if ((((zhost = php_http_env_get_server_var(ZEND_STRL("HTTP_HOST"), 1 TSRMLS_CC)) ||
(zhost = php_http_env_get_server_var(ZEND_STRL("SERVER_NAME"), 1 TSRMLS_CC)) ||
(zhost = php_http_env_get_server_var(ZEND_STRL("SERVER_ADDR"), 1 TSRMLS_CC)))) && Z_STRLEN_P(zhost)) {
- url->host = estrndup(Z_STRVAL_P(zhost), Z_STRLEN_P(zhost));
+ size_t stop_at = strspn(Z_STRVAL_P(zhost), "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-.");
+
+ url->host = estrndup(Z_STRVAL_P(zhost), stop_at);
} else {
url->host = localhostname();
}
STR_SET(url->path, path);
}
/* replace directory references if path is not a single slash */
- if (url->path[0] && (url->path[0] != '/' || url->path[1])) {
+ if ((flags & PHP_HTTP_URL_SANITIZE_PATH)
+ && url->path[0] && (url->path[0] != '/' || url->path[1])) {
char *ptr, *end = url->path + strlen(url->path) + 1;
for (ptr = strchr(url->path, '/'); ptr; ptr = strchr(ptr, '/')) {
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("STRIP_FRAGMENT"), PHP_HTTP_URL_STRIP_FRAGMENT TSRMLS_CC);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("STRIP_ALL"), PHP_HTTP_URL_STRIP_ALL TSRMLS_CC);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("FROM_ENV"), PHP_HTTP_URL_FROM_ENV TSRMLS_CC);
+ zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("SANITIZE_PATH"), PHP_HTTP_URL_SANITIZE_PATH TSRMLS_CC);
return SUCCESS;
}