Home Explore Help
Sign In
8516
/
Test
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Test
/
EVSE
/
GPL
/
php-7.3.28
/
ext
/
standard
/
http_fopen_wrapper.c

http_fopen_wrapper.c 33 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034 
  1. /*
    2. 

  2.    +----------------------------------------------------------------------+
    3. 

  3.    | PHP Version 7                                                        |
    4. 

  4.    +----------------------------------------------------------------------+
    5. 

  5.    | Copyright (c) 1997-2018 The PHP Group                                |
    6. 

  6.    +----------------------------------------------------------------------+
    7. 

  7.    | This source file is subject to version 3.01 of the PHP license,      |
    8. 

  8.    | that is bundled with this package in the file LICENSE, and is        |
    9. 

  9.    | available through the world-wide-web at the following url:           |
    10. 

  10.    | http://www.php.net/license/3_01.txt                                  |
    11. 

  11.    | If you did not receive a copy of the PHP license and are unable to   |
    12. 

  12.    | obtain it through the world-wide-web, please send a note to          |
    13. 

  13.    | license@php.net so we can mail you a copy immediately.               |
    14. 

  14.    +----------------------------------------------------------------------+
    15. 

  15.    | Authors: Rasmus Lerdorf <rasmus@php.net>                             |
    16. 

  16.    |          Jim Winstead <jimw@php.net>                                 |
    17. 

  17.    |          Hartmut Holzgraefe <hholzgra@php.net>                       |
    18. 

  18.    |          Wez Furlong <wez@thebrainroom.com>                          |
    19. 

  19.    |          Sara Golemon <pollita@php.net>                              |
    20. 

  20.    +----------------------------------------------------------------------+
    21. 

  21.  */
    22. 

  22. 

  23. #include "php.h"
    24. 

  24. #include "php_globals.h"
    25. 

  25. #include "php_streams.h"
    26. 

  26. #include "php_network.h"
    27. 

  27. #include "php_ini.h"
    28. 

  28. #include "ext/standard/basic_functions.h"
    29. 

  29. #include "zend_smart_str.h"
    30. 

  30. 

  31. #include <stdio.h>
    32. 

  32. #include <stdlib.h>
    33. 

  33. #include <errno.h>
    34. 

  34. #include <sys/types.h>
    35. 

  35. #include <sys/stat.h>
    36. 

  36. #include <fcntl.h>
    37. 

  37. 

  38. #ifdef PHP_WIN32
    39. 

  39. #define O_RDONLY _O_RDONLY
    40. 

  40. #include "win32/param.h"
    41. 

  41. #else
    42. 

  42. #include <sys/param.h>
    43. 

  43. #endif
    44. 

  44. 

  45. #include "php_standard.h"
    46. 

  46. 

  47. #include <sys/types.h>
    48. 

  48. #if HAVE_SYS_SOCKET_H
    49. 

  49. #include <sys/socket.h>
    50. 

  50. #endif
    51. 

  51. 

  52. #ifdef PHP_WIN32
    53. 

  53. #include <winsock2.h>
    54. 

  54. #else
    55. 

  55. #include <netinet/in.h>
    56. 

  56. #include <netdb.h>
    57. 

  57. #if HAVE_ARPA_INET_H
    58. 

  58. #include <arpa/inet.h>
    59. 

  59. #endif
    60. 

  60. #endif
    61. 

  61. 

  62. #if defined(PHP_WIN32) || defined(__riscos__)
    63. 

  63. #undef AF_UNIX
    64. 

  64. #endif
    65. 

  65. 

  66. #if defined(AF_UNIX)
    67. 

  67. #include <sys/un.h>
    68. 

  68. #endif
    69. 

  69. 

  70. #include "php_fopen_wrappers.h"
    71. 

  71. 

  72. #define HTTP_HEADER_BLOCK_SIZE		1024
    73. 

  73. #define PHP_URL_REDIRECT_MAX		20
    74. 

  74. #define HTTP_HEADER_USER_AGENT		1
    75. 

  75. #define HTTP_HEADER_HOST			2
    76. 

  76. #define HTTP_HEADER_AUTH			4
    77. 

  77. #define HTTP_HEADER_FROM			8
    78. 

  78. #define HTTP_HEADER_CONTENT_LENGTH	16
    79. 

  79. #define HTTP_HEADER_TYPE			32
    80. 

  80. #define HTTP_HEADER_CONNECTION		64
    81. 

  81. 

  82. #define HTTP_WRAPPER_HEADER_INIT    1
    83. 

  83. #define HTTP_WRAPPER_REDIRECTED     2
    84. 

  84. 

  85. static inline void strip_header(char *header_bag, char *lc_header_bag,
    86. 

  86. 		const char *lc_header_name)
    87. 

  87. {
    88. 

  88. 	char *lc_header_start = strstr(lc_header_bag, lc_header_name);
    89. 

  89. 	char *header_start = header_bag + (lc_header_start - lc_header_bag);
    90. 

  90. 

  91. 	if (lc_header_start
    92. 

  92. 	&& (lc_header_start == lc_header_bag || *(lc_header_start-1) == '\n')
    93. 

  93. 	) {
    94. 

  94. 		char *lc_eol = strchr(lc_header_start, '\n');
    95. 

  95. 		char *eol = header_start + (lc_eol - lc_header_start);
    96. 

  96. 

  97. 		if (lc_eol) {
    98. 

  98. 			size_t eollen = strlen(lc_eol);
    99. 

  99. 

  100. 			memmove(lc_header_start, lc_eol+1, eollen);
    101. 

  101. 			memmove(header_start, eol+1, eollen);
    102. 

  102. 		} else {
    103. 

  103. 			*lc_header_start = '\0';
    104. 

  104. 			*header_start = '\0';
    105. 

  105. 		}
    106. 

  106. 	}
    107. 

  107. }
    108. 

  108. 

  109. static zend_bool check_has_header(const char *headers, const char *header) {
    110. 

  110. 	const char *s = headers;
    111. 

  111. 	while ((s = strstr(s, header))) {
    112. 

  112. 		if (s == headers || *(s-1) == '\n') {
    113. 

  113. 			return 1;
    114. 

  114. 		}
    115. 

  115. 		s++;
    116. 

  116. 	}
    117. 

  117. 	return 0;
    118. 

  118. }
    119. 

  119. 

  120. static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
    121. 

  121. 		const char *path, const char *mode, int options, zend_string **opened_path,
    122. 

  122. 		php_stream_context *context, int redirect_max, int flags,
    123. 

  123. 		zval *response_header STREAMS_DC) /* {{{ */
    124. 

  124. {
    125. 

  125. 	php_stream *stream = NULL;
    126. 

  126. 	php_url *resource = NULL;
    127. 

  127. 	int use_ssl;
    128. 

  128. 	int use_proxy = 0;
    129. 

  129. 	zend_string *tmp = NULL;
    130. 

  130. 	char *ua_str = NULL;
    131. 

