dmitry                                   Mon, 17 Aug 2009 18:23:48 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=287425

Log:
Fixed bug #49144 (import of schema from different host transmits original 
authentication details)

Bug: http://bugs.php.net/49144 (Assigned) import of schema from different host 
transmits original authentication details
      
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/soap/php_schema.c
    U   php/php-src/branches/PHP_5_2/ext/soap/php_sdl.c
    U   php/php-src/branches/PHP_5_2/ext/soap/php_sdl.h
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/soap/php_schema.c
    U   php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c
    U   php/php-src/branches/PHP_5_3/ext/soap/php_sdl.h
    U   php/php-src/trunk/ext/soap/php_schema.c
    U   php/php-src/trunk/ext/soap/php_sdl.c
    U   php/php-src/trunk/ext/soap/php_sdl.h

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_2/NEWS	2009-08-17 18:23:48 UTC (rev 287425)
@@ -6,6 +6,8 @@
 - Fixed bug #49269 (Ternary operator fails on Iterator object when used inside
   foreach declaration). (Etienne, Dmitry)
 - Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
+- Fixed bug #49144 	(import of schema from different host transmits original
+  authentication details). (Dmitry)

 13 Aug 2009, PHP 5.2.11RC1
 - Fixed regression in cURL extension that prevented flush of data to output

Modified: php/php-src/branches/PHP_5_2/ext/soap/php_schema.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/soap/php_schema.c	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_2/ext/soap/php_schema.c	2009-08-17 18:23:48 UTC (rev 287425)
@@ -102,7 +102,10 @@
 		xmlNodePtr schema;
 		xmlAttrPtr new_tns;

+		sdl_set_uri_credentials(ctx, (char*)location TSRMLS_CC);
 		doc = soap_xmlParseFile((char*)location TSRMLS_CC);
+		sdl_restore_uri_credentials(ctx TSRMLS_CC);
+
 		if (doc == NULL) {
 			soap_error1(E_ERROR, "Parsing Schema: can't import schema from '%s'", location);
 		}

Modified: php/php-src/branches/PHP_5_2/ext/soap/php_sdl.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/soap/php_sdl.c	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_2/ext/soap/php_sdl.c	2009-08-17 18:23:48 UTC (rev 287425)
@@ -226,6 +226,64 @@
 	return 1;
 }

+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC)
+{
+	char *s;
+	int l1, l2;
+	zval *context = NULL;
+	zval **header = NULL;
+
+	/* check if we load xsd from the same server */
+	s = strstr(ctx->sdl->source, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l1 = s - ctx->sdl->source;
+	s = strstr((char*)uri, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l2 = s - (char*)uri;
+	if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) {
+		/* another server. clear authentication credentals */
+		context = php_libxml_switch_context(NULL TSRMLS_CC);
+		php_libxml_switch_context(context TSRMLS_CC);
+		if (context) {
+			ctx->context = php_stream_context_from_zval(context, 1);
+
+			if (ctx->context &&
+			    php_stream_context_get_option(ctx->context, "http", "header", &header) == SUCCESS) {
+				s = strstr(Z_STRVAL_PP(header), "Authorization: Basic");
+				if (s && (s == Z_STRVAL_PP(header) || *(s-1) == '\n' || *(s-1) == '\r')) {
+					char *rest = strstr(s, "\r\n");
+					if (rest) {
+						zval new_header;
+
+						rest += 2;
+						Z_TYPE(new_header) = IS_STRING;
+						Z_STRLEN(new_header) = Z_STRLEN_PP(header) - (rest - s);
+						Z_STRVAL(new_header) = emalloc(Z_STRLEN_PP(header) + 1);
+						memcpy(Z_STRVAL(new_header), Z_STRVAL_PP(header), s - Z_STRVAL_PP(header));
+						memcpy(Z_STRVAL(new_header) + (s - Z_STRVAL_PP(header)), rest, Z_STRLEN_PP(header) - (rest - Z_STRVAL_PP(header)) + 1);
+						ctx->old_header = *header;
+						ctx->old_header->refcount++;
+						php_stream_context_set_option(ctx->context, "http", "header", &new_header);
+						zval_dtor(&new_header);
+					}
+				}
+			}
+		}
+	}
+}
+
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC)
+{
+	if (ctx->old_header) {
+	    php_stream_context_set_option(ctx->context, "http", "header", ctx->old_header);
+	    zval_ptr_dtor(&ctx->old_header);
+		ctx->old_header = NULL;
+	}
+	ctx->context = NULL;
+}
+
 static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include TSRMLS_DC)
 {
 	sdlPtr tmpsdl = ctx->sdl;
@@ -237,7 +295,9 @@
 		return;
 	}

