From 1d4fcdff9f8a5b183cd99295f330bb92dbcf1105 Mon Sep 17 00:00:00 2001
From: Sergey Akbarov <sergey@terranova.(none)>
Date: Fri, 15 Mar 2013 09:54:18 -0700
Subject: [PATCH] Fix bug #64433: does not follow redirects for non-3xx
 response codes

---
 NEWS                                        |  5 +-
 ext/standard/http_fopen_wrapper.c           |  9 ++-
 ext/standard/tests/streams/bug64433.phpt    | 81 +++++++++++++++++++++
 ext/standard/tests/streams/bug64433_srv.inc | 14 ++++
 4 files changed, 105 insertions(+), 4 deletions(-)
 create mode 100644 ext/standard/tests/streams/bug64433.phpt
 create mode 100644 ext/standard/tests/streams/bug64433_srv.inc

diff --git a/NEWS b/NEWS
index eebe2046948..ad4852d4b51 100644
--- a/NEWS
+++ b/NEWS
@@ -1,9 +1,12 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2013, PHP 5.4.15
+- Core:
+  . Fixed bug #64433 (follow_location parameter of context is ignored for most 
+    response codes). (Sergey Akbarov)
 
 ?? ??? 2013, PHP 5.4.14
-- Core
+- Core:
   . Fixed bug #64529 (Ran out of opcode space). (Dmitry)
   . Fixed bug #64515 (Memoryleak when using the same variablename two times in
     function declaration). (Laruence)
diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
index 870f904e9c3..b8676bbba4d 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -731,12 +731,15 @@ finish:
 			http_header_line[http_header_line_length] = '\0';
 
 			if (!strncasecmp(http_header_line, "Location: ", 10)) {
-				/* we only care about Location for 300, 301, 302, 303 and 307 */
-				/* see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */
-				if ((response_code >= 300 && response_code < 304 || 307 == response_code) && context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) {
+				if (context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) {
 					SEPARATE_ZVAL(tmpzval);
 					convert_to_long_ex(tmpzval);
 					follow_location = Z_LVAL_PP(tmpzval);
+				} else if (!(response_code >= 300 && response_code < 304 || 307 == response_code)) { 
+					/* we shouldn't redirect automatically
+					if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307) 
+					see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */
+					follow_location = 0;
 				}
 				strlcpy(location, http_header_line + 10, sizeof(location));
 			} else if (!strncasecmp(http_header_line, "Content-Type: ", 14)) {
diff --git a/ext/standard/tests/streams/bug64433.phpt b/ext/standard/tests/streams/bug64433.phpt
new file mode 100644
index 00000000000..9f6e410a713
--- /dev/null
+++ b/ext/standard/tests/streams/bug64433.phpt
@@ -0,0 +1,81 @@
+--TEST--
+Bug #60180 ($_SERVER["PHP_SELF"] incorrect)
+--SKIPIF--
+<?php
+if(!file_exists(dirname(__FILE__)."/../../../../sapi/cli/tests/php_cli_server.inc")) die("skip");
+$res = @include dirname(__FILE__)."/../../../../sapi/cli/tests/php_cli_server.inc";
+if(!$res) {
+	die("skip");
+}
+?>
+--FILE--
+<?php
+include dirname(__FILE__)."/../../../../sapi/cli/tests/php_cli_server.inc";
+php_cli_server_start(file_get_contents(dirname(__FILE__).'/bug64433_srv.inc'));
+
+echo file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php");
+echo "default\n";
+$codes = array(200, 201, 204, 301, 302, 303, 304, 305, 307, 404, 500);
+foreach($codes as $code) {
+	echo "$code: ".file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php?status=$code&loc=1");
+}
+echo "follow=0\n";
+$arr = array('http'=>
+                        array(
+                                'follow_location'=>0,	
+                        )
+                );
+$context = stream_context_create($arr);
+foreach($codes as $code) {
+	echo "$code: ".file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php?status=$code&loc=1", false, $context);
+}
+echo "follow=1\n";
+$arr = array('http'=>
+                        array(
+                                'follow_location'=>1,	
+                        )
+                );
+$context = stream_context_create($arr);
+foreach($codes as $code) {
+	echo "$code: ".file_get_contents("http://".PHP_CLI_SERVER_ADDRESS."/index.php?status=$code&loc=1", false, $context);
+}
+--EXPECT--
+HELLO!
+default
+200: HELLO!
+201: HELLO!
+204: HELLO!
+301: REDIRECTED
+302: REDIRECTED
+303: REDIRECTED
+304: HELLO!
+305: HELLO!
+307: REDIRECTED
+404: HELLO!
+500: HELLO!
+follow=0
+200: HELLO!
+201: HELLO!
+204: HELLO!
+301: HELLO!
+302: HELLO!
+303: HELLO!
+304: HELLO!
+305: HELLO!
+307: HELLO!
+404: HELLO!
+500: HELLO!
+follow=1
+200: REDIRECTED
+201: REDIRECTED
+204: REDIRECTED
+301: REDIRECTED
+302: REDIRECTED
+303: REDIRECTED
+304: REDIRECTED
+305: REDIRECTED
+307: REDIRECTED
+404: REDIRECTED
+500: REDIRECTED
+
+
diff --git a/ext/standard/tests/streams/bug64433_srv.inc b/ext/standard/tests/streams/bug64433_srv.inc
new file mode 100644
index 00000000000..e79a2fd6d6d
--- /dev/null
+++ b/ext/standard/tests/streams/bug64433_srv.inc
@@ -0,0 +1,14 @@
+if(!empty($_REQUEST["redir"])) {
+	echo "REDIRECTED\n";
+	return;
+}
+
+if(!empty($_REQUEST["loc"])) {
+	header("Location: index.php?redir=1");
+}
+
+if(!empty($_REQUEST["status"])) {
+	http_response_code($_REQUEST["status"]);
+}
+
+echo "HELLO!\n";
\ No newline at end of file