  131. 	zval *ua_zval = NULL, *tmpzval = NULL, ssl_proxy_peer_name;
    132. 

  132. 	char location[HTTP_HEADER_BLOCK_SIZE];
    133. 

  133. 	int reqok = 0;
    134. 

  134. 	char *http_header_line = NULL;
    135. 

  135. 	char tmp_line[128];
    136. 

  136. 	size_t chunk_size = 0, file_size = 0;
    137. 

  137. 	int eol_detect = 0;
    138. 

  138. 	char *transport_string;
    139. 

  139. 	zend_string *errstr = NULL;
    140. 

  140. 	size_t transport_len;
    141. 

  141. 	int have_header = 0;
    142. 

  142. 	zend_bool request_fulluri = 0, ignore_errors = 0;
    143. 

  143. 	struct timeval timeout;
    144. 

  144. 	char *user_headers = NULL;
    145. 

  145. 	int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0);
    146. 

  146. 	int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0);
    147. 

  147. 	zend_bool follow_location = 1;
    148. 

  148. 	php_stream_filter *transfer_encoding = NULL;
    149. 

  149. 	int response_code;
    150. 

  150. 	smart_str req_buf = {0};
    151. 

  151. 	zend_bool custom_request_method;
    152. 

  152. 

  153. 	tmp_line[0] = '\0';
    154. 

  154. 

  155. 	if (redirect_max < 1) {
    156. 

  156. 		php_stream_wrapper_log_error(wrapper, options, "Redirection limit reached, aborting");
    157. 

  157. 		return NULL;
    158. 

  158. 	}
    159. 

  159. 

  160. 	resource = php_url_parse(path);
    161. 

  161. 	if (resource == NULL) {
    162. 

  162. 		return NULL;
    163. 

  163. 	}
    164. 

  164. 

  165. 	if (!zend_string_equals_literal_ci(resource->scheme, "http") &&
    166. 

  166. 		!zend_string_equals_literal_ci(resource->scheme, "https")) {
    167. 

  167. 		if (!context ||
    168. 

  168. 			(tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) == NULL ||
    169. 

  169. 			Z_TYPE_P(tmpzval) != IS_STRING ||
    170. 

  170. 			Z_STRLEN_P(tmpzval) == 0) {
    171. 

  171. 			php_url_free(resource);
    172. 

  172. 			return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
    173. 

  173. 		}
    174. 

  174. 		/* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
    175. 

  175. 		request_fulluri = 1;
    176. 

  176. 		use_ssl = 0;
    177. 

  177. 		use_proxy = 1;
    178. 

  178. 

  179. 		transport_len = Z_STRLEN_P(tmpzval);
    180. 

  180. 		transport_string = estrndup(Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
    181. 

  181. 	} else {
    182. 

  182. 		/* Normal http request (possibly with proxy) */
    183. 

  183. 

  184. 		if (strpbrk(mode, "awx+")) {
    185. 

  185. 			php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper does not support writeable connections");
    186. 

  186. 			php_url_free(resource);
    187. 

  187. 			return NULL;
    188. 

  188. 		}
    189. 

  189. 

  190. 		use_ssl = resource->scheme && (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's';
    191. 

  191. 		/* choose default ports */
    192. 

  192. 		if (use_ssl && resource->port == 0)
    193. 

  193. 			resource->port = 443;
    194. 

  194. 		else if (resource->port == 0)
    195. 

  195. 			resource->port = 80;
    196. 

  196. 

  197. 		if (context &&
    198. 

  198. 			(tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) != NULL &&
    199. 

  199. 			Z_TYPE_P(tmpzval) == IS_STRING &&
    200. 

  200. 			Z_STRLEN_P(tmpzval) > 0) {
    201. 

  201. 			use_proxy = 1;
    202. 

  202. 			transport_len = Z_STRLEN_P(tmpzval);
    203. 

  203. 			transport_string = estrndup(Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
    204. 

  204. 		} else {
    205. 

  205. 			transport_len = spprintf(&transport_string, 0, "%s://%s:%d", use_ssl ? "ssl" : "tcp", ZSTR_VAL(resource->host), resource->port);
    206. 

  206. 		}
    207. 

  207. 	}
    208. 

  208. 

  209. 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
    210. 

  210. 		double d = zval_get_double(tmpzval);
    211. 

  211. #ifndef PHP_WIN32
    212. 

  212. 		timeout.tv_sec = (time_t) d;
    213. 

  213. 		timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);
    214. 

  214. #else
    215. 

  215. 		timeout.tv_sec = (long) d;
    216. 

  216. 		timeout.tv_usec = (long) ((d - timeout.tv_sec) * 1000000);
    217. 

  217. #endif
    218. 

  218. 	} else {
    219. 

  219. #ifndef PHP_WIN32
    220. 

  220. 		timeout.tv_sec = FG(default_socket_timeout);
    221. 

  221. #else
    222. 

  222. 		timeout.tv_sec = (long)FG(default_socket_timeout);
    223. 

  223. #endif
    224. 

  224. 		timeout.tv_usec = 0;
    225. 

  225. 	}
    226. 

  226. 

  227. 	stream = php_stream_xport_create(transport_string, transport_len, options,
    228. 

  228. 			STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
    229. 

  229. 			NULL, &timeout, context, &errstr, NULL);
    230. 

  230. 

  231. 	if (stream) {
    232. 

  232. 		php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout);
    233. 

  233. 	}
    234. 

  234. 

  235. 	if (errstr) {
    236. 

  236. 		php_stream_wrapper_log_error(wrapper, options, "%s", ZSTR_VAL(errstr));
    237. 

  237. 		zend_string_release_ex(errstr, 0);
    238. 

  238. 		errstr = NULL;
    239. 

  239. 	}
    240. 

  240. 

  241. 	efree(transport_string);
    242. 

  242. 

  243. 	if (stream && use_proxy && use_ssl) {
    244. 

  244. 		smart_str header = {0};
    245. 

  245. 

  246. 		/* Set peer_name or name verification will try to use the proxy server name */
    247. 

  247. 		if (!context || (tmpzval = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
    248. 

  248. 			ZVAL_STR_COPY(&ssl_proxy_peer_name, resource->host);
    249. 

  249. 			php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
    250. 

  250. 			zval_ptr_dtor(&ssl_proxy_peer_name);
    251. 

  251. 		}
    252. 

  252. 

  253. 		smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1);
    254. 

  254. 		smart_str_appends(&header, ZSTR_VAL(resource->host));
    255. 

  255. 		smart_str_appendc(&header, ':');
    256. 

  256. 		smart_str_append_unsigned(&header, resource->port);
    257. 

  257. 		smart_str_appendl(&header, " HTTP/1.0\r\n", sizeof(" HTTP/1.0\r\n")-1);
    258. 

  258. 

  259. 	    /* check if we have Proxy-Authorization header */
    260. 

  260. 		if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
    261. 

  261. 			char *s, *p;
    262. 

  262. 

  263. 			if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
    264. 

  264. 				zval *tmpheader = NULL;
    265. 

