Bug #63162 - parse_url does not matches password component #206
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
A test script(.phpt) is needed, thanks |
|
Hey Laruence, I just committed bug63162.phpt to tests/output/bug63162.phpt. Thanks for the notice and sorry for the delay. |
|
Comment on behalf of stas at php.net: merged |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here is a fix for Bug #63162 - parse_url does not matches password component. Here is a link to the original bug post:
https://bugs.php.net/bug.php?id=63162
The source of error is in the function php_url_parse_ex, which is in the file: ext/standard/url.c.
The function starts with a pointer to the beginning of the input string and scans up to the memory location of the first occurrence of the character ';'. If the input string is: //user:pass@host, then the if condition within the the "parse scheme" section is met due to the fact that / is non-alpha, non-digit, and is not in the set <+, ., ->, therefore, the goto parse_port is triggered. parse_port begins at an offset one (+1) greater than the location of ';'. However, this region is expecting numeric characters for the next 6 digits so it loops 6 times with no hit, due to the fact that we do not have a numeric value after ';'. The next "if" condition is also not met due to the fact that pp was never incremented in the while loop above. therefore, we hit the else-if and else. The first else-if is not meant due to the fact that our string has not yet terminated. Finally, the second else if contains the fix to test if we made a bad assumption that the port is expected.
Here are the results/output before the fix:
// input = http://user:pass@host
Array
(
[scheme] => http
[host] => host
[user] => user
[pass] => pass
)
// input = //user:pass@host
Array
(
[path] => //user:pass@host
)
// input = //user@host
Array
(
[host] => host
[user] => user
)
Here are the results/output after the fix:
// input = http://user:pass@host
Array
(
[scheme] => http
[host] => host
[user] => user
[pass] => pass
)
// input = //user:pass@host
Array
(
[host] => host
[user] => user
[pass] => pass
)
// input = //user@host
Array
(
[host] => host
[user] => user
)
I hope this helps. Thanks!