xref: /PHP-7.1/ext/soap/php_http.c (revision 7f6387b5)
1 /*
2   +----------------------------------------------------------------------+
3   | PHP Version 7                                                        |
4   +----------------------------------------------------------------------+
5   | Copyright (c) 1997-2018 The PHP Group                                |
6   +----------------------------------------------------------------------+
7   | This source file is subject to version 3.01 of the PHP license,      |
8   | that is bundled with this package in the file LICENSE, and is        |
9   | available through the world-wide-web at the following url:           |
10   | http://www.php.net/license/3_01.txt                                  |
11   | If you did not receive a copy of the PHP license and are unable to   |
12   | obtain it through the world-wide-web, please send a note to          |
13   | license@php.net so we can mail you a copy immediately.               |
14   +----------------------------------------------------------------------+
15   | Authors: Brad Lafountain <rodif_bl@yahoo.com>                        |
16   |          Shane Caraveo <shane@caraveo.com>                           |
17   |          Dmitry Stogov <dmitry@zend.com>                             |
18   +----------------------------------------------------------------------+
19 */
20 /* $Id$ */
21 
22 #include "php_soap.h"
23 #include "ext/standard/base64.h"
24 #include "ext/standard/md5.h"
25 #include "ext/standard/php_random.h"
26 
27 static char *get_http_header_value(char *headers, char *type);
28 static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
29 static zend_string *get_http_headers(php_stream *socketd);
30 
31 #define smart_str_append_const(str, const) \
32 	smart_str_appendl(str,const,sizeof(const)-1)
33 
34 /* Proxy HTTP Authentication */
proxy_authentication(zval * this_ptr,smart_str * soap_headers)35 int proxy_authentication(zval* this_ptr, smart_str* soap_headers)
36 {
37 	zval *login, *password;
38 
39 	if ((login = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_proxy_login", sizeof("_proxy_login")-1)) != NULL &&
40 	    Z_TYPE_P(login) == IS_STRING) {
41 		zend_string *buf;
42 		smart_str auth = {0};
43 
44 		smart_str_appendl(&auth, Z_STRVAL_P(login), Z_STRLEN_P(login));
45 		smart_str_appendc(&auth, ':');
46 		if ((password = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_proxy_password", sizeof("_proxy_password")-1)) != NULL &&
47 		    Z_TYPE_P(password) == IS_STRING) {
48 			smart_str_appendl(&auth, Z_STRVAL_P(password), Z_STRLEN_P(password));
49 		}
50 		smart_str_0(&auth);
51 		buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
52 		smart_str_append_const(soap_headers, "Proxy-Authorization: Basic ");
53 		smart_str_appendl(soap_headers, (char*)ZSTR_VAL(buf), ZSTR_LEN(buf));
54 		smart_str_append_const(soap_headers, "\r\n");
55 		zend_string_release(buf);
56 		smart_str_free(&auth);
57 		return 1;
58 	}
59 	return 0;
60 }
61 
62 /* HTTP Authentication */
basic_authentication(zval * this_ptr,smart_str * soap_headers)63 int basic_authentication(zval* this_ptr, smart_str* soap_headers)
64 {
65 	zval *login, *password;
66 
67 	if ((login = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login")-1)) != NULL &&
68 	    Z_TYPE_P(login) == IS_STRING &&
69 	    !zend_hash_str_exists(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) {
70 		zend_string* buf;
71 		smart_str auth = {0};
72 
73 		smart_str_appendl(&auth, Z_STRVAL_P(login), Z_STRLEN_P(login));
74 		smart_str_appendc(&auth, ':');
75 		if ((password = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password")-1)) != NULL &&
76 		    Z_TYPE_P(password) == IS_STRING) {
77 			smart_str_appendl(&auth, Z_STRVAL_P(password), Z_STRLEN_P(password));
78 		}
79 		smart_str_0(&auth);
80 		buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
81 		smart_str_append_const(soap_headers, "Authorization: Basic ");
82 		smart_str_appendl(soap_headers, (char*)ZSTR_VAL(buf), ZSTR_LEN(buf));
83 		smart_str_append_const(soap_headers, "\r\n");
84 		zend_string_release(buf);
85 		smart_str_free(&auth);
86 		return 1;
87 	}
88 	return 0;
89 }
90 
91 /* Additional HTTP headers */
http_context_headers(php_stream_context * context,zend_bool has_authorization,zend_bool has_proxy_authorization,zend_bool has_cookies,smart_str * soap_headers)92 void http_context_headers(php_stream_context* context,
93                           zend_bool has_authorization,
94                           zend_bool has_proxy_authorization,
95                           zend_bool has_cookies,
96                           smart_str* soap_headers)
97 {
98 	zval *tmp;
99 
100 	if (context &&
101 		(tmp = php_stream_context_get_option(context, "http", "header")) != NULL &&
102 		Z_TYPE_P(tmp) == IS_STRING && Z_STRLEN_P(tmp)) {
103 		char *s = Z_STRVAL_P(tmp);
104 		char *p;
105 		int name_len;
106 
107 		while (*s) {
108 			/* skip leading newlines and spaces */
109 			while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n') {
110 				s++;
111 			}
112 			/* extract header name */
113 			p = s;
114 			name_len = -1;
115 			while (*p) {
116 				if (*p == ':') {
117 					if (name_len < 0) name_len = p - s;
118 					break;
119 				} else if (*p == ' ' || *p == '\t') {
120 					if (name_len < 0) name_len = p - s;
