From c3f7d34f18cd62956f241092c67a38edf246328d Mon Sep 17 00:00:00 2001 From: Michael Wallner Date: Wed, 22 Jul 2015 06:51:39 +0200 Subject: [PATCH] Fix gh-issue #6 Allow RFC1738 unsafe characters in URL query/fragment. Closes issue #6. --- package.xml | 2 ++ php_http_url.c | 20 ++++++++++++++++++-- tests/gh-issue6.phpt | 21 +++++++++++++++++++++ 3 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 tests/gh-issue6.phpt diff --git a/package.xml b/package.xml index 30e067a..922589a 100644 --- a/package.xml +++ b/package.xml @@ -48,6 +48,7 @@ http://dev.iworks.at/ext-http/lcov/ext/http/ = 7.42 with gnutls (openssl has already been since 7.19.1) + Added "falsestart" SSL request option (available with libcurl >= 7.42 and darwinssl/NSS) + Added "service_name" and "proxy_service_name" request options for SPNEGO (available with libcurl >= 7.43) @@ -246,6 +247,7 @@ http://dev.iworks.at/ext-http/lcov/ext/http/ + diff --git a/php_http_url.c b/php_http_url.c index c296bbc..d782962 100644 --- a/php_http_url.c +++ b/php_http_url.c @@ -1288,8 +1288,11 @@ static const char *parse_query(struct parse_state *state) state->buffer[state->offset++] = *state->ptr; break; - case ']': - case '[': + /* RFC1738 unsafe */ + case '{': case '}': + case '<': case '>': + case '[': case ']': + case '|': case '\\': case '^': case '`': case '"': case ' ': if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) { state->buffer[state->offset++] = '%'; state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4]; @@ -1361,6 +1364,19 @@ static const char *parse_fragment(struct parse_state *state) state->buffer[state->offset++] = *state->ptr; break; + /* RFC1738 unsafe */ + case '{': case '}': + case '<': case '>': + case '[': case ']': + case '|': case '\\': case '^': case '`': case '"': case ' ': + if (state->flags & PHP_HTTP_URL_PARSE_TOPCT) { + state->buffer[state->offset++] = '%'; + state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) >> 4]; + state->buffer[state->offset++] = parse_xdigits[((unsigned char) *state->ptr) & 0xf]; + break; + } + /* no break */ + case '?': case '/': case '!': case '$': case '&': case '\'': case '(': case ')': case '*': case '+': case ',': case ';': case '=': /* sub-delims */ diff --git a/tests/gh-issue6.phpt b/tests/gh-issue6.phpt new file mode 100644 index 0000000..3de34bd --- /dev/null +++ b/tests/gh-issue6.phpt @@ -0,0 +1,21 @@ +--TEST-- +url - unsafe characters +--SKIPIF-- + +--FILE-- +query; +echo "\n"; +echo (new http\Url("?id={\$id}"))->query; +echo "\n"; + +?> +===DONE=== +--EXPECT-- +Test +__utma=1152894289.1017686999.9107388726.1439222726.1494721726.1&__utmb=115739289.1.10.1437388726&__utmc=115883619&__utmx=-&__utmz=115111289.14310476.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&__utmv=-&__utmk=112678937 +id={$id} +===DONE=== -- 2.30.2