+	sdl_set_uri_credentials(ctx, struri TSRMLS_CC);
 	wsdl = soap_xmlParseFile(struri TSRMLS_CC);
+	sdl_restore_uri_credentials(ctx TSRMLS_CC);

 	if (!wsdl) {
 		xmlErrorPtr xmlErrorPtr = xmlGetLastError();

Modified: php/php-src/branches/PHP_5_2/ext/soap/php_sdl.h
===================================================================
--- php/php-src/branches/PHP_5_2/ext/soap/php_sdl.h	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_2/ext/soap/php_sdl.h	2009-08-17 18:23:48 UTC (rev 287425)
@@ -76,6 +76,8 @@

 	HashTable *attributes;       /* array of sdlAttributePtr */
 	HashTable *attributeGroups;  /* array of sdlTypesPtr */
+	php_stream_context *context;
+	zval               *old_header;
 } sdlCtx;

 struct _sdlBinding {
@@ -264,4 +266,7 @@
 void delete_sdl(void *handle);
 void delete_sdl_impl(void *handle);

+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC);
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC);
+
 #endif

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_3/NEWS	2009-08-17 18:23:48 UTC (rev 287425)
@@ -28,6 +28,8 @@
 - Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies
   wrong type in declaration). (Ilia)
 - Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre)
+- Fixed bug #49144 	(import of schema from different host transmits original
+  authentication details). (Dmitry)
 - Fixed bug #49132 (posix_times returns false without error).
   (phpbugs at gunnu dot us)
 - Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)

Modified: php/php-src/branches/PHP_5_3/ext/soap/php_schema.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/soap/php_schema.c	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_3/ext/soap/php_schema.c	2009-08-17 18:23:48 UTC (rev 287425)
@@ -102,7 +102,10 @@
 		xmlNodePtr schema;
 		xmlAttrPtr new_tns;

+		sdl_set_uri_credentials(ctx, (char*)location TSRMLS_CC);
 		doc = soap_xmlParseFile((char*)location TSRMLS_CC);
+		sdl_restore_uri_credentials(ctx TSRMLS_CC);
+
 		if (doc == NULL) {
 			soap_error1(E_ERROR, "Parsing Schema: can't import schema from '%s'", location);
 		}

Modified: php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_3/ext/soap/php_sdl.c	2009-08-17 18:23:48 UTC (rev 287425)
@@ -226,6 +226,64 @@
 	return 1;
 }