121 				} else if (*p == '\r' || *p == '\n') {
122 					break;
123 				}
124 				p++;
125 			}
126 			if (*p == ':') {
127 				/* extract header value */
128 				while (*p && *p != '\r' && *p != '\n') {
129 					p++;
130 				}
131 				/* skip some predefined headers */
132 				if ((name_len != sizeof("host")-1 ||
133 				     strncasecmp(s, "host", sizeof("host")-1) != 0) &&
134 				    (name_len != sizeof("connection")-1 ||
135 				     strncasecmp(s, "connection", sizeof("connection")-1) != 0) &&
136 				    (name_len != sizeof("user-agent")-1 ||
137 				     strncasecmp(s, "user-agent", sizeof("user-agent")-1) != 0) &&
138 				    (name_len != sizeof("content-length")-1 ||
139 				     strncasecmp(s, "content-length", sizeof("content-length")-1) != 0) &&
140 				    (name_len != sizeof("content-type")-1 ||
141 				     strncasecmp(s, "content-type", sizeof("content-type")-1) != 0) &&
142 				    (!has_cookies ||
143 				     name_len != sizeof("cookie")-1 ||
144 				     strncasecmp(s, "cookie", sizeof("cookie")-1) != 0) &&
145 				    (!has_authorization ||
146 				     name_len != sizeof("authorization")-1 ||
147 				     strncasecmp(s, "authorization", sizeof("authorization")-1) != 0) &&
148 				    (!has_proxy_authorization ||
149 				     name_len != sizeof("proxy-authorization")-1 ||
150 				     strncasecmp(s, "proxy-authorization", sizeof("proxy-authorization")-1) != 0)) {
151 				    /* add header */
152 					smart_str_appendl(soap_headers, s, p-s);
153 					smart_str_append_const(soap_headers, "\r\n");
154 				}
155 			}
156 			s = (*p) ? (p + 1) : p;
157 		}
158 	}
159 }
160 
http_connect(zval * this_ptr,php_url * phpurl,int use_ssl,php_stream_context * context,int * use_proxy)161 static php_stream* http_connect(zval* this_ptr, php_url *phpurl, int use_ssl, php_stream_context *context, int *use_proxy)
162 {
163 	php_stream *stream;
164 	zval *proxy_host, *proxy_port, *tmp, ssl_proxy_peer_name;
165 	char *host;
166 	char *name;
167 	char *protocol;
168 	zend_long namelen;
169 	int port;
170 	int old_error_reporting;
171 	struct timeval tv;
172 	struct timeval *timeout = NULL;
173 
174 	if ((proxy_host = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_proxy_host", sizeof("_proxy_host")-1)) != NULL &&
175 	    Z_TYPE_P(proxy_host) == IS_STRING &&
176 	    (proxy_port = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_proxy_port", sizeof("_proxy_port")-1)) != NULL &&
177 	    Z_TYPE_P(proxy_port) == IS_LONG) {
178 		host = Z_STRVAL_P(proxy_host);
179 		port = Z_LVAL_P(proxy_port);
180 		*use_proxy = 1;
181 	} else {
182 		host = phpurl->host;
183 		port = phpurl->port;
184 	}
185 	if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_connection_timeout", sizeof("_connection_timeout")-1)) != NULL &&
186 	    Z_TYPE_P(tmp) == IS_LONG && Z_LVAL_P(tmp) > 0) {
187 	  tv.tv_sec = Z_LVAL_P(tmp);
188 	  tv.tv_usec = 0;
189 		timeout = &tv;
190 	}
191 
192 	old_error_reporting = EG(error_reporting);
193 	EG(error_reporting) &= ~(E_WARNING|E_NOTICE|E_USER_WARNING|E_USER_NOTICE);
194 
195 	/* Changed ternary operator to an if/else so that additional comparisons can be done on the ssl_method property */
196 	if (use_ssl && !*use_proxy) {
197 		if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_ssl_method", sizeof("_ssl_method")-1)) != NULL &&
198 			Z_TYPE_P(tmp) == IS_LONG) {
199 			/* uses constants declared in soap.c to determine ssl uri protocol */
200 			switch (Z_LVAL_P(tmp)) {
201 				case SOAP_SSL_METHOD_TLS:
202 					protocol = "tls";
203 					break;
204 
205 				case SOAP_SSL_METHOD_SSLv2:
206 					protocol = "sslv2";
207 					break;
208 
209 				case SOAP_SSL_METHOD_SSLv3:
210 					protocol = "sslv3";
211 					break;
212 
213 				case SOAP_SSL_METHOD_SSLv23:
214 					protocol = "ssl";
215 					break;
216 
217 				default:
218 					protocol = "ssl";
219 					break;
220 
221 			}
222 		} else {
223 			protocol = "ssl";
224 		}
225 	} else {
226 		protocol = "tcp";
227 	}
228 
229 	namelen = spprintf(&name, 0, "%s://%s:%d", protocol, host, port);
230 
231 	stream = php_stream_xport_create(name, namelen,
232 		REPORT_ERRORS,
233 		STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
234 		NULL /*persistent_id*/,
235 		timeout,
236 		context,
237 		NULL, NULL);
238 	efree(name);
239 
240 	/* SSL & proxy */
241 	if (stream && *use_proxy && use_ssl) {
242 		smart_str soap_headers = {0};
243 
244 		/* Set peer_name or name verification will try to use the proxy server name */
245 		if (!context || (tmp = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
246 			ZVAL_STRING(&ssl_proxy_peer_name, phpurl->host);
247 			php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
248 			zval_ptr_dtor(&ssl_proxy_peer_name);
249 		}
250 
251 		smart_str_append_const(&soap_headers, "CONNECT ");
252 		smart_str_appends(&soap_headers, phpurl->host);
253 		smart_str_appendc(&soap_headers, ':');
254 		smart_str_append_unsigned(&soap_headers, phpurl->port);
255 		smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
256 		smart_str_append_const(&soap_headers, "Host: ");
257 		smart_str_appends(&soap_headers, phpurl->host);
258 		if (phpurl->port != 80) {
259 			smart_str_appendc(&soap_headers, ':');
260 			smart_str_append_unsigned(&soap_headers, phpurl->port);
261 		}
262 		smart_str_append_const(&soap_headers, "\r\n");
