static int check_host_whitelist(url_adapt_state_ex_t *ctx)
{
php_url *url_parts = NULL;
HashTable *allowed_hosts = ctx->type ? &BG(url_adapt_session_hosts_ht) : &BG(url_adapt_output_hosts_ht);
ZEND_ASSERT(ctx->tag_type == TAG_FORM);
if (ctx->attr_val.s && ZSTR_LEN(ctx->attr_val.s)) {
url_parts = php_url_parse_ex(ZSTR_VAL(ctx->attr_val.s), ZSTR_LEN(ctx->attr_val.s));
} else {
return SUCCESS; /* empty URL is valid */
}
if (!url_parts) {
return FAILURE;
}
if (url_parts->scheme) {
/* Only http/https should be handled.
A bit hacky check this here, but saves a URL parse. */
if (strcasecmp(url_parts->scheme, "http") &&
strcasecmp(url_parts->scheme, "https")) {
php_url_free(url_parts);
return FAILURE;
}
}
if (!url_parts->host) {
php_url_free(url_parts);
return SUCCESS;
}
if (!zend_hash_num_elements(allowed_hosts) &&
check_http_host(url_parts->host) == SUCCESS) {
php_url_free(url_parts);
return SUCCESS;
}
if (!zend_hash_str_find(allowed_hosts,
url_parts->host,
strlen(url_parts->host))) {
php_url_free(url_parts);
return FAILURE;
}
php_url_free(url_parts);
return SUCCESS;
}
void skyray_http_request_resolve_queries_if_needed(skyray_http_request_t *self)
{
if (!ZVAL_IS_NULL(&self->query_params) || ZVAL_IS_NULL(&self->uri)) {
return;
}
array_init(&self->query_params);
php_url *url = php_url_parse_ex(Z_STR(self->uri)->val, Z_STR(self->uri)->len);
if (!url->query) {
php_url_free(url);
return;
}
zend_string *query = zend_string_init(url->query, strlen(url->query), 0);
char *res = estrdup(url->query);
sapi_module.treat_data(PARSE_STRING, res, &self->query_params);
zend_string_free(query);
php_url_free(url);
}
/* get the key of the url just host + port*/
static int gen_key(char *url, uint url_len, char **key, uint *key_len)
{
php_url *p_url;
uint len;
p_url = php_url_parse_ex(url, url_len);
len = strlen(p_url->host);
char port[10];
sprintf(port, "%d", p_url->port);
*key_len = len + strlen(port)+1;
*key = pemalloc(*key_len, 1);
strcpy(*key, p_url->host);
strcat(*key, port);
php_url_free(p_url);
return 0;
}
static int oauth_provider_token_required(zval *provider_obj, char* uri)
{
zval *is_req_token_api, rv;
is_req_token_api = zend_read_property(Z_OBJCE_P(provider_obj), provider_obj, "request_token_endpoint", sizeof("request_token_endpoint") - 1, 1, &rv);
if (Z_TYPE_P(is_req_token_api) == IS_FALSE) {
php_oauth_provider *sop;
sop = fetch_sop_object(provider_obj);
/* do uri matching on the relative path */
if (sop->endpoint_paths[OAUTH_PROVIDER_PATH_REQUEST]) {
const char *reqtoken_path = sop->endpoint_paths[OAUTH_PROVIDER_PATH_REQUEST];
int uri_matched = 0;
if (reqtoken_path[0]=='/') {
/* match against relative url */
php_url *urlparts = php_url_parse_ex(uri, strlen(uri));
uri_matched = urlparts && 0==strncmp(urlparts->path, reqtoken_path, strlen(reqtoken_path));
php_url_free(urlparts);
} else {
/* match against full uri */
uri_matched = 0==strncmp(uri, reqtoken_path, strlen(reqtoken_path));
}
/* token required if no match was found */
if (uri_matched) {
ZVAL_BOOL(is_req_token_api, 1);
return 0;
}
}
/* no matches, token required */
return 1;
}
return 0;
}
php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context, int redirect_max, int header_init STREAMS_DC TSRMLS_DC)
{
php_stream *stream = NULL;
php_url *resource = NULL;
int use_ssl;
char *scratch = NULL;
char *tmp = NULL;
char *ua_str = NULL;
zval **ua_zval = NULL, **tmpzval = NULL;
int scratch_len = 0;
int body = 0;
char location[HTTP_HEADER_BLOCK_SIZE];
zval **response_header = NULL;
int reqok = 0;
char *http_header_line = NULL;
char tmp_line[128];
size_t chunk_size = 0, file_size = 0;
int eol_detect, have_header = 0;
if (redirect_max < 1) {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Circular redirect, aborting.");
return NULL;
}
if (strpbrk(mode, "aw+")) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP wrapper does not support writeable connections.");
return NULL;
}
resource = php_url_parse(path);
if (resource == NULL) {
return NULL;
}
if (strncasecmp(resource->scheme, "http", sizeof("http")) && strncasecmp(resource->scheme, "https", sizeof("https"))) {
php_url_free(resource);
return php_stream_open_wrapper_ex(path, mode, ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL, context);
}
use_ssl = resource->scheme && (strlen(resource->scheme) > 4) && resource->scheme[4] == 's';
/* choose default ports */
if (use_ssl && resource->port == 0)
resource->port = 443;
else if (resource->port == 0)
resource->port = 80;
stream = php_stream_sock_open_host(resource->host, resource->port, SOCK_STREAM, NULL, 0);
if (stream == NULL) {
eol_detect = 0;
goto out;
}
/* avoid problems with auto-detecting when reading the headers -> the headers
* are always in canonical \r\n format */
eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
php_stream_context_set(stream, context);
php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
#ifdef HAVE_OPENSSL_EXT
if (use_ssl) {
if (context) {
/* set the CN we expect to be on the remote cert.
* You still need to have enabled verification (verify_peer) in the context for
* this to have an effect */
zval *cn;
ALLOC_INIT_ZVAL(cn);
ZVAL_STRING(cn, resource->host, 1);
php_stream_context_set_option(context, "ssl", "CN_match", cn);
}
if (php_stream_sock_ssl_activate(stream, 1) == FAILURE) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Unable to activate SSL mode");
php_stream_close(stream);
stream = NULL;
goto out;
}
}
#endif
if (context && php_stream_context_get_option(context, "http", "method", &tmpzval) == SUCCESS) {
if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) {
scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
scratch = (char *)emalloc(scratch_len);
strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
strcat(scratch, " ");
}
}
if (!scratch) {
scratch_len = strlen(path) + 32;
scratch = (char *)emalloc(scratch_len);
strcpy(scratch, "GET ");
}
/* file */
if (resource->path && *resource->path)
strlcat(scratch, resource->path, scratch_len);
else
strlcat(scratch, "/", scratch_len);
/* query string */
if (resource->query) {
strlcat(scratch, "?", scratch_len);
strlcat(scratch, resource->query, scratch_len);
}
/* protocol version we are speaking */
strlcat(scratch, " HTTP/1.0\r\n", scratch_len);
/* send it */
php_stream_write(stream, scratch, strlen(scratch));
if (context && php_stream_context_get_option(context, "http", "header", &tmpzval) == SUCCESS && Z_STRLEN_PP(tmpzval)) {
/* Remove newlines and spaces from start and end, php_trim will estrndup() */
tmp = php_trim(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval), NULL, 0, NULL, 3 TSRMLS_CC);
if (strlen(tmp) > 0) {
/* Output trimmed headers with \r\n at the end */
php_stream_write(stream, tmp, strlen(tmp));
php_stream_write(stream, "\r\n", sizeof("\r\n") - 1);
/* Make lowercase for easy comparison against 'standard' headers */
php_strtolower(tmp, strlen(tmp));
if (strstr(tmp, "user-agent:")) {
have_header |= HTTP_HEADER_USER_AGENT;
}
if (strstr(tmp, "host:")) {
have_header |= HTTP_HEADER_HOST;
}
if (strstr(tmp, "from:")) {
have_header |= HTTP_HEADER_FROM;
}
if (strstr(tmp, "authorization:")) {
have_header |= HTTP_HEADER_AUTH;
}
}
efree(tmp);
}
/* auth header if it was specified */
if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && resource->pass) {
/* decode the strings first */
php_url_decode(resource->user, strlen(resource->user));
php_url_decode(resource->pass, strlen(resource->pass));
/* scratch is large enough, since it was made large enough for the whole URL */
strcpy(scratch, resource->user);
strcat(scratch, ":");
strcat(scratch, resource->pass);
tmp = (char *)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL);
if (snprintf(scratch, scratch_len, "Authorization: Basic %s\r\n", tmp) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0);
}
efree(tmp);
tmp = NULL;
}
/* if the user has configured who they are, send a From: line */
if (((have_header & HTTP_HEADER_FROM) == 0) && cfg_get_string("from", &tmp) == SUCCESS) {
if (snprintf(scratch, scratch_len, "From: %s\r\n", tmp) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
}
}
/* Send Host: header so name-based virtual hosts work */
if ((have_header & HTTP_HEADER_HOST) == 0) {
if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
if (snprintf(scratch, scratch_len, "Host: %s:%i\r\n", resource->host, resource->port) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
}
} else {
if (snprintf(scratch, scratch_len, "Host: %s\r\n", resource->host) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
}
}
}
if (context &&
php_stream_context_get_option(context, "http", "user_agent", &ua_zval) == SUCCESS) {
ua_str = Z_STRVAL_PP(ua_zval);
} else if (FG(user_agent)) {
ua_str = FG(user_agent);
}
if (ua_str) {
#define _UA_HEADER "User-Agent: %s\r\n"
char *ua;
size_t ua_len;
ua_len = sizeof(_UA_HEADER) + strlen(ua_str);
/* ensure the header is only sent if user_agent is not blank */
if (ua_len > sizeof(_UA_HEADER)) {
ua = (char *)emalloc(ua_len + 1);
if ((ua_len = snprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) {
ua[ua_len] = 0;
php_stream_write(stream, ua, ua_len);
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot construct User-agent header");
}
if (ua) {
efree(ua);
}
}
}
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
/* Request content, such as for POST requests */
if (context && php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS && Z_STRLEN_PP(tmpzval) > 0) {
php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
php_stream_write(stream, "\r\n\r\n", sizeof("\r\n\r\n")-1);
}
location[0] = '\0';
/*
* We need to read the HTTP response header one-by-one, because
* the original author did not know about MSG_PEEK.
* The chunk_size will be reset later, once we have read the
* header completely.
