[PHP-CVS] cvs: php-src /ext/standard http_fopen_wrapper.c

Mon, 28 Jul 2008 12:04:10 -0700 

lbarnaud                Mon Jul 28 19:03:57 2008 UTC

  Modified files:              
    /php-src/ext/standard       http_fopen_wrapper.c 
  Log:
  When automatically redirecting an HTTP request, use the GET method when the 
  original method was not HEAD or GET (fixes #45540)
  #
  # The RFC says that in case of 3xx code, "The action required MAY be 
  # carried out [...] *only if the method used in the second request is GET or 
  # HEAD*".
  #
  # This may not break anything as actually POST requests replying 
  # with a Location header never worked as the redirecting request was sent 
using
  # the POST method, but without Entity-Body (and without Content-Length 
header, 
  # which caused the server to reply with a "411 Length Required" or to treat 
  # the request as GET).
  #
  
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/http_fopen_wrapper.c?r1=1.135&r2=1.136&diff_format=u
Index: php-src/ext/standard/http_fopen_wrapper.c
diff -u php-src/ext/standard/http_fopen_wrapper.c:1.135 
php-src/ext/standard/http_fopen_wrapper.c:1.136
--- php-src/ext/standard/http_fopen_wrapper.c:1.135     Fri Jul 25 08:27:10 2008
+++ php-src/ext/standard/http_fopen_wrapper.c   Mon Jul 28 19:03:57 2008
@@ -19,7 +19,7 @@
    |          Sara Golemon <[EMAIL PROTECTED]>                              |
    +----------------------------------------------------------------------+
  */
-/* $Id: http_fopen_wrapper.c,v 1.135 2008/07/25 08:27:10 mike Exp $ */ 
+/* $Id: http_fopen_wrapper.c,v 1.136 2008/07/28 19:03:57 lbarnaud Exp $ */ 
 
 #include "php.h"
 #include "php_globals.h"
@@ -294,10 +294,17 @@
 
        if (context && php_stream_context_get_option(context, "http", "method", 
&tmpzval) == SUCCESS) {
                if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 
0) {
-                       scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
-                       scratch = emalloc(scratch_len);
-                       strlcpy(scratch, Z_STRVAL_PP(tmpzval), 
Z_STRLEN_PP(tmpzval) + 1);
-                       strcat(scratch, " ");
+                       /* As per the RFC, automatically redirected requests 
MUST NOT use other methods than
+                        * GET and HEAD unless it can be confirmed by the user 
*/
+                       if (redirect_max == PHP_URL_REDIRECT_MAX
+                               || (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET", 
Z_STRVAL_PP(tmpzval), 3) == 0)
+                               || (Z_STRLEN_PP(tmpzval) == 4 && 
memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0)
+                       ) {
+                               scratch_len = strlen(path) + 29 + 
Z_STRLEN_PP(tmpzval);
+                               scratch = emalloc(scratch_len);
+                               strlcpy(scratch, Z_STRVAL_PP(tmpzval), 
Z_STRLEN_PP(tmpzval) + 1);
+                               strcat(scratch, " ");
+                       }
                }
        }
  



-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to