X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=php_http_url.c;h=9b56f955e1abad248ec01c40111def2753c4eed8;hp=b4a614ea2727234851dd8b3463c7d06766109dad;hb=16bf75db1f89db511833657630cff588576088e2;hpb=6a206380b376a202ed243dd730d4433186a55a1d

diff --git a/php_http_url.c b/php_http_url.c
index b4a614e..9b56f95 100644
--- a/php_http_url.c
+++ b/php_http_url.c
@@ -12,7 +12,9 @@
 
 #include "php_http_api.h"
 
-#ifdef PHP_HTTP_HAVE_IDN
+#if PHP_HTTP_HAVE_IDN2
+#	include <idn2.h>
+#elif PHP_HTTP_HAVE_IDN
 #	include <idna.h>
 #endif
 
@@ -123,20 +125,6 @@ static php_http_url_t *php_http_url_from_env(TSRMLS_D)
 	return url(buf);
 }
 
-void php_http_url(int flags, const php_url *old_url, const php_url *new_url, php_url **url_ptr, char **url_str, size_t *url_len TSRMLS_DC)
-{
-	php_http_url_t *url = php_http_url_mod((const php_http_url_t *) old_url, (const php_http_url_t *) new_url, flags TSRMLS_CC);
-
-	if (url_ptr) {
-		*url_ptr = php_http_url_to_php_url(url);
-	}
-	if (url_str) {
-		php_http_url_to_string(url, url_str, url_len, 0);
-	}
-
-	php_http_url_free(&url);
-}
-
 #define url_isset(u,n) \
 	((u)&&(u)->n)
 #define url_append(buf, append) do { \
@@ -325,8 +313,8 @@ php_http_url_t *php_http_url_mod(const php_http_url_t *old_url, const php_http_u
 	}
 	/* unset default ports */
 	if (url(buf)->port) {
-		if (	((url(buf)->port == 80) && !strcmp(url(buf)->scheme, "http"))
-			||	((url(buf)->port ==443) && !strcmp(url(buf)->scheme, "https"))
+		if (	((url(buf)->port == 80) && url(buf)->scheme && !strcmp(url(buf)->scheme, "http"))
+			||	((url(buf)->port ==443) && url(buf)->scheme && !strcmp(url(buf)->scheme, "https"))
 		) {
 			url(buf)->port = 0;
 		}
@@ -398,6 +386,42 @@ char *php_http_url_to_string(const php_http_url_t *url, char **url_str, size_t *
 	return buf.data;
 }
 
+char *php_http_url_authority_to_string(const php_http_url_t *url, char **url_str, size_t *url_len)
+{
+	php_http_buffer_t buf;
+
+	php_http_buffer_init(&buf);
+
+	if (url->user && *url->user) {
+		php_http_buffer_appendl(&buf, url->user);
+		if (url->pass && *url->pass) {
+			php_http_buffer_appends(&buf, ":");
+			php_http_buffer_appendl(&buf, url->pass);
+		}
+		php_http_buffer_appends(&buf, "@");
+	}
+
+	if (url->host && *url->host) {
+		php_http_buffer_appendl(&buf, url->host);
+		if (url->port) {
+			php_http_buffer_appendf(&buf, ":%hu", url->port);
+		}
+	}
+
+	php_http_buffer_shrink(&buf);
+	php_http_buffer_fix(&buf);
+
+	if (url_len) {
+		*url_len = buf.used;
+	}
+
+	if (url_str) {
+		*url_str = buf.data;
+	}
+
+	return buf.data;
+}
+
 php_http_url_t *php_http_url_from_zval(zval *value, unsigned flags TSRMLS_DC)
 {
 	zval *zcpy;
@@ -528,7 +552,7 @@ HashTable *php_http_url_to_struct(const php_http_url_t *url, zval *strct TSRMLS_
 	return Z_ARRVAL(arr);
 }
 
-STATUS php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len TSRMLS_DC)
+ZEND_RESULT_CODE php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len TSRMLS_DC)
 {
 	const char *arg_sep_str;
 	size_t arg_sep_len;
@@ -547,7 +571,7 @@ STATUS php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, si
 	return SUCCESS;
 }
 