263 		proxy_authentication(this_ptr, &soap_headers);
264 		smart_str_append_const(&soap_headers, "\r\n");
265 		if (php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s)) != ZSTR_LEN(soap_headers.s)) {
266 			php_stream_close(stream);
267 			stream = NULL;
268 		}
269  	 	smart_str_free(&soap_headers);
270 
271  	 	if (stream) {
272 			zend_string *http_headers = get_http_headers(stream);
273 			if (http_headers) {
274 				zend_string_free(http_headers);
275 			} else {
276 				php_stream_close(stream);
277 				stream = NULL;
278 			}
279 		}
280 		/* enable SSL transport layer */
281 		if (stream) {
282 			/* if a stream is created without encryption, check to see if SSL method parameter is specified and use
283  			   proper encrypyion method based on constants defined in soap.c */
284 			int crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
285 			if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_ssl_method", sizeof("_ssl_method")-1)) != NULL &&
286 				Z_TYPE_P(tmp) == IS_LONG) {
287 				switch (Z_LVAL_P(tmp)) {
288 					case SOAP_SSL_METHOD_TLS:
289 						crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
290 						break;
291 
292 					case SOAP_SSL_METHOD_SSLv2:
293 						crypto_method = STREAM_CRYPTO_METHOD_SSLv2_CLIENT;
294 						break;
295 
296 					case SOAP_SSL_METHOD_SSLv3:
297 						crypto_method = STREAM_CRYPTO_METHOD_SSLv3_CLIENT;
298 						break;
299 
300 					case SOAP_SSL_METHOD_SSLv23:
301 						crypto_method = STREAM_CRYPTO_METHOD_SSLv23_CLIENT;
302 						break;
303 
304 					default:
305 						crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT;
306 						break;
307 				}
308 			}
309 			if (php_stream_xport_crypto_setup(stream, crypto_method, NULL) < 0 ||
310 			    php_stream_xport_crypto_enable(stream, 1) < 0) {
311 				php_stream_close(stream);
312 				stream = NULL;
313 			}
314 		}
315 	}
316 
317 	EG(error_reporting) = old_error_reporting;
318 	return stream;
319 }
320 
in_domain(const char * host,const char * domain)321 static int in_domain(const char *host, const char *domain)
322 {
323   if (domain[0] == '.') {
324     int l1 = strlen(host);
325     int l2 = strlen(domain);
326     if (l1 > l2) {
327     	return strcmp(host+l1-l2,domain) == 0;
328     } else {
329       return 0;
330     }
331   } else {
332     return strcmp(host,domain) == 0;
333   }
334 }
335 
make_http_soap_request(zval * this_ptr,zend_string * buf,char * location,char * soapaction,int soap_version,zval * return_value)336 int make_http_soap_request(zval        *this_ptr,
337                            zend_string *buf,
338                            char        *location,
339                            char        *soapaction,
340                            int          soap_version,
341                            zval        *return_value)
342 {
343 	zend_string *request;
344 	smart_str soap_headers = {0};
345 	smart_str soap_headers_z = {0};
346 	size_t err;
347 	php_url *phpurl = NULL;
348 	php_stream *stream;
349 	zval *trace, *tmp;
350 	int use_proxy = 0;
351 	int use_ssl;
352 	zend_string *http_body;
353 	char *content_type, *http_version, *cookie_itt;
354 	int http_close;
355 	zend_string *http_headers;
356 	char *connection;
357 	int http_1_1;
358 	int http_status;
359 	int content_type_xml = 0;
360 	zend_long redirect_max = 20;
361 	char *content_encoding;
362 	char *http_msg = NULL;
363 	zend_bool old_allow_url_fopen;
364 	php_stream_context *context = NULL;
365 	zend_bool has_authorization = 0;
366 	zend_bool has_proxy_authorization = 0;
367 	zend_bool has_cookies = 0;
368 
369 	if (this_ptr == NULL || Z_TYPE_P(this_ptr) != IS_OBJECT) {
370 		return FALSE;
371 	}
372 
373 	request = buf;
374 	/* Compress request */
375 	if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "compression", sizeof("compression")-1)) != NULL && Z_TYPE_P(tmp) == IS_LONG) {
376 		int level = Z_LVAL_P(tmp) & 0x0f;
377 		int kind  = Z_LVAL_P(tmp) & SOAP_COMPRESSION_DEFLATE;
378 
379 		if (level > 9) {level = 9;}
380 
381 	  if ((Z_LVAL_P(tmp) & SOAP_COMPRESSION_ACCEPT) != 0) {
382 			smart_str_append_const(&soap_headers_z,"Accept-Encoding: gzip, deflate\r\n");
383 	  }
384 	  if (level > 0) {
385 			zval func;
386 			zval retval;
387 			zval params[3];
388 			int n;
389 
390 			ZVAL_STR_COPY(&params[0], buf);
391 			ZVAL_LONG(&params[1], level);
392 			if (kind == SOAP_COMPRESSION_DEFLATE) {
393 				n = 2;
394 				ZVAL_STRING(&func, "gzcompress");
395 				smart_str_append_const(&soap_headers_z,"Content-Encoding: deflate\r\n");
396 			} else {
397 				n = 3;
398 				ZVAL_STRING(&func, "gzencode");
399 				smart_str_append_const(&soap_headers_z,"Content-Encoding: gzip\r\n");
400 				ZVAL_LONG(&params[2], 0x1f);
401 			}
402 			if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, n, params) == SUCCESS &&
403 			    Z_TYPE(retval) == IS_STRING) {
404 				zval_ptr_dtor(&params[0]);
405 				zval_ptr_dtor(&func);
406 				request = Z_STR(retval);
407 			} else {
408 				zval_ptr_dtor(&params[0]);
409 				zval_ptr_dtor(&func);
410 				if (request != buf) {
411 					zend_string_release(request);
412 				}
413 				smart_str_free(&soap_headers_z);
414 				return FALSE;
415 			}
416 	  }
417 	}
418 
419 	if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1)) != NULL) {
420 		php_stream_from_zval_no_verify(stream,tmp);
