diff options
| author | Stanislav Malyshev <stas@php.net> | 2013-01-29 00:24:23 -0800 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2013-01-29 00:27:35 -0800 |
| commit | 5382e156f925603ef0f65b9cc4fed29cbe2dce9b (patch) | |
| tree | 6d25f348ebf505893cc38ce8898b073584008138 | |
| parent | 3e6d633a0d8cef7de8b32febb61d0bb32628305a (diff) | |
| download | php-git-5382e156f925603ef0f65b9cc4fed29cbe2dce9b.tar.gz | |
Fix bug #62524, only follow redirects in file streams for 3xx HTTP statuses
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/standard/http_fopen_wrapper.c | 6 |
2 files changed, 6 insertions, 2 deletions
@@ -15,6 +15,8 @@ PHP NEWS . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) . Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas) + . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). + (Wes Mason) . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars) - Date: diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c index 85a61167aa..870f904e9c 100644 --- a/ext/standard/http_fopen_wrapper.c +++ b/ext/standard/http_fopen_wrapper.c @@ -113,6 +113,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0); int follow_location = 1; php_stream_filter *transfer_encoding = NULL; + int response_code; tmp_line[0] = '\0'; @@ -657,7 +658,6 @@ finish: if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) { zval *http_response; - int response_code; if (tmp_line_len > 9) { response_code = atoi(tmp_line + 9); @@ -731,7 +731,9 @@ finish: http_header_line[http_header_line_length] = '\0'; if (!strncasecmp(http_header_line, "Location: ", 10)) { - if (context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) { + /* we only care about Location for 300, 301, 302, 303 and 307 */ + /* see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */ + if ((response_code >= 300 && response_code < 304 || 307 == response_code) && context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) { SEPARATE_ZVAL(tmpzval); convert_to_long_ex(tmpzval); follow_location = Z_LVAL_PP(tmpzval); |