-STATUS php_http_url_encode_hash_ex(HashTable *hash, php_http_buffer_t *qstr, const char *arg_sep_str, size_t arg_sep_len, const char *val_sep_str, size_t val_sep_len, const char *pre_encoded_str, size_t pre_encoded_len TSRMLS_DC)
+ZEND_RESULT_CODE php_http_url_encode_hash_ex(HashTable *hash, php_http_buffer_t *qstr, const char *arg_sep_str, size_t arg_sep_len, const char *val_sep_str, size_t val_sep_len, const char *pre_encoded_str, size_t pre_encoded_len TSRMLS_DC)
 {
 	if (pre_encoded_len && pre_encoded_str) {
 		php_http_buffer_append(qstr, pre_encoded_str, pre_encoded_len);
@@ -639,8 +663,9 @@ static size_t parse_mb_loc(unsigned *wc, const char *ptr, const char *end)
 	wchar_t wchar;
 	size_t consumed = 0;
 #if defined(HAVE_MBRTOWC)
-	mbstate_t ps = {0};
+	mbstate_t ps;
 
+	memset(&ps, 0, sizeof(ps));
 	consumed = mbrtowc(&wchar, ptr, end - ptr, &ps);
 #elif defined(HAVE_MBTOWC)
 	consumed = mbtowc(&wchar, ptr, end - ptr);
@@ -723,15 +748,21 @@ static size_t parse_mb(struct parse_state *state, parse_mb_what_t what, const ch
 
 	if (!silent) {
 		TSRMLS_FETCH_FROM_CTX(state->ts);
-		php_error_docref(NULL TSRMLS_CC, E_WARNING,
-				"Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'",
-				parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin);
+		if (consumed) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING,
+					"Failed to parse %s; unexpected multibyte sequence 0x%x at pos %u in '%s'",
+					parse_what[what], wchar, (unsigned) (ptr - begin), begin);
+		} else {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING,
+					"Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'",
+					parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin);
+		}
 	}
 
 	return 0;
 }
 
-static STATUS parse_userinfo(struct parse_state *state, const char *ptr)
+static ZEND_RESULT_CODE parse_userinfo(struct parse_state *state, const char *ptr)
 {
 	size_t mb;
 	const char *password = NULL, *end = state->ptr, *tmp = ptr;
@@ -796,13 +827,205 @@ static STATUS parse_userinfo(struct parse_state *state, const char *ptr)
 	return SUCCESS;
 }
 