421 		if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1)) != NULL && Z_TYPE_P(tmp) == IS_LONG) {
422 			use_proxy = Z_LVAL_P(tmp);
423 		}
424 	} else {
425 		stream = NULL;
426 	}
427 
428 	if (location != NULL && location[0] != '\000') {
429 		phpurl = php_url_parse(location);
430 	}
431 
432 	if (NULL != (tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr),
433 			"_stream_context", sizeof("_stream_context")-1))) {
434 		context = php_stream_context_from_zval(tmp, 0);
435 	}
436 
437 	if (context &&
438 		(tmp = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
439 		if (Z_TYPE_P(tmp) != IS_STRING || !is_numeric_string(Z_STRVAL_P(tmp), Z_STRLEN_P(tmp), &redirect_max, NULL, 1)) {
440 			if (Z_TYPE_P(tmp) == IS_LONG)
441 				redirect_max = Z_LVAL_P(tmp);
442 		}
443 	}
444 
445 try_again:
446 	if (phpurl == NULL || phpurl->host == NULL) {
447 	  if (phpurl != NULL) {php_url_free(phpurl);}
448 		if (request != buf) {
449 			zend_string_release(request);
450 		}
451 		add_soap_fault(this_ptr, "HTTP", "Unable to parse URL", NULL, NULL);
452 		smart_str_free(&soap_headers_z);
453 		return FALSE;
454 	}
455 
456 	use_ssl = 0;
457 	if (phpurl->scheme != NULL && strcmp(phpurl->scheme, "https") == 0) {
458 		use_ssl = 1;
459 	} else if (phpurl->scheme == NULL || strcmp(phpurl->scheme, "http") != 0) {
460 		php_url_free(phpurl);
461 		if (request != buf) {
462 			zend_string_release(request);
463 		}
464 		add_soap_fault(this_ptr, "HTTP", "Unknown protocol. Only http and https are allowed.", NULL, NULL);
465 		smart_str_free(&soap_headers_z);
466 		return FALSE;
467 	}
468 
469 	old_allow_url_fopen = PG(allow_url_fopen);
470 	PG(allow_url_fopen) = 1;
471 	if (use_ssl && php_stream_locate_url_wrapper("https://", NULL, STREAM_LOCATE_WRAPPERS_ONLY) == NULL) {
472 		php_url_free(phpurl);
473 		if (request != buf) {
474 			zend_string_release(request);
475 		}
476 		add_soap_fault(this_ptr, "HTTP", "SSL support is not available in this build", NULL, NULL);
477 		PG(allow_url_fopen) = old_allow_url_fopen;
478 		smart_str_free(&soap_headers_z);
479 		return FALSE;
480 	}
481 
482 	if (phpurl->port == 0) {
483 		phpurl->port = use_ssl ? 443 : 80;
484 	}
485 
486 	/* Check if request to the same host */
487 	if (stream != NULL) {
488 	  php_url *orig;
489 		if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1)) != NULL &&
490 		    (orig = (php_url *) zend_fetch_resource_ex(tmp, "httpurl", le_url)) != NULL &&
491 		    ((use_proxy && !use_ssl) ||
492 		     (((use_ssl && orig->scheme != NULL && strcmp(orig->scheme, "https") == 0) ||
493 		      (!use_ssl && orig->scheme == NULL) ||
494 		      (!use_ssl && strcmp(orig->scheme, "https") != 0)) &&
495 		     strcmp(orig->host, phpurl->host) == 0 &&
496 		     orig->port == phpurl->port))) {
497     } else {
498 			php_stream_close(stream);
499 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
500 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
501 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
502 			stream = NULL;
503 			use_proxy = 0;
504     }
505 	}
506 
507 	/* Check if keep-alive connection is still opened */
508 	if (stream != NULL && php_stream_eof(stream)) {
509 		php_stream_close(stream);
510 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
511 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
512 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
513 		stream = NULL;
514 		use_proxy = 0;
515 	}
516 
517 	if (!stream) {
518 		stream = http_connect(this_ptr, phpurl, use_ssl, context, &use_proxy);
519 		if (stream) {
520 			php_stream_auto_cleanup(stream);
521 			add_property_resource(this_ptr, "httpsocket", stream->res);
522 			GC_REFCOUNT(stream->res)++;
523 			add_property_long(this_ptr, "_use_proxy", use_proxy);
524 		} else {
525 			php_url_free(phpurl);
526 			if (request != buf) {
527 				zend_string_release(request);
528 			}
529 			add_soap_fault(this_ptr, "HTTP", "Could not connect to host", NULL, NULL);
530 			PG(allow_url_fopen) = old_allow_url_fopen;
531 			smart_str_free(&soap_headers_z);
532 			return FALSE;
533 		}
534 	}
535 	PG(allow_url_fopen) = old_allow_url_fopen;
536 
537 	if (stream) {
538 		zval *cookies, *login, *password;
539 		zend_resource *ret = zend_register_resource(phpurl, le_url);
540 
541 		add_property_resource(this_ptr, "httpurl", ret);
542 		GC_REFCOUNT(ret)++;
543 		/*zend_list_addref(ret);*/
544 
545 		if (context &&
546 		    (tmp = php_stream_context_get_option(context, "http", "protocol_version")) != NULL &&
547 		    Z_TYPE_P(tmp) == IS_DOUBLE &&
548 		    Z_DVAL_P(tmp) == 1.0) {
549 			http_1_1 = 0;
550 		} else {
551 			http_1_1 = 1;
552 		}
553 
554 		smart_str_append_const(&soap_headers, "POST ");
555 		if (use_proxy && !use_ssl) {
556 			smart_str_appends(&soap_headers, phpurl->scheme);
557 			smart_str_append_const(&soap_headers, "://");
558 			smart_str_appends(&soap_headers, phpurl->host);
559 			smart_str_appendc(&soap_headers, ':');
560 			smart_str_append_unsigned(&soap_headers, phpurl->port);
561 		}
562 		if (phpurl->path) {
563 			smart_str_appends(&soap_headers, phpurl->path);
564 		} else {
565 			smart_str_appendc(&soap_headers, '/');
566 		}
567 		if (phpurl->query) {
568 			smart_str_appendc(&soap_headers, '?');
569 			smart_str_appends(&soap_headers, phpurl->query);
