[PHP-CVS] cvs: php-src(PHP_5_1) / NEWS /ext/standard http_fopen_wrapper.c

Sun, 16 Apr 2006 09:56:02 -0700 

iliaa           Sun Apr 16 16:54:49 2006 UTC

  Modified files:              (Branch: PHP_5_1)
    /php-src/ext/standard       http_fopen_wrapper.c 
    /php-src    NEWS 
  Log:
  Fixed bug #37045 (Fixed check for special chars for http redirects).
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/http_fopen_wrapper.c?r1=1.99.2.10&r2=1.99.2.11&diff_format=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.99.2.10 
php-src/ext/standard/http_fopen_wrapper.c:1.99.2.11
--- php-src/ext/standard/http_fopen_wrapper.c:1.99.2.10 Sun Mar 26 17:12:05 2006
+++ php-src/ext/standard/http_fopen_wrapper.c   Sun Apr 16 16:54:49 2006
@@ -19,7 +19,7 @@
    |          Sara Golemon <[EMAIL PROTECTED]>                              |
    +----------------------------------------------------------------------+
  */
-/* $Id: http_fopen_wrapper.c,v 1.99.2.10 2006/03/26 17:12:05 iliaa Exp $ */ 
+/* $Id: http_fopen_wrapper.c,v 1.99.2.11 2006/04/16 16:54:49 iliaa Exp $ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -639,10 +639,11 @@
        }       \
 }      \
                        /* check for control characters in login, password & 
path */
-                       CHECK_FOR_CNTRL_CHARS(resource->user)
-                       CHECK_FOR_CNTRL_CHARS(resource->pass)
-                       CHECK_FOR_CNTRL_CHARS(resource->path)
-
+                       if (strncasecmp(newpath, "http://";, sizeof("http://";) - 
1) || strncasecmp(newpath, "https://";, sizeof("https://";) - 1) {
+                               CHECK_FOR_CNTRL_CHARS(resource->user)
+                               CHECK_FOR_CNTRL_CHARS(resource->pass)
+                               CHECK_FOR_CNTRL_CHARS(resource->path)
+                       }
                        stream = php_stream_url_wrap_http_ex(wrapper, new_path, 
mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
                } else {
                        php_stream_wrapper_log_error(wrapper, options 
TSRMLS_CC, "HTTP request failed! %s", tmp_line);
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.2027.2.515&r2=1.2027.2.516&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.515 php-src/NEWS:1.2027.2.516
--- php-src/NEWS:1.2027.2.515   Sat Apr 15 12:54:14 2006
+++ php-src/NEWS        Sun Apr 16 16:54:49 2006
@@ -15,6 +15,7 @@
 - Fixed bug #37053 (html_errors with internal classes produces wrong links). 
   (Tony)
 - Fixed bug #37046 (foreach breaks static scope). (Dmitry)
+- Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia)
 - Fixed bug #37002 (Have to quote literals in INI when concatenating with
   vars). (Dmitry)
 - Fixed bug #36513 (comment will be outputed in last line). (Dmitry)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to