#include "php_http_api.h"
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+# include <idn2.h>
+#elif PHP_HTTP_HAVE_IDN
# include <idna.h>
#endif
ZEND_RESULT_CODE php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len)
{
- const char *arg_sep_str;
- size_t arg_sep_len;
+ const char *arg_sep_str = "&";
+ size_t arg_sep_len = 1;
php_http_buffer_t *qstr = php_http_buffer_new();
php_http_url_argsep(&arg_sep_str, &arg_sep_len);
# define MAXHOSTNAMELEN 256
#endif
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+static ZEND_RESULT_CODE parse_idn2(struct parse_state *state, size_t prev_len)
+{
+ char *idn = NULL;
+ int rv = -1;
+
+ if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+ rv = idn2_lookup_u8((const unsigned char *) state->url.host, (unsigned char **) &idn, IDN2_NFC_INPUT);
+ }
+# ifdef PHP_HTTP_HAVE_WCHAR
+ else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+ rv = idn2_lookup_ul(state->url.host, &idn, 0);
+ }
+# endif
+ if (rv != IDN2_OK) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idn2_strerror(rv));
+ return FAILURE;
+ } else {
+ size_t idnlen = strlen(idn);
+ memcpy(state->url.host, idn, idnlen + 1);
+ free(idn);
+ state->offset += idnlen - prev_len;
+ return SUCCESS;
+ }
+}
+#elif PHP_HTTP_HAVE_IDN
static ZEND_RESULT_CODE parse_idn(struct parse_state *state, size_t prev_len)
{
char *idn = NULL;
uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
size_t uhost_len, ahost_len;
UErrorCode error = U_ZERO_ERROR;
- TSRMLS_FETCH_FROM_CTX(state->ts);
if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
}
#endif
-static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr)
+#ifdef HAVE_INET_PTON
+static const char *parse_ip6(struct parse_state *state, const char *ptr)
{
size_t mb, len;
- const char *end = state->ptr, *tmp = ptr, *port = NULL;
-
-#ifdef HAVE_INET_PTON
- if (*ptr == '[') {
- char *error = NULL, *tmp = memchr(ptr, ']', end - ptr);
-
- if (tmp) {
- size_t addrlen = tmp - ptr + 1;
- char buf[16], *addr = estrndup(ptr + 1, addrlen - 2);
- int rv = inet_pton(AF_INET6, addr, buf);
-
- efree(addr);
- if (rv == 1) {
- state->buffer[state->offset] = '[';
- state->url.host = &state->buffer[state->offset];
- inet_ntop(AF_INET6, buf, state->url.host + 1, state->maxlen - state->offset);
- state->offset += strlen(state->url.host);
- state->buffer[state->offset++] = ']';
- state->buffer[state->offset++] = 0;
- ptr = tmp + 1;
- } else if (rv == -1) {
- error = strerror(errno);
- } else {
- error = "unexpected '['";
- }
+ const char *error = NULL, *end = state->ptr, *tmp = memchr(ptr, ']', end - ptr);
+
+ if (tmp) {
+ size_t addrlen = tmp - ptr + 1;
+ char buf[16], *addr = estrndup(ptr + 1, addrlen - 2);
+ int rv = inet_pton(AF_INET6, addr, buf);
+
+ if (rv == 1) {
+ state->buffer[state->offset] = '[';
+ state->url.host = &state->buffer[state->offset];
+ inet_ntop(AF_INET6, buf, state->url.host + 1, state->maxlen - state->offset);
+ state->offset += strlen(state->url.host);
+ state->buffer[state->offset++] = ']';
+ state->buffer[state->offset++] = 0;
+ ptr = tmp + 1;
+ } else if (rv == -1) {
+ error = strerror(errno);
} else {
- error = "expected ']'";
+ error = "unexpected '['";
}
+ efree(addr);
+ } else {
+ error = "expected ']'";
+ }
- if (error) {
- php_error_docref(NULL, E_WARNING, "Failed to parse hostinfo; %s", error);
- return FAILURE;
- }
+ if (error) {
+ php_error_docref(NULL, E_WARNING, "Failed to parse hostinfo; %s", error);
+ return NULL;
+ }
+
+ return ptr;
+}
+#endif
+
+static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr)
+{
+ size_t mb, len;
+ const char *end = state->ptr, *tmp = ptr, *port = NULL, *label = NULL;
+
+#ifdef HAVE_INET_PTON
+ if (*ptr == '[' && !(ptr = parse_ip6(state, ptr))) {
+ return FAILURE;
}
#endif
+
if (ptr != end) do {
switch (*ptr) {
