projects / m6w6 / ext-http / blob
? search:
summary | shortlog | log | commit | commitdiff | tree | github
history | raw | HEAD
- fix endless loop in http_build_url() with urls like "/.foo"
[m6w6/ext-http] / http_url_api.c
1 /*
2 +--------------------------------------------------------------------+
3 | PECL :: http |
4 +--------------------------------------------------------------------+
5 | Redistribution and use in source and binary forms, with or without |
6 | modification, are permitted provided that the conditions mentioned |
7 | in the accompanying LICENSE file are met. |
8 +--------------------------------------------------------------------+
9 | Copyright (c) 2004-2006, Michael Wallner <mike@php.net> |
10 +--------------------------------------------------------------------+
11 */
12
13 /* $Id$ */
14
15 #define HTTP_WANT_SAPI
16 #define HTTP_WANT_NETDB
17 #include "php_http.h"
18
19 #include "zend_ini.h"
20 #include "php_output.h"
21 #include "ext/standard/php_string.h"
22
23 #include "php_http_api.h"
24 #include "php_http_url_api.h"
25
26 PHP_MINIT_FUNCTION(http_url)
27 {
28 HTTP_LONG_CONSTANT("HTTP_URL_REPLACE", HTTP_URL_REPLACE);
29 HTTP_LONG_CONSTANT("HTTP_URL_JOIN_PATH", HTTP_URL_JOIN_PATH);
30 HTTP_LONG_CONSTANT("HTTP_URL_JOIN_QUERY", HTTP_URL_JOIN_QUERY);
31 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_USER", HTTP_URL_STRIP_USER);
32 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_PASS", HTTP_URL_STRIP_PASS);
33 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_AUTH", HTTP_URL_STRIP_AUTH);
34 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_PORT", HTTP_URL_STRIP_PORT);
35 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_PATH", HTTP_URL_STRIP_PATH);
36 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_QUERY", HTTP_URL_STRIP_QUERY);
37 HTTP_LONG_CONSTANT("HTTP_URL_STRIP_FRAGMENT", HTTP_URL_STRIP_FRAGMENT);
38 return SUCCESS;
39 }
40
41 PHP_HTTP_API char *_http_absolute_url(const char *url TSRMLS_DC)
42 {
43 char *abs = estrdup(url);
44 php_url *purl = php_url_parse(abs);
45
46 STR_SET(abs, NULL);
47
48 if (purl) {
49 http_build_url(0, purl, NULL, NULL, &abs, NULL);
50 php_url_free(purl);
51 } else {
52 http_error_ex(HE_WARNING, HTTP_E_URL, "Could not parse URL (%s)", url);
53 }
54
55 return abs;
56 }
57
58 /* {{{ void http_build_url(int flags, const php_url *, const php_url *, php_url **, char **, size_t *) */
59 PHP_HTTP_API void _http_build_url(int flags, const php_url *old_url, const php_url *new_url, php_url **url_ptr, char **url_str, size_t *url_len TSRMLS_DC)
60 {
61 #ifdef HTTP_HAVE_NETDB
62 struct servent *se;
63 #endif
64 php_url *url = ecalloc(1, sizeof(php_url));
65
66 #define __URLSET(u,n) \
67 ((u)&&(u)->n)
68 #define __URLCPY(n) \
69 url->n = __URLSET(new_url,n) ? estrdup(new_url->n) : (__URLSET(old_url,n) ? estrdup(old_url->n) : NULL)
70
71 if (!(flags & HTTP_URL_STRIP_PORT)) {
72 url->port = (new_url&&new_url->port) ? new_url->port : ((old_url) ? old_url->port : 0);
73 }
