johannes                                 Mon, 25 Jan 2010 16:14:28 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=293996

Log:
merge r292611: Added missing host validation for HTTP urls inside
FILTER_VALIDATE_URL. (iliaa)

Changed paths:
    _U  php/php-src/branches/PHP_5_3_2/
    U   php/php-src/branches/PHP_5_3_2/NEWS
    U   php/php-src/branches/PHP_5_3_2/ext/filter/logical_filters.c


Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3:292504,292574,292594-292595
/php/php-src/trunk:284726
   + /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_2/NEWS 2010-01-25 15:57:24 UTC (rev 293995)
+++ php/php-src/branches/PHP_5_3_2/NEWS 2010-01-25 16:14:28 UTC (rev 293996)
@@ -1,6 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 20??, PHP 5.3.2 RC 2
+- Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL.
+  (Ilia)
+
 - Fixed bug #47409 (extract() problem with array containing word "this").
   (Ilia, chrisstocktonaz at gmail dot com)


Modified: php/php-src/branches/PHP_5_3_2/ext/filter/logical_filters.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/filter/logical_filters.c 2010-01-25 
15:57:24 UTC (rev 293995)
+++ php/php-src/branches/PHP_5_3_2/ext/filter/logical_filters.c 2010-01-25 
16:14:28 UTC (rev 293996)
@@ -456,12 +456,35 @@
                RETURN_VALIDATION_FAILED
        }

+       if (url->scheme != NULL && (!strcasecmp(url->scheme, "http") || 
!strcasecmp(url->scheme, "https"))) {
+               char *e, *s;
+
+               if (url->host == NULL) {
+                       goto bad_url;
+               }
+
+               e = url->host + strlen(url->host);
+               s = url->host;
+
+               while (s < e) {
+                       if (!isalnum((int)*(unsigned char *)s) && *s != '_' && 
*s != '.') {
+                               goto bad_url;
+                       }
+                       s++;
+               }
+
+               if (*(e - 1) == '.') {
+                       goto bad_url;
+               }
+       }
+
        if (
                url->scheme == NULL ||
                /* some schemas allow the host to be empty */
                (url->host == NULL && (strcmp(url->scheme, "mailto") && 
strcmp(url->scheme, "news") && strcmp(url->scheme, "file"))) ||
                ((flags & FILTER_FLAG_PATH_REQUIRED) && url->path == NULL) || 
((flags & FILTER_FLAG_QUERY_REQUIRED) && url->query == NULL)
        ) {
+bad_url:
                php_url_free(url);
                RETURN_VALIDATION_FAILED
        }

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to