lbarnaud Mon Jul 28 19:08:02 2008 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/standard http_fopen_wrapper.c
/php-src NEWS
Log:
MFH: When automatically redirecting an HTTP request, use the GET method when
the
original method was not HEAD or GET (fixes #45540)
#
# The RFC says that in case of 3xx code, "The action required MAY be
# carried out [...] *only if the method used in the second request is GET or
# HEAD*".
#
# This may not break anything as actually POST requests replying
# with a Location header never worked as the redirecting request was sent
using
# the POST method, but without Entity-Body (and without Content-Length
header,
# which caused the server to reply with a "411 Length Required" or to treat
# the request as GET).
#
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/http_fopen_wrapper.c?r1=1.99.2.12.2.9.2.9&r2=1.99.2.12.2.9.2.10&diff_format=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.99.2.12.2.9.2.9
php-src/ext/standard/http_fopen_wrapper.c:1.99.2.12.2.9.2.10
--- php-src/ext/standard/http_fopen_wrapper.c:1.99.2.12.2.9.2.9 Fri Jul 25
08:27:37 2008
+++ php-src/ext/standard/http_fopen_wrapper.c Mon Jul 28 19:08:02 2008
@@ -19,7 +19,7 @@
| Sara Golemon <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
*/
-/* $Id: http_fopen_wrapper.c,v 1.99.2.12.2.9.2.9 2008/07/25 08:27:37 mike Exp
$ */
+/* $Id: http_fopen_wrapper.c,v 1.99.2.12.2.9.2.10 2008/07/28 19:08:02 lbarnaud
Exp $ */
#include "php.h"
#include "php_globals.h"
@@ -252,10 +252,17 @@
if (context && php_stream_context_get_option(context, "http", "method",
&tmpzval) == SUCCESS) {
if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) >
0) {
- scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
- scratch = emalloc(scratch_len);
- strlcpy(scratch, Z_STRVAL_PP(tmpzval),
Z_STRLEN_PP(tmpzval) + 1);
- strcat(scratch, " ");
+ /* As per the RFC, automatically redirected requests
MUST NOT use other methods than
+ * GET and HEAD unless it can be confirmed by the user
*/
+ if (redirect_max == PHP_URL_REDIRECT_MAX
+ || (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET",
Z_STRVAL_PP(tmpzval), 3) == 0)
+ || (Z_STRLEN_PP(tmpzval) == 4 &&
memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0)
+ ) {
+ scratch_len = strlen(path) + 29 +
Z_STRLEN_PP(tmpzval);
+ scratch = emalloc(scratch_len);
+ strlcpy(scratch, Z_STRVAL_PP(tmpzval),
Z_STRLEN_PP(tmpzval) + 1);
+ strcat(scratch, " ");
+ }
}
}
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.965.2.229&r2=1.2027.2.547.2.965.2.230&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.965.2.229
php-src/NEWS:1.2027.2.547.2.965.2.230
--- php-src/NEWS:1.2027.2.547.2.965.2.229 Mon Jul 28 11:54:37 2008
+++ php-src/NEWS Mon Jul 28 19:08:02 2008
@@ -253,6 +253,7 @@
prop of wrapped object). (robin_fernandes at uk dot ibm dot com, Arnaud)
- Fixed bug #45571 (ReflectionClass::export() shows superclasses' private
static methods). (robin_fernandes at uk dot ibm dot com)
+- Fixed bug #45540 (stream_context_create creates bad http request). (Arnaud)
- Fixed bug #45430 (windows implementation of crypt is not thread safe).
(Pierre)
- Fixed bug #45345 (SPLFileInfo::getPathInfo() returning dir info instead of
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