74 if ((!(flags & HTTP_URL_STRIP_AUTH)) && (!(flags & HTTP_URL_STRIP_USER))) {
75 __URLCPY(user);
76 }
77 if ((!(flags & HTTP_URL_STRIP_AUTH)) && (!(flags & HTTP_URL_STRIP_PASS))) {
78 __URLCPY(pass);
79 }
80
81 __URLCPY(scheme);
82 __URLCPY(host);
83
84 if (!(flags & HTTP_URL_STRIP_PATH)) {
85 if ((flags & HTTP_URL_JOIN_PATH) && __URLSET(old_url, path) && __URLSET(new_url, path) && *new_url->path != '/') {
86 size_t old_path_len = strlen(old_url->path), new_path_len = strlen(new_url->path);
87
88 url->path = ecalloc(1, old_path_len + new_path_len + 1 + 1);
89
90 strcat(url->path, old_url->path);
91 if (url->path[old_path_len - 1] != '/') {
92 php_dirname(url->path, old_path_len);
93 strcat(url->path, "/");
94 }
95 strcat(url->path, new_url->path);
96 } else {
97 __URLCPY(path);
98 }
99 }
100 if (!(flags & HTTP_URL_STRIP_QUERY)) {
101 if ((flags & HTTP_URL_JOIN_QUERY) && __URLSET(new_url, query) && __URLSET(old_url, query)) {
102 url->query = ecalloc(1, strlen(new_url->query) + strlen(old_url->query) + 1 + 1);
103 strcat(url->query, old_url->query);
104 strcat(url->query, "&");
105 strcat(url->query, new_url->query);
106 } else {
107 __URLCPY(query);
108 }
109 }
110 if (!(flags & HTTP_URL_STRIP_FRAGMENT)) {
111 __URLCPY(fragment);
112 }
113
114 if (!url->scheme) {
115 switch (url->port)
116 {
117 case 443:
118 url->scheme = estrndup("https", lenof("https"));
119 break;
120
121 #ifndef HTTP_HAVE_NETDB
122 default:
123 #endif
124 case 80:
125 url->scheme = estrndup("http", lenof("http"));
126 break;
127
128 #ifdef HTTP_HAVE_NETDB
129 default:
130 if ((se = getservbyport(htons(url->port), "tcp")) && se->s_name) {
131 url->scheme = estrdup(se->s_name);
132 } else {
133 url->scheme = estrndup("http", lenof("http"));
134 }
135 break;
136 #endif
137 }
138 }
139
140 if (!url->host) {
141 zval *zhost;
142
143 if ((((zhost = http_get_server_var("HTTP_HOST")) ||
144 (zhost = http_get_server_var("SERVER_NAME")))) && Z_STRLEN_P(zhost)) {
145 url->host = estrndup(Z_STRVAL_P(zhost), Z_STRLEN_P(zhost));
146 } else {
147 url->host = estrndup("localhost", lenof("localhost"));
148 }
149 }
150
151 if (!url->path) {
152 if (SG(request_info).request_uri && *SG(request_info).request_uri) {
153 const char *q = strchr(SG(request_info).request_uri, '?');
154
155 if (q) {
156 url->path = estrndup(SG(request_info).request_uri, q - SG(request_info).request_uri);
157 } else {
158 url->path = estrdup(SG(request_info).request_uri);
159 }
160 } else {
161 url->path = estrndup("/", 1);
162 }
163 } else if (*url->path != '/') {
164 if (SG(request_info).request_uri && *SG(request_info).request_uri) {
165 const char *q = strchr(SG(request_info).request_uri, '?');
166 char *uri, *path;
167 size_t len;
168
169 if (q) {
170 uri = estrndup(SG(request_info).request_uri, len = q - SG(request_info).request_uri);
171 } else {
172 uri = estrndup(SG(request_info).request_uri, len = strlen(SG(request_info).request_uri));
173 }
174
175 php_dirname(uri, len);