570 		}
571 		if (phpurl->fragment) {
572 			smart_str_appendc(&soap_headers, '#');
573 			smart_str_appends(&soap_headers, phpurl->fragment);
574 		}
575 		if (http_1_1) {
576 			smart_str_append_const(&soap_headers, " HTTP/1.1\r\n");
577 		} else {
578 			smart_str_append_const(&soap_headers, " HTTP/1.0\r\n");
579 		}
580 		smart_str_append_const(&soap_headers, "Host: ");
581 		smart_str_appends(&soap_headers, phpurl->host);
582 		if (phpurl->port != (use_ssl?443:80)) {
583 			smart_str_appendc(&soap_headers, ':');
584 			smart_str_append_unsigned(&soap_headers, phpurl->port);
585 		}
586 		if (!http_1_1 ||
587 			((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_keep_alive", sizeof("_keep_alive")-1)) != NULL &&
588 			 (Z_TYPE_P(tmp) == IS_FALSE || (Z_TYPE_P(tmp) == IS_LONG && Z_LVAL_P(tmp) == 0)))) {
589 			smart_str_append_const(&soap_headers, "\r\n"
590 				"Connection: close\r\n");
591 		} else {
592 			smart_str_append_const(&soap_headers, "\r\n"
593 				"Connection: Keep-Alive\r\n");
594 		}
595 		if ((tmp = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_user_agent", sizeof("_user_agent")-1)) != NULL &&
596 		    Z_TYPE_P(tmp) == IS_STRING) {
597 			if (Z_STRLEN_P(tmp) > 0) {
598 				smart_str_append_const(&soap_headers, "User-Agent: ");
599 				smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
600 				smart_str_append_const(&soap_headers, "\r\n");
601 			}
602 		} else if (context &&
603 		           (tmp = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
604 		           Z_TYPE_P(tmp) == IS_STRING) {
605 			if (Z_STRLEN_P(tmp) > 0) {
606 				smart_str_append_const(&soap_headers, "User-Agent: ");
607 				smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
608 				smart_str_append_const(&soap_headers, "\r\n");
609 			}
610 		} else if (FG(user_agent)) {
611 			smart_str_append_const(&soap_headers, "User-Agent: ");
612 			smart_str_appends(&soap_headers, FG(user_agent));
613 			smart_str_append_const(&soap_headers, "\r\n");
614 		} else {
615 			smart_str_append_const(&soap_headers, "User-Agent: PHP-SOAP/"PHP_VERSION"\r\n");
616 		}
617 
618 		smart_str_append_smart_str(&soap_headers, &soap_headers_z);
619 
620 		if (soap_version == SOAP_1_2) {
621 			smart_str_append_const(&soap_headers,"Content-Type: application/soap+xml; charset=utf-8");
622 			if (soapaction) {
623 				smart_str_append_const(&soap_headers,"; action=\"");
624 				smart_str_appends(&soap_headers, soapaction);
625 				smart_str_append_const(&soap_headers,"\"");
626 			}
627 			smart_str_append_const(&soap_headers,"\r\n");
628 		} else {
629 			smart_str_append_const(&soap_headers,"Content-Type: text/xml; charset=utf-8\r\n");
630 			if (soapaction) {
631 				smart_str_append_const(&soap_headers, "SOAPAction: \"");
632 				smart_str_appends(&soap_headers, soapaction);
633 				smart_str_append_const(&soap_headers, "\"\r\n");
634 			}
635 		}
636 		smart_str_append_const(&soap_headers,"Content-Length: ");
637 		smart_str_append_long(&soap_headers, request->len);
638 		smart_str_append_const(&soap_headers, "\r\n");
639 
640 		/* HTTP Authentication */
641 		if ((login = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login")-1)) != NULL &&
642 		    Z_TYPE_P(login) == IS_STRING) {
643 			zval *digest;
644 
645 			has_authorization = 1;
646 			if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) {
647 				if (Z_TYPE_P(digest) == IS_ARRAY) {
648 					char          HA1[33], HA2[33], response[33], cnonce[33], nc[9];
649 					zend_long     nonce;
650 					PHP_MD5_CTX   md5ctx;
651 					unsigned char hash[16];
652 
653 					php_random_bytes_throw(&nonce, sizeof(nonce));
654 					nonce &= 0x7fffffff;
655 
656 					PHP_MD5Init(&md5ctx);
657 					snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce);
658 					PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
659 					PHP_MD5Final(hash, &md5ctx);
660 					make_digest(cnonce, hash);
661 
662 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL &&
663 					    Z_TYPE_P(tmp) == IS_LONG) {
664 						Z_LVAL_P(tmp)++;
665 						snprintf(nc, sizeof(nc), "%08" ZEND_LONG_FMT_SPEC, Z_LVAL_P(tmp));
666 					} else {
667 						add_assoc_long(digest, "nc", 1);
668 						strcpy(nc, "00000001");
669 					}
670 
671 					PHP_MD5Init(&md5ctx);
672 					PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(login), Z_STRLEN_P(login));
673 					PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
674 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
675 					    Z_TYPE_P(tmp) == IS_STRING) {
676 						PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
677 					}
678 					PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
679 					if ((password = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password")-1)) != NULL &&
680 					    Z_TYPE_P(password) == IS_STRING) {
681 						PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(password), Z_STRLEN_P(password));
682 					}
683 					PHP_MD5Final(hash, &md5ctx);
684 					make_digest(HA1, hash);
685 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
686 					    Z_TYPE_P(tmp) == IS_STRING &&
687 					    Z_STRLEN_P(tmp) == sizeof("md5-sess")-1 &&
688 					    stricmp(Z_STRVAL_P(tmp), "md5-sess") == 0) {
689 						PHP_MD5Init(&md5ctx);
690 						PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
