mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Merge branch 'PHP-5.6' into PHP-7.0
* PHP-5.6: Fixed test Added validation to parse_url() to prohibit restricted characters inside login/pass components based on RFC3986 Apparently negative wordwrap is a thing and should work as length = 0.
This commit is contained in:
commit
56e19b7c75
@ -575,22 +575,7 @@ $sample_urls = array (
|
||||
string(16) "some_page_ref123"
|
||||
}
|
||||
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) {
|
||||
["scheme"]=>
|
||||
string(4) "http"
|
||||
["host"]=>
|
||||
string(11) "www.php.net"
|
||||
["port"]=>
|
||||
int(80)
|
||||
["user"]=>
|
||||
string(14) "secret@hideout"
|
||||
["path"]=>
|
||||
string(10) "/index.php"
|
||||
["query"]=>
|
||||
string(31) "test=1&test2=char&test3=mixesCI"
|
||||
["fragment"]=>
|
||||
string(16) "some_page_ref123"
|
||||
}
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: bool(false)
|
||||
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(8) {
|
||||
["scheme"]=>
|
||||
@ -759,22 +744,7 @@ $sample_urls = array (
|
||||
string(7) "9130731"
|
||||
}
|
||||
|
||||
--> http://user:@pass@host/path?argument?value#etc: array(7) {
|
||||
["scheme"]=>
|
||||
string(4) "http"
|
||||
["host"]=>
|
||||
string(4) "host"
|
||||
["user"]=>
|
||||
string(4) "user"
|
||||
["pass"]=>
|
||||
string(5) "@pass"
|
||||
["path"]=>
|
||||
string(5) "/path"
|
||||
["query"]=>
|
||||
string(14) "argument?value"
|
||||
["fragment"]=>
|
||||
string(3) "etc"
|
||||
}
|
||||
--> http://user:@pass@host/path?argument?value#etc: bool(false)
|
||||
string(4) "http"
|
||||
string(11) "www.php.net"
|
||||
int(80)
|
||||
|
@ -507,23 +507,6 @@ echo "Done";
|
||||
string(16) "some_page_ref123"
|
||||
}
|
||||
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) {
|
||||
["scheme"]=>
|
||||
string(4) "http"
|
||||
["host"]=>
|
||||
string(11) "www.php.net"
|
||||
["port"]=>
|
||||
int(80)
|
||||
["user"]=>
|
||||
string(14) "secret@hideout"
|
||||
["path"]=>
|
||||
string(10) "/index.php"
|
||||
["query"]=>
|
||||
string(31) "test=1&test2=char&test3=mixesCI"
|
||||
["fragment"]=>
|
||||
string(16) "some_page_ref123"
|
||||
}
|
||||
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(8) {
|
||||
["scheme"]=>
|
||||
string(4) "http"
|
||||
@ -691,23 +674,6 @@ echo "Done";
|
||||
string(7) "9130731"
|
||||
}
|
||||
|
||||
--> http://user:@pass@host/path?argument?value#etc: array(7) {
|
||||
["scheme"]=>
|
||||
string(4) "http"
|
||||
["host"]=>
|
||||
string(4) "host"
|
||||
["user"]=>
|
||||
string(4) "user"
|
||||
["pass"]=>
|
||||
string(5) "@pass"
|
||||
["path"]=>
|
||||
string(5) "/path"
|
||||
["query"]=>
|
||||
string(14) "argument?value"
|
||||
["fragment"]=>
|
||||
string(3) "etc"
|
||||
}
|
||||
|
||||
--> http://10.10.10.10/:80: array(3) {
|
||||
["scheme"]=>
|
||||
string(4) "http"
|
||||
@ -883,4 +849,10 @@ echo "Done";
|
||||
--> http://blah.com:123456: bool(false)
|
||||
|
||||
--> http://blah.com:abcdef: bool(false)
|
||||
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: bool(false)
|
||||
|
||||
--> http://user:@pass@host/path?argument?value#etc: bool(false)
|
||||
|
||||
--> http://foo.com\@bar.com: bool(false)
|
||||
Done
|
||||
|
@ -69,7 +69,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(4) "http"
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(4) "http"
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(4) "http"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(4) "http"
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(4) "http"
|
||||
--> nntp://news.php.net : string(4) "nntp"
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(3) "ftp"
|
||||
@ -89,7 +88,6 @@ echo "Done";
|
||||
--> scheme: : string(6) "scheme"
|
||||
--> foo+bar://baz@bang/bla : string(7) "foo+bar"
|
||||
--> gg:9130731 : string(2) "gg"
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(4) "http"
|
||||
--> http://10.10.10.10/:80 : string(4) "http"
|
||||
--> http://x:? : string(4) "http"
|
||||
--> x:blah.com : string(1) "x"
|
||||
@ -125,4 +123,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||
--> nntp://news.php.net : string(12) "news.php.net"
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(11) "ftp.gnu.org"
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : string(4) "bang"
|
||||
--> gg:9130731 : NULL
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(4) "host"
|
||||
--> http://10.10.10.10/:80 : string(11) "10.10.10.10"
|
||||
--> http://x:? : string(1) "x"
|
||||
--> x:blah.com : NULL
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : NULL
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : int(80)
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : NULL
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : int(80)
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : int(80)
|
||||
--> nntp://news.php.net : NULL
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : NULL
|
||||
--> gg:9130731 : NULL
|
||||
--> http://user:@pass@host/path?argument?value#etc : NULL
|
||||
--> http://10.10.10.10/:80 : NULL
|
||||
--> http://x:? : NULL
|
||||
--> x:blah.com : NULL
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(0) ""
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(14) "secret@hideout"
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
||||
--> nntp://news.php.net : NULL
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : string(3) "baz"
