#include "php_http_api.h"
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+# include <idn2.h>
+#elif PHP_HTTP_HAVE_IDN
# include <idna.h>
#endif
return estrndup("localhost", lenof("localhost"));
}
-#define url(buf) ((php_http_url_t *) buf.data)
+#define url(buf) ((php_http_url_t *) (buf).data)
static php_http_url_t *php_http_url_from_env(void)
{
#define url_isset(u,n) \
((u)&&(u)->n)
+#define url_append(buf, append) do { \
+ char *_ptr = (buf)->data; \
+ php_http_url_t *_url = (php_http_url_t *) _ptr, _mem = *_url; \
+ append; \
+ /* relocate */ \
+ if (_ptr != (buf)->data) { \
+ ptrdiff_t diff = (buf)->data - _ptr; \
+ _url = (php_http_url_t *) (buf)->data; \
+ if (_mem.scheme) _url->scheme += diff; \
+ if (_mem.user) _url->user += diff; \
+ if (_mem.pass) _url->pass += diff; \
+ if (_mem.host) _url->host += diff; \
+ if (_mem.path) _url->path += diff; \
+ if (_mem.query) _url->query += diff; \
+ if (_mem.fragment) _url->fragment += diff; \
+ } \
+} while (0)
#define url_copy(n) do { \
if (url_isset(new_url, n)) { \
url(buf)->n = &buf.data[buf.used]; \
- php_http_buffer_append(&buf, new_url->n, strlen(new_url->n) + 1); \
+ url_append(&buf, php_http_buffer_append(&buf, new_url->n, strlen(new_url->n) + 1)); \
} else if (url_isset(old_url, n)) { \
url(buf)->n = &buf.data[buf.used]; \
- php_http_buffer_append(&buf, old_url->n, strlen(old_url->n) + 1); \
+ url_append(&buf, php_http_buffer_append(&buf, old_url->n, strlen(old_url->n) + 1)); \
} \
} while (0)
url(buf)->path = &buf.data[buf.used];
if (path[0] != '/') {
- php_http_buffer_append(&buf, "/", 1);
+ url_append(&buf, php_http_buffer_append(&buf, "/", 1));
}
- php_http_buffer_append(&buf, path, strlen(path) + 1);
+ url_append(&buf, php_http_buffer_append(&buf, path, strlen(path) + 1));
efree(path);
} else {
const char *path = NULL;
if (path) {
url(buf)->path = &buf.data[buf.used];
- php_http_buffer_append(&buf, path, strlen(path) + 1);
+ url_append(&buf, php_http_buffer_append(&buf, path, strlen(path) + 1));
}
php_http_querystring_update(&qarr, NULL, &qstr);
url(buf)->query = &buf.data[buf.used];
- php_http_buffer_append(&buf, Z_STRVAL(qstr), Z_STRLEN(qstr) + 1);
+ url_append(&buf, php_http_buffer_append(&buf, Z_STRVAL(qstr), Z_STRLEN(qstr) + 1));
zval_dtor(&qstr);
zval_dtor(&qarr);
}
/* unset default ports */
if (url(buf)->port) {
- if ( ((url(buf)->port == 80) && !strcmp(url(buf)->scheme, "http"))
- || ((url(buf)->port ==443) && !strcmp(url(buf)->scheme, "https"))
+ if ( ((url(buf)->port == 80) && url(buf)->scheme && !strcmp(url(buf)->scheme, "http"))
+ || ((url(buf)->port ==443) && url(buf)->scheme && !strcmp(url(buf)->scheme, "https"))
) {
url(buf)->port = 0;
}
return buf.data;
}
+char *php_http_url_authority_to_string(const php_http_url_t *url, char **url_str, size_t *url_len)
+{
+ php_http_buffer_t buf;
+
+ php_http_buffer_init(&buf);
+
+ if (url->user && *url->user) {
+ php_http_buffer_appendl(&buf, url->user);
+ if (url->pass && *url->pass) {
+ php_http_buffer_appends(&buf, ":");
+ php_http_buffer_appendl(&buf, url->pass);
+ }
+ php_http_buffer_appends(&buf, "@");
+ }
+
+ if (url->host && *url->host) {
+ php_http_buffer_appendl(&buf, url->host);
+ if (url->port) {
+ php_http_buffer_appendf(&buf, ":%hu", url->port);
+ }
+ }
+
+ php_http_buffer_shrink(&buf);
+ php_http_buffer_fix(&buf);
+
+ if (url_len) {
+ *url_len = buf.used;
+ }
+
+ if (url_str) {
+ *url_str = buf.data;
+ }
+
+ return buf.data;
+}
+
php_http_url_t *php_http_url_from_zval(zval *value, unsigned flags)
{
zend_string *zs;
php_http_buffer_account(&buf, sizeof(php_http_url_t));
memset(buf.data, 0, buf.used);
- if ((e = zend_hash_str_find(ht, ZEND_STRL("scheme")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("scheme")))) {
zend_string *zs = zval_get_string(e);
url(buf)->scheme = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("user")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("user")))) {