691 						PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
692 						if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
693 						    Z_TYPE_P(tmp) == IS_STRING) {
694 							PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
695 						}
696 						PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
697 						PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
698 						PHP_MD5Final(hash, &md5ctx);
699 						make_digest(HA1, hash);
700 					}
701 
702 					PHP_MD5Init(&md5ctx);
703 					PHP_MD5Update(&md5ctx, (unsigned char*)"POST:", sizeof("POST:")-1);
704 					if (phpurl->path) {
705 						PHP_MD5Update(&md5ctx, (unsigned char*)phpurl->path, strlen(phpurl->path));
706 					} else {
707 						PHP_MD5Update(&md5ctx, (unsigned char*)"/", 1);
708 					}
709 					if (phpurl->query) {
710 						PHP_MD5Update(&md5ctx, (unsigned char*)"?", 1);
711 						PHP_MD5Update(&md5ctx, (unsigned char*)phpurl->query, strlen(phpurl->query));
712 					}
713 
714 					PHP_MD5Final(hash, &md5ctx);
715 					make_digest(HA2, hash);
716 
717 					PHP_MD5Init(&md5ctx);
718 					PHP_MD5Update(&md5ctx, (unsigned char*)HA1, 32);
719 					PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
720 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
721 					    Z_TYPE_P(tmp) == IS_STRING) {
722 						PHP_MD5Update(&md5ctx, (unsigned char*)Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
723 					}
724 					PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
725 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
726 					    Z_TYPE_P(tmp) == IS_STRING) {
727 						PHP_MD5Update(&md5ctx, (unsigned char*)nc, 8);
728 						PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
729 						PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, 8);
730 						PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
731 						/* TODO: Support for qop="auth-int" */
732 						PHP_MD5Update(&md5ctx, (unsigned char*)"auth", sizeof("auth")-1);
733 						PHP_MD5Update(&md5ctx, (unsigned char*)":", 1);
734 					}
735 					PHP_MD5Update(&md5ctx, (unsigned char*)HA2, 32);
736 					PHP_MD5Final(hash, &md5ctx);
737 					make_digest(response, hash);
738 
739 					smart_str_append_const(&soap_headers, "Authorization: Digest username=\"");
740 					smart_str_appendl(&soap_headers, Z_STRVAL_P(login), Z_STRLEN_P(login));
741 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "realm", sizeof("realm")-1)) != NULL &&
742 					    Z_TYPE_P(tmp) == IS_STRING) {
743 						smart_str_append_const(&soap_headers, "\", realm=\"");
744 						smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
745 					}
746 				if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nonce", sizeof("nonce")-1)) != NULL &&
747 					    Z_TYPE_P(tmp) == IS_STRING) {
748 						smart_str_append_const(&soap_headers, "\", nonce=\"");
749 						smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
750 					}
751 					smart_str_append_const(&soap_headers, "\", uri=\"");
752 					if (phpurl->path) {
753 						smart_str_appends(&soap_headers, phpurl->path);
754 					} else {
755 						smart_str_appendc(&soap_headers, '/');
756 					}
757 					if (phpurl->query) {
758 						smart_str_appendc(&soap_headers, '?');
759 						smart_str_appends(&soap_headers, phpurl->query);
760 					}
761 					if (phpurl->fragment) {
762 						smart_str_appendc(&soap_headers, '#');
763 						smart_str_appends(&soap_headers, phpurl->fragment);
764 					}
765 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "qop", sizeof("qop")-1)) != NULL &&
766 					    Z_TYPE_P(tmp) == IS_STRING) {
767 					/* TODO: Support for qop="auth-int" */
768 						smart_str_append_const(&soap_headers, "\", qop=\"auth");
769 						smart_str_append_const(&soap_headers, "\", nc=\"");
770 						smart_str_appendl(&soap_headers, nc, 8);
771 						smart_str_append_const(&soap_headers, "\", cnonce=\"");
772 						smart_str_appendl(&soap_headers, cnonce, 8);
773 					}
774 					smart_str_append_const(&soap_headers, "\", response=\"");
775 					smart_str_appendl(&soap_headers, response, 32);
776 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "opaque", sizeof("opaque")-1)) != NULL &&
777 					    Z_TYPE_P(tmp) == IS_STRING) {
778 						smart_str_append_const(&soap_headers, "\", opaque=\"");
779 						smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
780 					}
781 					if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "algorithm", sizeof("algorithm")-1)) != NULL &&
782 						Z_TYPE_P(tmp) == IS_STRING) {
783 						smart_str_append_const(&soap_headers, "\", algorithm=\"");
784 						smart_str_appendl(&soap_headers, Z_STRVAL_P(tmp), Z_STRLEN_P(tmp));
785 					}
786 					smart_str_append_const(&soap_headers, "\"\r\n");
787 				}
788 			} else {
789 				zend_string *buf;
790 
791 				smart_str auth = {0};
792 				smart_str_appendl(&auth, Z_STRVAL_P(login), Z_STRLEN_P(login));
793 				smart_str_appendc(&auth, ':');
794 				if ((password = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password")-1)) != NULL &&
795 				    Z_TYPE_P(password) == IS_STRING) {
796 					smart_str_appendl(&auth, Z_STRVAL_P(password), Z_STRLEN_P(password));
797 				}
798 				smart_str_0(&auth);
799 				buf = php_base64_encode((unsigned char*)ZSTR_VAL(auth.s), ZSTR_LEN(auth.s));
800 				smart_str_append_const(&soap_headers, "Authorization: Basic ");