176 spprintf(&path, 0, "%s/%s", uri, url->path);
177 efree(uri);
178 STR_SET(url->path, path);
179 } else {
180 char *uri;
181
182 spprintf(&uri, 0, "/%s", url->path);
183 STR_SET(url->path, uri);
184 }
185 }
186 if (url->path) {
187 char *ptr, *end = url->path + strlen(url->path) + 1;
188
189 for (ptr = strstr(url->path, "/."); ptr; ptr = strstr(ptr, "/.")) {
190 switch (ptr[2])
191 {
192 case '\0':
193 ptr[1] = '\0';
194 break;
195
196 case '/':
197 memmove(&ptr[1], &ptr[3], end - &ptr[3]);
198 break;
199
200 case '.':
201 if (ptr[3] == '/') {
202 char *pos = &ptr[4];
203 while (ptr != url->path) {
204 if (*--ptr == '/') {
205 break;
206 }
207 }
208 memmove(&ptr[1], pos, end - pos);
209 }
210 break;
211
212 default:
213 /* something else */
214 ++ptr;
215 break;
216 }
217 }
218 }
219
220 if (url->port) {
221 if ( ((url->port == 80) && !strcmp(url->scheme, "http"))
222 || ((url->port ==443) && !strcmp(url->scheme, "https"))
223 #ifdef HTTP_HAVE_NETDB
224 || ((se = getservbyname(url->scheme, "tcp")) && se->s_port &&
225 (url->port == ntohs(se->s_port)))
226 #endif
227 ) {
228 url->port = 0;
229 }
230 }
231
232 if (url_str) {
233 size_t len;
234
235 *url_str = emalloc(HTTP_URL_MAXLEN + 1);
236
237 **url_str = '\0';
238 strlcat(*url_str, url->scheme, HTTP_URL_MAXLEN);
239 strlcat(*url_str, "://", HTTP_URL_MAXLEN);
240
241 if (url->user && *url->user) {
242 strlcat(*url_str, url->user, HTTP_URL_MAXLEN);
243 if (url->pass && *url->pass) {
244 strlcat(*url_str, ":", HTTP_URL_MAXLEN);
245 strlcat(*url_str, url->pass, HTTP_URL_MAXLEN);
246 }
247 strlcat(*url_str, "@", HTTP_URL_MAXLEN);
248 }
249
250 strlcat(*url_str, url->host, HTTP_URL_MAXLEN);
251
252 if (url->port) {
253 char port_str[6] = {0};
254
255 snprintf(port_str, 5, "%d", (int) url->port);
256 strlcat(*url_str, ":", HTTP_URL_MAXLEN);
257 strlcat(*url_str, port_str, HTTP_URL_MAXLEN);
258 }
259
260 if (*url->path != '/') {
261 strlcat(*url_str, "/", HTTP_URL_MAXLEN);
262 }
263 strlcat(*url_str, url->path, HTTP_URL_MAXLEN);
264
265 if (url->query && *url->query) {
266 strlcat(*url_str, "?", HTTP_URL_MAXLEN);
267 strlcat(*url_str, url->query, HTTP_URL_MAXLEN);
268 }
269
270 if (url->fragment && *url->fragment) {
271 strlcat(*url_str, "#", HTTP_URL_MAXLEN);
272 strlcat(*url_str, url->fragment, HTTP_URL_MAXLEN);
273 }
274
275 if (HTTP_URL_MAXLEN == (len = strlen(*url_str))) {
276 http_error(HE_NOTICE, HTTP_E_URL, "Length of URL exceeds HTTP_URL_MAXLEN");
277 }
278 if (url_len) {
279 *url_len = len;
280 }
281 }
282
283 if (url_ptr) {
284 *url_ptr = url;
285 } else {
286 php_url_free(url);
287 }
288 }
289 /* }}} */
290
291 /* {{{ STATUS http_urlencode_hash_ex(HashTable *, zend_bool, char *, size_t, char **, size_t *) */
292 PHP_HTTP_API STATUS _http_urlencode_hash_ex(HashTable *hash, zend_bool override_argsep,
293 char *pre_encoded_data, size_t pre_encoded_len,
294 char **encoded_data, size_t *encoded_len TSRMLS_DC)
295 {
296 char *arg_sep;
297 size_t arg_sep_len;
298 phpstr *qstr = phpstr_new();
299
