mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Merge branch 'PHP-8.0'
* PHP-8.0: Alternative fix for bug 77423
This commit is contained in:
commit
7eff4057de
@ -563,6 +563,22 @@ void php_filter_validate_domain(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
|||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
|
|
||||||
|
static int is_userinfo_valid(zend_string *str)
|
||||||
|
{
|
||||||
|
const char *valid = "-._~!$&'()*+,;=:";
|
||||||
|
const char *p = ZSTR_VAL(str);
|
||||||
|
while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) {
|
||||||
|
if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
|
||||||
|
p++;
|
||||||
|
} else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
|
||||||
|
p += 3;
|
||||||
|
} else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
||||||
{
|
{
|
||||||
php_url *url;
|
php_url *url;
|
||||||
@ -618,6 +634,13 @@ bad_url:
|
|||||||
php_url_free(url);
|
php_url_free(url);
|
||||||
RETURN_VALIDATION_FAILED
|
RETURN_VALIDATION_FAILED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (url->user != NULL && !is_userinfo_valid(url->user)) {
|
||||||
|
php_url_free(url);
|
||||||
|
RETURN_VALIDATION_FAILED
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
php_url_free(url);
|
php_url_free(url);
|
||||||
}
|
}
|
||||||
/* }}} */
|
/* }}} */
|
||||||
|
@ -10,23 +10,8 @@ $urls = array(
|
|||||||
);
|
);
|
||||||
foreach ($urls as $url) {
|
foreach ($urls as $url) {
|
||||||
var_dump(filter_var($url, FILTER_VALIDATE_URL));
|
var_dump(filter_var($url, FILTER_VALIDATE_URL));
|
||||||
var_dump(parse_url($url));
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
--EXPECT--
|
--EXPECT--
|
||||||
bool(false)
|
bool(false)
|
||||||
array(3) {
|
|
||||||
["scheme"]=>
|
|
||||||
string(4) "http"
|
|
||||||
["host"]=>
|
|
||||||
string(19) "php.net\@aliyun.com"
|
|
||||||
["path"]=>
|
|
||||||
string(7) "/aaa.do"
|
|
||||||
}
|
|
||||||
bool(false)
|
bool(false)
|
||||||
array(2) {
|
|
||||||
["scheme"]=>
|
|
||||||
string(5) "https"
|
|
||||||
["host"]=>
|
|
||||||
string(26) "example.com\uFF03@bing.com"
|
|
||||||
}
|
|
@ -589,13 +589,15 @@ $sample_urls = array (
|
|||||||
string(16) "some_page_ref123"
|
string(16) "some_page_ref123"
|
||||||
}
|
}
|
||||||
|
|
||||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) {
|
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) {
|
||||||
["scheme"]=>
|
["scheme"]=>
|
||||||
string(4) "http"
|
string(4) "http"
|
||||||
["host"]=>
|
["host"]=>
|
||||||
string(26) "secret@hideout@www.php.net"
|
string(11) "www.php.net"
|
||||||
["port"]=>
|
["port"]=>
|
||||||
int(80)
|
int(80)
|
||||||
|
["user"]=>
|
||||||
|
string(14) "secret@hideout"
|
||||||
["path"]=>
|
["path"]=>
|
||||||
string(10) "/index.php"
|
string(10) "/index.php"
|
||||||
["query"]=>
|
["query"]=>
|
||||||
|
@ -514,13 +514,15 @@ echo "Done";
|
|||||||
string(16) "some_page_ref123"
|
string(16) "some_page_ref123"
|
||||||
}
|
}
|
||||||
|
|
||||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) {
|
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) {
|
||||||
["scheme"]=>
|
["scheme"]=>
|
||||||
string(4) "http"
|
string(4) "http"
|
||||||
["host"]=>
|
["host"]=>
|
||||||
string(26) "secret@hideout@www.php.net"
|
string(11) "www.php.net"
|
||||||
["port"]=>
|
["port"]=>
|
||||||
int(80)
|
int(80)
|
||||||
|
["user"]=>
|
||||||
|
string(14) "secret@hideout"
|
||||||
["path"]=>
|
["path"]=>
|
||||||
string(10) "/index.php"
|
string(10) "/index.php"
|
||||||
["query"]=>
|
["query"]=>
|
||||||
|
@ -62,7 +62,7 @@ echo "Done";
|
|||||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(26) "secret@hideout@www.php.net"
|
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net"
|
||||||
--> nntp://news.php.net : string(12) "news.php.net"
|
--> nntp://news.php.net : string(12) "news.php.net"
|
||||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(11) "ftp.gnu.org"
|
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(11) "ftp.gnu.org"
|
||||||
|
@ -62,7 +62,7 @@ echo "Done";
|
|||||||
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
--> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
||||||
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(0) ""
|
--> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(0) ""
|
||||||
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
--> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
||||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : NULL
|
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(14) "secret@hideout"
|
||||||
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
--> http://secret:hid:out@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret"
|
||||||
--> nntp://news.php.net : NULL
|
--> nntp://news.php.net : NULL
|
||||||
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
--> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL
|
||||||
|
@ -522,13 +522,15 @@ echo "Done";
|
|||||||
string(16) "some_page_ref123"
|
string(16) "some_page_ref123"
|
||||||
}
|
}
|
||||||
|
|
||||||
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(6) {
|
--> http://secret@hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123: array(7) {
|
||||||
["scheme"]=>
|
["scheme"]=>
|
||||||
string(4) "http"
|
string(4) "http"
|
||||||
["host"]=>
|
["host"]=>
|
||||||
string(26) "secret@hideout@www.php.net"
|
string(11) "www.php.net"
|
||||||
["port"]=>
|
["port"]=>
|
||||||
int(80)
|
int(80)
|
||||||
|
["user"]=>
|
||||||
|
string(14) "secret@hideout"
|
||||||
["path"]=>
|
["path"]=>
|
||||||
string(10) "/index.php"
|
string(10) "/index.php"
|
||||||
["query"]=>
|
["query"]=>
|
||||||
|
@ -249,17 +249,13 @@ parse_host:
|
|||||||
ret->pass = zend_string_init(pp, (p-pp), 0);
|
ret->pass = zend_string_init(pp, (p-pp), 0);
|
||||||
php_replace_controlchars_ex(ZSTR_VAL(ret->pass), ZSTR_LEN(ret->pass));
|
php_replace_controlchars_ex(ZSTR_VAL(ret->pass), ZSTR_LEN(ret->pass));
|
||||||
} else {
|
} else {
|
||||||
if (!is_userinfo_valid(s, p-s)) {
|
ret->user = zend_string_init(s, (p-s), 0);
|
||||||
goto check_port;
|
php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user));
|
||||||
}
|
|
||||||
ret->user = zend_string_init(s, (p-s), 0);
|
|
||||||
php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
s = p + 1;
|
s = p + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
check_port:
|
|
||||||
/* check for port */
|
/* check for port */
|
||||||
if (s < ue && *s == '[' && *(e-1) == ']') {
|
if (s < ue && *s == '[' && *(e-1) == ']') {
|
||||||
/* Short circuit portscan,
|
/* Short circuit portscan,
|
||||||
|
Loading…
Reference in New Issue
Block a user