Commit: 5382e156f925603ef0f65b9cc4fed29cbe2dce9b Author: Stanislav Malyshev <s...@php.net> Tue, 29 Jan 2013 00:24:23 -0800 Parents: 3e6d633a0d8cef7de8b32febb61d0bb32628305a Branches: PHP-5.4 PHP-5.5 master
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=5382e156f925603ef0f65b9cc4fed29cbe2dce9b Log: Fix bug #62524, only follow redirects in file streams for 3xx HTTP statuses Bugs: https://bugs.php.net/62524 Changed paths: M NEWS M ext/standard/http_fopen_wrapper.c Diff: diff --git a/NEWS b/NEWS index 21892b7..28f151f 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,8 @@ PHP NEWS . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) . Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas) + . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). + (Wes Mason) . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars) - Date: diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 85a6116..870f904 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -113,6 +113,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0); int follow_location = 1; php_stream_filter *transfer_encoding = NULL; + int response_code; tmp_line[0] = '\0'; @@ -657,7 +658,6 @@ finish: if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) { zval *http_response; - int response_code; if (tmp_line_len > 9) { response_code = atoi(tmp_line + 9); @@ -731,7 +731,9 @@ finish: http_header_line[http_header_line_length] = '\0'; if (!strncasecmp(http_header_line, "Location: ", 10)) { - if (context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) { + /* we only care about Location for 300, 301, 302, 303 and 307 */ + /* see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */ + if ((response_code >= 300 && response_code < 304 || 307 == response_code) && context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_long_ex(tmpzval); follow_location = Z_LVAL_PP(tmpzval); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php