iliaa                                    Thu, 24 Dec 2009 18:47:15 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=292611

Log:
Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.

Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c
    U   php/php-src/trunk/ext/filter/logical_filters.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2009-12-24 17:44:16 UTC (rev 292610)
+++ php/php-src/branches/PHP_5_2/NEWS   2009-12-24 18:47:15 UTC (rev 292611)
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2010, PHP 5.2.13
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
+  (Ilia)
+
 - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey)

 - Fixed bug #50540 (Crash while running ldap_next_reference test cases).

Modified: php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c   2009-12-24 
17:44:16 UTC (rev 292610)
+++ php/php-src/branches/PHP_5_2/ext/filter/logical_filters.c   2009-12-24 
18:47:15 UTC (rev 292611)
@@ -456,12 +456,35 @@
                RETURN_VALIDATION_FAILED
        }

+       if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || 
!strcasecmp(url->scheme, "https"))) {
+               char *e, *s;
+
+               if (url->host == NULL) {
+                       goto bad_url;
+               }
+
+               e = url->host + strlen(url->host);
+               s = url->host;
+
+               while (s < e) {
+                       if (!isalnum((int)*(unsigned char *)s) && *s != '_' && 
*s != '.') {
+                               goto bad_url;
+                       }
+                       s++;
+               }
+
+               if (*(e - 1) == '.') {
+                       goto bad_url;
+               }
+       }
+
        if (
                url->scheme == NULL ||
                /* some schemas allow the host to be empty */
                (url->host == NULL && (strcmp(url->scheme, "mailto") && 
strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
                ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || 
((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
        ) {
+bad_url:
                php_url_free(url);
                RETURN_VALIDATION_FAILED
        }

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-12-24 17:44:16 UTC (rev 292610)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-12-24 18:47:15 UTC (rev 292611)
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.3.3
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
+  (Ilia)
+
 - Fixed bug #47409 (extract() problem with array containing word "this").
   (Ilia, chrisstocktonaz at gmail dot com)


Modified: php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c   2009-12-24 
17:44:16 UTC (rev 292610)
+++ php/php-src/branches/PHP_5_3/ext/filter/logical_filters.c   2009-12-24 
18:47:15 UTC (rev 292611)
@@ -456,12 +456,35 @@
                RETURN_VALIDATION_FAILED
        }

+       if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || 
!strcasecmp(url->scheme, "https"))) {
+               char *e, *s;
+
+               if (url->host == NULL) {
+                       goto bad_url;
+               }
+
+               e = url->host + strlen(url->host);
+               s = url->host;
+
+               while (s < e) {
+                       if (!isalnum((int)*(unsigned char *)s) && *s != '_' && 
*s != '.') {
+                               goto bad_url;
+                       }
+                       s++;
+               }
+
+               if (*(e - 1) == '.') {
+                       goto bad_url;
+               }
+       }
+
        if (
                url->scheme == NULL ||
                /* some schemas allow the host to be empty */
                (url->host == NULL && (strcmp(url->scheme, "mailto") && 
strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
                ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || 
((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
        ) {
+bad_url:
                php_url_free(url);
                RETURN_VALIDATION_FAILED
        }

Modified: php/php-src/trunk/ext/filter/logical_filters.c
===================================================================
--- php/php-src/trunk/ext/filter/logical_filters.c      2009-12-24 17:44:16 UTC 
(rev 292610)
+++ php/php-src/trunk/ext/filter/logical_filters.c      2009-12-24 18:47:15 UTC 
(rev 292611)
@@ -456,12 +456,35 @@
                RETURN_VALIDATION_FAILED
        }

+       if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || 
!strcasecmp(url->scheme, "https"))) {
+               char *e, *s;
+
+               if (url->host == NULL) {
+                       goto bad_url;
+               }
+
+               e = url->host + strlen(url->host);
+               s = url->host;
+
+               while (s < e) {
+                       if (!isalnum((int)*(unsigned char *)s) && *s != '_' && 
*s != '.') {
+                               goto bad_url;
+                       }
+                       s++;
+               }
+
+               if (*(e - 1) == '.') {
+                       goto bad_url;
+               }
+       }
+
        if (
                url->scheme == NULL ||
                /* some schemas allow the host to be empty */
                (url->host == NULL && (strcmp(url->scheme, "mailto") && 
strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
                ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || 
((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
        ) {
+bad_url:
                php_url_free(url);
                RETURN_VALIDATION_FAILED
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to