zend_string *zs = zval_get_string(e);
url(buf)->user = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("pass")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("pass")))) {
zend_string *zs = zval_get_string(e);
url(buf)->pass = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("host")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("host")))) {
zend_string *zs = zval_get_string(e);
url(buf)->host = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("port")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("port")))) {
url(buf)->port = (unsigned short) zval_get_long(e);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("path")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("path")))) {
zend_string *zs = zval_get_string(e);
url(buf)->path = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("query")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("query")))) {
zend_string *zs = zval_get_string(e);
url(buf)->query = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
- if ((e = zend_hash_str_find(ht, ZEND_STRL("fragment")))) {
+ if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("fragment")))) {
zend_string *zs = zval_get_string(e);
url(buf)->fragment = &buf.data[buf.used];
- php_http_buffer_append(&buf, zs->val, zs->len + 1);
+ url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1));
zend_string_release(zs);
}
ZEND_RESULT_CODE php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len)
{
- const char *arg_sep_str;
- size_t arg_sep_len;
+ const char *arg_sep_str = "&";
+ size_t arg_sep_len = 1;
php_http_buffer_t *qstr = php_http_buffer_new();
php_http_url_argsep(&arg_sep_str, &arg_sep_len);
wchar_t wchar;
size_t consumed = 0;
#if defined(HAVE_MBRTOWC)
- mbstate_t ps = {0};
+ mbstate_t ps;
+ memset(&ps, 0, sizeof(ps));
consumed = mbrtowc(&wchar, ptr, end - ptr, &ps);
#elif defined(HAVE_MBTOWC)
consumed = mbtowc(&wchar, ptr, end - ptr);
}
if (!silent) {
- php_error_docref(NULL, E_WARNING,
- "Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'",
- parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin);
+ if (consumed) {
+ php_error_docref(NULL, E_WARNING,
+ "Failed to parse %s; unexpected multibyte sequence 0x%x at pos %u in '%s'",
+ parse_what[what], wchar, (unsigned) (ptr - begin), begin);
+ } else {
+ php_error_docref(NULL, E_WARNING,
+ "Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'",
+ parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin);
+ }
}
return 0;
return SUCCESS;
}
+#if defined(PHP_WIN32) || defined(HAVE_UIDNA_IDNTOASCII)
+typedef size_t (*parse_mb_func)(unsigned *wc, const char *ptr, const char *end);
+static ZEND_RESULT_CODE to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t *len)
+{
+ size_t offset = 0, u8_len = strlen(u8);
+
+ *u16 = ecalloc(4 * sizeof(uint16_t), u8_len + 1);
+ *len = 0;
+
+ while (offset < u8_len) {
+ unsigned wc;
+ uint16_t buf[2], *ptr = buf;
+ size_t consumed = fn(&wc, &u8[offset], &u8[u8_len]);
+
+ if (!consumed) {
+ efree(*u16);
+ php_error_docref(NULL, E_WARNING, "Failed to parse UTF-8 at pos %zu of '%s'", offset, u8);
+ return FAILURE;
+ } else {
+ offset += consumed;
+ }
+
+ switch (wctoutf16(buf, wc)) {
+ case 2:
+ (*u16)[(*len)++] = *ptr++;
+ /* no break */
+ case 1:
+ (*u16)[(*len)++] = *ptr++;
+ break;
+ case 0:
+ default:
+ efree(*u16);
+ php_error_docref(NULL, E_WARNING, "Failed to convert UTF-32 'U+%X' to UTF-16", wc);
+ return FAILURE;
+ }
+ }
+
+ return SUCCESS;
+}
+#endif
+
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
+#if PHP_HTTP_HAVE_IDN2
+static ZEND_RESULT_CODE parse_idn2(struct parse_state *state, size_t prev_len)
+{
+ char *idn = NULL;
+ int rv = -1;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ rv = idn2_lookup_u8((const unsigned char *) state->url.host, (unsigned char **) &idn, IDN2_NFC_INPUT);