*/
if (options & STREAM_WILL_CAST)
chunk_size = php_stream_set_chunk_size(stream, 1);
if (!header_init && FAILURE == zend_hash_find(EG(active_symbol_table),
"http_response_header", sizeof("http_response_header"), (void **) &response_header)) {
header_init = 1;
}
if (header_init) {
zval *tmp;
MAKE_STD_ZVAL(tmp);
array_init(tmp);
ZEND_SET_SYMBOL(EG(active_symbol_table), "http_response_header", tmp);
zend_hash_find(EG(active_symbol_table),
"http_response_header", sizeof("http_response_header"), (void **) &response_header);
}
if (!php_stream_eof(stream)) {
size_t tmp_line_len;
/* get response header */
if (_php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len TSRMLS_CC) != NULL) {
zval *http_response;
int response_code;
MAKE_STD_ZVAL(http_response);
ZVAL_NULL(http_response);
if (tmp_line_len > 9) {
response_code = atoi(tmp_line + 9);
} else {
response_code = 0;
}
switch(response_code) {
case 200:
case 302:
case 301:
reqok = 1;
break;
case 403:
php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT,
tmp_line, response_code);
break;
default:
/* safety net in the event tmp_line == NULL */
if (!tmp_line_len) {
tmp_line[0] = '\0';
}
php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE,
tmp_line, response_code);
}
Z_STRLEN_P(http_response) = tmp_line_len;
Z_STRVAL_P(http_response) = estrndup(tmp_line, Z_STRLEN_P(http_response));
if (Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=='\n') {
Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=0;
Z_STRLEN_P(http_response)--;
if (Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=='\r') {
Z_STRVAL_P(http_response)[Z_STRLEN_P(http_response)-1]=0;
Z_STRLEN_P(http_response)--;
}
}
Z_TYPE_P(http_response) = IS_STRING;
zend_hash_next_index_insert(Z_ARRVAL_PP(response_header), &http_response, sizeof(zval *), NULL);
}
} else {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed, unexpected end of socket!");
goto out;
}
/* read past HTTP headers */
http_header_line = (char *)emalloc(HTTP_HEADER_BLOCK_SIZE);
while (!body && !php_stream_eof(stream)) {
if (php_stream_gets(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) {
char *p;
int found_eol = 0;
int http_header_line_length;
http_header_line[HTTP_HEADER_BLOCK_SIZE-1] = '\0';
p = http_header_line;
while(*p) {
while(*p == '\n' || *p == '\r') {
*p = '\0';
p--;
found_eol = 1;
}
if (found_eol)
break;
p++;
}
http_header_line_length = p-http_header_line+1;
if (!strncasecmp(http_header_line, "Location: ", 10)) {
strlcpy(location, http_header_line + 10, sizeof(location));
} else if (!strncasecmp(http_header_line, "Content-Type: ", 14)) {
php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_line + 14, 0);
} else if (!strncasecmp(http_header_line, "Content-Length: ", 16)) {
file_size = atoi(http_header_line + 16);
php_stream_notify_file_size(context, file_size, http_header_line, 0);
}
if (http_header_line[0] == '\0') {
body = 1;
} else {
zval *http_header;
MAKE_STD_ZVAL(http_header);
ZVAL_STRINGL(http_header, http_header_line, http_header_line_length, 1);
zend_hash_next_index_insert(Z_ARRVAL_PP(response_header), &http_header, sizeof(zval *), NULL);
}
} else {
break;
}
}
if (!reqok || location[0] != '\0') {
if (location[0] != '\0')
php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0);
php_stream_close(stream);
stream = NULL;
if (location[0] != '\0') {
zval *entry, **entryp;
char new_path[HTTP_HEADER_BLOCK_SIZE];
char loc_path[HTTP_HEADER_BLOCK_SIZE];
*new_path='\0';
if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) &&
strncasecmp(location, "https://", sizeof("https://")-1) &&
strncasecmp(location, "ftp://", sizeof("ftp://")-1) &&
strncasecmp(location, "ftps://", sizeof("ftps://")-1)))
{
if (*location != '/') {
if (*(location+1) != '\0' && resource->path) {
char *s = strrchr(resource->path, '/');
if (!s) {
s = resource->path;
if (!s[0]) {
efree(s);
s = resource->path = estrdup("/");
} else {
*s = '/';
}
}
s[1] = '\0';
if (resource->path && *(resource->path) == '/' && *(resource->path + 1) == '\0') {
snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", resource->path, location);
} else {
snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", resource->path, location);
}
} else {
snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location);
}
} else {
strlcpy(loc_path, location, sizeof(loc_path));
}
if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", resource->scheme, resource->host, resource->port, loc_path);
} else {
snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", resource->scheme, resource->host, loc_path);
}
} else {
strlcpy(new_path, location, sizeof(new_path));
}
stream = php_stream_url_wrap_http_ex(NULL, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
if (stream && stream->wrapperdata) {
entryp = &entry;
MAKE_STD_ZVAL(entry);
ZVAL_EMPTY_STRING(entry);
zend_hash_next_index_insert(Z_ARRVAL_PP(response_header), entryp, sizeof(zval *), NULL);
zend_hash_internal_pointer_reset(Z_ARRVAL_P(stream->wrapperdata));
while (zend_hash_get_current_data(Z_ARRVAL_P(stream->wrapperdata), (void **)&entryp) == SUCCESS) {
zval_add_ref(entryp);
zend_hash_next_index_insert(Z_ARRVAL_PP(response_header), entryp, sizeof(zval *), NULL);
zend_hash_move_forward(Z_ARRVAL_P(stream->wrapperdata));
}
zval_dtor(stream->wrapperdata);
FREE_ZVAL(stream->wrapperdata);
}
} else {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed! %s", tmp_line);
}
}
out:
if (http_header_line)
efree(http_header_line);
if (scratch)
efree(scratch);
php_url_free(resource);
if (stream) {
if (header_init) {
stream->wrapperdata = *response_header;
zval_add_ref(response_header);
}
php_stream_notify_progress_init(context, 0, file_size);
/* Restore original chunk size now that we're done with headers (if applicable) */
if (options & STREAM_WILL_CAST)
php_stream_set_chunk_size(stream, chunk_size);
/* restore the users auto-detect-line-endings setting */
stream->flags |= eol_detect;
/* as far as streams are concerned, we are now at the start of
* the stream */
stream->position = 0;
}
return stream;
}
/**
* Open a phar file for streams API
*/
php_url* phar_parse_url(php_stream_wrapper *wrapper, const char *filename, const char *mode, int options) /* {{{ */
{
php_url *resource;
char *arch = NULL, *entry = NULL, *error;
int arch_len, entry_len;
if (strlen(filename) < 7 || strncasecmp(filename, "phar://", 7)) {
return NULL;
}
if (mode[0] == 'a') {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
php_stream_wrapper_log_error(wrapper, options, "phar error: open mode append not supported");
}
return NULL;
}
if (phar_split_fname(filename, strlen(filename), &arch, &arch_len, &entry, &entry_len, 2, (mode[0] == 'w' ? 2 : 0)) == FAILURE) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
if (arch && !entry) {
php_stream_wrapper_log_error(wrapper, options, "phar error: no directory in \"%s\", must have at least phar://%s/ for root directory (always use full path to a new phar)", filename, arch);
arch = NULL;
} else {
php_stream_wrapper_log_error(wrapper, options, "phar error: invalid url or non-existent phar \"%s\"", filename);
}
}
return NULL;
}
resource = ecalloc(1, sizeof(php_url));
resource->scheme = estrndup("phar", 4);
resource->host = arch;
resource->path = entry;
#if MBO_0
if (resource) {
fprintf(stderr, "Alias: %s\n", alias);
fprintf(stderr, "Scheme: %s\n", resource->scheme);
/* fprintf(stderr, "User: %s\n", resource->user);*/
/* fprintf(stderr, "Pass: %s\n", resource->pass ? "***" : NULL);*/
fprintf(stderr, "Host: %s\n", resource->host);
/* fprintf(stderr, "Port: %d\n", resource->port);*/
fprintf(stderr, "Path: %s\n", resource->path);
/* fprintf(stderr, "Query: %s\n", resource->query);*/
/* fprintf(stderr, "Fragment: %s\n", resource->fragment);*/
}
#endif
if (mode[0] == 'w' || (mode[0] == 'r' && mode[1] == '+')) {
phar_archive_data *pphar = NULL, *phar;
if (PHAR_G(request_init) && PHAR_G(phar_fname_map.u.flags) && NULL == (pphar = zend_hash_str_find_ptr(&(PHAR_G(phar_fname_map)), arch, arch_len))) {
pphar = NULL;
}
if (PHAR_G(readonly) && (!pphar || !pphar->is_data)) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
php_stream_wrapper_log_error(wrapper, options, "phar error: write operations disabled by the php.ini setting phar.readonly");
}
php_url_free(resource);
return NULL;
}
if (phar_open_or_create_filename(resource->host, arch_len, NULL, 0, 0, options, &phar, &error) == FAILURE)
{
if (error) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
php_stream_wrapper_log_error(wrapper, options, "%s", error);
}
efree(error);
}
php_url_free(resource);
return NULL;
}
if (phar->is_persistent && FAILURE == phar_copy_on_write(&phar)) {
if (error) {
spprintf(&error, 0, "Cannot open cached phar '%s' as writeable, copy on write failed", resource->host);
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
php_stream_wrapper_log_error(wrapper, options, "%s", error);
}
efree(error);
}
php_url_free(resource);
return NULL;
}
} else {
if (phar_open_from_filename(resource->host, arch_len, NULL, 0, options, NULL, &error) == FAILURE)
{
if (error) {
if (!(options & PHP_STREAM_URL_STAT_QUIET)) {
php_stream_wrapper_log_error(wrapper, options, "%s", error);
}
efree(error);
}
php_url_free(resource);
return NULL;
}
}
return resource;
}
php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
const char *path, const char *mode, int options, char **opened_path,
php_stream_context *context, int redirect_max, int flags STREAMS_DC TSRMLS_DC) /* {{{ */
{
php_stream *stream = NULL;
php_url *resource = NULL;
int use_ssl;
int use_proxy = 0;
char *scratch = NULL;
char *tmp = NULL;
char *ua_str = NULL;
zval **ua_zval = NULL, **tmpzval = NULL, *ssl_proxy_peer_name = NULL;
int scratch_len = 0;
int body = 0;
char location[HTTP_HEADER_BLOCK_SIZE];
zval *response_header = NULL;
int reqok = 0;
char *http_header_line = NULL;
char tmp_line[128];
size_t chunk_size = 0, file_size = 0;
int eol_detect = 0;
char *transport_string, *errstr = NULL;
int transport_len, have_header = 0, request_fulluri = 0, ignore_errors = 0;
char *protocol_version = NULL;
int protocol_version_len = 3; /* Default: "1.0" */
struct timeval timeout;
char *user_headers = NULL;
int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0);
int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0);
int follow_location = 1;
php_stream_filter *transfer_encoding = NULL;
int response_code;
tmp_line[0] = '\0';
if (redirect_max < 1) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Redirection limit reached, aborting");
return NULL;
}
resource = php_url_parse(path);
if (resource == NULL) {
return NULL;
}
if (strncasecmp(resource->scheme, "http", sizeof("http")) && strncasecmp(resource->scheme, "https", sizeof("https"))) {
if (!context ||
php_stream_context_get_option(context, wrapper->wops->label, "proxy", &tmpzval) == FAILURE ||
Z_TYPE_PP(tmpzval) != IS_STRING ||
Z_STRLEN_PP(tmpzval) <= 0) {
php_url_free(resource);
return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
}
/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
request_fulluri = 1;
use_ssl = 0;
use_proxy = 1;
transport_len = Z_STRLEN_PP(tmpzval);
transport_string = estrndup(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
} else {
/* Normal http request (possibly with proxy) */
if (strpbrk(mode, "awx+")) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP wrapper does not support writeable connections");
php_url_free(resource);
return NULL;
}
use_ssl = resource->scheme && (strlen(resource->scheme) > 4) && resource->scheme[4] == 's';
/* choose default ports */
if (use_ssl && resource->port == 0)
resource->port = 443;
else if (resource->port == 0)
resource->port = 80;
if (context &&
php_stream_context_get_option(context, wrapper->wops->label, "proxy", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING &&
Z_STRLEN_PP(tmpzval) > 0) {
use_proxy = 1;
transport_len = Z_STRLEN_PP(tmpzval);
transport_string = estrndup(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
} else {
transport_len = spprintf(&transport_string, 0, "%s://%s:%d", use_ssl ? "ssl" : "tcp", resource->host, resource->port);
}
}
if (context && php_stream_context_get_option(context, wrapper->wops->label, "timeout", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_double_ex(tmpzval);
timeout.tv_sec = (time_t) Z_DVAL_PP(tmpzval);