  265. 

  266. 				ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
    267. 

  267. 					if (Z_TYPE_P(tmpheader) == IS_STRING) {
    268. 

  268. 						s = Z_STRVAL_P(tmpheader);
    269. 

  269. 						do {
    270. 

  270. 							while (*s == ' ' || *s == '\t') s++;
    271. 

  271. 							p = s;
    272. 

  272. 							while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
    273. 

  273. 							if (*p == ':') {
    274. 

  274. 								p++;
    275. 

  275. 								if (p - s == sizeof("Proxy-Authorization:") - 1 &&
    276. 

  276. 								    zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
    277. 

  277. 								        "Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
    278. 

  278. 									while (*p != 0 && *p != '\r' && *p !='\n') p++;
    279. 

  279. 									smart_str_appendl(&header, s, p - s);
    280. 

  280. 									smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
    281. 

  281. 									goto finish;
    282. 

  282. 								} else {
    283. 

  283. 									while (*p != 0 && *p != '\r' && *p !='\n') p++;
    284. 

  284. 								}
    285. 

  285. 							}
    286. 

  286. 							s = p;
    287. 

  287. 							while (*s == '\r' || *s == '\n') s++;
    288. 

  288. 						} while (*s != 0);
    289. 

  289. 					}
    290. 

  290. 				} ZEND_HASH_FOREACH_END();
    291. 

  291. 			} else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
    292. 

  292. 				s = Z_STRVAL_P(tmpzval);
    293. 

  293. 				do {
    294. 

  294. 					while (*s == ' ' || *s == '\t') s++;
    295. 

  295. 					p = s;
    296. 

  296. 					while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
    297. 

  297. 					if (*p == ':') {
    298. 

  298. 						p++;
    299. 

  299. 						if (p - s == sizeof("Proxy-Authorization:") - 1 &&
    300. 

  300. 						    zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
    301. 

  301. 						        "Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
    302. 

  302. 							while (*p != 0 && *p != '\r' && *p !='\n') p++;
    303. 

  303. 							smart_str_appendl(&header, s, p - s);
    304. 

  304. 							smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
    305. 

  305. 							goto finish;
    306. 

  306. 						} else {
    307. 

  307. 							while (*p != 0 && *p != '\r' && *p !='\n') p++;
    308. 

  308. 						}
    309. 

  309. 					}
    310. 

  310. 					s = p;
    311. 

  311. 					while (*s == '\r' || *s == '\n') s++;
    312. 

  312. 				} while (*s != 0);
    313. 

  313. 			}
    314. 

  314. 		}
    315. 

  315. finish:
    316. 

  316. 		smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
    317. 

  317. 

  318. 		if (php_stream_write(stream, ZSTR_VAL(header.s), ZSTR_LEN(header.s)) != ZSTR_LEN(header.s)) {
    319. 

  319. 			php_stream_wrapper_log_error(wrapper, options, "Cannot connect to HTTPS server through proxy");
    320. 

  320. 			php_stream_close(stream);
    321. 

  321. 			stream = NULL;
    322. 

  322. 		}
    323. 

  323.  	 	smart_str_free(&header);
    324. 

  324. 

  325.  	 	if (stream) {
    326. 

  326.  	 		char header_line[HTTP_HEADER_BLOCK_SIZE];
    327. 

  327. 

  328. 			/* get response header */
    329. 

  329. 			while (php_stream_gets(stream, header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) {
    330. 

  330. 				if (header_line[0] == '\n' ||
    331. 

  331. 				    header_line[0] == '\r' ||
    332. 

  332. 				    header_line[0] == '\0') {
    333. 

  333. 				  break;
    334. 

  334. 				}
    335. 

  335. 			}
    336. 

  336. 		}
    337. 

  337. 

  338. 		/* enable SSL transport layer */
    339. 

  339. 		if (stream) {
    340. 

  340. 			if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL) < 0 ||
    341. 

  341. 			    php_stream_xport_crypto_enable(stream, 1) < 0) {
    342. 

  342. 				php_stream_wrapper_log_error(wrapper, options, "Cannot connect to HTTPS server through proxy");
    343. 

  343. 				php_stream_close(stream);
    344. 

  344. 				stream = NULL;
    345. 

  345. 			}
    346. 

  346. 		}
    347. 

  347. 	}
    348. 

  348. 

  349. 	if (stream == NULL)
    350. 

  350. 		goto out;
    351. 

  351. 

  352. 	/* avoid buffering issues while reading header */
    353. 

  353. 	if (options & STREAM_WILL_CAST)
    354. 

  354. 		chunk_size = php_stream_set_chunk_size(stream, 1);
    355. 

  355. 

  356. 	/* avoid problems with auto-detecting when reading the headers -> the headers
    357. 

  357. 	 * are always in canonical \r\n format */
    358. 

  358. 	eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
    359. 

  359. 	stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
    360. 

  360. 

  361. 	php_stream_context_set(stream, context);
    362. 

  362. 

  363. 	php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
    364. 

  364. 

  365. 	if (header_init && context && (tmpzval = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
    366. 

  366. 		redirect_max = (int)zval_get_long(tmpzval);
    367. 

  367. 	}
    368. 

  368. 

  369. 	custom_request_method = 0;
    370. 

  370. 	if (context && (tmpzval = php_stream_context_get_option(context, "http", "method")) != NULL) {
    371. 

  371. 		if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
    372. 

  372. 			/* As per the RFC, automatically redirected requests MUST NOT use other methods than
    373. 

  373. 			 * GET and HEAD unless it can be confirmed by the user */
    374. 

  374. 			if (!redirected
    375. 

  375. 				|| (Z_STRLEN_P(tmpzval) == 3 && memcmp("GET", Z_STRVAL_P(tmpzval), 3) == 0)
    376. 

  376. 				|| (Z_STRLEN_P(tmpzval) == 4 && memcmp("HEAD",Z_STRVAL_P(tmpzval), 4) == 0)
    377. 

  377. 			) {
    378. 

  378. 				custom_request_method = 1;
    379. 

  379. 				smart_str_append(&req_buf, Z_STR_P(tmpzval));
    380. 

  380. 				smart_str_appendc(&req_buf, ' ');
    381. 

  381. 			}
    382. 

  382. 		}
    383. 

  383. 	}
    384. 

  384. 

  385. 	if (!custom_request_method) {
    386. 

  386. 		smart_str_appends(&req_buf, "GET ");
    387. 

  387. 	}
    388. 

  388. 

  389. 	/* Should we send the entire path in the request line, default to no. */
    390. 

  390. 	if (!request_fulluri && context &&
    391. 

  391. 		(tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
    392. 

  392. 		request_fulluri = zend_is_true(tmpzval);
    393. 

  393. 	}
    394. 

  394. 

  395. 	if (request_fulluri) {
    396. 

  396. 		/* Ask for everything */
    397. 

  397. 		smart_str_appends(&req_buf, path);
    398. 

  398. 	} else {
    399. 