801 				smart_str_appendl(&soap_headers, (char*)ZSTR_VAL(buf), ZSTR_LEN(buf));
802 				smart_str_append_const(&soap_headers, "\r\n");
803 				zend_string_release(buf);
804 				smart_str_free(&auth);
805 			}
806 		}
807 
808 		/* Proxy HTTP Authentication */
809 		if (use_proxy && !use_ssl) {
810 			has_proxy_authorization = proxy_authentication(this_ptr, &soap_headers);
811 		}
812 
813 		/* Send cookies along with request */
814 		if ((cookies = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies")-1)) != NULL &&
815 		    Z_TYPE_P(cookies) == IS_ARRAY) {
816 			zval *data;
817 			zend_string *key;
818 			int i, n;
819 
820 			has_cookies = 1;
821 			n = zend_hash_num_elements(Z_ARRVAL_P(cookies));
822 			if (n > 0) {
823 				zend_hash_internal_pointer_reset(Z_ARRVAL_P(cookies));
824 				smart_str_append_const(&soap_headers, "Cookie: ");
825 				for (i = 0; i < n; i++) {
826 					zend_ulong numindx;
827 					int res = zend_hash_get_current_key(Z_ARRVAL_P(cookies), &key, &numindx);
828 					data = zend_hash_get_current_data(Z_ARRVAL_P(cookies));
829 
830 					if (res == HASH_KEY_IS_STRING && Z_TYPE_P(data) == IS_ARRAY) {
831 					  zval *value;
832 
833 						if ((value = zend_hash_index_find(Z_ARRVAL_P(data), 0)) != NULL &&
834 						    Z_TYPE_P(value) == IS_STRING) {
835 						  zval *tmp;
836 						  if (((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 1)) == NULL ||
837 							   Z_TYPE_P(tmp) != IS_STRING ||
838 						       strncmp(phpurl->path?phpurl->path:"/",Z_STRVAL_P(tmp),Z_STRLEN_P(tmp)) == 0) &&
839 						      ((tmp = zend_hash_index_find(Z_ARRVAL_P(data), 2)) == NULL ||
840 							   Z_TYPE_P(tmp) != IS_STRING ||
841 						       in_domain(phpurl->host,Z_STRVAL_P(tmp))) &&
842 						      (use_ssl || (tmp = zend_hash_index_find(Z_ARRVAL_P(data), 3)) == NULL)) {
843 								smart_str_append(&soap_headers, key);
844 								smart_str_appendc(&soap_headers, '=');
845 								smart_str_append(&soap_headers, Z_STR_P(value));
846 								smart_str_appendc(&soap_headers, ';');
847 							}
848 						}
849 					}
850 					zend_hash_move_forward(Z_ARRVAL_P(cookies));
851 				}
852 				smart_str_append_const(&soap_headers, "\r\n");
853 			}
854 		}
855 
856 		http_context_headers(context, has_authorization, has_proxy_authorization, has_cookies, &soap_headers);
857 
858 		smart_str_append_const(&soap_headers, "\r\n");
859 		smart_str_0(&soap_headers);
860 		if ((trace = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace")-1)) != NULL &&
861 		    (Z_TYPE_P(trace) == IS_TRUE || (Z_TYPE_P(trace) == IS_LONG && Z_LVAL_P(trace) != 0))) {
862 			add_property_stringl(this_ptr, "__last_request_headers", ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
863 		}
864 		smart_str_appendl(&soap_headers, request->val, request->len);
865 		smart_str_0(&soap_headers);
866 
867 		err = php_stream_write(stream, ZSTR_VAL(soap_headers.s), ZSTR_LEN(soap_headers.s));
868 		if (err != ZSTR_LEN(soap_headers.s)) {
869 			if (request != buf) {
870 				zend_string_release(request);
871 			}
872 			php_stream_close(stream);
873 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1);
874 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
875 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
876 			add_soap_fault(this_ptr, "HTTP", "Failed Sending HTTP SOAP request", NULL, NULL);
877 			smart_str_free(&soap_headers_z);
878 			return FALSE;
879 		}
880 		smart_str_free(&soap_headers);
881 	} else {
882 		add_soap_fault(this_ptr, "HTTP", "Failed to create stream??", NULL, NULL);
883 		smart_str_free(&soap_headers_z);
884 		return FALSE;
885 	}
886 
887 	if (!return_value) {
888 		php_stream_close(stream);
889 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
890 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
891 		smart_str_free(&soap_headers_z);
892 		return TRUE;
893 	}
894 
895 	do {
896 		http_headers = get_http_headers(stream);
897 		if (!http_headers) {
898 			if (request != buf) {
899 				zend_string_release(request);
900 			}
901 			php_stream_close(stream);
902 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
903 			zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
904 			add_soap_fault(this_ptr, "HTTP", "Error Fetching http headers", NULL, NULL);
905 			smart_str_free(&soap_headers_z);
906 			return FALSE;
907 		}
908 
909 		if ((trace = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "trace", sizeof("trace")-1)) != NULL &&
910 		    (Z_TYPE_P(trace) == IS_TRUE || (Z_TYPE_P(trace) == IS_LONG && Z_LVAL_P(trace) != 0))) {
911 			add_property_str(this_ptr, "__last_response_headers", zend_string_copy(http_headers));
912 		}
913 
914 		/* Check to see what HTTP status was sent */
915 		http_1_1 = 0;
916 		http_status = 0;
917 		http_version = get_http_header_value(ZSTR_VAL(http_headers), "HTTP/");
918 		if (http_version) {
919 			char *tmp;
920 
921 			if (!strncmp(http_version,"1.1", 3)) {
922 				http_1_1 = 1;
923 			}
924 
925 			tmp = strstr(http_version," ");
926 			if (tmp != NULL) {
927 				tmp++;
928 				http_status = atoi(tmp);
929 			}
930 			tmp = strstr(tmp," ");
931 			if (tmp != NULL) {
932 				tmp++;
933 				if (http_msg) {
934 					efree(http_msg);
935 				}
936 				http_msg = estrdup(tmp);
937 			}
938 			efree(http_version);
939 
940 			/* Try and get headers again */
941 			if (http_status == 100) {