timeout.tv_usec = (size_t) ((Z_DVAL_PP(tmpzval) - timeout.tv_sec) * 1000000);
} else {
timeout.tv_sec = FG(default_socket_timeout);
timeout.tv_usec = 0;
}
stream = php_stream_xport_create(transport_string, transport_len, options,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
NULL, &timeout, context, &errstr, NULL);
if (stream) {
php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout);
}
if (errstr) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", errstr);
efree(errstr);
errstr = NULL;
}
efree(transport_string);
if (stream && use_proxy && use_ssl) {
smart_str header = {0};
/* Set peer_name or name verification will try to use the proxy server name */
if (!context || php_stream_context_get_option(context, "ssl", "peer_name", &tmpzval) == FAILURE) {
MAKE_STD_ZVAL(ssl_proxy_peer_name);
ZVAL_STRING(ssl_proxy_peer_name, resource->host, 1);
php_stream_context_set_option(stream->context, "ssl", "peer_name", ssl_proxy_peer_name);
}
smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1);
smart_str_appends(&header, resource->host);
smart_str_appendc(&header, ':');
smart_str_append_unsigned(&header, resource->port);
smart_str_appendl(&header, " HTTP/1.0\r\n", sizeof(" HTTP/1.0\r\n")-1);
/* check if we have Proxy-Authorization header */
if (context && php_stream_context_get_option(context, "http", "header", &tmpzval) == SUCCESS) {
char *s, *p;
if (Z_TYPE_PP(tmpzval) == IS_ARRAY) {
HashPosition pos;
zval **tmpheader = NULL;
for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(tmpzval), &pos);
SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(tmpzval), (void *)&tmpheader, &pos);
zend_hash_move_forward_ex(Z_ARRVAL_PP(tmpzval), &pos)) {
if (Z_TYPE_PP(tmpheader) == IS_STRING) {
s = Z_STRVAL_PP(tmpheader);
do {
while (*s == ' ' || *s == '\t') s++;
p = s;
while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
if (*p == ':') {
p++;
if (p - s == sizeof("Proxy-Authorization:") - 1 &&
zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
"Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
while (*p != 0 && *p != '\r' && *p !='\n') p++;
smart_str_appendl(&header, s, p - s);
smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
goto finish;
} else {
while (*p != 0 && *p != '\r' && *p !='\n') p++;
}
}
s = p;
while (*s == '\r' || *s == '\n') s++;
} while (*s != 0);
}
}
} else if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval)) {
s = Z_STRVAL_PP(tmpzval);
do {
while (*s == ' ' || *s == '\t') s++;
p = s;
while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
if (*p == ':') {
p++;
if (p - s == sizeof("Proxy-Authorization:") - 1 &&
zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
"Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
while (*p != 0 && *p != '\r' && *p !='\n') p++;
smart_str_appendl(&header, s, p - s);
smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
goto finish;
} else {
while (*p != 0 && *p != '\r' && *p !='\n') p++;
}
}
s = p;
while (*s == '\r' || *s == '\n') s++;
} while (*s != 0);
}
}
finish:
smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
if (php_stream_write(stream, header.c, header.len) != header.len) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Cannot connect to HTTPS server through proxy");
php_stream_close(stream);
stream = NULL;
}
smart_str_free(&header);
if (stream) {
char header_line[HTTP_HEADER_BLOCK_SIZE];
/* get response header */
while (php_stream_gets(stream, header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) {
if (header_line[0] == '\n' ||
header_line[0] == '\r' ||
header_line[0] == '\0') {
break;
}
}
}
/* enable SSL transport layer */
if (stream) {
if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_ANY_CLIENT, NULL TSRMLS_CC) < 0 ||
php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Cannot connect to HTTPS server through proxy");
php_stream_close(stream);
stream = NULL;
}
}
}
if (stream == NULL)
goto out;
/* avoid buffering issues while reading header */
if (options & STREAM_WILL_CAST)
chunk_size = php_stream_set_chunk_size(stream, 1);
/* avoid problems with auto-detecting when reading the headers -> the headers
* are always in canonical \r\n format */
eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
php_stream_context_set(stream, context TSRMLS_CC);
php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
if (header_init && context && php_stream_context_get_option(context, "http", "max_redirects", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_long_ex(tmpzval);
redirect_max = Z_LVAL_PP(tmpzval);
}
if (context && php_stream_context_get_option(context, "http", "method", &tmpzval) == SUCCESS) {
if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) {
/* As per the RFC, automatically redirected requests MUST NOT use other methods than
* GET and HEAD unless it can be confirmed by the user */
if (!redirected
|| (Z_STRLEN_PP(tmpzval) == 3 && memcmp("GET", Z_STRVAL_PP(tmpzval), 3) == 0)
|| (Z_STRLEN_PP(tmpzval) == 4 && memcmp("HEAD",Z_STRVAL_PP(tmpzval), 4) == 0)
) {
scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
scratch = emalloc(scratch_len);
strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
strncat(scratch, " ", 1);
}
}
}
if (context && php_stream_context_get_option(context, "http", "protocol_version", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_double_ex(tmpzval);
protocol_version_len = spprintf(&protocol_version, 0, "%.1F", Z_DVAL_PP(tmpzval));
}
if (!scratch) {
scratch_len = strlen(path) + 29 + protocol_version_len;
scratch = emalloc(scratch_len);
strncpy(scratch, "GET ", scratch_len);
}
/* Should we send the entire path in the request line, default to no. */
if (!request_fulluri &&
context &&
php_stream_context_get_option(context, "http", "request_fulluri", &tmpzval) == SUCCESS) {
zval ztmp = **tmpzval;
zval_copy_ctor(&ztmp);
convert_to_boolean(&ztmp);
request_fulluri = Z_BVAL(ztmp) ? 1 : 0;
zval_dtor(&ztmp);
}
if (request_fulluri) {
/* Ask for everything */
strcat(scratch, path);
} else {
/* Send the traditional /path/to/file?query_string */
/* file */
if (resource->path && *resource->path) {
strlcat(scratch, resource->path, scratch_len);
} else {
strlcat(scratch, "/", scratch_len);
}
/* query string */
if (resource->query) {
strlcat(scratch, "?", scratch_len);
strlcat(scratch, resource->query, scratch_len);
}
}
/* protocol version we are speaking */
if (protocol_version) {
strlcat(scratch, " HTTP/", scratch_len);
strlcat(scratch, protocol_version, scratch_len);
strlcat(scratch, "\r\n", scratch_len);
} else {
strlcat(scratch, " HTTP/1.0\r\n", scratch_len);
}
/* send it */
php_stream_write(stream, scratch, strlen(scratch));
if (context && php_stream_context_get_option(context, "http", "header", &tmpzval) == SUCCESS) {
tmp = NULL;
if (Z_TYPE_PP(tmpzval) == IS_ARRAY) {
HashPosition pos;
zval **tmpheader = NULL;
smart_str tmpstr = {0};
for (zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(tmpzval), &pos);
SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(tmpzval), (void *)&tmpheader, &pos);
zend_hash_move_forward_ex(Z_ARRVAL_PP(tmpzval), &pos)
) {
if (Z_TYPE_PP(tmpheader) == IS_STRING) {
smart_str_appendl(&tmpstr, Z_STRVAL_PP(tmpheader), Z_STRLEN_PP(tmpheader));
smart_str_appendl(&tmpstr, "\r\n", sizeof("\r\n") - 1);
}
}
smart_str_0(&tmpstr);
/* Remove newlines and spaces from start and end. there's at least one extra \r\n at the end that needs to go. */
if (tmpstr.c) {
tmp = php_trim(tmpstr.c, strlen(tmpstr.c), NULL, 0, NULL, 3 TSRMLS_CC);
smart_str_free(&tmpstr);
}
}
if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval)) {
/* Remove newlines and spaces from start and end php_trim will estrndup() */
tmp = php_trim(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval), NULL, 0, NULL, 3 TSRMLS_CC);
}
if (tmp && strlen(tmp) > 0) {
char *s;
user_headers = estrdup(tmp);
/* Make lowercase for easy comparison against 'standard' headers */
php_strtolower(tmp, strlen(tmp));
if (!header_init) {
/* strip POST headers on redirect */
strip_header(user_headers, tmp, "content-length:");
strip_header(user_headers, tmp, "content-type:");
}
if ((s = strstr(tmp, "user-agent:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_USER_AGENT;
}
if ((s = strstr(tmp, "host:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_HOST;
}
if ((s = strstr(tmp, "from:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_FROM;
}
if ((s = strstr(tmp, "authorization:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_AUTH;
}
if ((s = strstr(tmp, "content-length:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_CONTENT_LENGTH;
}
if ((s = strstr(tmp, "content-type:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_TYPE;
}
if ((s = strstr(tmp, "connection:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
have_header |= HTTP_HEADER_CONNECTION;
}
/* remove Proxy-Authorization header */
if (use_proxy && use_ssl && (s = strstr(tmp, "proxy-authorization:")) &&
(s == tmp || *(s-1) == '\r' || *(s-1) == '\n' ||
*(s-1) == '\t' || *(s-1) == ' ')) {
char *p = s + sizeof("proxy-authorization:") - 1;
while (s > tmp && (*(s-1) == ' ' || *(s-1) == '\t')) s--;
while (*p != 0 && *p != '\r' && *p != '\n') p++;
while (*p == '\r' || *p == '\n') p++;
if (*p == 0) {
if (s == tmp) {
efree(user_headers);
user_headers = NULL;
} else {
while (s > tmp && (*(s-1) == '\r' || *(s-1) == '\n')) s--;
user_headers[s - tmp] = 0;
}
} else {
memmove(user_headers + (s - tmp), user_headers + (p - tmp), strlen(p) + 1);
}
}
}
if (tmp) {
efree(tmp);
}
}
/* auth header if it was specified */
if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
/* decode the strings first */
php_url_decode(resource->user, strlen(resource->user));
/* scratch is large enough, since it was made large enough for the whole URL */
strcpy(scratch, resource->user);
strcat(scratch, ":");
/* Note: password is optional! */
if (resource->pass) {
php_url_decode(resource->pass, strlen(resource->pass));
strcat(scratch, resource->pass);
}
tmp = (char*)php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL);
if (snprintf(scratch, scratch_len, "Authorization: Basic %s\r\n", tmp) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0);
}
efree(tmp);
tmp = NULL;
}
/* if the user has configured who they are, send a From: line */
if (((have_header & HTTP_HEADER_FROM) == 0) && FG(from_address)) {
if (snprintf(scratch, scratch_len, "From: %s\r\n", FG(from_address)) > 0)
php_stream_write(stream, scratch, strlen(scratch));
}
/* Send Host: header so name-based virtual hosts work */
if ((have_header & HTTP_HEADER_HOST) == 0) {
if ((use_ssl && resource->port != 443 && resource->port != 0) ||
(!use_ssl && resource->port != 80 && resource->port != 0)) {
if (snprintf(scratch, scratch_len, "Host: %s:%i\r\n", resource->host, resource->port) > 0)
php_stream_write(stream, scratch, strlen(scratch));
} else {
if (snprintf(scratch, scratch_len, "Host: %s\r\n", resource->host) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
}
}
}
/* Send a Connection: close header when using HTTP 1.1 or later to avoid
* hanging when the server interprets the RFC literally and establishes a
* keep-alive connection, unless the user specifically requests something
* else by specifying a Connection header in the context options. */
if (protocol_version &&
((have_header & HTTP_HEADER_CONNECTION) == 0) &&
(strncmp(protocol_version, "1.0", MIN(protocol_version_len, 3)) > 0)) {
php_stream_write_string(stream, "Connection: close\r\n");
}
if (context &&
php_stream_context_get_option(context, "http", "user_agent", &ua_zval) == SUCCESS &&
Z_TYPE_PP(ua_zval) == IS_STRING) {
ua_str = Z_STRVAL_PP(ua_zval);
} else if (FG(user_agent)) {
ua_str = FG(user_agent);
}
if (((have_header & HTTP_HEADER_USER_AGENT) == 0) && ua_str) {
#define _UA_HEADER "User-Agent: %s\r\n"
char *ua;
size_t ua_len;
ua_len = sizeof(_UA_HEADER) + strlen(ua_str);
/* ensure the header is only sent if user_agent is not blank */
if (ua_len > sizeof(_UA_HEADER)) {
ua = emalloc(ua_len + 1);
if ((ua_len = slprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) {
ua[ua_len] = 0;
php_stream_write(stream, ua, ua_len);
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot construct User-agent header");
}
if (ua) {
efree(ua);
}
}
}
if (user_headers) {
/* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST
* see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first.
