000..761c7c359a --- /dev/null +++ b/ext/filter/tests/bug77423.phpt @@ -0,0 +1,15 @@ +--TEST-- +Bug #77423 (parse_url() will deliver a wrong host to user) +--FILE-- +<?php +$urls = array( + "http://php.net\@aliyun.com/aaa.do", + "https://example.com\uFF03@bing.com", +); +foreach ($urls as $url) { + var_dump(filter_var($url, FILTER_VALIDATE_URL)); +} +?> +--EXPECT-- +bool(false) +bool(false) |