-static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
+#if defined(PHP_WIN32) || defined(HAVE_UIDNA_IDNTOASCII)
+typedef size_t (*parse_mb_func)(unsigned *wc, const char *ptr, const char *end);
+static ZEND_RESULT_CODE to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t *len TSRMLS_DC)
+{
+	size_t offset = 0, u8_len = strlen(u8);
+
+	*u16 = ecalloc(4 * sizeof(uint16_t), u8_len + 1);
+	*len = 0;
+
+	while (offset < u8_len) {
+		unsigned wc;
+		uint16_t buf[2], *ptr = buf;
+		size_t consumed = fn(&wc, &u8[offset], &u8[u8_len]);
+
+		if (!consumed) {
+			efree(*u16);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse UTF-8 at pos %zu of '%s'", offset, u8);
+			return FAILURE;
+		} else {
+			offset += consumed;
+		}
+
+		switch (wctoutf16(buf, wc)) {
+		case 2:
+			(*u16)[(*len)++] = *ptr++;
+			/* no break */
+		case 1:
+			(*u16)[(*len)++] = *ptr++;
+			break;
+		case 0:
+		default:
+			efree(*u16);
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to convert UTF-32 'U+%X' to UTF-16", wc);
+			return FAILURE;
+		}
+	}
+
+	return SUCCESS;
+}
+#endif
+
+#ifndef MAXHOSTNAMELEN
+#	define MAXHOSTNAMELEN 256
+#endif
+
+#if PHP_HTTP_HAVE_IDN2
+static ZEND_RESULT_CODE parse_idn2(struct parse_state *state, size_t prev_len)
+{
+	char *idn = NULL;
+	int rv = -1;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
+
+	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+		rv = idn2_lookup_u8((const unsigned char *) state->url.host, (unsigned char **) &idn, IDN2_NFC_INPUT);
+	}
+#	ifdef PHP_HTTP_HAVE_WCHAR
+	else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+		rv = idn2_lookup_ul(state->url.host, &idn, 0);
+	}
+#	endif
+	if (rv != IDN2_OK) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN; %s", idn2_strerror(rv));
+		return FAILURE;
+	} else {
+		size_t idnlen = strlen(idn);
+		memcpy(state->url.host, idn, idnlen + 1);
+		free(idn);
+		state->offset += idnlen - prev_len;
+		return SUCCESS;
+	}
+}
+#elif PHP_HTTP_HAVE_IDN
+static ZEND_RESULT_CODE parse_idn(struct parse_state *state, size_t prev_len)
+{
+	char *idn = NULL;
+	int rv = -1;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
+
+	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+		rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
+	}
+#	ifdef PHP_HTTP_HAVE_WCHAR
+	else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+		rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
+	}
+#	endif
+	if (rv != IDNA_SUCCESS) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv));
+		return FAILURE;
+	} else {
+		size_t idnlen = strlen(idn);
+		memcpy(state->url.host, idn, idnlen + 1);
+		free(idn);
+		state->offset += idnlen - prev_len;
+		return SUCCESS;
+	}
+}
+#endif
+
+#ifdef HAVE_UIDNA_IDNTOASCII
+#	if HAVE_UNICODE_UIDNA_H
+#		include <unicode/uidna.h>
+#	else
+typedef uint16_t UChar;
+typedef enum { U_ZERO_ERROR = 0 } UErrorCode;
+int32_t uidna_IDNToASCII(const UChar *src, int32_t srcLength, UChar *dest, int32_t destCapacity, int32_t options, void *parseError, UErrorCode *status);
+#	endif
+static ZEND_RESULT_CODE parse_uidn(struct parse_state *state)
+{
+	char *host_ptr;
+	uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
+	size_t uhost_len, ahost_len;
+	UErrorCode error = U_ZERO_ERROR;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
+
+	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+		if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len TSRMLS_CC)) {
+			return FAILURE;
+		}
+#ifdef PHP_HTTP_HAVE_WCHAR
+	} else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+		if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len TSRMLS_CC)) {
+			return FAILURE;
+		}
+#endif
+	} else {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN; codepage not specified");
+		return FAILURE;
+	}
+
+	ahost_len = uidna_IDNToASCII(uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN, 3, NULL, &error);
+	efree(uhost_str);
+
+	if (error != U_ZERO_ERROR) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN; ICU error %d", error);
+		return FAILURE;
+	}
+
+	host_ptr = state->url.host;
+	ahost_ptr = ahost_str;
+	PHP_HTTP_DUFF(ahost_len, *host_ptr++ = *ahost_ptr++);
+
+	*host_ptr = '\0';
+	state->offset += host_ptr - state->url.host;
+
+	return SUCCESS;
+}
+#endif
+
+#if 0 && defined(PHP_WIN32)
+static ZEND_RESULT_CODE parse_widn(struct parse_state *state)
+{
+	char *host_ptr;
+	uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr;
+	size_t uhost_len;
+	TSRMLS_FETCH_FROM_CTX(state->ts);
+
+	if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
+		if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN");
+			return FAILURE;
+		}
+#ifdef PHP_HTTP_HAVE_WCHAR
+	} else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
+		if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN");
+			return FAILURE;
+		}
+#endif
+	} else {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN");
+		return FAILURE;
+	}
+
+	if (!IdnToAscii(IDN_ALLOW_UNASSIGNED|IDN_USE_STD3_ASCII_RULES, uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN)) {
+		efree(uhost_str);
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN");
+		return FAILURE;
+	}
+
+	efree(uhost_str);
+	host_ptr = state->url.host;
+	ahost_ptr = ahost_str;
+	PHP_HTTP_DUFF(wcslen(ahost_str), *host_ptr++ = *ahost_ptr++);
+	efree(ahost_str);
+
+	*host_ptr = '\0';
+	state->offset += host_ptr - state->url.host;
+
+	return SUCCESS;
+}
+#endif
+
+static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr)
 {
 	size_t mb, len;
 	const char *end = state->ptr, *tmp = ptr, *port = NULL;
 	TSRMLS_FETCH_FROM_CTX(state->ts);
 
-
 #ifdef HAVE_INET_PTON
 	if (*ptr == '[') {
 		char *error = NULL, *tmp = memchr(ptr, ']', end - ptr);
@@ -890,7 +1113,9 @@ static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
 			break;
 
 		default:
-			if (port) {
+			if (ptr == end) {
+				break;
+			} else if (port) {
 				php_error_docref(NULL TSRMLS_CC, E_WARNING,
 						"Failed to parse port; unexpected byte 0x%02x at pos %u in '%s'",
 						(unsigned char) *ptr, (unsigned) (ptr - tmp), tmp);
@@ -908,30 +1133,19 @@ static STATUS parse_hostinfo(struct parse_state *state, const char *ptr)
 		state->buffer[state->offset++] = 0;
 	}
 