  399. 		/* Send the traditional /path/to/file?query_string */
    400. 

  400. 

  401. 		/* file */
    402. 

  402. 		if (resource->path && ZSTR_LEN(resource->path)) {
    403. 

  403. 			smart_str_appends(&req_buf, ZSTR_VAL(resource->path));
    404. 

  404. 		} else {
    405. 

  405. 			smart_str_appendc(&req_buf, '/');
    406. 

  406. 		}
    407. 

  407. 

  408. 		/* query string */
    409. 

  409. 		if (resource->query) {
    410. 

  410. 			smart_str_appendc(&req_buf, '?');
    411. 

  411. 			smart_str_appends(&req_buf, ZSTR_VAL(resource->query));
    412. 

  412. 		}
    413. 

  413. 	}
    414. 

  414. 

  415. 	/* protocol version we are speaking */
    416. 

  416. 	if (context && (tmpzval = php_stream_context_get_option(context, "http", "protocol_version")) != NULL) {
    417. 

  417. 		char *protocol_version;
    418. 

  418. 		spprintf(&protocol_version, 0, "%.1F", zval_get_double(tmpzval));
    419. 

  419. 

  420. 		smart_str_appends(&req_buf, " HTTP/");
    421. 

  421. 		smart_str_appends(&req_buf, protocol_version);
    422. 

  422. 		smart_str_appends(&req_buf, "\r\n");
    423. 

  423. 		efree(protocol_version);
    424. 

  424. 	} else {
    425. 

  425. 		smart_str_appends(&req_buf, " HTTP/1.0\r\n");
    426. 

  426. 	}
    427. 

  427. 

  428. 	if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
    429. 

  429. 		tmp = NULL;
    430. 

  430. 

  431. 		if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
    432. 

  432. 			zval *tmpheader = NULL;
    433. 

  433. 			smart_str tmpstr = {0};
    434. 

  434. 

  435. 			ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
    436. 

  436. 				if (Z_TYPE_P(tmpheader) == IS_STRING) {
    437. 

  437. 					smart_str_append(&tmpstr, Z_STR_P(tmpheader));
    438. 

  438. 					smart_str_appendl(&tmpstr, "\r\n", sizeof("\r\n") - 1);
    439. 

  439. 				}
    440. 

  440. 			} ZEND_HASH_FOREACH_END();
    441. 

  441. 			smart_str_0(&tmpstr);
    442. 

  442. 			/* Remove newlines and spaces from start and end. there's at least one extra \r\n at the end that needs to go. */
    443. 

  443. 			if (tmpstr.s) {
    444. 

  444. 				tmp = php_trim(tmpstr.s, NULL, 0, 3);
    445. 

  445. 				smart_str_free(&tmpstr);
    446. 

  446. 			}
    447. 

  447. 		} else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
    448. 

  448. 			/* Remove newlines and spaces from start and end php_trim will estrndup() */
    449. 

  449. 			tmp = php_trim(Z_STR_P(tmpzval), NULL, 0, 3);
    450. 

  450. 		}
    451. 

  451. 		if (tmp && ZSTR_LEN(tmp)) {
    452. 

  452. 			char *s;
    453. 

  453. 			char *t;
    454. 

  454. 

  455. 			user_headers = estrndup(ZSTR_VAL(tmp), ZSTR_LEN(tmp));
    456. 

  456. 

  457. 			if (ZSTR_IS_INTERNED(tmp)) {
    458. 

  458. 				tmp = zend_string_init(ZSTR_VAL(tmp), ZSTR_LEN(tmp), 0);
    459. 

  459. 			} else if (GC_REFCOUNT(tmp) > 1) {
    460. 

  460. 				GC_DELREF(tmp);
    461. 

  461. 				tmp = zend_string_init(ZSTR_VAL(tmp), ZSTR_LEN(tmp), 0);
    462. 

  462. 			}
    463. 

  463. 

  464. 			/* Make lowercase for easy comparison against 'standard' headers */
    465. 

  465. 			php_strtolower(ZSTR_VAL(tmp), ZSTR_LEN(tmp));
    466. 

  466. 			t = ZSTR_VAL(tmp);
    467. 

  467. 

  468. 			if (!header_init) {
    469. 

  469. 				/* strip POST headers on redirect */
    470. 

  470. 				strip_header(user_headers, t, "content-length:");
    471. 

  471. 				strip_header(user_headers, t, "content-type:");
    472. 

  472. 			}
    473. 

  473. 

  474. 			if (check_has_header(t, "user-agent:")) {
    475. 

  475. 				have_header |= HTTP_HEADER_USER_AGENT;
    476. 

  476. 			}
    477. 

  477. 			if (check_has_header(t, "host:")) {
    478. 

  478. 				have_header |= HTTP_HEADER_HOST;
    479. 

  479. 			}
    480. 

  480. 			if (check_has_header(t, "from:")) {
    481. 

  481. 				have_header |= HTTP_HEADER_FROM;
    482. 

  482. 			}
    483. 

  483. 			if (check_has_header(t, "authorization:")) {
    484. 

  484. 				have_header |= HTTP_HEADER_AUTH;
    485. 

  485. 			}
    486. 

  486. 			if (check_has_header(t, "content-length:")) {
    487. 

  487. 				have_header |= HTTP_HEADER_CONTENT_LENGTH;
    488. 

  488. 			}
    489. 

  489. 			if (check_has_header(t, "content-type:")) {
    490. 

  490. 				have_header |= HTTP_HEADER_TYPE;
    491. 

  491. 			}
    492. 

  492. 			if (check_has_header(t, "connection:")) {
    493. 

  493. 				have_header |= HTTP_HEADER_CONNECTION;
    494. 

  494. 			}
    495. 

  495. 

  496. 			/* remove Proxy-Authorization header */
    497. 

  497. 			if (use_proxy && use_ssl && (s = strstr(t, "proxy-authorization:")) &&
    498. 

  498. 			    (s == t || *(s-1) == '\n')) {
    499. 

  499. 				char *p = s + sizeof("proxy-authorization:") - 1;
    500. 

  500. 

  501. 				while (s > t && (*(s-1) == ' ' || *(s-1) == '\t')) s--;
    502. 

  502. 				while (*p != 0 && *p != '\r' && *p != '\n') p++;
    503. 

  503. 				while (*p == '\r' || *p == '\n') p++;
    504. 

  504. 				if (*p == 0) {
    505. 

  505. 					if (s == t) {
    506. 

  506. 						efree(user_headers);
    507. 

  507. 						user_headers = NULL;
    508. 

  508. 					} else {
    509. 

  509. 						while (s > t && (*(s-1) == '\r' || *(s-1) == '\n')) s--;
    510. 

  510. 						user_headers[s - t] = 0;
    511. 

  511. 					}
    512. 

  512. 				} else {
    513. 

  513. 					memmove(user_headers + (s - t), user_headers + (p - t), strlen(p) + 1);
    514. 

  514. 				}
    515. 

  515. 			}
    516. 

  516. 

  517. 		}
    518. 