*/
if (
header_init &&
context &&
!(have_header & HTTP_HEADER_CONTENT_LENGTH) &&
php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0
) {
scratch_len = slprintf(scratch, scratch_len, "Content-Length: %d\r\n", Z_STRLEN_PP(tmpzval));
php_stream_write(stream, scratch, scratch_len);
have_header |= HTTP_HEADER_CONTENT_LENGTH;
}
php_stream_write(stream, user_headers, strlen(user_headers));
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
efree(user_headers);
}
/* Request content, such as for POST requests */
if (header_init && context &&
php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) {
if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) {
scratch_len = slprintf(scratch, scratch_len, "Content-Length: %d\r\n", Z_STRLEN_PP(tmpzval));
php_stream_write(stream, scratch, scratch_len);
}
if (!(have_header & HTTP_HEADER_TYPE)) {
php_stream_write(stream, "Content-Type: application/x-www-form-urlencoded\r\n",
sizeof("Content-Type: application/x-www-form-urlencoded\r\n") - 1);
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Content-type not specified assuming application/x-www-form-urlencoded");
}
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
} else {
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
}
location[0] = '\0';
if (!EG(active_symbol_table)) {
zend_rebuild_symbol_table(TSRMLS_C);
}
if (header_init) {
zval *ztmp;
MAKE_STD_ZVAL(ztmp);
array_init(ztmp);
ZEND_SET_SYMBOL(EG(active_symbol_table), "http_response_header", ztmp);
}
{
zval **rh;
zend_hash_find(EG(active_symbol_table), "http_response_header", sizeof("http_response_header"), (void **) &rh);
response_header = *rh;
}
if (!php_stream_eof(stream)) {
size_t tmp_line_len;
/* get response header */
if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
zval *http_response;
if (tmp_line_len > 9) {
response_code = atoi(tmp_line + 9);
} else {
response_code = 0;
}
if (context && SUCCESS==php_stream_context_get_option(context, "http", "ignore_errors", &tmpzval)) {
ignore_errors = zend_is_true(*tmpzval TSRMLS_CC);
}
/* when we request only the header, don't fail even on error codes */
if ((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) {
reqok = 1;
}
/* all status codes in the 2xx range are defined by the specification as successful;
* all status codes in the 3xx range are for redirection, and so also should never
* fail */
if (response_code >= 200 && response_code < 400) {
reqok = 1;
} else {
switch(response_code) {
case 403:
php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT,
tmp_line, response_code);
break;
default:
/* safety net in the event tmp_line == NULL */
if (!tmp_line_len) {
tmp_line[0] = '\0';
}
php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE,
tmp_line, response_code);
}
}
if (tmp_line[tmp_line_len - 1] == '\n') {
--tmp_line_len;
if (tmp_line[tmp_line_len - 1] == '\r') {
--tmp_line_len;
}
}
MAKE_STD_ZVAL(http_response);
ZVAL_STRINGL(http_response, tmp_line, tmp_line_len, 1);
zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response, sizeof(zval *), NULL);
}
} else {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed, unexpected end of socket!");
goto out;
}
/* read past HTTP headers */
http_header_line = emalloc(HTTP_HEADER_BLOCK_SIZE);
while (!body && !php_stream_eof(stream)) {
size_t http_header_line_length;
if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
char *e = http_header_line + http_header_line_length - 1;
if (*e != '\n') {
do { /* partial header */
if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) == NULL) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Failed to read HTTP headers");
goto out;
}
e = http_header_line + http_header_line_length - 1;
} while (*e != '\n');
continue;
}
while (*e == '\n' || *e == '\r') {
e--;
}
http_header_line_length = e - http_header_line + 1;
http_header_line[http_header_line_length] = '\0';
if (!strncasecmp(http_header_line, "Location: ", 10)) {
if (context && php_stream_context_get_option(context, "http", "follow_location", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_long_ex(tmpzval);
follow_location = Z_LVAL_PP(tmpzval);
} else if (!(response_code >= 300 && response_code < 304 || 307 == response_code || 308 == response_code)) {
/* we shouldn't redirect automatically
if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307)
see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1
RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */
follow_location = 0;
}
strlcpy(location, http_header_line + 10, sizeof(location));
} else if (!strncasecmp(http_header_line, "Content-Type: ", 14)) {
php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_line + 14, 0);
} else if (!strncasecmp(http_header_line, "Content-Length: ", 16)) {
file_size = atoi(http_header_line + 16);
php_stream_notify_file_size(context, file_size, http_header_line, 0);
} else if (!strncasecmp(http_header_line, "Transfer-Encoding: chunked", sizeof("Transfer-Encoding: chunked"))) {
/* create filter to decode response body */
if (!(options & STREAM_ONLY_GET_HEADERS)) {
long decode = 1;
if (context && php_stream_context_get_option(context, "http", "auto_decode", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_boolean(*tmpzval);
decode = Z_LVAL_PP(tmpzval);
}
if (decode) {
transfer_encoding = php_stream_filter_create("dechunk", NULL, php_stream_is_persistent(stream) TSRMLS_CC);
if (transfer_encoding) {
/* don't store transfer-encodeing header */
continue;
}
}
}
}
if (http_header_line[0] == '\0') {
body = 1;
} else {
zval *http_header;
MAKE_STD_ZVAL(http_header);
ZVAL_STRINGL(http_header, http_header_line, http_header_line_length, 1);
zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header, sizeof(zval *), NULL);
}
} else {
break;
}
}
if (!reqok || (location[0] != '\0' && follow_location)) {
if (!follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) {
goto out;
}
if (location[0] != '\0')
php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0);
php_stream_close(stream);
stream = NULL;
if (location[0] != '\0') {
char new_path[HTTP_HEADER_BLOCK_SIZE];
char loc_path[HTTP_HEADER_BLOCK_SIZE];
*new_path='\0';
if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) &&
strncasecmp(location, "https://", sizeof("https://")-1) &&
strncasecmp(location, "ftp://", sizeof("ftp://")-1) &&
strncasecmp(location, "ftps://", sizeof("ftps://")-1)))
{
if (*location != '/') {
if (*(location+1) != '\0' && resource->path) {
char *s = strrchr(resource->path, '/');
if (!s) {
s = resource->path;
if (!s[0]) {
efree(s);
s = resource->path = estrdup("/");
} else {
*s = '/';
}
}
s[1] = '\0';
if (resource->path && *(resource->path) == '/' && *(resource->path + 1) == '\0') {
snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", resource->path, location);
} else {
snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", resource->path, location);
}
} else {
snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location);
}
} else {
strlcpy(loc_path, location, sizeof(loc_path));
}
if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", resource->scheme, resource->host, resource->port, loc_path);
} else {
snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", resource->scheme, resource->host, loc_path);
}
} else {
strlcpy(new_path, location, sizeof(new_path));
}
php_url_free(resource);
/* check for invalid redirection URLs */
if ((resource = php_url_parse(new_path)) == NULL) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect URL! %s", new_path);
goto out;
}
#define CHECK_FOR_CNTRL_CHARS(val) { \
if (val) { \
unsigned char *s, *e; \
int l; \
l = php_url_decode(val, strlen(val)); \
s = (unsigned char*)val; e = s + l; \
while (s < e) { \
if (iscntrl(*s)) { \
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect URL! %s", new_path); \
goto out; \
} \
s++; \
} \
} \
}
/* check for control characters in login, password & path */
if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) {
CHECK_FOR_CNTRL_CHARS(resource->user)
CHECK_FOR_CNTRL_CHARS(resource->pass)
CHECK_FOR_CNTRL_CHARS(resource->path)
}
stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, HTTP_WRAPPER_REDIRECTED STREAMS_CC TSRMLS_CC);
} else {
php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
const char *path, const char *mode, int options, zend_string **opened_path,
php_stream_context *context, int redirect_max, int flags STREAMS_DC) /* {{{ */
{
php_stream *stream = NULL;
php_url *resource = NULL;
int use_ssl;
int use_proxy = 0;
zend_string *tmp = NULL;
char *ua_str = NULL;
zval *ua_zval = NULL, *tmpzval = NULL, ssl_proxy_peer_name;
int body = 0;
char location[HTTP_HEADER_BLOCK_SIZE];
zval response_header;
int reqok = 0;
char *http_header_line = NULL;
char tmp_line[128];
size_t chunk_size = 0, file_size = 0;
int eol_detect = 0;
char *transport_string;
zend_string *errstr = NULL;
size_t transport_len;
int have_header = 0;
zend_bool request_fulluri = 0, ignore_errors = 0;
struct timeval timeout;
char *user_headers = NULL;
int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0);
int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0);
zend_bool follow_location = 1;
php_stream_filter *transfer_encoding = NULL;
int response_code;
zend_array *symbol_table;
smart_str req_buf = {0};
zend_bool custom_request_method;
ZVAL_UNDEF(&response_header);
tmp_line[0] = '\0';
if (redirect_max < 1) {
php_stream_wrapper_log_error(wrapper, options, "Redirection limit reached, aborting");
return NULL;
}
resource = php_url_parse(path);
if (resource == NULL) {
return NULL;
}
if (strncasecmp(resource->scheme, "http", sizeof("http")) && strncasecmp(resource->scheme, "https", sizeof("https"))) {
if (!context ||
(tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) == NULL ||
Z_TYPE_P(tmpzval) != IS_STRING ||
Z_STRLEN_P(tmpzval) <= 0) {
php_url_free(resource);
return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
}
/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
request_fulluri = 1;
use_ssl = 0;
use_proxy = 1;
transport_len = Z_STRLEN_P(tmpzval);
transport_string = estrndup(Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
} else {
/* Normal http request (possibly with proxy) */
if (strpbrk(mode, "awx+")) {
php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper does not support writeable connections");
php_url_free(resource);
return NULL;
}
use_ssl = resource->scheme && (strlen(resource->scheme) > 4) && resource->scheme[4] == 's';
/* choose default ports */
if (use_ssl && resource->port == 0)
resource->port = 443;
else if (resource->port == 0)
resource->port = 80;
if (context &&
(tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) != NULL &&
Z_TYPE_P(tmpzval) == IS_STRING &&
Z_STRLEN_P(tmpzval) > 0) {
use_proxy = 1;
transport_len = Z_STRLEN_P(tmpzval);
transport_string = estrndup(Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
} else {
transport_len = spprintf(&transport_string, 0, "%s://%s:%d", use_ssl ? "ssl" : "tcp", resource->host, resource->port);
}
}
if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
double d = zval_get_double(tmpzval);
#ifndef PHP_WIN32
timeout.tv_sec = (time_t) d;
timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);
#else
timeout.tv_sec = (long) d;
timeout.tv_usec = (long) ((d - timeout.tv_sec) * 1000000);
#endif
} else {
#ifndef PHP_WIN32
timeout.tv_sec = FG(default_socket_timeout);
#else
timeout.tv_sec = (long)FG(default_socket_timeout);
#endif
timeout.tv_usec = 0;
}
stream = php_stream_xport_create(transport_string, transport_len, options,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
NULL, &timeout, context, &errstr, NULL);
if (stream) {
php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout);
}
if (errstr) {
php_stream_wrapper_log_error(wrapper, options, "%s", ZSTR_VAL(errstr));
zend_string_release(errstr);
errstr = NULL;
}
efree(transport_string);
if (stream && use_proxy && use_ssl) {
smart_str header = {0};
/* Set peer_name or name verification will try to use the proxy server name */
