if ((((zhost = php_http_env_get_server_var(ZEND_STRL("HTTP_HOST"), 1 TSRMLS_CC)) ||
(zhost = php_http_env_get_server_var(ZEND_STRL("SERVER_NAME"), 1 TSRMLS_CC)) ||
(zhost = php_http_env_get_server_var(ZEND_STRL("SERVER_ADDR"), 1 TSRMLS_CC)))) && Z_STRLEN_P(zhost)) {
- url->host = estrndup(Z_STRVAL_P(zhost), Z_STRLEN_P(zhost));
+ size_t stop_at = strspn(Z_STRVAL_P(zhost), "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-.");
+
+ url->host = estrndup(Z_STRVAL_P(zhost), stop_at);
} else {
url->host = localhostname();
}
STR_SET(url->path, path);
}
/* replace directory references if path is not a single slash */
- if (url->path[0] && (url->path[0] != '/' || url->path[1])) {
+ if ((flags & PHP_HTTP_URL_SANITIZE_PATH)
+ && url->path[0] && (url->path[0] != '/' || url->path[1])) {
char *ptr, *end = url->path + strlen(url->path) + 1;
for (ptr = strchr(url->path, '/'); ptr; ptr = strchr(ptr, '/')) {
php_http_url_argsep(&arg_sep_str, &arg_sep_len TSRMLS_CC);
- if (pre_encoded_len && pre_encoded_str) {
- php_http_buffer_append(qstr, pre_encoded_str, pre_encoded_len);
- }
-
- if (SUCCESS != php_http_url_encode_hash_ex(hash, qstr, arg_sep_str, arg_sep_len, ZEND_STRL("="), NULL, 0 TSRMLS_CC)) {
+ if (SUCCESS != php_http_url_encode_hash_ex(hash, qstr, arg_sep_str, arg_sep_len, "=", 1, pre_encoded_str, pre_encoded_len TSRMLS_CC)) {
php_http_buffer_free(&qstr);
return FAILURE;
}
return SUCCESS;
}
-PHP_HTTP_API STATUS php_http_url_encode_hash_ex(HashTable *ht, php_http_buffer_t *str, const char *arg_sep_str, size_t arg_sep_len, const char *val_sep_str, size_t val_sep_len, const char *prefix_str, size_t prefix_len TSRMLS_DC)
+PHP_HTTP_API STATUS php_http_url_encode_hash_ex(HashTable *hash, php_http_buffer_t *qstr, const char *arg_sep_str, size_t arg_sep_len, const char *val_sep_str, size_t val_sep_len, const char *pre_encoded_str, size_t pre_encoded_len TSRMLS_DC)
{
- php_http_array_hashkey_t key = php_http_array_hashkey_init(0);
- zval **data = NULL;
- HashPosition pos;
+ if (pre_encoded_len && pre_encoded_str) {
+ php_http_buffer_append(qstr, pre_encoded_str, pre_encoded_len);
+ }
- if (!ht || !str) {
- php_http_error(HE_WARNING, PHP_HTTP_E_INVALID_PARAM, "Invalid parameters");
+ if (!php_http_params_to_string(qstr, hash, arg_sep_str, arg_sep_len, "", 0, val_sep_str, val_sep_len, PHP_HTTP_PARAMS_QUERY TSRMLS_CC)) {
return FAILURE;
}
- if (ht->nApplyCount > 0) {
- return SUCCESS;
- }
-
- FOREACH_HASH_KEYVAL(pos, ht, key, data) {
- char *encoded_key;
- int encoded_len;
- php_http_buffer_t new_prefix;
-
- if (!data || !*data) {
- php_http_buffer_dtor(str);
- return FAILURE;
- }
-
- if (key.type == HASH_KEY_IS_STRING) {
- if (!*key.str) {
- /* only public properties */
- continue;
- }
- if (key.len && key.str[key.len - 1] == '\0') {
- --key.len;
- }
- encoded_key = php_url_encode(key.str, key.len, &encoded_len);
- } else {
- encoded_len = spprintf(&encoded_key, 0, "%ld", key.num);
- }
-
- {
- php_http_buffer_init(&new_prefix);
- if (prefix_str && prefix_len) {
- php_http_buffer_append(&new_prefix, prefix_str, prefix_len);
- php_http_buffer_appends(&new_prefix, "%5B");
- }
-
- php_http_buffer_append(&new_prefix, encoded_key, encoded_len);
- efree(encoded_key);
-
- if (prefix_str && prefix_len) {
- php_http_buffer_appends(&new_prefix, "%5D");
- }
- php_http_buffer_fix(&new_prefix);
- }
-
- if (Z_TYPE_PP(data) == IS_ARRAY || Z_TYPE_PP(data) == IS_OBJECT) {
- STATUS status;
- ++ht->nApplyCount;
- status = php_http_url_encode_hash_ex(HASH_OF(*data), str, arg_sep_str, arg_sep_len, val_sep_str, val_sep_len, PHP_HTTP_BUFFER_VAL(&new_prefix), PHP_HTTP_BUFFER_LEN(&new_prefix) TSRMLS_CC);
- --ht->nApplyCount;
- if (SUCCESS != status) {
- php_http_buffer_dtor(&new_prefix);
- php_http_buffer_dtor(str);
- return FAILURE;
- }
- } else {
- zval *val = php_http_ztyp(IS_STRING, *data);
-
- if (PHP_HTTP_BUFFER_LEN(str)) {
- php_http_buffer_append(str, arg_sep_str, arg_sep_len);
- }
- php_http_buffer_append(str, PHP_HTTP_BUFFER_VAL(&new_prefix), PHP_HTTP_BUFFER_LEN(&new_prefix));
- php_http_buffer_append(str, val_sep_str, val_sep_len);
-
- if (Z_STRLEN_P(val) && Z_STRVAL_P(val)) {
- char *encoded_val;
- int encoded_len;
-
- encoded_val = php_url_encode(Z_STRVAL_P(val), Z_STRLEN_P(val), &encoded_len);
- php_http_buffer_append(str, encoded_val, encoded_len);
- efree(encoded_val);
- }
-
- zval_ptr_dtor(&val);
- }
- php_http_buffer_dtor(&new_prefix);
- }
+
return SUCCESS;
}
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("STRIP_FRAGMENT"), PHP_HTTP_URL_STRIP_FRAGMENT TSRMLS_CC);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("STRIP_ALL"), PHP_HTTP_URL_STRIP_ALL TSRMLS_CC);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("FROM_ENV"), PHP_HTTP_URL_FROM_ENV TSRMLS_CC);
+ zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("SANITIZE_PATH"), PHP_HTTP_URL_SANITIZE_PATH TSRMLS_CC);
return SUCCESS;
}
projects / m6w6 / ext-http / blobdiff