  518. 		if (tmp) {
    519. 

  519. 			zend_string_release_ex(tmp, 0);
    520. 

  520. 		}
    521. 

  521. 	}
    522. 

  522. 

  523. 	/* auth header if it was specified */
    524. 

  524. 	if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
    525. 

  525. 		/* make scratch large enough to hold the whole URL (over-estimate) */
    526. 

  526. 		size_t scratch_len = strlen(path) + 1;
    527. 

  527. 		char *scratch = emalloc(scratch_len);
    528. 

  528. 		zend_string *stmp;
    529. 

  529. 

  530. 		/* decode the strings first */
    531. 

  531. 		php_url_decode(ZSTR_VAL(resource->user), ZSTR_LEN(resource->user));
    532. 

  532. 

  533. 		strcpy(scratch, ZSTR_VAL(resource->user));
    534. 

  534. 		strcat(scratch, ":");
    535. 

  535. 

  536. 		/* Note: password is optional! */
    537. 

  537. 		if (resource->pass) {
    538. 

  538. 			php_url_decode(ZSTR_VAL(resource->pass), ZSTR_LEN(resource->pass));
    539. 

  539. 			strcat(scratch, ZSTR_VAL(resource->pass));
    540. 

  540. 		}
    541. 

  541. 

  542. 		stmp = php_base64_encode((unsigned char*)scratch, strlen(scratch));
    543. 

  543. 

  544. 		smart_str_appends(&req_buf, "Authorization: Basic ");
    545. 

  545. 		smart_str_appends(&req_buf, ZSTR_VAL(stmp));
    546. 

  546. 		smart_str_appends(&req_buf, "\r\n");
    547. 

  547. 

  548. 		php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0);
    549. 

  549. 

  550. 		zend_string_free(stmp);
    551. 

  551. 		efree(scratch);
    552. 

  552. 	}
    553. 

  553. 

  554. 	/* if the user has configured who they are, send a From: line */
    555. 

  555. 	if (!(have_header & HTTP_HEADER_FROM) && FG(from_address)) {
    556. 

  556. 		smart_str_appends(&req_buf, "From: ");
    557. 

  557. 		smart_str_appends(&req_buf, FG(from_address));
    558. 

  558. 		smart_str_appends(&req_buf, "\r\n");
    559. 

  559. 	}
    560. 

  560. 

  561. 	/* Send Host: header so name-based virtual hosts work */
    562. 

  562. 	if ((have_header & HTTP_HEADER_HOST) == 0) {
    563. 

  563. 		smart_str_appends(&req_buf, "Host: ");
    564. 

  564. 		smart_str_appends(&req_buf, ZSTR_VAL(resource->host));
    565. 

  565. 		if ((use_ssl && resource->port != 443 && resource->port != 0) ||
    566. 

  566. 			(!use_ssl && resource->port != 80 && resource->port != 0)) {
    567. 

  567. 			smart_str_appendc(&req_buf, ':');
    568. 

  568. 			smart_str_append_unsigned(&req_buf, resource->port);
    569. 

  569. 		}
    570. 

  570. 		smart_str_appends(&req_buf, "\r\n");
    571. 

  571. 	}
    572. 

  572. 

  573. 	/* Send a Connection: close header to avoid hanging when the server
    574. 

  574. 	 * interprets the RFC literally and establishes a keep-alive connection,
    575. 

  575. 	 * unless the user specifically requests something else by specifying a
    576. 

  576. 	 * Connection header in the context options. Send that header even for
    577. 

  577. 	 * HTTP/1.0 to avoid issues when the server respond with a HTTP/1.1
    578. 

  578. 	 * keep-alive response, which is the preferred response type. */
    579. 

  579. 	if ((have_header & HTTP_HEADER_CONNECTION) == 0) {
    580. 

  580. 		smart_str_appends(&req_buf, "Connection: close\r\n");
    581. 

  581. 	}
    582. 

  582. 

  583. 	if (context &&
    584. 

  584. 	    (ua_zval = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
    585. 

  585. 		Z_TYPE_P(ua_zval) == IS_STRING) {
    586. 

  586. 		ua_str = Z_STRVAL_P(ua_zval);
    587. 

  587. 	} else if (FG(user_agent)) {
    588. 

  588. 		ua_str = FG(user_agent);
    589. 

  589. 	}
    590. 

  590. 

  591. 	if (((have_header & HTTP_HEADER_USER_AGENT) == 0) && ua_str) {
    592. 

  592. #define _UA_HEADER "User-Agent: %s\r\n"
    593. 

  593. 		char *ua;
    594. 

  594. 		size_t ua_len;
    595. 

  595. 

  596. 		ua_len = sizeof(_UA_HEADER) + strlen(ua_str);
    597. 

  597. 

  598. 		/* ensure the header is only sent if user_agent is not blank */
    599. 

  599. 		if (ua_len > sizeof(_UA_HEADER)) {
    600. 

  600. 			ua = emalloc(ua_len + 1);
    601. 

  601. 			if ((ua_len = slprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) {
    602. 

  602. 				ua[ua_len] = 0;
    603. 

  603. 				smart_str_appendl(&req_buf, ua, ua_len);
    604. 

  604. 			} else {
    605. 

  605. 				php_error_docref(NULL, E_WARNING, "Cannot construct User-agent header");
    606. 

  606. 			}
    607. 

  607. 			efree(ua);
    608. 

  608. 		}
    609. 

  609. 	}
    610. 

  610. 

  611. 	if (user_headers) {
    612. 

  612. 		/* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST
    613. 

  613. 		 * see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first.
    614. 

  614. 		 */
    615. 

  615. 		if (
    616. 

  616. 				header_init &&
    617. 

  617. 				context &&
    618. 

  618. 				!(have_header & HTTP_HEADER_CONTENT_LENGTH) &&
    619. 

  619. 				(tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
    620. 

  620. 				Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0
    621. 

  621. 		) {
    622. 

  622. 			smart_str_appends(&req_buf, "Content-Length: ");
    623. 

  623. 			smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
    624. 

  624. 			smart_str_appends(&req_buf, "\r\n");
    625. 

  625. 			have_header |= HTTP_HEADER_CONTENT_LENGTH;
    626. 

  626. 		}
    627. 

  627. 

  628. 		smart_str_appends(&req_buf, user_headers);
    629. 

  629. 		smart_str_appends(&req_buf, "\r\n");
    630. 

  630. 		efree(user_headers);
    631. 

  631. 	}
    632. 

  632. 

  633. 	/* Request content, such as for POST requests */
    634. 

  634. 	if (header_init && context &&
    635. 

  635. 		(tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
    636. 

  636. 		Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
    637. 

  637. 		if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) {
    638. 

  638. 			smart_str_appends(&req_buf, "Content-Length: ");
    639. 

  639. 			smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
    640. 

  640. 			smart_str_appends(&req_buf, "\r\n");
    641. 

  641. 		}
    642. 

  642. 		if (!(have_header & HTTP_HEADER_TYPE)) {
    643. 