|
||||
--> gg:9130731 : NULL
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(4) "user"
|
||||
--> http://10.10.10.10/:80 : NULL
|
||||
--> http://x:? : NULL
|
||||
--> x:blah.com : NULL
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(0) ""
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(7) "hideout"
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(7) "hideout"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : NULL
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(7) "hid:out"
|
||||
--> nntp://news.php.net : NULL
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : NULL
|
||||
--> gg:9130731 : NULL
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(5) "@pass"
|
||||
--> http://10.10.10.10/:80 : NULL
|
||||
--> http://x:? : NULL
|
||||
--> x:blah.com : NULL
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(10) "/index.php"
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(10) "/index.php"
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(10) "/index.php"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(10) "/index.php"
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(10) "/index.php"
|
||||
--> nntp://news.php.net : NULL
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(22) "/gnu/glic/glibc.tar.gz"
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : string(4) "/bla"
|
||||
--> gg:9130731 : string(7) "9130731"
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(5) "/path"
|
||||
--> http://10.10.10.10/:80 : string(4) "/:80"
|
||||
--> http://x:? : NULL
|
||||
--> x:blah.com : string(8) "blah.com"
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(31) "test=1&test2=char&test3=mixesCI"
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(31) "test=1&test2=char&test3=mixesCI"
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(31) "test=1&test2=char&test3=mixesCI"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(31) "test=1&test2=char&test3=mixesCI"
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(31) "test=1&test2=char&test3=mixesCI"
|
||||
--> nntp://news.php.net : NULL
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : NULL
|
||||
--> gg:9130731 : NULL
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(14) "argument?value"
|
||||
--> http://10.10.10.10/:80 : NULL
|
||||
--> http://x:? : NULL
|
||||
--> x:blah.com : NULL
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -68,7 +68,6 @@ echo "Done";
|
||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(16) "some_page_ref123"
|
||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(16) "some_page_ref123"
|
||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(16) "some_page_ref123"
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(16) "some_page_ref123"
|
||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(16) "some_page_ref123"
|
||||
--> nntp://news.php.net : NULL
|
||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
||||
@ -88,7 +87,6 @@ echo "Done";
|
||||
--> scheme: : NULL
|
||||
--> foo+bar://baz@bang/bla : NULL
|
||||
--> gg:9130731 : NULL
|
||||
--> http://user:@pass@host/path?argument?value#etc : string(3) "etc"
|
||||
--> http://10.10.10.10/:80 : NULL
|
||||
--> http://x:? : NULL
|
||||
--> x:blah.com : NULL
|
||||
@ -124,4 +122,7 @@ echo "Done";
|
||||
--> http://:? : bool(false)
|
||||
--> http://blah.com:123456 : bool(false)
|
||||
--> http://blah.com:abcdef : bool(false)
|
||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : bool(false)
|
||||
--> http://user:@pass@host/path?argument?value#etc : bool(false)
|
||||
--> http://foo.com\@bar.com : bool(false)
|
||||
Done
|
||||
|
@ -48,7 +48,6 @@ $urls = array(
|
||||
'http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123',
|
||||
'http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123',
|
||||
'http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123',
|
||||
'http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123',
|
||||
'http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123',
|
||||
'nntp://news.php.net',
|
||||
'ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz',
|
||||
@ -68,7 +67,6 @@ $urls = array(
|
||||
'scheme:',
|
||||
'foo+bar://baz@bang/bla',
|
||||
'gg:9130731',
|
||||
'http://user:@pass@host/path?argument?value#etc',
|
||||
'http://10.10.10.10/:80',
|
||||
'http://x:?',
|
||||
'x:blah.com',
|
||||
@ -106,6 +104,9 @@ $urls = array(
|
||||
'http://:?',
|
||||
'http://blah.com:123456',
|
||||
'http://blah.com:abcdef',
|
||||
'http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123',
|
||||
'http://user:@pass@host/path?argument?value#etc',
|
||||
'http://foo.com\\@bar.com'
|
||||
);
|
||||
|
||||
|
||||
|
@ -242,6 +242,19 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
|
||||
|
||||
/* check for login and password */
|
||||
if ((p = zend_memrchr(s, '@', (e-s)))) {
|
||||
/* check for invalid chars inside login/pass */
|
||||
pp = s;
|
||||
while (pp < p) {
|
||||
if (!isalnum(*pp) && *pp != ':' && *pp != ';' && *pp != '=' && !(*pp >= '!' && *pp <= ',')) {
|
||||
if (ret->scheme) {
|
||||
efree(ret->scheme);
|
||||
}
|
||||
efree(ret);
|
||||
return NULL;
|
||||
}
|
||||
pp++;
|
||||
}
|
||||
|
||||
if ((pp = memchr(s, ':', (p-s)))) {
|
||||
ret->user = estrndup(s, (pp-s));
|
||||
php_replace_controlchars_ex(ret->user, (pp - s));
|
||||
|
Loading…
Reference in New Issue
Block a user