#include "php_http_api.h"
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+# include <idn2.h>
+#elif PHP_HTTP_HAVE_IDN
# include <idna.h>
#endif
ZEND_RESULT_CODE php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len)
{
- const char *arg_sep_str;
- size_t arg_sep_len;
+ const char *arg_sep_str = "&";
+ size_t arg_sep_len = 1;
php_http_buffer_t *qstr = php_http_buffer_new();
php_http_url_argsep(&arg_sep_str, &arg_sep_len);
wchar_t wchar;
size_t consumed = 0;
#if defined(HAVE_MBRTOWC)
- mbstate_t ps = {0};
+ mbstate_t ps;
+ memset(&ps, 0, sizeof(ps));
consumed = mbrtowc(&wchar, ptr, end - ptr, &ps);
#elif defined(HAVE_MBTOWC)
consumed = mbtowc(&wchar, ptr, end - ptr);
}
if (!silent) {
- php_error_docref(NULL, E_WARNING,
- "Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'",
- parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin);
+ if (consumed) {
+ php_error_docref(NULL, E_WARNING,
+ "Failed to parse %s; unexpected multibyte sequence 0x%x at pos %u in '%s'",
+ parse_what[what], wchar, (unsigned) (ptr - begin), begin);
+ } else {
+ php_error_docref(NULL, E_WARNING,
+ "Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'",
+ parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin);
+ }
}
return 0;
return SUCCESS;
}
+#if defined(PHP_WIN32) || defined(HAVE_UIDNA_IDNTOASCII)
+typedef size_t (*parse_mb_func)(unsigned *wc, const char *ptr, const char *end);
+static ZEND_RESULT_CODE to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t *len)
+{
+ size_t offset = 0, u8_len = strlen(u8);
+
+ *u16 = ecalloc(4 * sizeof(uint16_t), u8_len + 1);
+ *len = 0;
+
+ while (offset < u8_len) {
+ unsigned wc;
+ uint16_t buf[2], *ptr = buf;
+ size_t consumed = fn(&wc, &u8[offset], &u8[u8_len]);
+
+ if (!consumed) {
+ efree(*u16);
+ php_error_docref(NULL, E_WARNING, "Failed to parse UTF-8 at pos %zu of '%s'", offset, u8);
+ return FAILURE;
+ } else {
+ offset += consumed;
+ }
+
+ switch (wctoutf16(buf, wc)) {
+ case 2:
+ (*u16)[(*len)++] = *ptr++;
+ /* no break */
+ case 1:
+ (*u16)[(*len)++] = *ptr++;
+ break;
+ case 0:
+ default:
+ efree(*u16);
+ php_error_docref(NULL, E_WARNING, "Failed to convert UTF-32 'U+%X' to UTF-16", wc);
+ return FAILURE;
+ }
+ }
+
+ return SUCCESS;
+}
+#endif
+
+#ifndef MAXHOSTNAMELEN
+# define MAXHOSTNAMELEN 256
+#endif
+
+#if PHP_HTTP_HAVE_IDN2
+static ZEND_RESULT_CODE parse_idn2(struct parse_state *state, size_t prev_len)
+{
+ char *idn = NULL;
+ int rv = -1;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ rv = idn2_lookup_u8((const unsigned char *) state->url.host, (unsigned char **) &idn, IDN2_NFC_INPUT);
+ }
+# ifdef PHP_HTTP_HAVE_WCHAR
+ else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ rv = idn2_lookup_ul(state->url.host, &idn, 0);
+ }
+# endif
+ if (rv != IDN2_OK) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idn2_strerror(rv));
+ return FAILURE;
+ } else {
+ size_t idnlen = strlen(idn);
+ memcpy(state->url.host, idn, idnlen + 1);
+ free(idn);
+ state->offset += idnlen - prev_len;
+ return SUCCESS;
+ }
+}
+#elif PHP_HTTP_HAVE_IDN
+static ZEND_RESULT_CODE parse_idn(struct parse_state *state, size_t prev_len)
+{
+ char *idn = NULL;
+ int rv = -1;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
+ }
+# ifdef PHP_HTTP_HAVE_WCHAR
+ else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
+ }
+# endif
+ if (rv != IDNA_SUCCESS) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv));
+ return FAILURE;
+ } else {
+ size_t idnlen = strlen(idn);
+ memcpy(state->url.host, idn, idnlen + 1);
+ free(idn);
+ state->offset += idnlen - prev_len;
+ return SUCCESS;
+ }
+}
+#endif
+
+#ifdef HAVE_UIDNA_IDNTOASCII
+# if HAVE_UNICODE_UIDNA_H
+# include <unicode/uidna.h>
+# else
+typedef uint16_t UChar;
+typedef enum { U_ZERO_ERROR = 0 } UErrorCode;
+int32_t uidna_IDNToASCII(const UChar *src, int32_t srcLength, UChar *dest, int32_t destCapacity, int32_t options, void *parseError, UErrorCode *status);
+# endif
+static ZEND_RESULT_CODE parse_uidn(struct parse_state *state)
+{
+ char *host_ptr;
+ uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
+ size_t uhost_len, ahost_len;
+ UErrorCode error = U_ZERO_ERROR;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
+ return FAILURE;
+ }
+#ifdef PHP_HTTP_HAVE_WCHAR
+ } else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) {
+ return FAILURE;
+ }
+#endif
+ } else {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; codepage not specified");
+ return FAILURE;
+ }
+
+ ahost_len = uidna_IDNToASCII(uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN, 3, NULL, &error);
+ efree(uhost_str);
+
+ if (error != U_ZERO_ERROR) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; ICU error %d", error);
+ return FAILURE;
+ }
+
+ host_ptr = state->url.host;
+ ahost_ptr = ahost_str;
+ PHP_HTTP_DUFF(ahost_len, *host_ptr++ = *ahost_ptr++);
+
+ *host_ptr = '\0';
+ state->offset += host_ptr - state->url.host;
+
+ return SUCCESS;