  643. 			smart_str_appends(&req_buf, "Content-Type: application/x-www-form-urlencoded\r\n");
    644. 

  644. 			php_error_docref(NULL, E_NOTICE, "Content-type not specified assuming application/x-www-form-urlencoded");
    645. 

  645. 		}
    646. 

  646. 		smart_str_appends(&req_buf, "\r\n");
    647. 

  647. 		smart_str_appendl(&req_buf, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
    648. 

  648. 	} else {
    649. 

  649. 		smart_str_appends(&req_buf, "\r\n");
    650. 

  650. 	}
    651. 

  651. 

  652. 	/* send it */
    653. 

  653. 	php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
    654. 

  654. 

  655. 	location[0] = '\0';
    656. 

  656. 

  657. 	if (Z_ISUNDEF_P(response_header)) {
    658. 

  658. 		array_init(response_header);
    659. 

  659. 	}
    660. 

  660. 

  661. 	if (!php_stream_eof(stream)) {
    662. 

  662. 		size_t tmp_line_len;
    663. 

  663. 		/* get response header */
    664. 

  664. 

  665. 		if (php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
    666. 

  666. 			zval http_response;
    667. 

  667. 

  668. 			if (tmp_line_len > 9) {
    669. 

  669. 				response_code = atoi(tmp_line + 9);
    670. 

  670. 			} else {
    671. 

  671. 				response_code = 0;
    672. 

  672. 			}
    673. 

  673. 			if (context && NULL != (tmpzval = php_stream_context_get_option(context, "http", "ignore_errors"))) {
    674. 

  674. 				ignore_errors = zend_is_true(tmpzval);
    675. 

  675. 			}
    676. 

  676. 			/* when we request only the header, don't fail even on error codes */
    677. 

  677. 			if ((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) {
    678. 

  678. 				reqok = 1;
    679. 

  679. 			}
    680. 

  680. 

  681. 			/* status codes of 1xx are "informational", and will be followed by a real response
    682. 

  682. 			 * e.g "100 Continue". RFC 7231 states that unexpected 1xx status MUST be parsed,
    683. 

  683. 			 * and MAY be ignored. As such, we need to skip ahead to the "real" status*/
    684. 

  684. 			if (response_code >= 100 && response_code < 200) {
    685. 

  685. 				/* consume lines until we find a line starting 'HTTP/1' */
    686. 

  686. 				while (
    687. 

  687. 					!php_stream_eof(stream)
    688. 

  688. 					&& php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL
    689. 

  689. 					&& ( tmp_line_len < sizeof("HTTP/1") - 1 || strncasecmp(tmp_line, "HTTP/1", sizeof("HTTP/1") - 1) )
    690. 

  690. 				);
    691. 

  691. 

  692. 				if (tmp_line_len > 9) {
    693. 

  693. 					response_code = atoi(tmp_line + 9);
    694. 

  694. 				} else {
    695. 

  695. 					response_code = 0;
    696. 

  696. 				}
    697. 

  697. 			}
    698. 

  698. 			/* all status codes in the 2xx range are defined by the specification as successful;
    699. 

  699. 			 * all status codes in the 3xx range are for redirection, and so also should never
    700. 

  700. 			 * fail */
    701. 

  701. 			if (response_code >= 200 && response_code < 400) {
    702. 

  702. 				reqok = 1;
    703. 

  703. 			} else {
    704. 

  704. 				switch(response_code) {
    705. 

  705. 					case 403:
    706. 

  706. 						php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT,
    707. 

  707. 								tmp_line, response_code);
    708. 

  708. 						break;
    709. 

  709. 					default:
    710. 

  710. 						/* safety net in the event tmp_line == NULL */
    711. 

  711. 						if (!tmp_line_len) {
    712. 

  712. 							tmp_line[0] = '\0';
    713. 

  713. 						}
    714. 

  714. 						php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE,
    715. 

  715. 								tmp_line, response_code);
    716. 

  716. 				}
    717. 

  717. 			}
    718. 

  718. 			if (tmp_line_len >= 1 && tmp_line[tmp_line_len - 1] == '\n') {
    719. 

  719. 				--tmp_line_len;
    720. 

  720. 				if (tmp_line_len >= 1 &&tmp_line[tmp_line_len - 1] == '\r') {
    721. 

  721. 					--tmp_line_len;
    722. 

  722. 				}
    723. 

  723. 			}
    724. 

  724. 			ZVAL_STRINGL(&http_response, tmp_line, tmp_line_len);
    725. 

  725. 			zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response);
    726. 

  726. 		} else {
    727. 

  727. 			php_stream_close(stream);
    728. 

  728. 			stream = NULL;
    729. 

  729. 			php_stream_wrapper_log_error(wrapper, options, "HTTP request failed!");
    730. 

  730. 			goto out;
    731. 

  731. 		}
    732. 

  732. 	} else {
    733. 

  733. 		php_stream_wrapper_log_error(wrapper, options, "HTTP request failed, unexpected end of socket!");
    734. 

  734. 		goto out;
    735. 

  735. 	}
    736. 

  736. 

  737. 	/* read past HTTP headers */
    738. 

  738. 

  739. 	http_header_line = emalloc(HTTP_HEADER_BLOCK_SIZE);
    740. 

  740. 

  741. 	while (!php_stream_eof(stream)) {
    742. 

  742. 		size_t http_header_line_length;
    743. 

  743. 

  744. 		if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) && *http_header_line != '\n' && *http_header_line != '\r') {
    745. 

  745. 			char *e = http_header_line + http_header_line_length - 1;
    746. 

  746. 			char *http_header_value;
    747. 

  747. 			if (*e != '\n') {
    748. 

  748. 				do { /* partial header */
    749. 

  749. 					if (php_stream_get_line(stream, http_header_line, HTTP_HEADER_BLOCK_SIZE, &http_header_line_length) == NULL) {
    750. 

  750. 						php_stream_wrapper_log_error(wrapper, options, "Failed to read HTTP headers");
    751. 

  751. 						goto out;
    752. 

  752. 					}
    753. 

  753. 					e = http_header_line + http_header_line_length - 1;
    754. 

  754. 				} while (*e != '\n');
    755. 

  755. 				continue;
    756. 

  756. 			}
    757. 

  757. 			while (e >= http_header_line && (*e == '\n' || *e == '\r')) {
    758. 

  758. 				e--;
    759. 

  759. 			}
    760. 

  760. 

  761. 			/* The primary definition of an HTTP header in RFC 7230 states:
    762. 

  762. 			 * > Each header field consists of a case-insensitive field name followed
    763. 

  763. 			 * > by a colon (":"), optional leading whitespace, the field value, and
    764. 

  764. 			 * > optional trailing whitespace. */
    765. 

  765. 

  766. 			/* Strip trailing whitespace */
    767. 

  767. 			while (e >= http_header_line && (*e == ' ' || *e == '\t')) {
    768. 

  768. 				e--;
    769. 

