Fixed parse_url() for better compliance with RFC3986

2024-09-21 18:07:23 +00:00 · 2016-06-21 12:45:49 +02:00 · 2016-06-21 12:45:49 +02:00 · e2add3ed87
commit e2add3ed87
parent 9c1fba8593
11 changed files with 27 additions and 1 deletions
--- a/ext/standard/tests/url/parse_url_basic_001.phpt
+++ b/ext/standard/tests/url/parse_url_basic_001.phpt
@ -608,6 +608,21 @@ echo "Done";
  string(12) "bar=1&boom=0"
 }

+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0: array(6) {
+  ["scheme"]=>
+  string(4) "http"
+  ["host"]=>
+  string(15) "www.example.com"
+  ["port"]=>
+  int(8080)
+  ["user"]=>
+  string(11) "user_me-you"
+  ["pass"]=>
+  string(11) "my_pas-word"
+  ["query"]=>
+  string(12) "bar=1&boom=0"
+}
+
 --> file:///path/to/file: array(2) {
  ["scheme"]=>
  string(4) "file"
--- a/ext/standard/tests/url/parse_url_basic_002.phpt
+++ b/ext/standard/tests/url/parse_url_basic_002.phpt
@ -80,6 +80,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : NULL
 --> foo.php?a=b&c=d   : NULL
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : string(4) "http"
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : string(4) "http"
 --> file:///path/to/file   : string(4) "file"
 --> file://path/to/file   : string(4) "file"
 --> file:/path/to/file   : string(4) "file"
--- a/ext/standard/tests/url/parse_url_basic_003.phpt
+++ b/ext/standard/tests/url/parse_url_basic_003.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : NULL
 --> foo.php?a=b&c=d   : NULL
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : string(15) "www.example.com"
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : string(15) "www.example.com"
 --> file:///path/to/file   : NULL
 --> file://path/to/file   : string(4) "path"
 --> file:/path/to/file   : NULL
--- a/ext/standard/tests/url/parse_url_basic_004.phpt
+++ b/ext/standard/tests/url/parse_url_basic_004.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : NULL
 --> foo.php?a=b&c=d   : NULL
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : int(8080)
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : int(8080)
 --> file:///path/to/file   : NULL
 --> file://path/to/file   : NULL
 --> file:/path/to/file   : NULL
--- a/ext/standard/tests/url/parse_url_basic_005.phpt
+++ b/ext/standard/tests/url/parse_url_basic_005.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : NULL
 --> foo.php?a=b&c=d   : NULL
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : string(4) "user"
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : string(11) "user_me-you"
 --> file:///path/to/file   : NULL
 --> file://path/to/file   : NULL
 --> file:/path/to/file   : NULL
--- a/ext/standard/tests/url/parse_url_basic_006.phpt
+++ b/ext/standard/tests/url/parse_url_basic_006.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : NULL
 --> foo.php?a=b&c=d   : NULL
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : string(6) "passwd"
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : string(11) "my_pas-word"
 --> file:///path/to/file   : NULL
 --> file://path/to/file   : NULL
 --> file:/path/to/file   : NULL
--- a/ext/standard/tests/url/parse_url_basic_007.phpt
+++ b/ext/standard/tests/url/parse_url_basic_007.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : string(8) "/foo.php"
 --> foo.php?a=b&c=d   : string(7) "foo.php"
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : NULL
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : NULL
 --> file:///path/to/file   : string(13) "/path/to/file"
 --> file://path/to/file   : string(8) "/to/file"
 --> file:/path/to/file   : string(13) "/path/to/file"
--- a/ext/standard/tests/url/parse_url_basic_008.phpt
+++ b/ext/standard/tests/url/parse_url_basic_008.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : string(7) "a=b&c=d"
 --> foo.php?a=b&c=d   : string(7) "a=b&c=d"
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : string(12) "bar=1&boom=0"
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : string(12) "bar=1&boom=0"
 --> file:///path/to/file   : NULL
 --> file://path/to/file   : NULL
 --> file:/path/to/file   : NULL
--- a/ext/standard/tests/url/parse_url_basic_009.phpt
+++ b/ext/standard/tests/url/parse_url_basic_009.phpt
@ -79,6 +79,7 @@ echo "Done";
 --> /foo.php?a=b&c=d   : NULL
 --> foo.php?a=b&c=d   : NULL
 --> http://user:passwd@www.example.com:8080?bar=1&boom=0   : NULL
+--> http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0   : NULL
 --> file:///path/to/file   : NULL
 --> file://path/to/file   : NULL
 --> file:/path/to/file   : NULL
--- a/ext/standard/tests/url/urls.inc
+++ b/ext/standard/tests/url/urls.inc
@ -59,6 +59,7 @@ $urls = array(
 '/foo.php?a=b&c=d',
 'foo.php?a=b&c=d',
 'http://user:passwd@www.example.com:8080?bar=1&boom=0',
+'http://user_me-you:my_pas-word@www.example.com:8080?bar=1&boom=0',
 'file:///path/to/file',
 'file://path/to/file',
 'file:/path/to/file',
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@ -245,7 +245,9 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
 		/* check for invalid chars inside login/pass */
 		pp = s;
 		while (pp < p) {
-			if (!isalnum(*pp) && *pp != ':' && *pp != ';' && *pp != '=' && !(*pp >= '!' && *pp <= ',')) {
+			/* http://www.rfc-editor.org/rfc/rfc3986.txt §3.2.1 */
+			const char search_rfc3986[] = ":;=!$%_-.~&'()*+,";
+			if (!isalnum(*pp) && !strchr(search_rfc3986, *pp)) {
 				if (ret->scheme) {
 					efree(ret->scheme);
 				}