lbarnaud Mon Jul 28 19:03:57 2008 UTC Modified files: /php-src/ext/standard http_fopen_wrapper.c Log: When automatically redirecting an HTTP request, use the GET method when the original method was not HEAD or GET (fixes #45540) # # The RFC says that in case of 3xx code, "The action required MAY be # carried out [...] *only if the method used in the second request is GET or # HEAD*". # # This may not break anything as actually POST requests replying # with a Location header never worked as the redirecting request was sent using # the POST method, but without Entity-Body (and without Content-Length header, # which caused the server to reply with a "411 Length Required" or to treat # the request as GET). # http://cvs.php.net/viewvc.cgi/php-src/ext/standard/http_fopen_wrapper.c?r1=1.135&r2=1.136&diff_format=u Index: php-src/ext/standard/http_fopen_wrapper.c diff -u php-src/ext/standard/http_fopen_wrapper.c:1.135 php-src/ext/standard/http_fopen_wrapper.c:1.136 --- php-src/ext/standard/http_fopen_wrapper.c:1.135 Fri Jul 25 08:27:10 2008 +++ php-src/ext/standard/http_fopen_wrapper.c Mon Jul 28 19:03:57 2008 @@ -19,7 +19,7 @@ | Sara Golemon <[EMAIL PROTECTED]> | +----------------------------------------------------------------------+ */ -/* $Id: http_fopen_wrapper.c,v 1.135 2008/07/25 08:27:10 mike Exp $ */ +/* $Id: http_fopen_wrapper.c,v 1.136 2008/07/28 19:03:57 lbarnaud Exp $ */ #include "php.h" #include "php_globals.h" @@ -294,10 +294,17 @@ if (context && php_stream_context_get_option(context, "http", "method", &tmpzval) == SUCCESS) { if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) { - scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); - scratch = emalloc(scratch_len); - strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); - strcat(scratch, " "); + /* As per the RFC, automatically redirected requests MUST NOT use other methods than + * GET and HEAD unless it can be confirmed by the user */ + if (redirect_max == PHP_URL_REDIRECT_MAX + || (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET", Z_STRVAL_PP(tmpzval), 3) == 0) + || (Z_STRLEN_PP(tmpzval) == 4 && memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0) + ) { + scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval); + scratch = emalloc(scratch_len); + strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1); + strcat(scratch, " "); + } } }
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php