  769. 			}
    770. 

  770. 

  771. 			/* Terminate header line */
    772. 

  772. 			e++;
    773. 

  773. 			*e = '\0';
    774. 

  774. 			http_header_line_length = e - http_header_line;
    775. 

  775. 

  776. 			http_header_value = memchr(http_header_line, ':', http_header_line_length);
    777. 

  777. 			if (http_header_value) {
    778. 

  778. 				http_header_value++; /* Skip ':' */
    779. 

  779. 

  780. 				/* Strip leading whitespace */
    781. 

  781. 				while (http_header_value < e
    782. 

  782. 						&& (*http_header_value == ' ' || *http_header_value == '\t')) {
    783. 

  783. 					http_header_value++;
    784. 

  784. 				}
    785. 

  785. 			} else {
    786. 

  786. 				/* There is no colon. Set the value to the end of the header line, which is
    787. 

  787. 				 * effectively an empty string. */
    788. 

  788. 				http_header_value = e;
    789. 

  789. 			}
    790. 

  790. 

  791. 			if (!strncasecmp(http_header_line, "Location:", sizeof("Location:")-1)) {
    792. 

  792. 				if (context && (tmpzval = php_stream_context_get_option(context, "http", "follow_location")) != NULL) {
    793. 

  793. 					follow_location = zval_is_true(tmpzval);
    794. 

  794. 				} else if (!((response_code >= 300 && response_code < 304)
    795. 

  795. 						|| 307 == response_code || 308 == response_code)) {
    796. 

  796. 					/* we shouldn't redirect automatically
    797. 

  797. 					if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307)
    798. 

  798. 					see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1
    799. 

  799. 					RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */
    800. 

  800. 					follow_location = 0;
    801. 

  801. 				}
    802. 

  802. 				strlcpy(location, http_header_value, sizeof(location));
    803. 

  803. 			} else if (!strncasecmp(http_header_line, "Content-Type:", sizeof("Content-Type:")-1)) {
    804. 

  804. 				php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_value, 0);
    805. 

  805. 			} else if (!strncasecmp(http_header_line, "Content-Length:", sizeof("Content-Length:")-1)) {
    806. 

  806. 				file_size = atoi(http_header_value);
    807. 

  807. 				php_stream_notify_file_size(context, file_size, http_header_line, 0);
    808. 

  808. 			} else if (
    809. 

  809. 				!strncasecmp(http_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding:")-1)
    810. 

  810. 				&& !strncasecmp(http_header_value, "Chunked", sizeof("Chunked")-1)
    811. 

  811. 			) {
    812. 

  812. 

  813. 				/* create filter to decode response body */
    814. 

  814. 				if (!(options & STREAM_ONLY_GET_HEADERS)) {
    815. 

  815. 					zend_long decode = 1;
    816. 

  816. 

  817. 					if (context && (tmpzval = php_stream_context_get_option(context, "http", "auto_decode")) != NULL) {
    818. 

  818. 						decode = zend_is_true(tmpzval);
    819. 

  819. 					}
    820. 

  820. 					if (decode) {
    821. 

  821. 						transfer_encoding = php_stream_filter_create("dechunk", NULL, php_stream_is_persistent(stream));
    822. 

  822. 						if (transfer_encoding) {
    823. 

  823. 							/* don't store transfer-encodeing header */
    824. 

  824. 							continue;
    825. 

  825. 						}
    826. 

  826. 					}
    827. 

  827. 				}
    828. 

  828. 			}
    829. 

  829. 

  830. 			{
    831. 

  831. 				zval http_header;
    832. 

  832. 				ZVAL_STRINGL(&http_header, http_header_line, http_header_line_length);
    833. 

  833. 				zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header);
    834. 

  834. 			}
    835. 

  835. 		} else {
    836. 

  836. 			break;
    837. 

  837. 		}
    838. 

  838. 	}
    839. 

  839. 

  840. 	if (!reqok || (location[0] != '\0' && follow_location)) {
    841. 

  841. 		if (!follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) {
    842. 

  842. 			goto out;
    843. 

  843. 		}
    844. 

  844. 

  845. 		if (location[0] != '\0')
    846. 

  846. 			php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0);
    847. 

  847. 

  848. 		php_stream_close(stream);
    849. 

  849. 		stream = NULL;
    850. 

  850. 

  851. 		if (location[0] != '\0') {
    852. 

  852. 

  853. 			char new_path[HTTP_HEADER_BLOCK_SIZE];
    854. 

  854. 			char loc_path[HTTP_HEADER_BLOCK_SIZE];
    855. 

  855. 

  856. 			*new_path='\0';
    857. 

  857. 			if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) &&
    858. 

  858. 							strncasecmp(location, "https://", sizeof("https://")-1) &&
    859. 

  859. 							strncasecmp(location, "ftp://", sizeof("ftp://")-1) &&
    860. 

  860. 							strncasecmp(location, "ftps://", sizeof("ftps://")-1)))
    861. 

  861. 			{
    862. 

  862. 				if (*location != '/') {
    863. 

  863. 					if (*(location+1) != '\0' && resource->path) {
    864. 

  864. 						char *s = strrchr(ZSTR_VAL(resource->path), '/');
    865. 

  865. 						if (!s) {
    866. 

  866. 							s = ZSTR_VAL(resource->path);
    867. 

  867. 							if (!ZSTR_LEN(resource->path)) {
    868. 

  868. 								zend_string_release_ex(resource->path, 0);
    869. 

  869. 								resource->path = zend_string_init("/", 1, 0);
    870. 

  870. 								s = ZSTR_VAL(resource->path);
    871. 

  871. 							} else {
    872. 

  872. 								*s = '/';
    873. 

  873. 							}
    874. 

  874. 						}
    875. 

  875. 						s[1] = '\0';
    876. 

  876. 						if (resource->path &&
    877. 

  877. 							ZSTR_VAL(resource->path)[0] == '/' &&
    878. 

  878. 							ZSTR_VAL(resource->path)[1] == '\0') {
    879. 

  879. 							snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", ZSTR_VAL(resource->path), location);
    880. 

  880. 						} else {
    881. 

  881. 							snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", ZSTR_VAL(resource->path), location);
    882. 

  882. 						}
    883. 

  883. 					} else {
    884. 

  884. 						snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location);
    885. 

  885. 					}
    886. 

  886. 				} else {
    887. 

  887. 					strlcpy(loc_path, location, sizeof(loc_path));
    888. 

  888. 				}
    889. 

  889. 				if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
    890. 

  890. 					snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), resource->port, loc_path);
    891. 

  891. 				} else {
    892. 

  892. 					snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), loc_path);
    893. 

  893. 				}
    894. 

  894. 			} else {
    895. 

  895. 				strlcpy(new_path, location, sizeof(new_path));
    896. 

  896. 			}
    897. 

  897. 

  898. 			php_url_free(resource);
    899. 

  899. 			/* check for invalid redirection URLs */
    900. 