+ }
+# ifdef PHP_HTTP_HAVE_WCHAR
+ else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ rv = idn2_lookup_ul(state->url.host, &idn, 0);
+ }
+# endif
+ if (rv != IDN2_OK) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idn2_strerror(rv));
+ return FAILURE;
+ } else {
+ size_t idnlen = strlen(idn);
+ memcpy(state->url.host, idn, idnlen + 1);
+ free(idn);
+ state->offset += idnlen - prev_len;
+ return SUCCESS;
+ }
+}
+#elif PHP_HTTP_HAVE_IDN
+static ZEND_RESULT_CODE parse_idn(struct parse_state *state, size_t prev_len)
+{
+ char *idn = NULL;
+ int rv = -1;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
+ }
+# ifdef PHP_HTTP_HAVE_WCHAR
+ else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
+ }
+# endif
+ if (rv != IDNA_SUCCESS) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv));
+ return FAILURE;
+ } else {
+ size_t idnlen = strlen(idn);
+ memcpy(state->url.host, idn, idnlen + 1);
+ free(idn);
+ state->offset += idnlen - prev_len;
+ return SUCCESS;
+ }
+}
+#endif
+
+#ifdef HAVE_UIDNA_IDNTOASCII
+# if HAVE_UNICODE_UIDNA_H
+# include <unicode/uidna.h>
+# else
+typedef uint16_t UChar;
+typedef enum { U_ZERO_ERROR = 0 } UErrorCode;
+int32_t uidna_IDNToASCII(const UChar *src, int32_t srcLength, UChar *dest, int32_t destCapacity, int32_t options, void *parseError, UErrorCode *status);
+# endif
+static ZEND_RESULT_CODE parse_uidn(struct parse_state *state)
+{
+ char *host_ptr;
+ uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
+ size_t uhost_len, ahost_len;
+ UErrorCode error = U_ZERO_ERROR;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
+ return FAILURE;
+ }
+#ifdef PHP_HTTP_HAVE_WCHAR
+ } else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) {
+ return FAILURE;
+ }
+#endif
+ } else {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; codepage not specified");
+ return FAILURE;
+ }
+
+ ahost_len = uidna_IDNToASCII(uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN, 3, NULL, &error);
+ efree(uhost_str);
+
+ if (error != U_ZERO_ERROR) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; ICU error %d", error);
+ return FAILURE;
+ }
+
+ host_ptr = state->url.host;
+ ahost_ptr = ahost_str;
+ PHP_HTTP_DUFF(ahost_len, *host_ptr++ = *ahost_ptr++);
+
+ *host_ptr = '\0';
+ state->offset += host_ptr - state->url.host;
+
+ return SUCCESS;
+}
+#endif
+
+#if 0 && defined(PHP_WIN32)
+static ZEND_RESULT_CODE parse_widn(struct parse_state *state)
+{
+ char *host_ptr;
+ uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
+ size_t uhost_len;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+#ifdef PHP_HTTP_HAVE_WCHAR
+ } else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+#endif
+ } else {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+
+ if (!IdnToAscii(IDN_ALLOW_UNASSIGNED|IDN_USE_STD3_ASCII_RULES, uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN)) {
+ efree(uhost_str);
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+
+ efree(uhost_str);
+ host_ptr = state->url.host;
+ ahost_ptr = ahost_str;
+ PHP_HTTP_DUFF(wcslen(ahost_str), *host_ptr++ = *ahost_ptr++);
+ efree(ahost_str);
+
+ *host_ptr = '\0';
+ state->offset += host_ptr - state->url.host;
+
+ return SUCCESS;
+}
+#endif
+
static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr)
{
size_t mb, len;
const char *end = state->ptr, *tmp = ptr, *port = NULL;
-
#ifdef HAVE_INET_PTON
if (*ptr == '[') {
char *error = NULL, *tmp = memchr(ptr, ']', end - ptr);
break;
default:
- if (port) {
+ if (ptr == end) {
+ break;
+ } else if (port) {
php_error_docref(NULL, E_WARNING,
"Failed to parse port; unexpected byte 0x%02x at pos %u in '%s'",
(unsigned char) *ptr, (unsigned) (ptr - tmp), tmp);
state->buffer[state->offset++] = 0;
}
-#ifdef PHP_HTTP_HAVE_IDN
if (state->flags & PHP_HTTP_URL_PARSE_TOIDN) {
- char *idn = NULL;
- int rv = -1;
-
- if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
- rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
- }
-# ifdef PHP_HTTP_HAVE_WCHAR
- else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
- rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
- }
-# endif
- if (rv != IDNA_SUCCESS) {
- php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv));
- return FAILURE;
- } else {
- size_t idnlen = strlen(idn);
- memcpy(state->url.host, idn, idnlen + 1);
- free(idn);
- state->offset += idnlen - len;
- }
- }
+#if PHP_HTTP_HAVE_IDN2
+ return parse_idn2(state, len);
+#elif PHP_HTTP_HAVE_IDN
+ return parse_idn(state, len);
#endif
+#ifdef HAVE_UIDNA_IDNTOASCII
+ return parse_uidn(state);
+#endif
+#if 0 && defined(PHP_WIN32)
+ return parse_widn(state);
+#endif
+ }
return SUCCESS;
}
case '?':
case '#':
case '\0':
+ EOD:
/* host delimiter */
if (tmp != state->ptr && SUCCESS != parse_hostinfo(state, tmp)) {
return NULL;
}
} while (++state->ptr <= state->end);
- return NULL;
+ --state->ptr;
+ goto EOD;
}
static const char *parse_path(struct parse_state *state)
tmp = ++state->ptr;
state->url.query = &state->buffer[state->offset];
- do {
+ while (state->ptr < state->end) {
switch (*state->ptr) {
case '#':
goto done;
state->buffer[state->offset++] = *state->ptr;
break;
- case ']':
- case '[':
+ /* RFC1738 unsafe */
+ case '{': case '}':
+ case '<': case '>':
+ case '[': case ']':
+ case '|': case '\\': case '^': case '`': case '"': case ' ':
if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
state->buffer[state->offset++] = '%';
state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
}
state->ptr += mb - 1;
}
- } while (++state->ptr < state->end);
+
+ ++state->ptr;
+ }
done:
state->buffer[state->offset++] = 0;
state->buffer[state->offset++] = *state->ptr;
break;
+ /* RFC1738 unsafe */
+ case '{': case '}':
+ case '<': case '>':
+ case '[': case ']':
+ case '|': case '\\': case '^': case '`': case '"': case ' ':
+ if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
+ state->buffer[state->offset++] = '%';
+ state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
+ state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) & 0xf];
+ break;
+ }
+ /* no break */
+
case '?': case '/':
case '!': case '$': case '&': case '\'': case '(': case ')': case '*':
case '+': case ',': case ';': case '=': /* sub-delims */
return (php_http_url_t *) state;
}
+php_http_url_t *php_http_url_parse_authority(const char *str, size_t len, unsigned flags)
+{
+ size_t maxlen = 3 * len;
+ struct parse_state *state = ecalloc(1, sizeof(*state) + maxlen);
+
+ state->end = str + len;
+ state->ptr = str;
+ state->flags = flags;
+ state->maxlen = maxlen;
+
+ if (!(state->ptr = parse_authority(state))) {
+ efree(state);
+ return NULL;
+ }
+
+ if (state->ptr != state->end) {
+ php_error_docref(NULL, E_WARNING,
+ "Failed to parse URL authority, unexpected character at pos %u in '%s'",
+ (unsigned) (state->ptr - str), str);
+ efree(state);
+ return NULL;
+ }
+
+ return (php_http_url_t *) state;
+}
+
ZEND_BEGIN_ARG_INFO_EX(ai_HttpUrl___construct, 0, 0, 0)
ZEND_ARG_INFO(0, old_url)
ZEND_ARG_INFO(0, new_url)
PHP_METHOD(HttpUrl, mod)
{
zval *new_url = NULL;
- zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY;
+ zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY | PHP_HTTP_URL_SANITIZE_PATH;
zend_error_handling zeh;
php_http_expect(SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS(), "z!|l", &new_url, &flags), invalid_arg, return);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBLOC"), PHP_HTTP_URL_PARSE_MBLOC);
#endif
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBUTF8"), PHP_HTTP_URL_PARSE_MBUTF8);
-#ifdef PHP_HTTP_HAVE_IDN
+#if defined(PHP_HTTP_HAVE_IDN2) || defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOIDN"), PHP_HTTP_URL_PARSE_TOIDN);
#endif
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOPCT"), PHP_HTTP_URL_PARSE_TOPCT);