300 if (override_argsep || !(arg_sep_len = strlen(arg_sep = INI_STR("arg_separator.output")))) {
301 arg_sep = HTTP_URL_ARGSEP;
302 arg_sep_len = lenof(HTTP_URL_ARGSEP);
303 }
304
305 if (pre_encoded_len && pre_encoded_data) {
306 phpstr_append(qstr, pre_encoded_data, pre_encoded_len);
307 }
308
309 if (SUCCESS != http_urlencode_hash_recursive(hash, qstr, arg_sep, arg_sep_len, NULL, 0)) {
310 phpstr_free(&qstr);
311 return FAILURE;
312 }
313
314 phpstr_data(qstr, encoded_data, encoded_len);
315 phpstr_free(&qstr);
316
317 return SUCCESS;
318 }
319 /* }}} */
320
321 /* {{{ http_urlencode_hash_recursive */
322 PHP_HTTP_API STATUS _http_urlencode_hash_recursive(HashTable *ht, phpstr *str, const char *arg_sep, size_t arg_sep_len, const char *prefix, size_t prefix_len TSRMLS_DC)
323 {
324 char *key = NULL;
325 uint len = 0;
326 ulong idx = 0;
327 zval **data = NULL;
328 HashPosition pos;
329
330 if (!ht || !str) {
331 http_error(HE_WARNING, HTTP_E_INVALID_PARAM, "Invalid parameters");
332 return FAILURE;
333 }
334 if (ht->nApplyCount > 0) {
335 return SUCCESS;
336 }
337
338 FOREACH_HASH_KEYLENVAL(pos, ht, key, len, idx, data) {
339 char *encoded_key;
340 int encoded_len;
341 phpstr new_prefix;
342
343 if (!data || !*data) {
344 return FAILURE;
345 }
346
347 if (key) {
348 if (len && key[len - 1] == '\0') {
349 --len;
350 }
351 encoded_key = php_url_encode(key, len, &encoded_len);
352 key = NULL;
353 } else {
354 encoded_len = spprintf(&encoded_key, 0, "%ld", idx);
355 }
356
357 {
358 phpstr_init(&new_prefix);
359 if (prefix && prefix_len) {
360 phpstr_append(&new_prefix, prefix, prefix_len);
361 phpstr_appends(&new_prefix, "[");
362 }
363
364 phpstr_append(&new_prefix, encoded_key, encoded_len);
365 efree(encoded_key);
366
367 if (prefix && prefix_len) {
368 phpstr_appends(&new_prefix, "]");
369 }
370 phpstr_fix(&new_prefix);
371 }
372
373 if (Z_TYPE_PP(data) == IS_ARRAY) {
374 STATUS status;
375 ++ht->nApplyCount;
376 status = http_urlencode_hash_recursive(Z_ARRVAL_PP(data), str, arg_sep, arg_sep_len, PHPSTR_VAL(&new_prefix), PHPSTR_LEN(&new_prefix));
377 --ht->nApplyCount;
378 if (SUCCESS != status) {
379 phpstr_dtor(&new_prefix);
380 return FAILURE;
381 }
382 } else {
383 zval *val = zval_copy(IS_STRING, *data);
384
385 if (PHPSTR_LEN(str)) {
386 phpstr_append(str, arg_sep, arg_sep_len);
387 }
388 phpstr_append(str, PHPSTR_VAL(&new_prefix), PHPSTR_LEN(&new_prefix));
389 phpstr_appends(str, "=");
390
391 if (Z_STRLEN_P(val) && Z_STRVAL_P(val)) {
392 char *encoded_val;
393 int encoded_len;
394
395 encoded_val = php_url_encode(Z_STRVAL_P(val), Z_STRLEN_P(val), &encoded_len);
396 phpstr_append(str, encoded_val, encoded_len);
397 efree(encoded_val);
398 }
399
400 zval_free(&val);
401 }
402 phpstr_dtor(&new_prefix);
403 }
404 return SUCCESS;
405 }
406 /* }}} */
407
408 /*
409 * Local variables:
410 * tab-width: 4
411 * c-basic-offset: 4
412 * End:
413 * vim600: noet sw=4 ts=4 fdm=marker
414 * vim<600: noet sw=4 ts=4
415 */
416
Extended HTTP Support