  900. 			if ((resource = php_url_parse(new_path)) == NULL) {
    901. 

  901. 				php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path);
    902. 

  902. 				goto out;
    903. 

  903. 			}
    904. 

  904. 

  905. #define CHECK_FOR_CNTRL_CHARS(val) { \
    906. 

  906. 	if (val) { \
    907. 

  907. 		unsigned char *s, *e; \
    908. 

  908. 		ZSTR_LEN(val) = php_url_decode(ZSTR_VAL(val), ZSTR_LEN(val)); \
    909. 

  909. 		s = (unsigned char*)ZSTR_VAL(val); e = s + ZSTR_LEN(val); \
    910. 

  910. 		while (s < e) { \
    911. 

  911. 			if (iscntrl(*s)) { \
    912. 

  912. 				php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path); \
    913. 

  913. 				goto out; \
    914. 

  914. 			} \
    915. 

  915. 			s++; \
    916. 

  916. 		} \
    917. 

  917. 	} \
    918. 

  918. }
    919. 

  919. 			/* check for control characters in login, password & path */
    920. 

  920. 			if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) {
    921. 

  921. 				CHECK_FOR_CNTRL_CHARS(resource->user);
    922. 

  922. 				CHECK_FOR_CNTRL_CHARS(resource->pass);
    923. 

  923. 				CHECK_FOR_CNTRL_CHARS(resource->path);
    924. 

  924. 			}
    925. 

  925. 			stream = php_stream_url_wrap_http_ex(
    926. 

  926. 				wrapper, new_path, mode, options, opened_path, context,
    927. 

  927. 				--redirect_max, HTTP_WRAPPER_REDIRECTED, response_header STREAMS_CC);
    928. 

  928. 		} else {
    929. 

  929. 			php_stream_wrapper_log_error(wrapper, options, "HTTP request failed! %s", tmp_line);
    930. 

  930. 		}
    931. 

  931. 	}
    932. 

  932. out:
    933. 

  933. 

  934. 	smart_str_free(&req_buf);
    935. 

  935. 

  936. 	if (http_header_line) {
    937. 

  937. 		efree(http_header_line);
    938. 

  938. 	}
    939. 

  939. 

  940. 	if (resource) {
    941. 

  941. 		php_url_free(resource);
    942. 

  942. 	}
    943. 

  943. 

  944. 	if (stream) {
    945. 

  945. 		if (header_init) {
    946. 

  946. 			ZVAL_COPY(&stream->wrapperdata, response_header);
    947. 

  947. 		}
    948. 

  948. 		php_stream_notify_progress_init(context, 0, file_size);
    949. 

  949. 

  950. 		/* Restore original chunk size now that we're done with headers */
    951. 

  951. 		if (options & STREAM_WILL_CAST)
    952. 

  952. 			php_stream_set_chunk_size(stream, (int)chunk_size);
    953. 

  953. 

  954. 		/* restore the users auto-detect-line-endings setting */
    955. 

  955. 		stream->flags |= eol_detect;
    956. 

  956. 

  957. 		/* as far as streams are concerned, we are now at the start of
    958. 

  958. 		 * the stream */
    959. 

  959. 		stream->position = 0;
    960. 

  960. 

  961. 		/* restore mode */
    962. 

  962. 		strlcpy(stream->mode, mode, sizeof(stream->mode));
    963. 

  963. 

  964. 		if (transfer_encoding) {
    965. 

  965. 			php_stream_filter_append(&stream->readfilters, transfer_encoding);
    966. 

  966. 		}
    967. 

  967. 	} else {
    968. 

  968. 		if (transfer_encoding) {
    969. 

  969. 			php_stream_filter_free(transfer_encoding);
    970. 

  970. 		}
    971. 

  971. 	}
    972. 

  972. 

  973. 	return stream;
    974. 

  974. }
    975. 

  975. /* }}} */
    976. 

  976. 

  977. php_stream *php_stream_url_wrap_http(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, zend_string **opened_path, php_stream_context *context STREAMS_DC) /* {{{ */
    978. 

  978. {
    979. 

  979. 	php_stream *stream;
    980. 

  980. 	zval headers;
    981. 

  981. 	ZVAL_UNDEF(&headers);
    982. 

  982. 

  983. 	stream = php_stream_url_wrap_http_ex(
    984. 

  984. 		wrapper, path, mode, options, opened_path, context,
    985. 

  985. 		PHP_URL_REDIRECT_MAX, HTTP_WRAPPER_HEADER_INIT, &headers STREAMS_CC);
    986. 

  986. 

  987. 	if (!Z_ISUNDEF(headers)) {
    988. 

  988. 		if (FAILURE == zend_set_local_var_str(
    989. 

  989. 				"http_response_header", sizeof("http_response_header")-1, &headers, 1)) {
    990. 

  990. 			zval_ptr_dtor(&headers);
    991. 

  991. 		}
    992. 

  992. 	}
    993. 

  993. 

  994. 	return stream;
    995. 

  995. }
    996. 

  996. /* }}} */
    997. 

  997. 

  998. static int php_stream_http_stream_stat(php_stream_wrapper *wrapper, php_stream *stream, php_stream_statbuf *ssb) /* {{{ */
    999. 

  999. {
    1000. 

  1000. 	/* one day, we could fill in the details based on Date: and Content-Length:
    1001. 

  1001. 	 * headers.  For now, we return with a failure code to prevent the underlying
    1002. 

  1002. 	 * file's details from being used instead. */
    1003. 

  1003. 	return -1;
    1004. 

  1004. }
    1005. 

  1005. /* }}} */
    1006. 

  1006. 

  1007. static const php_stream_wrapper_ops http_stream_wops = {
    1008. 

  1008. 	php_stream_url_wrap_http,
    1009. 

  1009. 	NULL, /* stream_close */
    1010. 

  1010. 	php_stream_http_stream_stat,
    1011. 

  1011. 	NULL, /* stat_url */
    1012. 

  1012. 	NULL, /* opendir */
    1013. 

  1013. 	"http",
    1014. 

  1014. 	NULL, /* unlink */
    1015. 

  1015. 	NULL, /* rename */
    1016. 

  1016. 	NULL, /* mkdir */
    1017. 

  1017. 	NULL, /* rmdir */
    1018. 

  1018. 	NULL
    1019. 

  1019. };
    1020. 

  1020. 

  1021. PHPAPI const php_stream_wrapper php_stream_http_wrapper = {
    1022. 

  1022. 	&http_stream_wops,
    1023. 

  1023. 	NULL,
    1024. 

  1024. 	1 /* is_url */
    1025. 

  1025. };
    1026. 

  1026. 

  1027. /*
    1028. 

  1028.  * Local variables:
    1029. 

  1029.  * tab-width: 4
    1030. 

  1030.  * c-basic-offset: 4
    1031. 

  1031.  * End:
    1032. 

  1032.  * vim600: sw=4 ts=4 fdm=marker
    1033. 

  1033.  * vim<600: sw=4 ts=4
    1034. 

  1034.  */
    1035.