/* get the key of the url just host + port*/ static int gen_key(char *url, uint url_len, char **key, uint *key_len) { php_url *p_url; uint len; p_url = php_url_parse_ex(url, url_len); len = strlen(p_url->host); char port[10]; sprintf(port, "%d", p_url->port); *key_len = len + strlen(port)+1; *key = pemalloc(*key_len, 1); strcpy(*key, p_url->host); strcat(*key, port); php_url_free(p_url); return 0; }
static int check_host_whitelist(url_adapt_state_ex_t *ctx) { php_url *url_parts = NULL; HashTable *allowed_hosts = ctx->type ? &BG(url_adapt_session_hosts_ht) : &BG(url_adapt_output_hosts_ht); ZEND_ASSERT(ctx->tag_type == TAG_FORM); if (ctx->attr_val.s && ZSTR_LEN(ctx->attr_val.s)) { url_parts = php_url_parse_ex(ZSTR_VAL(ctx->attr_val.s), ZSTR_LEN(ctx->attr_val.s)); } else { return SUCCESS; /* empty URL is valid */ } if (!url_parts) { return FAILURE; } if (url_parts->scheme) { /* Only http/https should be handled. A bit hacky check this here, but saves a URL parse. */ if (strcasecmp(url_parts->scheme, "http") && strcasecmp(url_parts->scheme, "https")) { php_url_free(url_parts); return FAILURE; } } if (!url_parts->host) { php_url_free(url_parts); return SUCCESS; } if (!zend_hash_num_elements(allowed_hosts) && check_http_host(url_parts->host) == SUCCESS) { php_url_free(url_parts); return SUCCESS; } if (!zend_hash_str_find(allowed_hosts, url_parts->host, strlen(url_parts->host))) { php_url_free(url_parts); return FAILURE; } php_url_free(url_parts); return SUCCESS; }
void skyray_http_request_resolve_queries_if_needed(skyray_http_request_t *self) { if (!ZVAL_IS_NULL(&self->query_params) || ZVAL_IS_NULL(&self->uri)) { return; } array_init(&self->query_params); php_url *url = php_url_parse_ex(Z_STR(self->uri)->val, Z_STR(self->uri)->len); if (!url->query) { php_url_free(url); return; } zend_string *query = zend_string_init(url->query, strlen(url->query), 0); char *res = estrdup(url->query); sapi_module.treat_data(PARSE_STRING, res, &self->query_params); zend_string_free(query); php_url_free(url); }
static int oauth_provider_token_required(zval *provider_obj, char* uri) { zval *is_req_token_api, rv; is_req_token_api = zend_read_property(Z_OBJCE_P(provider_obj), provider_obj, "request_token_endpoint", sizeof("request_token_endpoint") - 1, 1, &rv); if (Z_TYPE_P(is_req_token_api) == IS_FALSE) { php_oauth_provider *sop; sop = fetch_sop_object(provider_obj); /* do uri matching on the relative path */ if (sop->endpoint_paths[OAUTH_PROVIDER_PATH_REQUEST]) { const char *reqtoken_path = sop->endpoint_paths[OAUTH_PROVIDER_PATH_REQUEST]; int uri_matched = 0; if (reqtoken_path[0]=='/') { /* match against relative url */ php_url *urlparts = php_url_parse_ex(uri, strlen(uri)); uri_matched = urlparts && 0==strncmp(urlparts->path, reqtoken_path, strlen(reqtoken_path)); php_url_free(urlparts); } else { /* match against full uri */ uri_matched = 0==strncmp(uri, reqtoken_path, strlen(reqtoken_path)); } /* token required if no match was found */ if (uri_matched) { ZVAL_BOOL(is_req_token_api, 1); return 0; } } /* no matches, token required */ return 1; } return 0; }
PHPAPI php_url *php_url_parse(char const *str) { return php_url_parse_ex(str, strlen(str)); }
static inline void append_modified_url(smart_str *url, smart_str *dest, smart_str *url_app, const char *separator) { php_url *url_parts; char *tmp; size_t tmp_len; smart_str_0(url); /* FIXME: Bug #70480 php_url_parse_ex() crashes by processing chars exceed len */ url_parts = php_url_parse_ex(ZSTR_VAL(url->s), ZSTR_LEN(url->s)); /* Ignore malformed URLs */ if (!url_parts) { smart_str_append_smart_str(dest, url); return; } /* Check protocol. Only http/https is allowed. */ if (url_parts->scheme && strcasecmp("http", url_parts->scheme) && strcasecmp("https", url_parts->scheme)) { smart_str_append_smart_str(dest, url); php_url_free(url_parts); return; } /* Check host whitelist. If it's not listed, do nothing. */ if (url_parts->host && (tmp_len = strlen(url_parts->host)) && (tmp = php_strtolower(url_parts->host, tmp_len)) && !zend_hash_str_find(&BG(url_adapt_session_hosts_ht), tmp, tmp_len)) { smart_str_append_smart_str(dest, url); php_url_free(url_parts); return; } /* * When URL does not have path and query string add "/?". * i.e. If URL is only "?foo=bar", should not add "/?". */ if (!url_parts->path && !url_parts->query) { /* URL is http://php.net or like */ smart_str_append_smart_str(dest, url); smart_str_appendc(dest, '/'); smart_str_appendc(dest, '?'); smart_str_append_smart_str(dest, url_app); /* There should not be fragment. Just return */ php_url_free(url_parts); return; } if (url_parts->scheme) { smart_str_appends(dest, url_parts->scheme); smart_str_appends(dest, "://"); } else if (*(ZSTR_VAL(url->s)) == '/' && *(ZSTR_VAL(url->s)+1) == '/') { smart_str_appends(dest, "//"); } if (url_parts->user) { smart_str_appends(dest, url_parts->user); if (url_parts->pass) { smart_str_appends(dest, url_parts->pass); smart_str_appendc(dest, ':'); } smart_str_appendc(dest, '@'); } if (url_parts->host) { smart_str_appends(dest, url_parts->host); } if (url_parts->port) { smart_str_appendc(dest, ':'); smart_str_append_unsigned(dest, (long)url_parts->port); } if (url_parts->path) { smart_str_appends(dest, url_parts->path); } smart_str_appendc(dest, '?'); if (url_parts->query) { smart_str_appends(dest, url_parts->query); smart_str_appends(dest, separator); smart_str_append_smart_str(dest, url_app); } else { smart_str_append_smart_str(dest, url_app); } if (url_parts->fragment) { smart_str_appendc(dest, '#'); smart_str_appends(dest, url_parts->fragment); } php_url_free(url_parts); }
/* {{{ php_url_parse */ ZEND_API php_url *php_url_parse(const char *str) { return php_url_parse_ex(str, strlen(str)); }