[PHP-CVS] com php-src: Fix bug #62524, only follow redirects in file streams for 3xx HTTP statuses: NEWS ext/standard/http_fopen_wrapper.c

Tue, 29 Jan 2013 00:29:55 -0800 

Commit:    5382e156f925603ef0f65b9cc4fed29cbe2dce9b
Author:    Stanislav Malyshev <s...@php.net>         Tue, 29 Jan 2013 00:24:23 
-0800
Parents:   3e6d633a0d8cef7de8b32febb61d0bb32628305a
Branches:  PHP-5.4 PHP-5.5 master

Link:       
http://git.php.net/?p=php-src.git;a=commitdiff;h=5382e156f925603ef0f65b9cc4fed29cbe2dce9b

Log:
Fix bug #62524, only follow redirects in file streams for 3xx HTTP statuses

Bugs:
https://bugs.php.net/62524

Changed paths:
  M  NEWS
  M  ext/standard/http_fopen_wrapper.c


Diff:
diff --git a/NEWS b/NEWS
index 21892b7..28f151f 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ PHP                                                           
             NEWS
   . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry)
   . Fixed bug #63462 (Magic methods called twice for unset protected 
     properties). (Stas)
+  . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). 
+    (Wes Mason) 
   . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars)
 
 - Date:
diff --git a/ext/standard/http_fopen_wrapper.c 
b/ext/standard/http_fopen_wrapper.c
index 85a6116..870f904 100644
--- a/ext/standard/http_fopen_wrapper.c
+++ b/ext/standard/http_fopen_wrapper.c
@@ -113,6 +113,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper 
*wrapper, char *path,
        int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0);
        int follow_location = 1;
        php_stream_filter *transfer_encoding = NULL;
+       int response_code;
 
        tmp_line[0] = '\0';
 
@@ -657,7 +658,6 @@ finish:
 
                if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, 
&tmp_line_len) != NULL) {
                        zval *http_response;
-                       int response_code;
 
                        if (tmp_line_len > 9) {
                                response_code = atoi(tmp_line + 9);
@@ -731,7 +731,9 @@ finish:
                        http_header_line[http_header_line_length] = '\0';
 
                        if (!strncasecmp(http_header_line, "Location: ", 10)) {
-                               if (context && 
php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == 
SUCCESS) {
+                               /* we only care about Location for 300, 301, 
302, 303 and 307 */
+                               /* see 
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */
+                               if ((response_code >= 300 && response_code < 
304 || 307 == response_code) && context && 
php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == 
SUCCESS) {
                                        SEPARATE_ZVAL(tmpzval);
                                        convert_to_long_ex(tmpzval);
                                        follow_location = Z_LVAL_PP(tmpzval);


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to