if (!context || (tmpzval = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
ZVAL_STRING(&ssl_proxy_peer_name, resource->host);
php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
zval_ptr_dtor(&ssl_proxy_peer_name);
}
smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1);
smart_str_appends(&header, resource->host);
smart_str_appendc(&header, ':');
smart_str_append_unsigned(&header, resource->port);
smart_str_appendl(&header, " HTTP/1.0\r\n", sizeof(" HTTP/1.0\r\n")-1);
/* check if we have Proxy-Authorization header */
if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
char *s, *p;
if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
zval *tmpheader = NULL;
ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
if (Z_TYPE_P(tmpheader) == IS_STRING) {
s = Z_STRVAL_P(tmpheader);
do {
while (*s == ' ' || *s == '\t') s++;
p = s;
while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
if (*p == ':') {
p++;
if (p - s == sizeof("Proxy-Authorization:") - 1 &&
zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
"Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
while (*p != 0 && *p != '\r' && *p !='\n') p++;
smart_str_appendl(&header, s, p - s);
smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
goto finish;
} else {
while (*p != 0 && *p != '\r' && *p !='\n') p++;
}
}
s = p;
while (*s == '\r' || *s == '\n') s++;
} while (*s != 0);
}
} ZEND_HASH_FOREACH_END();
} else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
/* {{{ php_ftp_fopen_connect
*/
static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char *path, const char *mode, int options,
char **opened_path, php_stream_context *context, php_stream **preuseid,
php_url **presource, int *puse_ssl, int *puse_ssl_on_data)
{
php_stream *stream = NULL, *reuseid = NULL;
php_url *resource = NULL;
int result, use_ssl, use_ssl_on_data = 0, tmp_len;
char tmp_line[512];
char *transport;
int transport_len;
resource = php_url_parse(path);
if (resource == NULL || resource->path == NULL) {
if (resource && presource) {
*presource = resource;
}
return NULL;
}
use_ssl = resource->scheme && (strlen(resource->scheme) > 3) && resource->scheme[3] == 's';
/* use port 21 if one wasn't specified */
if (resource->port == 0)
resource->port = 21;
transport_len = (int)spprintf(&transport, 0, "tcp://%s:%d", resource->host, resource->port);
stream = php_stream_xport_create(transport, transport_len, REPORT_ERRORS, STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT, NULL, NULL, context, NULL, NULL);
efree(transport);
if (stream == NULL) {
result = 0; /* silence */
goto connect_errexit;
}
php_stream_context_set(stream, context);
php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
/* Start talking to ftp server */
result = GET_FTP_RESULT(stream);
if (result > 299 || result < 200) {
php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE, tmp_line, result);
goto connect_errexit;
}
if (use_ssl) {
/* send the AUTH TLS request name */
php_stream_write_string(stream, "AUTH TLS\r\n");
/* get the response */
result = GET_FTP_RESULT(stream);
if (result != 234) {
/* AUTH TLS not supported try AUTH SSL */
php_stream_write_string(stream, "AUTH SSL\r\n");
/* get the response */
result = GET_FTP_RESULT(stream);
if (result != 334) {
use_ssl = 0;
} else {
/* we must reuse the old SSL session id */
/* if we talk to an old ftpd-ssl */
reuseid = stream;
}
} else {
/* encrypt data etc */
}
}
if (use_ssl) {
if (php_stream_xport_crypto_setup(stream,
STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL) < 0
|| php_stream_xport_crypto_enable(stream, 1) < 0) {
php_stream_wrapper_log_error(wrapper, options, "Unable to activate SSL mode");
php_stream_close(stream);
stream = NULL;
goto connect_errexit;
}
/* set PBSZ to 0 */
php_stream_write_string(stream, "PBSZ 0\r\n");
/* ignore the response */
result = GET_FTP_RESULT(stream);
/* set data connection protection level */
#if FTPS_ENCRYPT_DATA
php_stream_write_string(stream, "PROT P\r\n");
/* get the response */
result = GET_FTP_RESULT(stream);
use_ssl_on_data = (result >= 200 && result<=299) || reuseid;
#else
php_stream_write_string(stream, "PROT C\r\n");
/* get the response */
result = GET_FTP_RESULT(stream);
#endif
}
#define PHP_FTP_CNTRL_CHK(val, val_len, err_msg) { \
unsigned char *s = val, *e = s + val_len; \
while (s < e) { \
if (iscntrl(*s)) { \
php_stream_wrapper_log_error(wrapper, options, err_msg, val); \
goto connect_errexit; \
} \
s++; \
} \
}
/* send the user name */
if (resource->user != NULL) {
tmp_len = (int)php_raw_url_decode(resource->user, (int)strlen(resource->user));
PHP_FTP_CNTRL_CHK(resource->user, tmp_len, "Invalid login %s")
php_stream_printf(stream, "USER %s\r\n", resource->user);
} else {
php_stream_write_string(stream, "USER anonymous\r\n");
}
/* get the response */
result = GET_FTP_RESULT(stream);
/* if a password is required, send it */
if (result >= 300 && result <= 399) {
php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, tmp_line, 0);
if (resource->pass != NULL) {
tmp_len = (int)php_raw_url_decode(resource->pass, (int)strlen(resource->pass));
PHP_FTP_CNTRL_CHK(resource->pass, tmp_len, "Invalid password %s")
php_stream_printf(stream, "PASS %s\r\n", resource->pass);
} else {
/* if the user has configured who they are,
send that as the password */
if (FG(from_address)) {
php_stream_printf(stream, "PASS %s\r\n", FG(from_address));
} else {
php_stream_write_string(stream, "PASS anonymous\r\n");
}
}
/* read the response */
result = GET_FTP_RESULT(stream);
if (result > 299 || result < 200) {
php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT, tmp_line, result);
} else {
php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_RESULT, tmp_line, result);
}
}
if (result > 299 || result < 200) {
goto connect_errexit;
}
if (puse_ssl) {
*puse_ssl = use_ssl;
}
if (puse_ssl_on_data) {
*puse_ssl_on_data = use_ssl_on_data;
}
if (preuseid) {
*preuseid = reuseid;
}
if (presource) {
*presource = resource;
}
return stream;
connect_errexit:
if (resource) {
php_url_free(resource);
}
if (stream) {
php_stream_close(stream);
}
return NULL;
}
Variant yaf_request_http_instance(const Object& object,
const Variant& request_uri, const Variant& var_base_uri)
{
Object o;
if (object.isNull()) {
Array arr = Array::Create();
arr.append(request_uri);
arr.append(var_base_uri);
o = createObject("Yaf_Request_Http", arr) ;
} else {
o = object;
}
const char* base_uri = NULL;
if (var_base_uri.isString() && var_base_uri.toString().length()) {
base_uri = var_base_uri.toString().c_str();
}
auto tmp = o->o_realProp(YAF_REQUEST_PROPERTY_NAME_METHOD,
ObjectData::RealPropUnchecked, "Yaf_Request_Http");
if (php_global(S_SERVER).toArray().exists(String("REQUEST_METHOD"))) {
Variant request_method = php_global(S_SERVER).toArray()[String("REQUEST_METHOD")];
*tmp = request_method;
} else if (strncmp(RuntimeOption::ExecutionMode, "cli", 3) == 0) {
*tmp = String("Cli");
} else {
*tmp = String("Unknown");
}
std::string uri;
if (request_uri.isString()) {
uri = request_uri.toString().toCppString();
} else {
Variant tmp;
if (php_global(S_SERVER).toArray().exists(String("PATH_INFO"))) {
uri = php_global(S_SERVER).toArray()[String("PATH_INFO")].toString().toCppString();
goto done;
}
if (php_global(S_SERVER).toArray().exists(String("REQUEST_URI"))) {
tmp = php_global(S_SERVER).toArray()[String("REQUEST_URI")];
if (tmp.isString()) {
std::string str_tmp = tmp.toString().toCppString();
if (strncasecmp(str_tmp.c_str(), "http", 4) == 0) {
//TODO use php_url_parse to get path
php_url* url_info = php_url_parse(str_tmp.c_str());
if (url_info && url_info->path) {
uri = std::string(url_info->path);
}
php_url_free(url_info);
} else {
const char* tmp_str_tmp = str_tmp.c_str();
const char* pos = strstr(tmp_str_tmp, "?");
if (pos) {
uri = std::string(str_tmp.c_str(), pos - tmp_str_tmp);
} else {
uri = str_tmp;
}
}
}
goto done;
}
if (php_global(S_SERVER).toArray().exists(String("ORIG_PATH_INFO"))) {
uri = php_global(S_SERVER).toArray()[String("ORIG_PATH_INFO")].toString().toCppString();
goto done;
}
}
done:
if (uri.length()) {
const char* p = uri.c_str();
while (*p == '/' && *(p+1) == '/') {
p++;
}
uri = std::string(p);
auto ptr_uri = o->o_realProp(YAF_REQUEST_PROPERTY_NAME_URI,
ObjectData::RealPropUnchecked, "Yaf_Request_Http");
*ptr_uri = String(uri);
yaf_request_set_base_uri(o, base_uri, uri.c_str());
}
auto ptr_params = o->o_realProp(YAF_REQUEST_PROPERTY_NAME_PARAMS,
ObjectData::RealPropUnchecked, "Yaf_Request_Http");
*ptr_params = Array::Create();
return o;
}
static inline void append_modified_url(smart_str *url, smart_str *dest, smart_str *url_app, const char *separator)
{
php_url *url_parts;
char *tmp;
size_t tmp_len;
smart_str_0(url); /* FIXME: Bug #70480 php_url_parse_ex() crashes by processing chars exceed len */
url_parts = php_url_parse_ex(ZSTR_VAL(url->s), ZSTR_LEN(url->s));
/* Ignore malformed URLs */
if (!url_parts) {
smart_str_append_smart_str(dest, url);
return;
}
/* Check protocol. Only http/https is allowed. */
if (url_parts->scheme
&& strcasecmp("http", url_parts->scheme)
&& strcasecmp("https", url_parts->scheme)) {
smart_str_append_smart_str(dest, url);
php_url_free(url_parts);
return;
}
/* Check host whitelist. If it's not listed, do nothing. */
if (url_parts->host
&& (tmp_len = strlen(url_parts->host))
&& (tmp = php_strtolower(url_parts->host, tmp_len))
&& !zend_hash_str_find(&BG(url_adapt_session_hosts_ht), tmp, tmp_len)) {
smart_str_append_smart_str(dest, url);
php_url_free(url_parts);
return;
}
/*
* When URL does not have path and query string add "/?".
* i.e. If URL is only "?foo=bar", should not add "/?".
*/
if (!url_parts->path && !url_parts->query) {
/* URL is http://php.net or like */
smart_str_append_smart_str(dest, url);
smart_str_appendc(dest, '/');
smart_str_appendc(dest, '?');
smart_str_append_smart_str(dest, url_app);
/* There should not be fragment. Just return */
php_url_free(url_parts);
return;
}
if (url_parts->scheme) {
smart_str_appends(dest, url_parts->scheme);
smart_str_appends(dest, "://");
} else if (*(ZSTR_VAL(url->s)) == '/' && *(ZSTR_VAL(url->s)+1) == '/') {
smart_str_appends(dest, "//");
}
if (url_parts->user) {
smart_str_appends(dest, url_parts->user);
if (url_parts->pass) {
smart_str_appends(dest, url_parts->pass);
smart_str_appendc(dest, ':');
}
smart_str_appendc(dest, '@');
}
if (url_parts->host) {
smart_str_appends(dest, url_parts->host);
}
if (url_parts->port) {
smart_str_appendc(dest, ':');
smart_str_append_unsigned(dest, (long)url_parts->port);
}
if (url_parts->path) {
smart_str_appends(dest, url_parts->path);
}
smart_str_appendc(dest, '?');
if (url_parts->query) {
smart_str_appends(dest, url_parts->query);
smart_str_appends(dest, separator);
smart_str_append_smart_str(dest, url_app);
} else {
smart_str_append_smart_str(dest, url_app);
}
if (url_parts->fragment) {
smart_str_appendc(dest, '#');
smart_str_appends(dest, url_parts->fragment);
}
php_url_free(url_parts);
}
/* {{{ php_url_parse
*/
PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
{
char port_buf[6];
php_url *ret = ecalloc(1, sizeof(php_url));
char const *s, *e, *p, *pp, *ue;
s = str;
ue = s + length;
/* parse scheme */
if ((e = memchr(s, ':', length)) && e != s) {
/* validate scheme */
p = s;
while (p < e) {
/* scheme = 1*[ lowalpha | digit | "+" | "-" | "." ] */
if (!isalpha(*p) && !isdigit(*p) && *p != '+' && *p != '.' && *p != '-') {
if (e + 1 < ue && e < s + strcspn(s, "?#")) {
goto parse_port;
} else if (s + 1 < ue && *s == '/' && *(s + 1) == '/') { /* relative-scheme URL */
s += 2;
e = 0;
goto parse_host;
} else {
goto just_path;
}
}
p++;
}
if (e + 1 == ue) { /* only scheme is available */
ret->scheme = zend_string_init(s, (e - s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->scheme), ZSTR_LEN(ret->scheme));
return ret;
}
/*
* certain schemas like mailto: and zlib: may not have any / after them
* this check ensures we support those.
