/* get the key of the url just host + port*/
static int gen_key(char *url, uint url_len, char **key, uint *key_len)
{
php_url *p_url;
uint len;
p_url = php_url_parse_ex(url, url_len);
len = strlen(p_url->host);
char port[10];
sprintf(port, "%d", p_url->port);
*key_len = len + strlen(port)+1;
*key = pemalloc(*key_len, 1);
strcpy(*key, p_url->host);
strcat(*key, port);
php_url_free(p_url);
return 0;
}
static int check_host_whitelist(url_adapt_state_ex_t *ctx)
{
php_url *url_parts = NULL;
HashTable *allowed_hosts = ctx->type ? &BG(url_adapt_session_hosts_ht) : &BG(url_adapt_output_hosts_ht);
ZEND_ASSERT(ctx->tag_type == TAG_FORM);
if (ctx->attr_val.s && ZSTR_LEN(ctx->attr_val.s)) {
url_parts = php_url_parse_ex(ZSTR_VAL(ctx->attr_val.s), ZSTR_LEN(ctx->attr_val.s));
} else {
return SUCCESS; /* empty URL is valid */
}
if (!url_parts) {
return FAILURE;
}
if (url_parts->scheme) {
/* Only http/https should be handled.
A bit hacky check this here, but saves a URL parse. */
if (strcasecmp(url_parts->scheme, "http") &&
strcasecmp(url_parts->scheme, "https")) {
php_url_free(url_parts);
return FAILURE;
}
}
if (!url_parts->host) {
php_url_free(url_parts);
return SUCCESS;
}
if (!zend_hash_num_elements(allowed_hosts) &&
check_http_host(url_parts->host) == SUCCESS) {
php_url_free(url_parts);
return SUCCESS;
}
if (!zend_hash_str_find(allowed_hosts,
url_parts->host,
strlen(url_parts->host))) {
php_url_free(url_parts);
return FAILURE;
}
php_url_free(url_parts);
return SUCCESS;
}
void skyray_http_request_resolve_queries_if_needed(skyray_http_request_t *self)
{
if (!ZVAL_IS_NULL(&self->query_params) || ZVAL_IS_NULL(&self->uri)) {
return;
}
array_init(&self->query_params);
php_url *url = php_url_parse_ex(Z_STR(self->uri)->val, Z_STR(self->uri)->len);
if (!url->query) {
php_url_free(url);
return;
}
zend_string *query = zend_string_init(url->query, strlen(url->query), 0);
char *res = estrdup(url->query);
sapi_module.treat_data(PARSE_STRING, res, &self->query_params);
zend_string_free(query);
php_url_free(url);
}
static int oauth_provider_token_required(zval *provider_obj, char* uri)
{
zval *is_req_token_api, rv;
is_req_token_api = zend_read_property(Z_OBJCE_P(provider_obj), provider_obj, "request_token_endpoint", sizeof("request_token_endpoint") - 1, 1, &rv);
if (Z_TYPE_P(is_req_token_api) == IS_FALSE) {
php_oauth_provider *sop;
sop = fetch_sop_object(provider_obj);
/* do uri matching on the relative path */
if (sop->endpoint_paths[OAUTH_PROVIDER_PATH_REQUEST]) {
const char *reqtoken_path = sop->endpoint_paths[OAUTH_PROVIDER_PATH_REQUEST];
int uri_matched = 0;
if (reqtoken_path[0]=='/') {
/* match against relative url */
php_url *urlparts = php_url_parse_ex(uri, strlen(uri));
uri_matched = urlparts && 0==strncmp(urlparts->path, reqtoken_path, strlen(reqtoken_path));
php_url_free(urlparts);
} else {
/* match against full uri */
uri_matched = 0==strncmp(uri, reqtoken_path, strlen(reqtoken_path));
}
/* token required if no match was found */
if (uri_matched) {
ZVAL_BOOL(is_req_token_api, 1);
return 0;
}
}
/* no matches, token required */
return 1;
}
return 0;
}
PHPAPI php_url *php_url_parse(char const *str)
{
return php_url_parse_ex(str, strlen(str));
}
static inline void append_modified_url(smart_str *url, smart_str *dest, smart_str *url_app, const char *separator)
{
php_url *url_parts;
char *tmp;
size_t tmp_len;
smart_str_0(url); /* FIXME: Bug #70480 php_url_parse_ex() crashes by processing chars exceed len */
url_parts = php_url_parse_ex(ZSTR_VAL(url->s), ZSTR_LEN(url->s));
/* Ignore malformed URLs */
if (!url_parts) {
smart_str_append_smart_str(dest, url);
return;
}
/* Check protocol. Only http/https is allowed. */
if (url_parts->scheme
&& strcasecmp("http", url_parts->scheme)
&& strcasecmp("https", url_parts->scheme)) {
smart_str_append_smart_str(dest, url);
php_url_free(url_parts);
return;
}
/* Check host whitelist. If it's not listed, do nothing. */
if (url_parts->host
&& (tmp_len = strlen(url_parts->host))
&& (tmp = php_strtolower(url_parts->host, tmp_len))
&& !zend_hash_str_find(&BG(url_adapt_session_hosts_ht), tmp, tmp_len)) {
smart_str_append_smart_str(dest, url);
php_url_free(url_parts);
return;
}
/*
* When URL does not have path and query string add "/?".
* i.e. If URL is only "?foo=bar", should not add "/?".
*/
if (!url_parts->path && !url_parts->query) {
/* URL is http://php.net or like */
smart_str_append_smart_str(dest, url);
smart_str_appendc(dest, '/');
smart_str_appendc(dest, '?');
smart_str_append_smart_str(dest, url_app);
/* There should not be fragment. Just return */
php_url_free(url_parts);
return;
}
if (url_parts->scheme) {
smart_str_appends(dest, url_parts->scheme);
smart_str_appends(dest, "://");
} else if (*(ZSTR_VAL(url->s)) == '/' && *(ZSTR_VAL(url->s)+1) == '/') {
smart_str_appends(dest, "//");
}
if (url_parts->user) {
smart_str_appends(dest, url_parts->user);
if (url_parts->pass) {
smart_str_appends(dest, url_parts->pass);
smart_str_appendc(dest, ':');
}
smart_str_appendc(dest, '@');
}
if (url_parts->host) {
smart_str_appends(dest, url_parts->host);
}
if (url_parts->port) {
smart_str_appendc(dest, ':');
smart_str_append_unsigned(dest, (long)url_parts->port);
}
if (url_parts->path) {
smart_str_appends(dest, url_parts->path);
}
smart_str_appendc(dest, '?');
if (url_parts->query) {
smart_str_appends(dest, url_parts->query);
smart_str_appends(dest, separator);
smart_str_append_smart_str(dest, url_app);
} else {
smart_str_append_smart_str(dest, url_app);
}
if (url_parts->fragment) {
smart_str_appendc(dest, '#');
smart_str_appends(dest, url_parts->fragment);
}
php_url_free(url_parts);
}
/* {{{ php_url_parse
*/
ZEND_API php_url *php_url_parse(const char *str)
{
return php_url_parse_ex(str, strlen(str));
}
