[PHP-CVS] cvs: php-src(PHP_4_4) / NEWS /ext/standard http_fopen_wrapper.c

Sun, 16 Apr 2006 09:56:38 -0700 

iliaa           Sun Apr 16 16:56:26 2006 UTC

  Modified files:              (Branch: PHP_4_4)
    /php-src/ext/standard       http_fopen_wrapper.c 
    /php-src    NEWS 
  Log:
  MFH: Fixed bug #37045 (Fixed check for special chars for http redirects).
  
  
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/http_fopen_wrapper.c?r1=1.53.2.20.2.7&r2=1.53.2.20.2.8&diff_format=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.53.2.20.2.7 
php-src/ext/standard/http_fopen_wrapper.c:1.53.2.20.2.8
--- php-src/ext/standard/http_fopen_wrapper.c:1.53.2.20.2.7     Sun Mar 26 
17:12:57 2006
+++ php-src/ext/standard/http_fopen_wrapper.c   Sun Apr 16 16:56:26 2006
@@ -18,7 +18,7 @@
    |          Wez Furlong <[EMAIL PROTECTED]>                          |
    +----------------------------------------------------------------------+
  */
-/* $Id: http_fopen_wrapper.c,v 1.53.2.20.2.7 2006/03/26 17:12:57 iliaa Exp $ 
*/ 
+/* $Id: http_fopen_wrapper.c,v 1.53.2.20.2.8 2006/04/16 16:56:26 iliaa Exp $ 
*/ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -503,9 +503,11 @@
        }       \
 }      \
                        /* check for control characters in login, password & 
path */
-                       CHECK_FOR_CNTRL_CHARS(resource->user)
-                       CHECK_FOR_CNTRL_CHARS(resource->pass)
-                       CHECK_FOR_CNTRL_CHARS(resource->path)
+                       if (strncasecmp(newpath, "http://";, sizeof("http://";) - 
1) || strncasecmp(newpath, "https://";, sizeof("https://";) - 1) {
+                               CHECK_FOR_CNTRL_CHARS(resource->user)
+                               CHECK_FOR_CNTRL_CHARS(resource->pass)
+                               CHECK_FOR_CNTRL_CHARS(resource->path)
+                       }
 
                        stream = php_stream_url_wrap_http_ex(NULL, new_path, 
mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
                        if (stream && stream->wrapperdata)      {
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?r1=1.1247.2.920.2.124&r2=1.1247.2.920.2.125&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1247.2.920.2.124 php-src/NEWS:1.1247.2.920.2.125
--- php-src/NEWS:1.1247.2.920.2.124     Thu Apr 13 06:16:42 2006
+++ php-src/NEWS        Sun Apr 16 16:56:26 2006
@@ -5,6 +5,7 @@
 - Added overflow checks to wordwrap() function. (Ilia)
 - Added a check for special characters in the session name. (Ilia)
 - Fixed bug #37046 (foreach breaks static scope). (Dmitry)
+- Fixed bug #37045 (Fixed check for special chars for http redirects). (Ilia)
 - Fixed bug #36857 (Added support for partial content fetching to the HTTP
   streams wrapper). (Ilia)
 - Fixed bug #36776 (node_list_wrapper_dtor segfault). (Rob)

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to