lbarnaud                Mon Jul 28 19:08:02 2008 UTC

  Modified files:              (Branch: PHP_5_3)
    /php-src/ext/standard       http_fopen_wrapper.c 
    /php-src    NEWS 
  Log:
  MFH: When automatically redirecting an HTTP request, use the GET method when 
the
  original method was not HEAD or GET (fixes #45540)
  #
  # The RFC says that in case of 3xx code, "The action required MAY be 
  # carried out [...] *only if the method used in the second request is GET or 
  # HEAD*".
  #
  # This may not break anything as actually POST requests replying 
  # with a Location header never worked as the redirecting request was sent 
using
  # the POST method, but without Entity-Body (and without Content-Length 
header, 
  # which caused the server to reply with a "411 Length Required" or to treat 
  # the request as GET).
  #
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/http_fopen_wrapper.c?r1=1.99.2.12.2.9.2.9&r2=1.99.2.12.2.9.2.10&diff_format=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.99.2.12.2.9.2.9 
php-src/ext/standard/http_fopen_wrapper.c:1.99.2.12.2.9.2.10
--- php-src/ext/standard/http_fopen_wrapper.c:1.99.2.12.2.9.2.9 Fri Jul 25 
08:27:37 2008
+++ php-src/ext/standard/http_fopen_wrapper.c   Mon Jul 28 19:08:02 2008
@@ -19,7 +19,7 @@
    |          Sara Golemon <[EMAIL PROTECTED]>                              |
    +----------------------------------------------------------------------+
  */
-/* $Id: http_fopen_wrapper.c,v 1.99.2.12.2.9.2.9 2008/07/25 08:27:37 mike Exp 
$ */ 
+/* $Id: http_fopen_wrapper.c,v 1.99.2.12.2.9.2.10 2008/07/28 19:08:02 lbarnaud 
Exp $ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -252,10 +252,17 @@
 
        if (context && php_stream_context_get_option(context, "http", "method", 
&tmpzval) == SUCCESS) {
                if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 
0) {
-                       scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
-                       scratch = emalloc(scratch_len);
-                       strlcpy(scratch, Z_STRVAL_PP(tmpzval), 
Z_STRLEN_PP(tmpzval) + 1);
-                       strcat(scratch, " ");
+                       /* As per the RFC, automatically redirected requests 
MUST NOT use other methods than
+                        * GET and HEAD unless it can be confirmed by the user 
*/
+                       if (redirect_max == PHP_URL_REDIRECT_MAX
+                               || (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET", 
Z_STRVAL_PP(tmpzval), 3) == 0)
+                               || (Z_STRLEN_PP(tmpzval) == 4 && 
memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0)
+                       ) {
+                               scratch_len = strlen(path) + 29 + 
Z_STRLEN_PP(tmpzval);
+                               scratch = emalloc(scratch_len);
+                               strlcpy(scratch, Z_STRVAL_PP(tmpzval), 
Z_STRLEN_PP(tmpzval) + 1);
+                               strcat(scratch, " ");
+                       }
                }
        }
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.965.2.229&r2=1.2027.2.547.2.965.2.230&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.965.2.229 
php-src/NEWS:1.2027.2.547.2.965.2.230
--- php-src/NEWS:1.2027.2.547.2.965.2.229       Mon Jul 28 11:54:37 2008
+++ php-src/NEWS        Mon Jul 28 19:08:02 2008
@@ -253,6 +253,7 @@
   prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
 - Fixed bug #45571 (ReflectionClass::export() shows superclasses' private
   static methods). (robin_fernandes at uk dot ibm dot com)
+- Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
 - Fixed bug #45430 (windows implementation of crypt is not thread safe).
   (Pierre)
 - Fixed bug #45345 (SPLFileInfo::getPathInfo() returning dir info instead of



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to