+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC)
+{
+	char *s;
+	int l1, l2;
+	zval *context = NULL;
+	zval **header = NULL;
+
+	/* check if we load xsd from the same server */
+	s = strstr(ctx->sdl->source, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l1 = s - ctx->sdl->source;
+	s = strstr((char*)uri, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l2 = s - (char*)uri;
+	if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) {
+		/* another server. clear authentication credentals */
+		context = php_libxml_switch_context(NULL TSRMLS_CC);
+		php_libxml_switch_context(context TSRMLS_CC);
+		if (context) {
+			ctx->context = php_stream_context_from_zval(context, 1);
+
+			if (ctx->context &&
+			    php_stream_context_get_option(ctx->context, "http", "header", &header) == SUCCESS) {
+				s = strstr(Z_STRVAL_PP(header), "Authorization: Basic");
+				if (s && (s == Z_STRVAL_PP(header) || *(s-1) == '\n' || *(s-1) == '\r')) {
+					char *rest = strstr(s, "\r\n");
+					if (rest) {
+						zval new_header;
+
+						rest += 2;
+						Z_TYPE(new_header) = IS_STRING;
+						Z_STRLEN(new_header) = Z_STRLEN_PP(header) - (rest - s);
+						Z_STRVAL(new_header) = emalloc(Z_STRLEN_PP(header) + 1);
+						memcpy(Z_STRVAL(new_header), Z_STRVAL_PP(header), s - Z_STRVAL_PP(header));
+						memcpy(Z_STRVAL(new_header) + (s - Z_STRVAL_PP(header)), rest, Z_STRLEN_PP(header) - (rest - Z_STRVAL_PP(header)) + 1);
+						ctx->old_header = *header;
+						Z_ADDREF_P(ctx->old_header);
+						php_stream_context_set_option(ctx->context, "http", "header", &new_header);
+						zval_dtor(&new_header);
+					}
+				}
+			}
+		}
+	}
+}
+
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC)
+{
+	if (ctx->old_header) {
+	    php_stream_context_set_option(ctx->context, "http", "header", ctx->old_header);
+	    zval_ptr_dtor(&ctx->old_header);
+		ctx->old_header = NULL;
+	}
+	ctx->context = NULL;
+}
+
 static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include TSRMLS_DC)
 {
 	sdlPtr tmpsdl = ctx->sdl;
@@ -237,7 +295,9 @@
 		return;
 	}

+	sdl_set_uri_credentials(ctx, struri TSRMLS_CC);
 	wsdl = soap_xmlParseFile(struri TSRMLS_CC);
+	sdl_restore_uri_credentials(ctx TSRMLS_CC);

 	if (!wsdl) {
 		xmlErrorPtr xmlErrorPtr = xmlGetLastError();

Modified: php/php-src/branches/PHP_5_3/ext/soap/php_sdl.h
===================================================================
--- php/php-src/branches/PHP_5_3/ext/soap/php_sdl.h	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/branches/PHP_5_3/ext/soap/php_sdl.h	2009-08-17 18:23:48 UTC (rev 287425)
@@ -76,6 +76,8 @@

 	HashTable *attributes;       /* array of sdlAttributePtr */
 	HashTable *attributeGroups;  /* array of sdlTypesPtr */
+	php_stream_context *context;
+	zval               *old_header;
 } sdlCtx;

 struct _sdlBinding {
@@ -264,4 +266,7 @@
 void delete_sdl(void *handle);
 void delete_sdl_impl(void *handle);

+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC);
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC);
+
 #endif

Modified: php/php-src/trunk/ext/soap/php_schema.c
===================================================================
--- php/php-src/trunk/ext/soap/php_schema.c	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/trunk/ext/soap/php_schema.c	2009-08-17 18:23:48 UTC (rev 287425)
@@ -102,7 +102,10 @@
 		xmlNodePtr schema;
 		xmlAttrPtr new_tns;

+		sdl_set_uri_credentials(ctx, (char*)location TSRMLS_CC);
 		doc = soap_xmlParseFile((char*)location TSRMLS_CC);
+		sdl_restore_uri_credentials(ctx TSRMLS_CC);
+
 		if (doc == NULL) {
 			soap_error1(E_ERROR, "Parsing Schema: can't import schema from '%s'", location);
 		}

Modified: php/php-src/trunk/ext/soap/php_sdl.c
===================================================================
--- php/php-src/trunk/ext/soap/php_sdl.c	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/trunk/ext/soap/php_sdl.c	2009-08-17 18:23:48 UTC (rev 287425)
@@ -226,6 +226,64 @@
 	return 1;
 }

