mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
This commit is contained in:
parent
207d9133ca
commit
c2296af6a6
3
NEWS
3
NEWS
@ -1,6 +1,9 @@
|
|||||||
PHP NEWS
|
PHP NEWS
|
||||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||
?? ??? 20??, PHP 5.3.3
|
?? ??? 20??, PHP 5.3.3
|
||||||
|
- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
|
||||||
|
(Ilia)
|
||||||
|
|
||||||
- Fixed bug #47409 (extract() problem with array containing word "this").
|
- Fixed bug #47409 (extract() problem with array containing word "this").
|
||||||
(Ilia, chrisstocktonaz at gmail dot com)
|
(Ilia, chrisstocktonaz at gmail dot com)
|
||||||
|
|
||||||
|
@ -456,12 +456,35 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
|||||||
RETURN_VALIDATION_FAILED
|
RETURN_VALIDATION_FAILED
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || !strcasecmp(url->scheme, "https"))) {
|
||||||
|
char *e, *s;
|
||||||
|
|
||||||
|
if (url->host == NULL) {
|
||||||
|
goto bad_url;
|
||||||
|
}
|
||||||
|
|
||||||
|
e = url->host + strlen(url->host);
|
||||||
|
s = url->host;
|
||||||
|
|
||||||
|
while (s < e) {
|
||||||
|
if (!isalnum((int)*(unsigned char *)s) && *s != '_' && *s != '.') {
|
||||||
|
goto bad_url;
|
||||||
|
}
|
||||||
|
s++;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (*(e - 1) == '.') {
|
||||||
|
goto bad_url;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
url->scheme == NULL ||
|
url->scheme == NULL ||
|
||||||
/* some schemas allow the host to be empty */
|
/* some schemas allow the host to be empty */
|
||||||
(url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
|
(url->host == NULL && (strcmp(url->scheme, "mailto") && strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
|
||||||
((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
|
((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || ((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
|
||||||
) {
|
) {
|
||||||
|
bad_url:
|
||||||
php_url_free(url);
|
php_url_free(url);
|
||||||
RETURN_VALIDATION_FAILED
|
RETURN_VALIDATION_FAILED
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user