X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=php_http_url.c;h=efa9116e4b7a8d300b660717a6981e988a0d05d5;hp=c8fe62e85e37819f5db7dcb2504ec08efa669a14;hb=565b1721506d335bd2fc8b52126b3827eb7212e4;hpb=bd80b17b026a00a254ee8693cd7bacf1ebdec4cf diff --git a/php_http_url.c b/php_http_url.c index c8fe62e..efa9116 100644 --- a/php_http_url.c +++ b/php_http_url.c @@ -92,7 +92,9 @@ static php_url *php_http_url_from_env(php_url *url TSRMLS_DC) if ((((zhost = php_http_env_get_server_var(ZEND_STRL("HTTP_HOST"), 1 TSRMLS_CC)) || (zhost = php_http_env_get_server_var(ZEND_STRL("SERVER_NAME"), 1 TSRMLS_CC)) || (zhost = php_http_env_get_server_var(ZEND_STRL("SERVER_ADDR"), 1 TSRMLS_CC)))) && Z_STRLEN_P(zhost)) { - url->host = estrndup(Z_STRVAL_P(zhost), Z_STRLEN_P(zhost)); + size_t stop_at = strspn(Z_STRVAL_P(zhost), "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-."); + + url->host = estrndup(Z_STRVAL_P(zhost), stop_at); } else { url->host = localhostname(); } @@ -222,7 +224,8 @@ PHP_HTTP_API void php_http_url(int flags, const php_url *old_url, const php_url STR_SET(url->path, path); } /* replace directory references if path is not a single slash */ - if (url->path[0] && (url->path[0] != '/' || url->path[1])) { + if ((flags & PHP_HTTP_URL_SANITIZE_PATH) + && url->path[0] && (url->path[0] != '/' || url->path[1])) { char *ptr, *end = url->path + strlen(url->path) + 1; for (ptr = strchr(url->path, '/'); ptr; ptr = strchr(ptr, '/')) { @@ -642,6 +645,7 @@ PHP_MINIT_FUNCTION(http_url) zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("STRIP_FRAGMENT"), PHP_HTTP_URL_STRIP_FRAGMENT TSRMLS_CC); zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("STRIP_ALL"), PHP_HTTP_URL_STRIP_ALL TSRMLS_CC); zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("FROM_ENV"), PHP_HTTP_URL_FROM_ENV TSRMLS_CC); + zend_declare_class_constant_long(php_http_url_class_entry, ZEND_STRL("SANITIZE_PATH"), PHP_HTTP_URL_SANITIZE_PATH TSRMLS_CC); return SUCCESS; }