X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=php_http_url.c;h=c5c19a55568bd6fd10ee8f310fb5a247d0e72030;hp=06552bed304d6131ddb01c3a5214007abaa3500b;hb=4bf1b4570329514fa00dc68c6e02f581c3792d73;hpb=fd450f6ab0231e5ef5ae8817d2ef1d0326dc5518 diff --git a/php_http_url.c b/php_http_url.c index 06552be..c5c19a5 100644 --- a/php_http_url.c +++ b/php_http_url.c @@ -12,7 +12,9 @@ #include "php_http_api.h" -#ifdef PHP_HTTP_HAVE_IDN +#if PHP_HTTP_HAVE_IDN2 +# include +#elif PHP_HTTP_HAVE_IDN # include #endif @@ -57,7 +59,7 @@ static inline char *localhostname(void) return estrndup("localhost", lenof("localhost")); } -#define url(buf) ((php_http_url_t *) buf.data) +#define url(buf) ((php_http_url_t *) (buf).data) static php_http_url_t *php_http_url_from_env(void) { @@ -125,13 +127,30 @@ static php_http_url_t *php_http_url_from_env(void) #define url_isset(u,n) \ ((u)&&(u)->n) +#define url_append(buf, append) do { \ + char *_ptr = (buf)->data; \ + php_http_url_t *_url = (php_http_url_t *) _ptr, _mem = *_url; \ + append; \ + /* relocate */ \ + if (_ptr != (buf)->data) { \ + ptrdiff_t diff = (buf)->data - _ptr; \ + _url = (php_http_url_t *) (buf)->data; \ + if (_mem.scheme) _url->scheme += diff; \ + if (_mem.user) _url->user += diff; \ + if (_mem.pass) _url->pass += diff; \ + if (_mem.host) _url->host += diff; \ + if (_mem.path) _url->path += diff; \ + if (_mem.query) _url->query += diff; \ + if (_mem.fragment) _url->fragment += diff; \ + } \ +} while (0) #define url_copy(n) do { \ if (url_isset(new_url, n)) { \ url(buf)->n = &buf.data[buf.used]; \ - php_http_buffer_append(&buf, new_url->n, strlen(new_url->n) + 1); \ + url_append(&buf, php_http_buffer_append(&buf, new_url->n, strlen(new_url->n) + 1)); \ } else if (url_isset(old_url, n)) { \ url(buf)->n = &buf.data[buf.used]; \ - php_http_buffer_append(&buf, old_url->n, strlen(old_url->n) + 1); \ + url_append(&buf, php_http_buffer_append(&buf, old_url->n, strlen(old_url->n) + 1)); \ } \ } while (0) @@ -182,9 +201,9 @@ php_http_url_t *php_http_url_mod(const php_http_url_t *old_url, const php_http_u url(buf)->path = &buf.data[buf.used]; if (path[0] != '/') { - php_http_buffer_append(&buf, "/", 1); + url_append(&buf, php_http_buffer_append(&buf, "/", 1)); } - php_http_buffer_append(&buf, path, strlen(path) + 1); + url_append(&buf, php_http_buffer_append(&buf, path, strlen(path) + 1)); efree(path); } else { const char *path = NULL; @@ -198,7 +217,7 @@ php_http_url_t *php_http_url_mod(const php_http_url_t *old_url, const php_http_u if (path) { url(buf)->path = &buf.data[buf.used]; - php_http_buffer_append(&buf, path, strlen(path) + 1); + url_append(&buf, php_http_buffer_append(&buf, path, strlen(path) + 1)); } @@ -222,7 +241,7 @@ php_http_url_t *php_http_url_mod(const php_http_url_t *old_url, const php_http_u php_http_querystring_update(&qarr, NULL, &qstr); url(buf)->query = &buf.data[buf.used]; - php_http_buffer_append(&buf, Z_STRVAL(qstr), Z_STRLEN(qstr) + 1); + url_append(&buf, php_http_buffer_append(&buf, Z_STRVAL(qstr), Z_STRLEN(qstr) + 1)); zval_dtor(&qstr); zval_dtor(&qarr); @@ -294,8 +313,8 @@ php_http_url_t *php_http_url_mod(const php_http_url_t *old_url, const php_http_u } /* unset default ports */ if (url(buf)->port) { - if ( ((url(buf)->port == 80) && !strcmp(url(buf)->scheme, "http")) - || ((url(buf)->port ==443) && !strcmp(url(buf)->scheme, "https")) + if ( ((url(buf)->port == 80) && url(buf)->scheme && !strcmp(url(buf)->scheme, "http")) + || ((url(buf)->port ==443) && url(buf)->scheme && !strcmp(url(buf)->scheme, "https")) ) { url(buf)->port = 0; } @@ -367,6 +386,42 @@ char *php_http_url_to_string(const php_http_url_t *url, char **url_str, size_t * return buf.data; } +char *php_http_url_authority_to_string(const php_http_url_t *url, char **url_str, size_t *url_len) +{ + php_http_buffer_t buf; + + php_http_buffer_init(&buf); + + if (url->user && *url->user) { + php_http_buffer_appendl(&buf, url->user); + if (url->pass && *url->pass) { + php_http_buffer_appends(&buf, ":"); + php_http_buffer_appendl(&buf, url->pass); + } + php_http_buffer_appends(&buf, "@"); + } + + if (url->host && *url->host) { + php_http_buffer_appendl(&buf, url->host); + if (url->port) { + php_http_buffer_appendf(&buf, ":%hu", url->port); + } + } + + php_http_buffer_shrink(&buf); + php_http_buffer_fix(&buf); + + if (url_len) { + *url_len = buf.used; + } + + if (url_str) { + *url_str = buf.data; + } + + return buf.data; +} + php_http_url_t *php_http_url_from_zval(zval *value, unsigned flags) { zend_string *zs; @@ -396,49 +451,49 @@ php_http_url_t *php_http_url_from_struct(HashTable *ht) php_http_buffer_account(&buf, sizeof(php_http_url_t)); memset(buf.data, 0, buf.used); - if ((e = zend_hash_str_find(ht, ZEND_STRL("scheme")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("scheme")))) { zend_string *zs = zval_get_string(e); url(buf)->scheme = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("user")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("user")))) { zend_string *zs = zval_get_string(e); url(buf)->user = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("pass")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("pass")))) { zend_string *zs = zval_get_string(e); url(buf)->pass = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("host")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("host")))) { zend_string *zs = zval_get_string(e); url(buf)->host = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("port")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("port")))) { url(buf)->port = (unsigned short) zval_get_long(e); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("path")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("path")))) { zend_string *zs = zval_get_string(e); url(buf)->path = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("query")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("query")))) { zend_string *zs = zval_get_string(e); url(buf)->query = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } - if ((e = zend_hash_str_find(ht, ZEND_STRL("fragment")))) { + if ((e = zend_hash_str_find_ind(ht, ZEND_STRL("fragment")))) { zend_string *zs = zval_get_string(e); url(buf)->fragment = &buf.data[buf.used]; - php_http_buffer_append(&buf, zs->val, zs->len + 1); + url_append(&buf, php_http_buffer_append(&buf, zs->val, zs->len + 1)); zend_string_release(zs); } @@ -514,8 +569,8 @@ HashTable *php_http_url_to_struct(const php_http_url_t *url, zval *strct) ZEND_RESULT_CODE php_http_url_encode_hash(HashTable *hash, const char *pre_encoded_str, size_t pre_encoded_len, char **encoded_str, size_t *encoded_len) { - const char *arg_sep_str; - size_t arg_sep_len; + const char *arg_sep_str = "&"; + size_t arg_sep_len = 1; php_http_buffer_t *qstr = php_http_buffer_new(); php_http_url_argsep(&arg_sep_str, &arg_sep_len); @@ -620,8 +675,9 @@ static size_t parse_mb_loc(unsigned *wc, const char *ptr, const char *end) wchar_t wchar; size_t consumed = 0; #if defined(HAVE_MBRTOWC) - mbstate_t ps = {0}; + mbstate_t ps; + memset(&ps, 0, sizeof(ps)); consumed = mbrtowc(&wchar, ptr, end - ptr, &ps); #elif defined(HAVE_MBTOWC) consumed = mbtowc(&wchar, ptr, end - ptr); @@ -703,9 +759,15 @@ static size_t parse_mb(struct parse_state *state, parse_mb_what_t what, const ch } if (!silent) { - php_error_docref(NULL, E_WARNING, - "Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'", - parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin); + if (consumed) { + php_error_docref(NULL, E_WARNING, + "Failed to parse %s; unexpected multibyte sequence 0x%x at pos %u in '%s'", + parse_what[what], wchar, (unsigned) (ptr - begin), begin); + } else { + php_error_docref(NULL, E_WARNING, + "Failed to parse %s; unexpected byte 0x%02x at pos %u in '%s'", + parse_what[what], (unsigned char) *ptr, (unsigned) (ptr - begin), begin); + } } return 0; @@ -775,45 +837,244 @@ static ZEND_RESULT_CODE parse_userinfo(struct parse_state *state, const char *pt return SUCCESS; } -static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr) +#if defined(PHP_WIN32) || defined(HAVE_UIDNA_IDNTOASCII) +typedef size_t (*parse_mb_func)(unsigned *wc, const char *ptr, const char *end); +static ZEND_RESULT_CODE to_utf16(parse_mb_func fn, const char *u8, uint16_t **u16, size_t *len) { - size_t mb, len; - const char *end = state->ptr, *tmp = ptr, *port = NULL; + size_t offset = 0, u8_len = strlen(u8); + *u16 = ecalloc(4 * sizeof(uint16_t), u8_len + 1); + *len = 0; -#ifdef HAVE_INET_PTON - if (*ptr == '[') { - char *error = NULL, *tmp = memchr(ptr, ']', end - ptr); - - if (tmp) { - size_t addrlen = tmp - ptr + 1; - char buf[16], *addr = estrndup(ptr + 1, addrlen - 2); - int rv = inet_pton(AF_INET6, addr, buf); - - efree(addr); - if (rv == 1) { - state->buffer[state->offset] = '['; - state->url.host = &state->buffer[state->offset]; - inet_ntop(AF_INET6, buf, state->url.host + 1, state->maxlen - state->offset); - state->offset += strlen(state->url.host); - state->buffer[state->offset++] = ']'; - state->buffer[state->offset++] = 0; - ptr = tmp + 1; - } else if (rv == -1) { - error = strerror(errno); - } else { - error = "unexpected '['"; - } + while (offset < u8_len) { + unsigned wc; + uint16_t buf[2], *ptr = buf; + size_t consumed = fn(&wc, &u8[offset], &u8[u8_len]); + + if (!consumed) { + efree(*u16); + php_error_docref(NULL, E_WARNING, "Failed to parse UTF-8 at pos %zu of '%s'", offset, u8); + return FAILURE; } else { - error = "expected ']'"; + offset += consumed; } - if (error) { - php_error_docref(NULL, E_WARNING, "Failed to parse hostinfo; %s", error); + switch (wctoutf16(buf, wc)) { + case 2: + (*u16)[(*len)++] = *ptr++; + /* no break */ + case 1: + (*u16)[(*len)++] = *ptr++; + break; + case 0: + default: + efree(*u16); + php_error_docref(NULL, E_WARNING, "Failed to convert UTF-32 'U+%X' to UTF-16", wc); return FAILURE; } } + + return SUCCESS; +} #endif + +#ifndef MAXHOSTNAMELEN +# define MAXHOSTNAMELEN 256 +#endif + +#if PHP_HTTP_HAVE_IDN2 +static ZEND_RESULT_CODE parse_idn2(struct parse_state *state, size_t prev_len) +{ + char *idn = NULL; + int rv = -1; + + if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) { + rv = idn2_lookup_u8((const unsigned char *) state->url.host, (unsigned char **) &idn, IDN2_NFC_INPUT); + } +# ifdef PHP_HTTP_HAVE_WCHAR + else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) { + rv = idn2_lookup_ul(state->url.host, &idn, 0); + } +# endif + if (rv != IDN2_OK) { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idn2_strerror(rv)); + return FAILURE; + } else { + size_t idnlen = strlen(idn); + memcpy(state->url.host, idn, idnlen + 1); + free(idn); + state->offset += idnlen - prev_len; + return SUCCESS; + } +} +#elif PHP_HTTP_HAVE_IDN +static ZEND_RESULT_CODE parse_idn(struct parse_state *state, size_t prev_len) +{ + char *idn = NULL; + int rv = -1; + + if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) { + rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES); + } +# ifdef PHP_HTTP_HAVE_WCHAR + else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) { + rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES); + } +# endif + if (rv != IDNA_SUCCESS) { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv)); + return FAILURE; + } else { + size_t idnlen = strlen(idn); + memcpy(state->url.host, idn, idnlen + 1); + free(idn); + state->offset += idnlen - prev_len; + return SUCCESS; + } +} +#endif + +#ifdef HAVE_UIDNA_IDNTOASCII +# if HAVE_UNICODE_UIDNA_H +# include +# else +typedef uint16_t UChar; +typedef enum { U_ZERO_ERROR = 0 } UErrorCode; +int32_t uidna_IDNToASCII(const UChar *src, int32_t srcLength, UChar *dest, int32_t destCapacity, int32_t options, void *parseError, UErrorCode *status); +# endif +static ZEND_RESULT_CODE parse_uidn(struct parse_state *state) +{ + char *host_ptr; + uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr; + size_t uhost_len, ahost_len; + UErrorCode error = U_ZERO_ERROR; + + if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) { + if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) { + return FAILURE; + } +#ifdef PHP_HTTP_HAVE_WCHAR + } else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) { + if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) { + return FAILURE; + } +#endif + } else { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN; codepage not specified"); + return FAILURE; + } + + ahost_len = uidna_IDNToASCII(uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN, 3, NULL, &error); + efree(uhost_str); + + if (error != U_ZERO_ERROR) { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN; ICU error %d", error); + return FAILURE; + } + + host_ptr = state->url.host; + ahost_ptr = ahost_str; + PHP_HTTP_DUFF(ahost_len, *host_ptr++ = *ahost_ptr++); + + *host_ptr = '\0'; + state->offset += host_ptr - state->url.host; + + return SUCCESS; +} +#endif + +#if 0 && defined(PHP_WIN32) +static ZEND_RESULT_CODE parse_widn(struct parse_state *state) +{ + char *host_ptr; + uint16_t *uhost_str, ahost_str[MAXHOSTNAMELEN], *ahost_ptr; + size_t uhost_len; + + if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) { + if (SUCCESS != to_utf16(parse_mb_utf8, state->url.host, &uhost_str, &uhost_len)) { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN"); + return FAILURE; + } +#ifdef PHP_HTTP_HAVE_WCHAR + } else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) { + if (SUCCESS != to_utf16(parse_mb_loc, state->url.host, &uhost_str, &uhost_len)) { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN"); + return FAILURE; + } +#endif + } else { + php_error_docref(NULL, E_WARNING, "Failed to parse IDN"); + return FAILURE; + } + + if (!IdnToAscii(IDN_ALLOW_UNASSIGNED|IDN_USE_STD3_ASCII_RULES, uhost_str, uhost_len, ahost_str, MAXHOSTNAMELEN)) { + efree(uhost_str); + php_error_docref(NULL, E_WARNING, "Failed to parse IDN"); + return FAILURE; + } + + efree(uhost_str); + host_ptr = state->url.host; + ahost_ptr = ahost_str; + PHP_HTTP_DUFF(wcslen(ahost_str), *host_ptr++ = *ahost_ptr++); + efree(ahost_str); + + *host_ptr = '\0'; + state->offset += host_ptr - state->url.host; + + return SUCCESS; +} +#endif + +#ifdef HAVE_INET_PTON +static const char *parse_ip6(struct parse_state *state, const char *ptr) +{ + size_t mb, len; + const char *error = NULL, *end = state->ptr, *tmp = memchr(ptr, ']', end - ptr); + + if (tmp) { + size_t addrlen = tmp - ptr + 1; + char buf[16], *addr = estrndup(ptr + 1, addrlen - 2); + int rv = inet_pton(AF_INET6, addr, buf); + + if (rv == 1) { + state->buffer[state->offset] = '['; + state->url.host = &state->buffer[state->offset]; + inet_ntop(AF_INET6, buf, state->url.host + 1, state->maxlen - state->offset); + state->offset += strlen(state->url.host); + state->buffer[state->offset++] = ']'; + state->buffer[state->offset++] = 0; + ptr = tmp + 1; + } else if (rv == -1) { + error = strerror(errno); + } else { + error = "unexpected '['"; + } + efree(addr); + } else { + error = "expected ']'"; + } + + if (error) { + php_error_docref(NULL, E_WARNING, "Failed to parse hostinfo; %s", error); + return NULL; + } + + return ptr; +} +#endif + +static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *ptr) +{ + size_t mb, len; + const char *end = state->ptr, *tmp = ptr, *port = NULL, *label = NULL; + +#ifdef HAVE_INET_PTON + if (*ptr == '[' && !(ptr = parse_ip6(state, ptr))) { + return FAILURE; + } +#endif + if (ptr != end) do { switch (*ptr) { case ':': @@ -841,6 +1102,20 @@ static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *pt case '!': case '$': case '&': case '\'': case '(': case ')': case '*': case '+': case ',': case ';': case '=': /* sub-delims */ case '-': case '.': case '_': case '~': /* unreserved */ + if (port || !label) { + /* sort of a compromise, just ensure we don't end up + * with a dot at the beginning or two consecutive dots + */ + php_error_docref(NULL, E_WARNING, + "Failed to parse %s; unexpected '%c' at pos %u in '%s'", + port ? "port" : "host", + (unsigned char) *ptr, (unsigned) (ptr - tmp), tmp); + return FAILURE; + } + state->buffer[state->offset++] = *ptr; + label = NULL; + break; + case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': case 'G': case 'H': case 'I': case 'J': case 'K': case 'L': case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R': case 'S': case 'T': case 'U': @@ -863,12 +1138,15 @@ static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *pt state->url.port *= 10; state->url.port += *ptr - '0'; } else { + label = ptr; state->buffer[state->offset++] = *ptr; } break; default: - if (port) { + if (ptr == end) { + break; + } else if (port) { php_error_docref(NULL, E_WARNING, "Failed to parse port; unexpected byte 0x%02x at pos %u in '%s'", (unsigned char) *ptr, (unsigned) (ptr - tmp), tmp); @@ -876,6 +1154,7 @@ static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *pt } else if (!(mb = parse_mb(state, PARSE_HOSTINFO, ptr, end, tmp, 0))) { return FAILURE; } + label = ptr; ptr += mb - 1; } } while (++ptr != end); @@ -886,30 +1165,19 @@ static ZEND_RESULT_CODE parse_hostinfo(struct parse_state *state, const char *pt state->buffer[state->offset++] = 0; } -#ifdef PHP_HTTP_HAVE_IDN if (state->flags & PHP_HTTP_URL_PARSE_TOIDN) { - char *idn = NULL; - int rv = -1; - - if (state->flags & PHP_HTTP_URL_PARSE_MBUTF8) { - rv = idna_to_ascii_8z(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES); - } -# ifdef PHP_HTTP_HAVE_WCHAR - else if (state->flags & PHP_HTTP_URL_PARSE_MBLOC) { - rv = idna_to_ascii_lz(state->url.host, &idn, IDNA_ALLOW_UNASSIGNED|IDNA_USE_STD3_ASCII_RULES); - } -# endif - if (rv != IDNA_SUCCESS) { - php_error_docref(NULL, E_WARNING, "Failed to parse IDN; %s", idna_strerror(rv)); - return FAILURE; - } else { - size_t idnlen = strlen(idn); - memcpy(state->url.host, idn, idnlen + 1); - free(idn); - state->offset += idnlen - len; - } - } +#if PHP_HTTP_HAVE_IDN2 + return parse_idn2(state, len); +#elif PHP_HTTP_HAVE_IDN + return parse_idn(state, len); +#endif +#ifdef HAVE_UIDNA_IDNTOASCII + return parse_uidn(state); +#endif +#if 0 && defined(PHP_WIN32) + return parse_widn(state); #endif + } return SUCCESS; } @@ -938,6 +1206,7 @@ static const char *parse_authority(struct parse_state *state) case '?': case '#': case '\0': + EOD: /* host delimiter */ if (tmp != state->ptr && SUCCESS != parse_hostinfo(state, tmp)) { return NULL; @@ -946,7 +1215,8 @@ static const char *parse_authority(struct parse_state *state) } } while (++state->ptr <= state->end); - return NULL; + --state->ptr; + goto EOD; } static const char *parse_path(struct parse_state *state) @@ -1030,7 +1300,7 @@ static const char *parse_query(struct parse_state *state) tmp = ++state->ptr; state->url.query = &state->buffer[state->offset]; - do { + while (state->ptr < state->end) { switch (*state->ptr) { case '#': goto done; @@ -1047,8 +1317,11 @@ static const char *parse_query(struct parse_state *state) state->buffer[state->offset++] = *state->ptr; break; - case ']': - case '[': + /* RFC1738 unsafe */ + case '{': case '}': + case '<': case '>': + case '[': case ']': + case '|': case '\\': case '^': case '`': case '"': case ' ': if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) { state->buffer[state->offset++] = '%'; state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4]; @@ -1082,7 +1355,9 @@ static const char *parse_query(struct parse_state *state) } state->ptr += mb - 1; } - } while (++state->ptr < state->end); + + ++state->ptr; + } done: state->buffer[state->offset++] = 0; @@ -1117,6 +1392,19 @@ static const char *parse_fragment(struct parse_state *state) state->buffer[state->offset++] = *state->ptr; break; + /* RFC1738 unsafe */ + case '{': case '}': + case '<': case '>': + case '[': case ']': + case '|': case '\\': case '^': case '`': case '"': case ' ': + if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) { + state->buffer[state->offset++] = '%'; + state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4]; + state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) & 0xf]; + break; + } + /* no break */ + case '?': case '/': case '!': case '$': case '&': case '\'': case '(': case ')': case '*': case '+': case ',': case ';': case '=': /* sub-delims */ @@ -1243,6 +1531,32 @@ php_http_url_t *php_http_url_parse(const char *str, size_t len, unsigned flags) return (php_http_url_t *) state; } +php_http_url_t *php_http_url_parse_authority(const char *str, size_t len, unsigned flags) +{ + size_t maxlen = 3 * len; + struct parse_state *state = ecalloc(1, sizeof(*state) + maxlen); + + state->end = str + len; + state->ptr = str; + state->flags = flags; + state->maxlen = maxlen; + + if (!(state->ptr = parse_authority(state))) { + efree(state); + return NULL; + } + + if (state->ptr != state->end) { + php_error_docref(NULL, E_WARNING, + "Failed to parse URL authority, unexpected character at pos %u in '%s'", + (unsigned) (state->ptr - str), str); + efree(state); + return NULL; + } + + return (php_http_url_t *) state; +} + ZEND_BEGIN_ARG_INFO_EX(ai_HttpUrl___construct, 0, 0, 0) ZEND_ARG_INFO(0, old_url) ZEND_ARG_INFO(0, new_url) @@ -1299,7 +1613,7 @@ ZEND_END_ARG_INFO(); PHP_METHOD(HttpUrl, mod) { zval *new_url = NULL; - zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY; + zend_long flags = PHP_HTTP_URL_JOIN_PATH | PHP_HTTP_URL_JOIN_QUERY | PHP_HTTP_URL_SANITIZE_PATH; zend_error_handling zeh; php_http_expect(SUCCESS == zend_parse_parameters(ZEND_NUM_ARGS(), "z!|l", &new_url, &flags), invalid_arg, return); @@ -1414,7 +1728,7 @@ PHP_MINIT_FUNCTION(http_url) zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBLOC"), PHP_HTTP_URL_PARSE_MBLOC); #endif zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_MBUTF8"), PHP_HTTP_URL_PARSE_MBUTF8); -#ifdef PHP_HTTP_HAVE_IDN +#if defined(PHP_HTTP_HAVE_IDN2) || defined(PHP_HTTP_HAVE_IDN) || defined(HAVE_UIDNA_IDNTOASCII) zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOIDN"), PHP_HTTP_URL_PARSE_TOIDN); #endif zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("PARSE_TOPCT"), PHP_HTTP_URL_PARSE_TOPCT);