+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC)
+{
+	char *s;
+	int l1, l2;
+	zval *context = NULL;
+	zval **header = NULL;
+
+	/* check if we load xsd from the same server */
+	s = strstr(ctx->sdl->source, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l1 = s - ctx->sdl->source;
+	s = strstr((char*)uri, "://");
+	if (!s) return;
+	s = strchr(s+3, '/');
+	l2 = s - (char*)uri;
+	if (l1 != l2 || memcmp(ctx->sdl->source, uri, l1) != 0) {
+		/* another server. clear authentication credentals */
+		context = php_libxml_switch_context(NULL TSRMLS_CC);
+		php_libxml_switch_context(context TSRMLS_CC);
+		if (context) {
+			ctx->context = php_stream_context_from_zval(context, 1);
+
+			if (ctx->context &&
+			    php_stream_context_get_option(ctx->context, "http", "header", &header) == SUCCESS) {
+				s = strstr(Z_STRVAL_PP(header), "Authorization: Basic");
+				if (s && (s == Z_STRVAL_PP(header) || *(s-1) == '\n' || *(s-1) == '\r')) {
+					char *rest = strstr(s, "\r\n");
+					if (rest) {
+						zval new_header;
+
+						rest += 2;
+						Z_TYPE(new_header) = IS_STRING;
+						Z_STRLEN(new_header) = Z_STRLEN_PP(header) - (rest - s);
+						Z_STRVAL(new_header) = emalloc(Z_STRLEN_PP(header) + 1);
+						memcpy(Z_STRVAL(new_header), Z_STRVAL_PP(header), s - Z_STRVAL_PP(header));
+						memcpy(Z_STRVAL(new_header) + (s - Z_STRVAL_PP(header)), rest, Z_STRLEN_PP(header) - (rest - Z_STRVAL_PP(header)) + 1);
+						ctx->old_header = *header;
+						Z_ADDREF_P(ctx->old_header);
+						php_stream_context_set_option(ctx->context, "http", "header", &new_header);
+						zval_dtor(&new_header);
+					}
+				}
+			}
+		}
+	}
+}
+
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC)
+{
+	if (ctx->old_header) {
+	    php_stream_context_set_option(ctx->context, "http", "header", ctx->old_header);
+	    zval_ptr_dtor(&ctx->old_header);
+		ctx->old_header = NULL;
+	}
+	ctx->context = NULL;
+}
+
 static void load_wsdl_ex(char *struri, sdlCtx *ctx, int include TSRMLS_DC)
 {
 	sdlPtr tmpsdl = ctx->sdl;
@@ -237,7 +295,9 @@
 		return;
 	}

+	sdl_set_uri_credentials(ctx, struri TSRMLS_CC);
 	wsdl = soap_xmlParseFile(struri TSRMLS_CC);
+	sdl_restore_uri_credentials(ctx TSRMLS_CC);

 	if (!wsdl) {
 		xmlErrorPtr xmlErrorPtr = xmlGetLastError();

Modified: php/php-src/trunk/ext/soap/php_sdl.h
===================================================================
--- php/php-src/trunk/ext/soap/php_sdl.h	2009-08-17 17:57:40 UTC (rev 287424)
+++ php/php-src/trunk/ext/soap/php_sdl.h	2009-08-17 18:23:48 UTC (rev 287425)
@@ -76,6 +76,8 @@

 	HashTable *attributes;       /* array of sdlAttributePtr */
 	HashTable *attributeGroups;  /* array of sdlTypesPtr */
+	php_stream_context *context;
+	zval               *old_header;
 } sdlCtx;

 struct _sdlBinding {
@@ -264,4 +266,7 @@
 void delete_sdl(void *handle);
 void delete_sdl_impl(void *handle);

+void sdl_set_uri_credentials(sdlCtx *ctx, char *uri TSRMLS_DC);
+void sdl_restore_uri_credentials(sdlCtx *ctx TSRMLS_DC);
+
 #endif
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to