case ':':
case '!': case '$': case '&': case '\'': case '(': case ')': case '*':
case '+': case ',': case ';': case '=': /* sub-delims */
case '-': case '.': case '_': case '~': /* unreserved */
+ if (port || !label) {
+ /* sort of a compromise, just ensure we don't end up
+ * with a dot at the beginning or two consecutive dots
+ */
+ php_error_docref(NULL, E_WARNING,
+ "Failed to parse %s; unexpected '%c' at pos %u in '%s'",
+ port ? "port" : "host",
+ (unsigned char) *ptr, (unsigned) (ptr - tmp), tmp);
+ return FAILURE;
+ }
+ state->buffer[state->offset++] = *ptr;
+ label = NULL;
+ break;
+
case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G':
case 'H': case 'I': case 'J': case 'K': case 'L': case 'M': case 'N':
case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U':
state->url.port *= 10;
state->url.port += *ptr - '0';
} else {
+ label = ptr;
state->buffer[state->offset++] = *ptr;
}
break;
} else if (!(mb = parse_mb(state, PARSE_HOSTINFO, ptr, end, tmp, 0))) {
return FAILURE;
}
+ label = ptr;
ptr += mb - 1;
}
} while (++ptr != end);
}
if (state->flags & PHP_HTTP_URL_PARSE_TOIDN) {
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+ return parse_idn2(state, len);
+#elif PHP_HTTP_HAVE_IDN
return parse_idn(state, len);
#endif
#ifdef HAVE_UIDNA_IDNTOASCII
tmp = ++state->ptr;
state->url.query = &state->buffer[state->offset];
- do {
+ while (state->ptr < state->end) {
switch (*state->ptr) {
case '#':
goto done;
state->buffer[state->offset++] = *state->ptr;
break;
- case ']':
- case '[':
+ /* RFC1738 unsafe */
+ case '{': case '}':
+ case '<': case '>':
+ case '[': case ']':
+ case '|': case '\\': case '^': case '`': case '"': case ' ':
if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
state->buffer[state->offset++] = '%';
state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
}
state->ptr += mb - 1;
}
- } while (++state->ptr < state->end);
+
+ ++state->ptr;
+ }
done:
state->buffer[state->offset++] = 0;
state->buffer[state->offset++] = *state->ptr;
break;
+ /* RFC1738 unsafe */
+ case '{': case '}':
+ case '<': case '>':
+ case '[': case ']':
+ case '|': case '\\': case '^': case '`': case '"': case ' ':
+ if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) {
+ state->buffer[state->offset++] = '%';
+ state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4];
+ state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) & 0xf];
+ break;
+ }
+ /* no break */
+
case '?': case '/':
case '!': case '$': case '&': case '\'': case '(': case ')': case '*':
case '+': case ',': case ';': case '=': /* sub-delims */
state->ptr = str;
state->flags = flags;
state->maxlen = maxlen;
- TSRMLS_SET_CTX(state->ts);
if (!(state->ptr = parse_authority(state))) {
efree(state);
}
if (state->ptr != state->end) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING,
+ php_error_docref(NULL, E_WARNING,
"Failed to parse URL authority, unexpected character at pos %u in '%s'",
(unsigned) (state->ptr - str), str);
efree(state);
PHP_METHOD(HttpUrl, mod)
{
zval *new_url = NULL;
- zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY;
+ zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY | PHP_HTTP_URL_SANITIZE_PATH;
zend_error_handling zeh;
php_http_expect(SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS(), "z!|l", &new_url, &flags), invalid_arg, return);
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBLOC"), PHP_HTTP_URL_PARSE_MBLOC);
#endif
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBUTF8"), PHP_HTTP_URL_PARSE_MBUTF8);
-#if defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
+#if defined(PHP_HTTP_HAVE_IDN2) || defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOIDN"), PHP_HTTP_URL_PARSE_TOIDN);
#endif
zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOPCT"), PHP_HTTP_URL_PARSE_TOPCT);