- Changed port validation introduced in commit #308035 to consider

negative ports and ports > 65535 as invalid. The tests that fail due to #308035 in the standard ext were not fixed. If the behavior in those tests turns out to be the desirable one, both this commit and #308035 ought to be reverted or at least adapted.
2024-11-28 04:14:26 +08:00 · 2011-02-05 22:37:00 +00:00 · 2011-02-05 22:37:00 +00:00 · a888ee434b
commit a888ee434b
parent 218448bfa0
3 changed files with 25 additions and 13 deletions
--- a/2
+++ b/2
@ -48,7 +48,7 @@

 - Filter extension:
  . Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number).
-    (Ilia)
+    (Ilia, Gustavo)
  . Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges).
    (Ilia)
  . Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
--- a/ext/filter/tests/015.phpt
+++ b/ext/filter/tests/015.phpt
@ -28,7 +28,10 @@ array(),
 'news:news.php.net',
 'file://foo/bar',
 "http://\r\n/bar",
-"http://example.com:qq"
+"http://example.com:qq",
+"http://example.com:-2",
+"http://example.com:65536",
+"http://example.com:65537",
 );
 foreach ($values as $value) {
 	var_dump(filter_var($value, FILTER_VALIDATE_URL));
@ -72,6 +75,9 @@ string(14) "file://foo/bar"
 bool(false)
 bool(false)
 bool(false)
+bool(false)
+bool(false)
+bool(false)
 string(10) "http://qwe"
 bool(false)
 bool(false)
@ -80,4 +86,4 @@ bool(false)
 string(42) "http://www.example.com/path/at/the/server/"
 bool(false)
 string(40) "http://www.example.com/index.php?a=b&c=d"
-Done
+Done
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@ -176,7 +176,7 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 				}	
 			}
 		}	
-	} else if (e) { /* no scheme, look for port */
+	} else if (e) { /* no scheme; starts with colon: look for port */
 		parse_port:
 		p = e + 1;
 		pp = p;
@ -185,11 +185,14 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 			pp++;
 		}

-		if (pp-p < 6 && (*pp == '/' || *pp == '\0')) {
-			memcpy(port_buf, p, (pp-p));
-			port_buf[pp-p] = '\0';
-			ret->port = atoi(port_buf);
-			if (!ret->port && (pp - p) > 0) {
+		if (pp - p > 0 && pp - p < 6 && (*pp == '/' || *pp == '\0')) {
+			long port;
+			memcpy(port_buf, p, (pp - p));
+			port_buf[pp - p] = '\0';
+			port = strtol(port_buf, NULL, 10);
+			if (port > 0 && port <= 65535) {
+				ret->port = (unsigned short) port;
+			} else {
 				STR_FREE(ret->scheme);
 				efree(ret);
 				return NULL;
@ -269,10 +272,13 @@ PHPAPI php_url *php_url_parse_ex(char const *str, int length)
 				efree(ret);
 				return NULL;
 			} else if (e - p > 0) {
-				memcpy(port_buf, p, (e-p));
-				port_buf[e-p] = '\0';
-				ret->port = atoi(port_buf);
-				if (!ret->port && (e - p)) {
+				long port;
+				memcpy(port_buf, p, (e - p));
+				port_buf[e - p] = '\0';
+				port = strtol(port_buf, NULL, 10);
+				if (port > 0 && port <= 65535) {
+					ret->port = (unsigned short)port;
+				} else {
 					STR_FREE(ret->scheme);
 					STR_FREE(ret->user);
 					STR_FREE(ret->pass);