|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-04-12 14:45 UTC] sniper@php.net
[2006-04-16 16:56 UTC] iliaa@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 16:01:29 2025 UTC |
Description: ------------ The original report was a vulnerability in redirects to FTP servers, since they don't perform URL escaping, but the fix effects HTTP and HTTPS as well. This broke one valid redirection for us that we know about. My fix was to wrap the calls to CHECK_FOR_CNTRL_CHARS in a conditional: diff -u2 -r php-4.4.2.orig/ext/standard/http_fopen_wrapper.c php-4.4.2/ext/standard/http_fopen_wrapper.c --- php-4.4.2.orig/ext/standard/http_fopen_wrapper.c Sun Jan 1 08:46:57 2006 +++ php-4.4.2/ext/standard/http_fopen_wrapper.c Fri Apr 7 18:07:28 2006 @@ -503,7 +503,9 @@ } \ /* check for control characters in login, password & path */ - CHECK_FOR_CNTRL_CHARS(resource->user) - CHECK_FOR_CNTRL_CHARS(resource->pass) - CHECK_FOR_CNTRL_CHARS(resource->path) + if (strncasecmp(resource->scheme, "http", sizeof("http")) && strncasecmp(resource->scheme, "https", sizeof("https"))) { + CHECK_FOR_CNTRL_CHARS(resource->user) + CHECK_FOR_CNTRL_CHARS(resource->pass) + CHECK_FOR_CNTRL_CHARS(resource->path) + } stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);