+}
+#endif
+
+#if 0 && defined(PHP_WIN32)
+static ZEND_RESULT_CODE parse_widn(struct parse_state *state)
+{
+ char *host_ptr;
+ uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
+ size_t uhost_len;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+#ifdef PHP_HTTP_HAVE_WCHAR
+ } else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+#endif
+ } else {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+
+ if (!IdnToAscii(IDN_ALLOW_UNASSIGNED|IDN_USE_STD3_ASCII_RULES, uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN)) {
+ efree(uhost_str);
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN");
+ return FAILURE;
+ }
+
+ efree(uhost_str);
+ host_ptr = state->url.host;
+ ahost_ptr = ahost_str;
+ PHP_HTTP_DUFF(wcslen(ahost_str), *host_ptr++ = *ahost_ptr++);
+ efree(ahost_str);
+
+ *host_ptr = '\0';
+ state->offset += host_ptr - state->url.host;
+
+ return SUCCESS;
+}
+#endif
+
static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr)
{
size_t mb, len;
const char *end = state->ptr, *tmp = ptr, *port = NULL;
-
#ifdef HAVE_INET_PTON
if (*ptr == '[') {
char *error = NULL, *tmp = memchr(ptr, ']', end - ptr);
state->buffer[state->offset++] = 0;
}
-#ifdef PHP_HTTP_HAVE_IDN
if (state->flags & PHP_HTTP_URL_PARSE_TOIDN) {
- char *idn = NULL;
- int rv = -1;
-
- if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
- rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
- }
-# ifdef PHP_HTTP_HAVE_WCHAR
- else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
- rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
- }
-# endif
- if (rv != IDNA_SUCCESS) {
- php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv));
- return FAILURE;
- } else {
- size_t idnlen = strlen(idn);
- memcpy(state->url.host, idn, idnlen + 1);
- free(idn);
- state->offset += idnlen - len;
- }
- }
+#if PHP_HTTP_HAVE_IDN2
+ return parse_idn2(state, len);
+#elif PHP_HTTP_HAVE_IDN
+ return parse_idn(state, len);
+#endif
+#ifdef HAVE_UIDNA_IDNTOASCII
+ return parse_uidn(state);
#endif
+#if 0 && defined(PHP_WIN32)
+ return parse_widn(state);
+#endif
+ }
return SUCCESS;
}
tmp = ++state->ptr;
state->url.query = &state->buffer[state->offset];
- do {
+ while (state->ptr < state->end) {
switch (*state->ptr) {
case '#':
goto done;
state->buffer[state->offset++] = *state->ptr;
break;
- case ']':
- case '[':
+ /* RFC1738 unsafe */
+ case '{': case '}':
+ case '<': case '>':
+ case '[': case ']':
+ case '|': case '\\': case '^': case '`': case '"': case ' ':
if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
state->buffer[state->offset++] = '%';
state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
}
state->ptr += mb - 1;
}
- } while (++state->ptr < state->end);
+
+ ++state->ptr;
+ }
done:
state->buffer[state->offset++] = 0;
state->buffer[state->offset++] = *state->ptr;
break;
+ /* RFC1738 unsafe */
+ case '{': case '}':
+ case '<': case '>':
+ case '[': case ']':
+ case '|': case '\\': case '^': case '`': case '"': case ' ':
+ if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
+ state->buffer[state->offset++] = '%';
+ state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
+ state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) & 0xf];
+ break;
+ }
+ /* no break */
+
case '?': case '/':
case '!': case '$': case '&': case '\'': case '(': case ')': case '*':
case '+': case ',': case ';': case '=': /* sub-delims */
return (php_http_url_t *) state;
}
-php_http_url_t *php_http_url_parse_authority(const char *str, size_t len, unsigned flags TSRMLS_DC)
+php_http_url_t *php_http_url_parse_authority(const char *str, size_t len, unsigned flags)
{
size_t maxlen = 3 * len;
struct parse_state *state = ecalloc(1, sizeof(*state) + maxlen);
state->ptr = str;
state->flags = flags;
state->maxlen = maxlen;
- TSRMLS_SET_CTX(state->ts);
if (!(state->ptr = parse_authority(state))) {
efree(state);
}
if (state->ptr != state->end) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
+ php_error_docref(NULL, E_WARNING,
"Failed to parse URL authority, unexpected character at pos %u in '%s'",
(unsigned) (state->ptr - str), str);
efree(state);
PHP_METHOD(HttpUrl, mod)
{
zval *new_url = NULL;
- zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY;
+ zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY | PHP_HTTP_URL_SANITIZE_PATH;
zend_error_handling zeh;
php_http_expect(SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS(), "z!|l", &new_url, &flags), invalid_arg, return);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBLOC"), PHP_HTTP_URL_PARSE_MBLOC);
#endif
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBUTF8"), PHP_HTTP_URL_PARSE_MBUTF8);
-#ifdef PHP_HTTP_HAVE_IDN
+#if defined(PHP_HTTP_HAVE_IDN2) || defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOIDN"), PHP_HTTP_URL_PARSE_TOIDN);
#endif
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOPCT"), PHP_HTTP_URL_PARSE_TOPCT);
projects / m6w6 / ext-http / blobdiff