-#ifdef PHP_HTTP_HAVE_IDN
 	if (state->flags & PHP_HTTP_URL_PARSE_TOIDN) {
-		char *idn = NULL;
-		int rv = -1;
-
-		if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) {
-			rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
-		}
-#	ifdef PHP_HTTP_HAVE_WCHAR
-		else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) {
-			rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES);
-		}
-#	endif
-		if (rv != IDNA_SUCCESS) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv));
-			return FAILURE;
-		} else {
-			size_t idnlen = strlen(idn);
-			memcpy(state->url.host, idn, idnlen + 1);
-			free(idn);
-			state->offset += idnlen - len;
-		}
-	}
+#if PHP_HTTP_HAVE_IDN2
+		return parse_idn2(state, len);
+#elif PHP_HTTP_HAVE_IDN
+		return parse_idn(state, len);
+#endif
+#ifdef HAVE_UIDNA_IDNTOASCII
+		return parse_uidn(state);
+#endif
+#if 0 && defined(PHP_WIN32)
+		return parse_widn(state);
 #endif
+	}
 
 	return SUCCESS;
 }
@@ -961,6 +1175,7 @@ static const char *parse_authority(struct parse_state *state)
 		case '?':
 		case '#':
 		case '\0':
+			EOD:
 			/* host delimiter */
 			if (tmp != state->ptr && SUCCESS != parse_hostinfo(state, tmp)) {
 				return NULL;
@@ -969,7 +1184,8 @@ static const char *parse_authority(struct parse_state *state)
 		}
 	} while (++state->ptr <= state->end);
 
-	return NULL;
+	--state->ptr;
+	goto EOD;
 }
 
 static const char *parse_path(struct parse_state *state)
@@ -1055,7 +1271,7 @@ static const char *parse_query(struct parse_state *state)
 	tmp = ++state->ptr;
 	state->url.query = &state->buffer[state->offset];
 
-	do {
+	while (state->ptr < state->end) {
 		switch (*state->ptr) {
 		case '#':
 			goto done;
@@ -1107,7 +1323,9 @@ static const char *parse_query(struct parse_state *state)
 			}
 			state->ptr += mb - 1;
 		}
-	} while (++state->ptr < state->end);
+
+		++state->ptr;
+	}
 
 	done:
 	state->buffer[state->offset++] = 0;
@@ -1270,6 +1488,33 @@ php_http_url_t *php_http_url_parse(const char *str, size_t len, unsigned flags T
 	return (php_http_url_t *) state;
 }
 
+php_http_url_t *php_http_url_parse_authority(const char *str, size_t len, unsigned flags TSRMLS_DC)
+{
+	size_t maxlen = 3 * len;
+	struct parse_state *state = ecalloc(1, sizeof(*state) + maxlen);
+
+	state->end = str + len;
+	state->ptr = str;
+	state->flags = flags;
+	state->maxlen = maxlen;
+	TSRMLS_SET_CTX(state->ts);
+
+	if (!(state->ptr = parse_authority(state))) {
+		efree(state);
+		return NULL;
+	}
+
+	if (state->ptr != state->end) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING,
+				"Failed to parse URL authority, unexpected character at pos %u in '%s'",
+				(unsigned) (state->ptr - str), str);
+		efree(state);
+		return NULL;
+	}
+
+	return (php_http_url_t *) state;
+}
+
 ZEND_BEGIN_ARG_INFO_EX(ai_HttpUrl___construct, 0, 0, 0)
 	ZEND_ARG_INFO(0, old_url)
 	ZEND_ARG_INFO(0, new_url)
@@ -1326,7 +1571,7 @@ ZEND_END_ARG_INFO();
 PHP_METHOD(HttpUrl, mod)
 {
 	zval *new_url = NULL;
-	long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY;
+	long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY | PHP_HTTP_URL_SANITIZE_PATH;
 	zend_error_handling zeh;
 
 	php_http_expect(SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z!|l", &new_url, &flags), invalid_arg, return);
@@ -1441,7 +1686,7 @@ PHP_MINIT_FUNCTION(http_url)
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBLOC"), PHP_HTTP_URL_PARSE_MBLOC TSRMLS_CC);
 #endif
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBUTF8"), PHP_HTTP_URL_PARSE_MBUTF8 TSRMLS_CC);
-#ifdef PHP_HTTP_HAVE_IDN
+#if defined(PHP_HTTP_HAVE_IDN2) || defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII)
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOIDN"), PHP_HTTP_URL_PARSE_TOIDN TSRMLS_CC);
 #endif
 	zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOPCT"), PHP_HTTP_URL_PARSE_TOPCT TSRMLS_CC);