php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #9730 When following redirects, username and password ignored
Submitted: 2001-03-13 19:50 UTC Modified: 2001-07-22 16:07 UTC
From: edink at proventum dot net Assigned:
Status: Closed Package: *URL Functions
PHP Version: 4.0 Latest CVS (13/03/2001) OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: edink at proventum dot net
New email:
PHP Version: OS:

 

 [2001-03-13 19:50 UTC] edink at proventum dot net 
fopen() and friends when opening "http://user:pass@site"  do not send username and password when following a redirect.

This patch would solve the problem:

Index: http_fopen_wrapper.c
===================================================================
RCS file: /repository/php4/ext/standard/http_fopen_wrapper.c,v
retrieving revision 1.7
diff -u -3 -p -r1.7 http_fopen_wrapper.c
--- http_fopen_wrapper.c	2001/02/26 06:07:17	1.7
+++ http_fopen_wrapper.c	2001/03/13 18:45:50
@@ -71,9 +71,9 @@
 FILE *php_fopen_url_wrap_http(char *path, char *mode, int options, int *issock, int *socketd, char **opened_path)
 {
 	FILE *fp=NULL;
-	php_url *resource=NULL;
+	php_url *resource=NULL, *resource_new=NULL;
 	char tmp_line[128];
-	char location[512];
+	char location[512], location_new[512];
 	char hdr_line[8192];
 	int body = 0;
 	char *scratch;
@@ -269,12 +269,42 @@ FILE *php_fopen_url_wrap_http(char *path
 	if (!reqok) {
 		SOCK_FCLOSE(*socketd);
 		*socketd = 0;
-		free_url(resource);
 		if (location[0] != '\0') {
 			zval **response_header_new, *entry, **entryp;
+
+			if (resource->user == NULL || resource->pass == NULL) {
+			  strcpy(location_new, location);
+			} else {   /* we have username and password */
+			  resource_new = url_parse((char *) location);
+			  if (resource_new == NULL) {
+			    php_error(E_WARNING, "Invalid redirect URL, %s", location);
+			    *issock = BAD_URL;
+			    free_url(resource);
+			    return NULL;
+			  }
+
+			  /* use port 80 if one wasn't specified */
+			  if (resource_new->port == 0) {
+			    resource_new->port = 80;
+			  }
+
+			  snprintf (location_new, sizeof(location_new), "http://%s:%s@%s:%d", resource->user, resource->pass, resource_new->host, resource_new->port);
+
+			  if (resource_new->path != NULL) {
+			    strlcat (location_new, resource_new->path, sizeof (location_new));
+			  }
+			  if (resource_new->query != NULL) {
+			    strlcat (location_new, "?", sizeof(location_new));
+			    strlcat (location_new, resource_new->query , sizeof(location_new));
+			  }
+			  free_url(resource_new);
+			}
+
+
+			free_url(resource);
 			ELS_FETCH();
 
-			fp = php_fopen_url_wrap_http(location, mode, options, issock, socketd, opened_path);
+			fp = php_fopen_url_wrap_http(location_new, mode, options, issock, socketd, opened_path);
 			if (zend_hash_find(EG(active_symbol_table), "http_response_header", sizeof("http_response_header"), (void **) &response_header_new) == SUCCESS) {
 				entryp = &entry;
 				MAKE_STD_ZVAL(entry);
@@ -289,6 +319,7 @@ FILE *php_fopen_url_wrap_http(char *path
 			}
 			goto out;
 		} else {
+			free_url(resource);
 			fp = NULL;
 			goto out;
 		}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-07-22 16:07 UTC] andy@php.net 
Please register at the PHP Development Mailing List at
php-dev-subscribe@lists.php.net and email them your patch.
Thanks.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sat May 10 23:01:29 2025 UTC