|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37045 Fix for #32936 affects valid http redirects
Submitted: 2006-04-11 20:43 UTC Modified: 2006-04-16 16:56 UTC
From: mberg at synacor dot com Assigned: iliaa (profile)
Status: Closed Package: Filesystem function related
PHP Version: 5.1.2, 4.4.2 OS: Red Hat Linux 7.2 (ish)
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: mberg at synacor dot com
New email:
PHP Version: OS:


 [2006-04-11 20:43 UTC] mberg at synacor dot com
The original report was a vulnerability in redirects to FTP servers, since they don't perform URL escaping, but the fix effects HTTP and HTTPS as well.

This broke one valid redirection for us that we know about.

My fix was to wrap the calls to CHECK_FOR_CNTRL_CHARS in a conditional:

diff -u2 -r php-4.4.2.orig/ext/standard/http_fopen_wrapper.c php-4.4.2/ext/standard/http_fopen_wrapper.c
--- php-4.4.2.orig/ext/standard/http_fopen_wrapper.c    Sun Jan  1 08:46:57 2006
+++ php-4.4.2/ext/standard/http_fopen_wrapper.c Fri Apr  7 18:07:28 2006
@@ -503,7 +503,9 @@
 }      \
                        /* check for control characters in login, password & path */
-                       CHECK_FOR_CNTRL_CHARS(resource->user)
-                       CHECK_FOR_CNTRL_CHARS(resource->pass)
-                       CHECK_FOR_CNTRL_CHARS(resource->path)
+                       if (strncasecmp(resource->scheme, "http", sizeof("http")) && strncasecmp(resource->scheme, "https", sizeof("https"))) {
+                               CHECK_FOR_CNTRL_CHARS(resource->user)

+                               CHECK_FOR_CNTRL_CHARS(resource->pass)
+                               CHECK_FOR_CNTRL_CHARS(resource->path)
+                       }

                        stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-04-12 14:45 UTC]
Ilia, your fix broke this?
 [2006-04-16 16:56 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 01 13:01:30 2024 UTC