*/
if (*(e+1) != '/') {
/* check if the data we get is a port this allows us to
* correctly parse things like a.com:80
*/
p = e + 1;
while (p < ue && isdigit(*p)) {
p++;
}
if ((p == ue || *p == '/') && (p - e) < 7) {
goto parse_port;
}
ret->scheme = zend_string_init(s, (e-s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->scheme), ZSTR_LEN(ret->scheme));
s = e + 1;
goto just_path;
} else {
ret->scheme = zend_string_init(s, (e-s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->scheme), ZSTR_LEN(ret->scheme));
if (e + 2 < ue && *(e + 2) == '/') {
s = e + 3;
if (zend_string_equals_literal_ci(ret->scheme, "file")) {
if (e + 3 < ue && *(e + 3) == '/') {
/* support windows drive letters as in:
file:///c:/somedir/file.txt
*/
if (e + 5 < ue && *(e + 5) == ':') {
s = e + 4;
}
goto just_path;
}
}
} else {
s = e + 1;
goto just_path;
}
}
} else if (e) { /* no scheme; starts with colon: look for port */
parse_port:
p = e + 1;
pp = p;
while (pp < ue && pp - p < 6 && isdigit(*pp)) {
pp++;
}
if (pp - p > 0 && pp - p < 6 && (pp == ue || *pp == '/')) {
zend_long port;
memcpy(port_buf, p, (pp - p));
port_buf[pp - p] = '\0';
port = ZEND_STRTOL(port_buf, NULL, 10);
if (port > 0 && port <= 65535) {
ret->port = (unsigned short) port;
if (s + 1 < ue && *s == '/' && *(s + 1) == '/') { /* relative-scheme URL */
s += 2;
}
} else {
php_url_free(ret);
return NULL;
}
} else if (p == pp && pp == ue) {
php_url_free(ret);
return NULL;
} else if (s + 1 < ue && *s == '/' && *(s + 1) == '/') { /* relative-scheme URL */
s += 2;
} else {
goto just_path;
}
} else if (s + 1 < ue && *s == '/' && *(s + 1) == '/') { /* relative-scheme URL */
s += 2;
} else {
goto just_path;
}
parse_host:
/* Binary-safe strcspn(s, "/?#") */
e = ue;
if ((p = memchr(s, '/', e - s))) {
e = p;
}
if ((p = memchr(s, '?', e - s))) {
e = p;
}
if ((p = memchr(s, '#', e - s))) {
e = p;
}
/* check for login and password */
if ((p = zend_memrchr(s, '@', (e-s)))) {
if ((pp = memchr(s, ':', (p-s)))) {
ret->user = zend_string_init(s, (pp-s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user));
pp++;
ret->pass = zend_string_init(pp, (p-pp), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->pass), ZSTR_LEN(ret->pass));
} else {
ret->user = zend_string_init(s, (p-s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user));
}
s = p + 1;
}
/* check for port */
if (s < ue && *s == '[' && *(e-1) == ']') {
/* Short circuit portscan,
we're dealing with an
IPv6 embedded address */
p = NULL;
} else {
p = zend_memrchr(s, ':', (e-s));
}
if (p) {
if (!ret->port) {
p++;
if (e-p > 5) { /* port cannot be longer then 5 characters */
php_url_free(ret);
return NULL;
} else if (e - p > 0) {
zend_long port;
memcpy(port_buf, p, (e - p));
port_buf[e - p] = '\0';
port = ZEND_STRTOL(port_buf, NULL, 10);
if (port > 0 && port <= 65535) {
ret->port = (unsigned short)port;
} else {
php_url_free(ret);
return NULL;
}
}
p--;
}
} else {
p = e;
}
/* check if we have a valid host, if we don't reject the string as url */
if ((p-s) < 1) {
php_url_free(ret);
return NULL;
}
ret->host = zend_string_init(s, (p-s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->host), ZSTR_LEN(ret->host));
if (e == ue) {
return ret;
}
s = e;
just_path:
e = ue;
p = memchr(s, '#', (e - s));
if (p) {
p++;
if (p < e) {
ret->fragment = zend_string_init(p, (e - p), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->fragment), ZSTR_LEN(ret->fragment));
}
e = p-1;
}
p = memchr(s, '?', (e - s));
if (p) {
p++;
if (p < e) {
ret->query = zend_string_init(p, (e - p), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->query), ZSTR_LEN(ret->query));
}
e = p-1;
}
if (s < e || s == ue) {
ret->path = zend_string_init(s, (e - s), 0);
php_replace_controlchars_ex(ZSTR_VAL(ret->path), ZSTR_LEN(ret->path));
}
return ret;
}
/* {{{ proto void run()
*/
PHP_METHOD(slightphp, run)
{
zval *zone=NULL;
zval *page=NULL;
zval *entry=NULL;
zval **token;
zval *path_array;
//{{{
int isPart;
zval * path = NULL;
if (ZEND_NUM_ARGS()>0 && zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z/", &path) != FAILURE) {
if (Z_TYPE_P(path)!= IS_STRING){
RETURN_FALSE;
}
isPart = 1;
}else{
isPart = 0;
path = zend_read_static_property(slightphp_ce_ptr,"pathInfo",sizeof("pathInfo")-1,1 TSRMLS_CC);
int s = Z_STRLEN_P(path);
if(s==0){
//zend_is_auto_global("_SERVER", sizeof("_SERVER") - 1 TSRMLS_CC);
if(PG(http_globals)[TRACK_VARS_SERVER]){
debug("LINE[%d]",__LINE__);
}
if(zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC)){
debug("LINE[%d]",__LINE__);
}
//zend_print_flat_zval_r(PG(http_globals));
if(PG(http_globals)[TRACK_VARS_SERVER] || zend_is_auto_global(ZEND_STRL("_SERVER") TSRMLS_CC)){
debug("LINE[%d]",__LINE__);
if(zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]),
"PATH_INFO", sizeof("PATH_INFO"), (void **) &token) == SUCCESS
){
debug("LINE[%d]",__LINE__);
path = *token;
}else if(zend_hash_find(Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_SERVER]),
"REQUEST_URI", sizeof("REQUEST_URI"), (void **) &token) == SUCCESS
){
debug("LINE[%d]",__LINE__);
php_url *resource=NULL;
resource = php_url_parse(Z_STRVAL_PP(token));
if(resource != NULL && resource->path != NULL){
ZVAL_STRING(path,resource->path,1);
}else{
path = *token;
}
if (resource) {
php_url_free(resource);
}
}else{
if(zend_hash_find(&EG(symbol_table),
"REQUEST_URI", sizeof("REQUEST_URI"), (void **) &token) == SUCCESS
){
debug("LINE[%d]",__LINE__);
}else{
debug("LINE[%d]",__LINE__);
}
debug("LINE[%d]",__LINE__);
}
}else{
debug("LINE[%d]",__LINE__);
}
}
}
//}}}
MAKE_STD_ZVAL(path_array);
array_init(path_array);
if (path){
//{{{
zval quotedFlag;
regex_t re;
char *regex;
regmatch_t subs[1];
int err,size;
char *strp = Z_STRVAL_P(path);
char *endp = strp + Z_STRLEN_P(path);
zval *splitFlag = zend_read_static_property(slightphp_ce_ptr,"splitFlag",sizeof("splitFlag")-1,1 TSRMLS_CC);
if(preg_quote(splitFlag,"edFlag)>0){
spprintf(®ex,0,"[%s\\/]",Z_STRVAL(quotedFlag));
}else{
spprintf(®ex,0,"[\\/]");
}
err = regcomp(&re, regex, REG_ICASE);
if (err) {
}else{
while (!(err = regexec(&re, strp, 1, subs, 0))) {
if (subs[0].rm_so == 0 && subs[0].rm_eo) {
//ignore empty string
strp += subs[0].rm_eo;
}else if (subs[0].rm_so == 0 && subs[0].rm_eo == 0) {
}else{
size = subs[0].rm_so;
add_next_index_stringl(path_array, strp, size, 1);
strp += size;
}
}
if (!err || err == REG_NOMATCH) {
size = endp - strp;
if(size>0) add_next_index_stringl(path_array, strp, size, 1);
}
regfree(&re);
}
efree(regex);
//}}}
//int n_elems = zend_hash_num_elements(Z_ARRVAL_P(path_array));
if(zend_hash_index_find(Z_ARRVAL_P(path_array), 0, (void **)&token) != FAILURE) {
zone = *token;
}
if(zend_hash_index_find(Z_ARRVAL_P(path_array), 1, (void **)&token) != FAILURE) {
page = *token;
}
if(zend_hash_index_find(Z_ARRVAL_P(path_array), 2, (void **)&token) != FAILURE) {
entry = *token;
}
}
if(!zone){
zone = zend_read_static_property(slightphp_ce_ptr,"defaultZone",sizeof("defaultZone")-1,1 TSRMLS_CC);
zend_hash_next_index_insert(Z_ARRVAL_P(path_array),&zone,sizeof(zval*),NULL);
}
if(!page){
page = zend_read_static_property(slightphp_ce_ptr,"defaultPage",sizeof("defaultPage")-1,1 TSRMLS_CC);
zend_hash_next_index_insert(Z_ARRVAL_P(path_array),&page,sizeof(zval*),NULL);
}
if(!entry){
entry = zend_read_static_property(slightphp_ce_ptr,"defaultEntry",sizeof("defaultEntry")-1,1 TSRMLS_CC);
zend_hash_next_index_insert(Z_ARRVAL_P(path_array),&entry,sizeof(zval*),NULL);
}
//{{{
zval *zoneAlias = zend_read_static_property(slightphp_ce_ptr,"zoneAlias",sizeof("zoneAlias")-1,1 TSRMLS_CC);
if(zoneAlias && Z_TYPE_P(zoneAlias)==IS_ARRAY){
char *string_key;uint str_key_len;ulong num_key;
HashPosition pos;
zval **entry2;
zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(zoneAlias), &pos);
while (zend_hash_get_current_data_ex(Z_ARRVAL_P(zoneAlias), (void **)&entry2, &pos) == SUCCESS) {
if(strcmp(Z_STRVAL_PP(entry2) ,Z_STRVAL_P(zone))==0){
switch (zend_hash_get_current_key_ex(Z_ARRVAL_P(zoneAlias), &string_key, &str_key_len, &num_key, 0, &pos)) {
case HASH_KEY_IS_STRING:
ZVAL_STRING(zone,string_key,1);
break;
}
}
zend_hash_move_forward_ex(Z_ARRVAL_P(zoneAlias), &pos);
}
if(entry2)zval_ptr_dtor(entry2);
if(string_key)efree(string_key);
}
//if(zoneAlias)FREE_ZVAL(zoneAlias);
//}}}
if(!isPart){
zend_update_static_property(slightphp_ce_ptr,"zone",sizeof("zone")-1,zone TSRMLS_CC);
zend_update_static_property(slightphp_ce_ptr,"page",sizeof("page")-1,page TSRMLS_CC);
zend_update_static_property(slightphp_ce_ptr,"entry",sizeof("entry")-1,entry TSRMLS_CC);
}else{
if(
strcmp(Z_STRVAL_P(zone),Z_STRVAL_P(zend_read_static_property(slightphp_ce_ptr,"zone",sizeof("zone")-1,1 TSRMLS_CC)))==0
&&
strcmp(Z_STRVAL_P(page),Z_STRVAL_P(zend_read_static_property(slightphp_ce_ptr,"page",sizeof("page")-1,1 TSRMLS_CC)))==0
&&
strcmp(Z_STRVAL_P(entry),Z_STRVAL_P(zend_read_static_property(slightphp_ce_ptr,"entry",sizeof("entry")-1,1 TSRMLS_CC)))==0
){
debug("part ignored [%s]",Z_STRVAL_P(path));
return;
}
}
zval *appDir = zend_read_static_property(slightphp_ce_ptr,"appDir",sizeof("appDir")-1,1 TSRMLS_CC);
zval *params[1];
params[0]=path_array;
if(slightphp_load(appDir,zone,page TSRMLS_CC) == SUCCESS){
if(slightphp_run(zone,page,entry,return_value,1,params TSRMLS_CC)==SUCCESS){
if(path_array)FREE_ZVAL(path_array);
RETURN_ZVAL(return_value,1,0);
};
}
if(path_array)FREE_ZVAL(path_array);
RETURN_FALSE;
}
/* {{{ proto void run()
*/
PHP_METHOD(slightphp, run)
{
zval *zone=NULL;
zval *page=NULL;
zval *entry=NULL;
zval path_array;
//{{{
int isPart;
zval *path;
if (ZEND_NUM_ARGS()>0 && zend_parse_parameters(ZEND_NUM_ARGS() , "z/", &path) != FAILURE) {
if (Z_TYPE_P(path)!= IS_STRING){
RETURN_FALSE;
}
isPart = 1;
}else{
isPart = 0;
zend_is_auto_global_str(ZEND_STRL("_SERVER"));
zval *server_vars;
if ((server_vars = zend_hash_str_find(&EG(symbol_table), ZEND_STRL("_SERVER"))) != NULL && Z_TYPE_P(server_vars) == IS_ARRAY){
if((path= zend_hash_str_find(Z_ARRVAL_P(server_vars), ZEND_STRL("PATH_INFO")))!=NULL && Z_TYPE_P(path) == IS_STRING) {
//
}else if((path= zend_hash_str_find(Z_ARRVAL_P(server_vars), ZEND_STRL("REQUEST_URI")))!=NULL && Z_TYPE_P(path) == IS_STRING) {
//
}else{
debug("path not set in params or server.path_info, server.request_uri");
RETURN_FALSE;
}
}
}
/* Skip leading / */
int len = Z_STRLEN_P(path);
int start=0;
for(start=0;start<len;start++){
if(*(Z_STRVAL_P(path)+start) != '/'){
break;
}
}
zval url;
php_url *resource=NULL;
resource = php_url_parse(Z_STRVAL_P(path)+start);
if(resource != NULL){
if(resource->path != NULL){
ZVAL_STRING(&url,resource->path);
