php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76015 get_headers() parse wrong hostname
Submitted: 2018-02-27 04:06 UTC Modified: 2018-02-28 14:50 UTC
From: zhihua dot yao at dbappsecurity dot com dot cn Assigned: cmb (profile)
Status: Not a bug Package: URL related
PHP Version: 7.2.2 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: zhihua dot yao at dbappsecurity dot com dot cn
New email:
PHP Version: OS:

 

 [2018-02-27 04:06 UTC] zhihua dot yao at dbappsecurity dot com dot cn
Description:
------------
Actually  get_headers parse the wrong hostname.


Test script:
---------------
<?php

print_r(get_headers('http://www.youtube.com@www.google.com.hk'));

Expected result:
----------------
Return the youtube response headers.

Actual result:
--------------
Return the google response headers.

Since Google can not be accessed, the actual results are as follows:

Warning: get_headers(http://...@www.google.com.hk): failed to open stream: Network is unreachable in /home/hjy/Desktop/test2.php on line 3

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-02-27 04:07 UTC] zhihua dot yao at dbappsecurity dot com dot cn
Related To: Bug #73192
 [2018-02-28 12:41 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2018-02-28 12:41 UTC] cmb@php.net
In the given URI, www.youtube.com is the user(info)[1], and
www.google.com.hk is the domain.  I fail to see why this
interpretation would be a bug.

[1] <https://tools.ietf.org/html/rfc3986#section-3.2.1>
 [2018-02-28 14:05 UTC] zhihua dot yao at dbappsecurity dot com dot cn
-Status: Feedback +Status: Assigned
 [2018-02-28 14:05 UTC] zhihua dot yao at dbappsecurity dot com dot cn
okay,my fault.This is not a bug.
 [2018-02-28 14:07 UTC] zhihua dot yao at dbappsecurity dot com dot cn
okay,my fault.This is not a bug.
 [2018-02-28 14:50 UTC] cmb@php.net
-Status: Assigned +Status: Not a bug -Type: Security +Type: Bug
 [2018-02-28 14:50 UTC] cmb@php.net
Okay, closing.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Jan 27 21:03:35 2022 UTC