}else{
ZVAL_STRING(&url,Z_STRVAL_P(path));
}
php_url_free(resource);
}else{
ZVAL_STRING(&url,Z_STRVAL_P(path));
}
zend_update_static_property(slightphp_ce_ptr,"pathInfo",sizeof("pathInfo")-1,&url TSRMLS_CC);
//zend_print_flat_zval_r(path);
//}}}
array_init(&path_array);
{
//{{{
zval quotedFlag;
regex_t re;
char *regex;
regmatch_t subs[1];
int err,size;
char *strp = Z_STRVAL(url);
char *endp = strp + Z_STRLEN(url);
zval *splitFlag = zend_read_static_property(slightphp_ce_ptr,"splitFlag",sizeof("splitFlag")-1,1 );
if(preg_quote(splitFlag,"edFlag)>0){
spprintf(®ex,0,"[%s\\/]",Z_STRVAL(quotedFlag));
}else{
spprintf(®ex,0,"[\\/]");
}
err = regcomp(&re, regex, REG_ICASE);
if (err) {
}else{
while (!(err = regexec(&re, strp, 1, subs, 0))) {
if (subs[0].rm_so == 0 && subs[0].rm_eo) {
//ignore empty string
strp += subs[0].rm_eo;
}else if (subs[0].rm_so == 0 && subs[0].rm_eo == 0) {
}else{
size = subs[0].rm_so;
add_next_index_stringl(&path_array, strp, size);
strp += size;
}
}
if (!err || err == REG_NOMATCH) {
size = endp - strp;
if(size>0) add_next_index_stringl(&path_array, strp, size);
}
regfree(&re);
}
efree(regex);
zval_dtor("edFlag);
//}}}
if((zone = zend_hash_index_find(Z_ARRVAL(path_array), 0)) != NULL ) {
}
if((page = zend_hash_index_find(Z_ARRVAL(path_array), 1)) != NULL ) {
}
if((entry = zend_hash_index_find(Z_ARRVAL(path_array), 2)) != NULL) {
}
}
if(!zone){
zone = zend_read_static_property(slightphp_ce_ptr,"defaultZone",sizeof("defaultZone")-1,1 );
add_next_index_string(&path_array, Z_STRVAL_P(zone));
}
if(!page){
page = zend_read_static_property(slightphp_ce_ptr,"defaultPage",sizeof("defaultPage")-1,1 );
add_next_index_string(&path_array, Z_STRVAL_P(page));
}
if(!entry){
entry = zend_read_static_property(slightphp_ce_ptr,"defaultEntry",sizeof("defaultEntry")-1,1 );
add_next_index_string(&path_array, Z_STRVAL_P(entry));
}
//{{{
zval *zoneAlias = zend_read_static_property(slightphp_ce_ptr,"zoneAlias",sizeof("zoneAlias")-1,1 );
if(zoneAlias && Z_TYPE_P(zoneAlias)==IS_ARRAY){
zend_ulong num_key;
zend_string *string_key= NULL;
HashPosition pos;
zval *entry2=NULL;
zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(zoneAlias), &pos);
for (;; zend_hash_move_forward_ex(Z_ARRVAL_P(zoneAlias), &pos)) {
if (NULL == (entry2= zend_hash_get_current_data_ex(Z_ARRVAL_P(zoneAlias), &pos))) {
break;
}
if(strcmp(Z_STRVAL_P(entry2) ,Z_STRVAL_P(zone))==0){
switch (pos = zend_hash_get_current_key_ex(Z_ARRVAL_P(zoneAlias), &string_key, &num_key,&pos)) {
case HASH_KEY_IS_STRING:
ZVAL_STR_COPY(zone,string_key);
break;
}
}
}
}
//}}}
if(!isPart){
zend_update_static_property(slightphp_ce_ptr,"zone",sizeof("zone")-1,zone );
zend_update_static_property(slightphp_ce_ptr,"page",sizeof("page")-1,page );
zend_update_static_property(slightphp_ce_ptr,"entry",sizeof("entry")-1,entry );
}else{
if(
strcmp(Z_STRVAL_P(zone),Z_STRVAL_P(zend_read_static_property(slightphp_ce_ptr,"zone",sizeof("zone")-1,1 )))==0
&&
strcmp(Z_STRVAL_P(page),Z_STRVAL_P(zend_read_static_property(slightphp_ce_ptr,"page",sizeof("page")-1,1 )))==0
&&
strcmp(Z_STRVAL_P(entry),Z_STRVAL_P(zend_read_static_property(slightphp_ce_ptr,"entry",sizeof("entry")-1,1 )))==0
){
debug("part ignored [%s]",Z_STRVAL(url));
zval_dtor(&path_array);
zval_dtor(&url);
return;
}
}
zval *appDir = zend_read_static_property(slightphp_ce_ptr,"appDir",sizeof("appDir")-1,1 );
if(slightphp_load(appDir,zone,page ) == SUCCESS){
zval ret;
if(slightphp_run(zone,page,entry,&ret,1,&path_array)==SUCCESS){
zval_dtor(&path_array);
zval_dtor(&url);
RETURN_ZVAL(&ret,0,1);
};
}
zval_dtor(&url);
zval_dtor(&path_array);
RETURN_FALSE;
}
php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path, char *mode, int options, char **opened_path, php_stream_context *context, int redirect_max, int header_init STREAMS_DC TSRMLS_DC)
{
php_stream *stream = NULL;
php_url *resource = NULL;
int use_ssl;
int use_proxy = 0;
char *scratch = NULL;
char *tmp = NULL;
char *ua_str = NULL;
zval **ua_zval = NULL, **tmpzval = NULL;
int scratch_len = 0;
int body = 0;
char location[HTTP_HEADER_BLOCK_SIZE];
zval *response_header = NULL;
int reqok = 0;
char *http_header_line = NULL;
char tmp_line[128];
size_t chunk_size = 0, file_size = 0;
int eol_detect = 0;
char *transport_string, *errstr = NULL;
int transport_len, have_header = 0, request_fulluri = 0;
char *protocol_version = NULL;
int protocol_version_len = 3; /* Default: "1.0" */
struct timeval timeout;
char *user_headers = NULL;
tmp_line[0] = '\0';
if (redirect_max < 1) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Redirection limit reached, aborting");
return NULL;
}
resource = php_url_parse(path);
if (resource == NULL) {
return NULL;
}
if (strncasecmp(resource->scheme, "http", sizeof("http")) && strncasecmp(resource->scheme, "https", sizeof("https"))) {
if (!context ||
php_stream_context_get_option(context, wrapper->wops->label, "proxy", &tmpzval) == FAILURE ||
Z_TYPE_PP(tmpzval) != IS_STRING ||
Z_STRLEN_PP(tmpzval) <= 0) {
php_url_free(resource);
return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
}
/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
request_fulluri = 1;
use_ssl = 0;
use_proxy = 1;
transport_len = Z_STRLEN_PP(tmpzval);
transport_string = estrndup(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
} else {
/* Normal http request (possibly with proxy) */
if (strpbrk(mode, "awx+")) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP wrapper does not support writeable connections");
php_url_free(resource);
return NULL;
}
use_ssl = resource->scheme && (strlen(resource->scheme) > 4) && resource->scheme[4] == 's';
/* choose default ports */
if (use_ssl && resource->port == 0)
resource->port = 443;
else if (resource->port == 0)
resource->port = 80;
if (context &&
php_stream_context_get_option(context, wrapper->wops->label, "proxy", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING &&
Z_STRLEN_PP(tmpzval) > 0) {
use_proxy = 1;
transport_len = Z_STRLEN_PP(tmpzval);
transport_string = estrndup(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
} else {
transport_len = spprintf(&transport_string, 0, "%s://%s:%d", use_ssl ? "ssl" : "tcp", resource->host, resource->port);
}
}
if (context && php_stream_context_get_option(context, wrapper->wops->label, "timeout", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_double_ex(tmpzval);
timeout.tv_sec = (time_t) Z_DVAL_PP(tmpzval);
timeout.tv_usec = (size_t) ((Z_DVAL_PP(tmpzval) - timeout.tv_sec) * 1000000);
} else {
timeout.tv_sec = FG(default_socket_timeout);
timeout.tv_usec = 0;
}
stream = php_stream_xport_create(transport_string, transport_len, options,
STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
NULL, &timeout, context, &errstr, NULL);
if (stream) {
php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout);
}
if (errstr) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "%s", errstr);
efree(errstr);
errstr = NULL;
}
efree(transport_string);
if (stream && use_proxy && use_ssl) {
smart_str header = {0};
smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1);
smart_str_appends(&header, resource->host);
smart_str_appendc(&header, ':');
smart_str_append_unsigned(&header, resource->port);
smart_str_appendl(&header, " HTTP/1.0\r\n\r\n", sizeof(" HTTP/1.0\r\n\r\n")-1);
if (php_stream_write(stream, header.c, header.len) != header.len) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Cannot connect to HTTPS server through proxy");
php_stream_close(stream);
stream = NULL;
}
smart_str_free(&header);
if (stream) {
char header_line[HTTP_HEADER_BLOCK_SIZE];
/* get response header */
while (php_stream_gets(stream, header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) {
if (header_line[0] == '\n' ||
header_line[0] == '\r' ||
header_line[0] == '\0') {
break;
}
}
}
/* enable SSL transport layer */
if (stream) {
if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL TSRMLS_CC) < 0 ||
php_stream_xport_crypto_enable(stream, 1 TSRMLS_CC) < 0) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Cannot connect to HTTPS server through proxy");
php_stream_close(stream);
stream = NULL;
}
}
}
if (stream == NULL)
goto out;
/* avoid buffering issues while reading header */
if (options & STREAM_WILL_CAST)
chunk_size = php_stream_set_chunk_size(stream, 1);
/* avoid problems with auto-detecting when reading the headers -> the headers
* are always in canonical \r\n format */
eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
php_stream_context_set(stream, context);
php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
if (header_init && context && php_stream_context_get_option(context, "http", "max_redirects", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_long_ex(tmpzval);
redirect_max = Z_LVAL_PP(tmpzval);
}
if (context && php_stream_context_get_option(context, "http", "method", &tmpzval) == SUCCESS) {
if (Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) {
scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
scratch = emalloc(scratch_len);
strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
strcat(scratch, " ");
}
}
if (context && php_stream_context_get_option(context, "http", "protocol_version", &tmpzval) == SUCCESS) {
SEPARATE_ZVAL(tmpzval);
convert_to_double_ex(tmpzval);
protocol_version_len = spprintf(&protocol_version, 0, "%.1F", Z_DVAL_PP(tmpzval));
}
if (!scratch) {
scratch_len = strlen(path) + 29 + protocol_version_len;
scratch = emalloc(scratch_len);
strcpy(scratch, "GET ");
}
/* Should we send the entire path in the request line, default to no. */
if (!request_fulluri &&
context &&
php_stream_context_get_option(context, "http", "request_fulluri", &tmpzval) == SUCCESS) {
zval tmp = **tmpzval;
zval_copy_ctor(&tmp);
convert_to_boolean(&tmp);
request_fulluri = Z_BVAL(tmp) ? 1 : 0;
zval_dtor(&tmp);
}
if (request_fulluri) {
/* Ask for everything */
strcat(scratch, path);
} else {
/* Send the traditional /path/to/file?query_string */
/* file */
if (resource->path && *resource->path) {
strlcat(scratch, resource->path, scratch_len);
} else {
strlcat(scratch, "/", scratch_len);
}
/* query string */
if (resource->query) {
strlcat(scratch, "?", scratch_len);
strlcat(scratch, resource->query, scratch_len);
}
}
/* protocol version we are speaking */
if (protocol_version) {
strlcat(scratch, " HTTP/", scratch_len);
strlcat(scratch, protocol_version, scratch_len);
strlcat(scratch, "\r\n", scratch_len);
efree(protocol_version);
protocol_version = NULL;
} else {
strlcat(scratch, " HTTP/1.0\r\n", scratch_len);
}
/* send it */
php_stream_write(stream, scratch, strlen(scratch));
if (context &&
php_stream_context_get_option(context, "http", "header", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval)) {
/* Remove newlines and spaces from start and end,
php_trim will estrndup() */
tmp = php_trim(Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval), NULL, 0, NULL, 3 TSRMLS_CC);
if (strlen(tmp) > 0) {
if (!header_init) { /* Remove post headers for redirects */
int l = strlen(tmp);
char *s, *s2, *tmp_c = estrdup(tmp);
php_strtolower(tmp_c, l);
if ((s = strstr(tmp_c, "content-length:"))) {
if ((s2 = memchr(s, '\n', tmp_c + l - s))) {
int b = tmp_c + l - 1 - s2;
memmove(tmp, tmp + (s2 + 1 - tmp_c), b);
memmove(tmp_c, s2 + 1, b);
} else {
tmp[s - tmp_c] = *s = '\0';
}
l = strlen(tmp_c);
}
if ((s = strstr(tmp_c, "content-type:"))) {
if ((s2 = memchr(s, '\n', tmp_c + l - s))) {
memmove(tmp, tmp + (s2 + 1 - tmp_c), tmp_c + l - 1 - s2);
} else {
tmp[s - tmp_c] = '\0';
}
}
efree(tmp_c);
tmp_c = php_trim(tmp, strlen(tmp), NULL, 0, NULL, 3 TSRMLS_CC);
efree(tmp);
tmp = tmp_c;
}
user_headers = estrdup(tmp);
/* Make lowercase for easy comparison against 'standard' headers */
php_strtolower(tmp, strlen(tmp));
if (strstr(tmp, "user-agent:")) {
have_header |= HTTP_HEADER_USER_AGENT;
}
if (strstr(tmp, "host:")) {
have_header |= HTTP_HEADER_HOST;
}
if (strstr(tmp, "from:")) {
have_header |= HTTP_HEADER_FROM;
}
if (strstr(tmp, "authorization:")) {
have_header |= HTTP_HEADER_AUTH;
}
if (strstr(tmp, "content-length:")) {
have_header |= HTTP_HEADER_CONTENT_LENGTH;
}
if (strstr(tmp, "content-type:")) {
have_header |= HTTP_HEADER_TYPE;
}
}
efree(tmp);
}
/* auth header if it was specified */
if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user && resource->pass) {
/* decode the strings first */
php_url_decode(resource->user, strlen(resource->user));
php_url_decode(resource->pass, strlen(resource->pass));
/* scratch is large enough, since it was made large enough for the whole URL */
strcpy(scratch, resource->user);
strcat(scratch, ":");
strcat(scratch, resource->pass);
tmp = php_base64_encode((unsigned char*)scratch, strlen(scratch), NULL);
if (snprintf(scratch, scratch_len, "Authorization: Basic %s\r\n", tmp) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0);
}
efree(tmp);
tmp = NULL;
}
/* if the user has configured who they are, send a From: line */
if (((have_header & HTTP_HEADER_FROM) == 0) && cfg_get_string("from", &tmp) == SUCCESS) {
if (snprintf(scratch, scratch_len, "From: %s\r\n", tmp) > 0)
php_stream_write(stream, scratch, strlen(scratch));
}
/* Send Host: header so name-based virtual hosts work */
if ((have_header & HTTP_HEADER_HOST) == 0) {
if ((use_ssl && resource->port != 443 && resource->port != 0) ||
(!use_ssl && resource->port != 80 && resource->port != 0)) {
if (snprintf(scratch, scratch_len, "Host: %s:%i\r\n", resource->host, resource->port) > 0)
php_stream_write(stream, scratch, strlen(scratch));
} else {
if (snprintf(scratch, scratch_len, "Host: %s\r\n", resource->host) > 0) {
php_stream_write(stream, scratch, strlen(scratch));
}
}
}
if (context &&
php_stream_context_get_option(context, "http", "user_agent", &ua_zval) == SUCCESS &&
Z_TYPE_PP(ua_zval) == IS_STRING) {
ua_str = Z_STRVAL_PP(ua_zval);
} else if (FG(user_agent)) {
ua_str = FG(user_agent);
}
if (((have_header & HTTP_HEADER_USER_AGENT) == 0) && ua_str) {
#define _UA_HEADER "User-Agent: %s\r\n"
char *ua;
size_t ua_len;
ua_len = sizeof(_UA_HEADER) + strlen(ua_str);
/* ensure the header is only sent if user_agent is not blank */
if (ua_len > sizeof(_UA_HEADER)) {
ua = emalloc(ua_len + 1);
if ((ua_len = slprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) {
ua[ua_len] = 0;
php_stream_write(stream, ua, ua_len);
} else {
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot construct User-agent header");
}
if (ua) {
efree(ua);
}
}
}
if (user_headers) {
/* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST
* see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first.
*/
if (
header_init &&
context &&
!(have_header & HTTP_HEADER_CONTENT_LENGTH) &&
php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0
) {
scratch_len = slprintf(scratch, scratch_len, "Content-Length: %d\r\n", Z_STRLEN_PP(tmpzval));
php_stream_write(stream, scratch, scratch_len);
have_header |= HTTP_HEADER_CONTENT_LENGTH;
}
php_stream_write(stream, user_headers, strlen(user_headers));
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
efree(user_headers);
}
/* Request content, such as for POST requests */
if (header_init && context &&
php_stream_context_get_option(context, "http", "content", &tmpzval) == SUCCESS &&
Z_TYPE_PP(tmpzval) == IS_STRING && Z_STRLEN_PP(tmpzval) > 0) {
if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) {
scratch_len = slprintf(scratch, scratch_len, "Content-Length: %d\r\n", Z_STRLEN_PP(tmpzval));
php_stream_write(stream, scratch, scratch_len);
}
if (!(have_header & HTTP_HEADER_TYPE)) {
php_stream_write(stream, "Content-Type: application/x-www-form-urlencoded\r\n",
sizeof("Content-Type: application/x-www-form-urlencoded\r\n") - 1);
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Content-type not specified assuming application/x-www-form-urlencoded");
}
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
php_stream_write(stream, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval));
php_stream_write(stream, "\r\n\r\n", sizeof("\r\n\r\n")-1);
} else {
php_stream_write(stream, "\r\n", sizeof("\r\n")-1);
}
location[0] = '\0';
if (header_init) {
zval *tmp;
MAKE_STD_ZVAL(tmp);
array_init(tmp);
ZEND_SET_SYMBOL(EG(active_symbol_table), "http_response_header", tmp);
}
{
zval **rh;
zend_hash_find(EG(active_symbol_table), "http_response_header", sizeof("http_response_header"), (void **) &rh);
response_header = *rh;
}
if (!php_stream_eof(stream)) {
size_t tmp_line_len;
/* get response header */
if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
zval *http_response;
int response_code;
if (tmp_line_len > 9) {
response_code = atoi(tmp_line + 9);
} else {
response_code = 0;
}
/* when we request only the header, don't fail even on error codes */
if (options & STREAM_ONLY_GET_HEADERS) {
reqok = 1;
}
switch(response_code) {
case 200:
case 206: /* partial content */
case 302:
case 303:
case 301:
reqok = 1;
break;
case 403:
php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT,
tmp_line, response_code);
break;
default:
/* safety net in the event tmp_line == NULL */
if (!tmp_line_len) {
tmp_line[0] = '\0';
}
php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE,
tmp_line, response_code);
}
if (tmp_line[tmp_line_len - 1] == '\n') {
--tmp_line_len;
if (tmp_line[tmp_line_len - 1] == '\r') {
--tmp_line_len;
}
}
MAKE_STD_ZVAL(http_response);
ZVAL_STRINGL(http_response, tmp_line, tmp_line_len, 1);
zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response, sizeof(zval *), NULL);
}
} else {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "HTTP request failed, unexpected end of socket!");
goto out;
}
/* read past HTTP headers */
http_header_line = emalloc(HTTP_HEADER_BLOCK_SIZE);
while (!body && !php_stream_eof(stream)) {
size_t http_header_line_length;
if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
char *e = http_header_line + http_header_line_length - 1;
while (*e == '\n' || *e == '\r') {
e--;
}
http_header_line_length = e - http_header_line + 1;
http_header_line[http_header_line_length] = '\0';
if (!strncasecmp(http_header_line, "Location: ", 10)) {
strlcpy(location, http_header_line + 10, sizeof(location));
} else if (!strncasecmp(http_header_line, "Content-Type: ", 14)) {
php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_line + 14, 0);
} else if (!strncasecmp(http_header_line, "Content-Length: ", 16)) {
file_size = atoi(http_header_line + 16);
php_stream_notify_file_size(context, file_size, http_header_line, 0);
}
if (http_header_line[0] == '\0') {
body = 1;
} else {
zval *http_header;
MAKE_STD_ZVAL(http_header);
ZVAL_STRINGL(http_header, http_header_line, http_header_line_length, 1);
zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header, sizeof(zval *), NULL);
}
} else {
break;
}
}
if (!reqok || location[0] != '\0') {
if (options & STREAM_ONLY_GET_HEADERS && redirect_max <= 1) {
goto out;
}
if (location[0] != '\0')
php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0);
php_stream_close(stream);
stream = NULL;
if (location[0] != '\0') {
char new_path[HTTP_HEADER_BLOCK_SIZE];
char loc_path[HTTP_HEADER_BLOCK_SIZE];
*new_path='\0';
if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) &&
strncasecmp(location, "https://", sizeof("https://")-1) &&
strncasecmp(location, "ftp://", sizeof("ftp://")-1) &&
strncasecmp(location, "ftps://", sizeof("ftps://")-1)))
{
if (*location != '/') {
if (*(location+1) != '\0' && resource->path) {
char *s = strrchr(resource->path, '/');
if (!s) {
s = resource->path;
if (!s[0]) {
efree(s);
s = resource->path = estrdup("/");
} else {
*s = '/';
}
}
s[1] = '\0';
if (resource->path && *(resource->path) == '/' && *(resource->path + 1) == '\0') {
snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", resource->path, location);
} else {
snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", resource->path, location);
}
} else {
snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location);
}
} else {
strlcpy(loc_path, location, sizeof(loc_path));
}
if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", resource->scheme, resource->host, resource->port, loc_path);
} else {
snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", resource->scheme, resource->host, loc_path);
}
} else {
strlcpy(new_path, location, sizeof(new_path));
}
php_url_free(resource);
/* check for invalid redirection URLs */
if ((resource = php_url_parse(new_path)) == NULL) {
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect URL! %s", new_path);
goto out;
}
#define CHECK_FOR_CNTRL_CHARS(val) { \
if (val) { \
unsigned char *s, *e; \
int l; \
l = php_url_decode(val, strlen(val)); \
s = val; e = s + l; \
while (s < e) { \
if (iscntrl(*s)) { \
php_stream_wrapper_log_error(wrapper, options TSRMLS_CC, "Invalid redirect URL! %s", new_path); \
goto out; \
} \
s++; \
} \
} \
} \
/* check for control characters in login, password & path */
if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) {
CHECK_FOR_CNTRL_CHARS(resource->user)
CHECK_FOR_CNTRL_CHARS(resource->pass)
CHECK_FOR_CNTRL_CHARS(resource->path)
}
stream = php_stream_url_wrap_http_ex(wrapper, new_path, mode, options, opened_path, context, --redirect_max, 0 STREAMS_CC TSRMLS_CC);
} else {