942 				zend_string_release(http_headers);
943 			}
944 		}
945 	} while (http_status == 100);
946 
947 	/* Grab and send back every cookie */
948 
949 	/* Not going to worry about Path: because
950 	   we shouldn't be changing urls so path dont
951 	   matter too much
952 	*/
953 	cookie_itt = strstr(ZSTR_VAL(http_headers), "Set-Cookie: ");
954 	while (cookie_itt) {
955 		char *cookie;
956 		char *eqpos, *sempos;
957 		zval *cookies;
958 
959 		if ((cookies = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies")-1)) == NULL ||
960 		    Z_TYPE_P(cookies) != IS_ARRAY) {
961 			zval tmp_cookies;
962 			array_init(&tmp_cookies);
963 			cookies = zend_hash_str_update(Z_OBJPROP_P(this_ptr), "_cookies", sizeof("_cookies")-1, &tmp_cookies);
964 		}
965 
966 		cookie = get_http_header_value(cookie_itt,"Set-Cookie: ");
967 
968 		eqpos = strstr(cookie, "=");
969 		sempos = strstr(cookie, ";");
970 		if (eqpos != NULL && (sempos == NULL || sempos > eqpos)) {
971 			smart_str name = {0};
972 			int cookie_len;
973 			zval zcookie;
974 
975 			if (sempos != NULL) {
976 				cookie_len = sempos-(eqpos+1);
977 			} else {
978 				cookie_len = strlen(cookie)-(eqpos-cookie)-1;
979 			}
980 
981 			smart_str_appendl(&name, cookie, eqpos - cookie);
982 			smart_str_0(&name);
983 
984 			array_init(&zcookie);
985 			add_index_stringl(&zcookie, 0, eqpos + 1, cookie_len);
986 
987 			if (sempos != NULL) {
988 				char *options = cookie + cookie_len+1;
989 				while (*options) {
990 					while (*options == ' ') {options++;}
991 					sempos = strstr(options, ";");
992 					if (strstr(options,"path=") == options) {
993 						eqpos = options + sizeof("path=")-1;
994 						add_index_stringl(&zcookie, 1, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
995 					} else if (strstr(options,"domain=") == options) {
996 						eqpos = options + sizeof("domain=")-1;
997 						add_index_stringl(&zcookie, 2, eqpos, sempos?(size_t)(sempos-eqpos):strlen(eqpos));
998 					} else if (strstr(options,"secure") == options) {
999 						add_index_bool(&zcookie, 3, 1);
1000 					}
1001 					if (sempos != NULL) {
1002 						options = sempos+1;
1003 					} else {
1004 					  break;
1005 					}
1006 				}
1007 			}
1008 			if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 1)) {
1009 				char *t = phpurl->path?phpurl->path:"/";
1010 				char *c = strrchr(t, '/');
1011 				if (c) {
1012 					add_index_stringl(&zcookie, 1, t, c-t);
1013 				}
1014 			}
1015 			if (!zend_hash_index_exists(Z_ARRVAL(zcookie), 2)) {
1016 				add_index_string(&zcookie, 2, phpurl->host);
1017 			}
1018 
1019 			zend_symtable_update(Z_ARRVAL_P(cookies), name.s, &zcookie);
1020 			smart_str_free(&name);
1021 		}
1022 
1023 		cookie_itt = strstr(cookie_itt + sizeof("Set-Cookie: "), "Set-Cookie: ");
1024 		efree(cookie);
1025 	}
1026 
1027 	/* See if the server requested a close */
1028 	if (http_1_1) {
1029 		http_close = FALSE;
1030 		if (use_proxy && !use_ssl) {
1031 			connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1032 			if (connection) {
1033 				if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1034 					http_close = TRUE;
1035 				}
1036 				efree(connection);
1037 			}
1038 		}
1039 		if (http_close == FALSE) {
1040 			connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1041 			if (connection) {
1042 				if (strncasecmp(connection, "close", sizeof("close")-1) == 0) {
1043 					http_close = TRUE;
1044 				}
1045 				efree(connection);
1046 			}
1047 		}
1048 	} else {
1049 		http_close = TRUE;
1050 		if (use_proxy && !use_ssl) {
1051 			connection = get_http_header_value(ZSTR_VAL(http_headers), "Proxy-Connection: ");
1052 			if (connection) {
1053 				if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1054 					http_close = FALSE;
1055 				}
1056 				efree(connection);
1057 			}
1058 		}
1059 		if (http_close == TRUE) {
1060 			connection = get_http_header_value(ZSTR_VAL(http_headers), "Connection: ");
1061 			if (connection) {
1062 				if (strncasecmp(connection, "Keep-Alive", sizeof("Keep-Alive")-1) == 0) {
1063 					http_close = FALSE;
1064 				}
1065 				efree(connection);
1066 			}
1067 		}
1068 	}
1069 
1070 
1071 	http_body = get_http_body(stream, http_close, ZSTR_VAL(http_headers));
1072 	if (!http_body) {
1073 		if (request != buf) {
1074 			zend_string_release(request);
1075 		}
1076 		php_stream_close(stream);
1077 		zend_string_release(http_headers);
1078 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
1079 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
1080 		add_soap_fault(this_ptr, "HTTP", "Error Fetching http body, No Content-Length, connection closed or chunked data", NULL, NULL);
1081 		if (http_msg) {
1082 			efree(http_msg);
1083 		}
1084 		smart_str_free(&soap_headers_z);
1085 		return FALSE;
1086 	}
1087 
1088 	if (request != buf) {
1089 		zend_string_release(request);
1090 	}
1091 
1092 	if (http_close) {
1093 		php_stream_close(stream);
1094 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1);
1095 		zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1);
1096 		stream = NULL;
1097 	}
1098 
1099 	/* Process HTTP status codes */
1100 	if (http_status >= 300 && http_status < 400) {
1101 		char *loc;
1102 
1103 		if ((loc = get_http_header_value(ZSTR_VAL(http_headers), "Location: ")) != NULL) {
1104 			php_url *new_url  = php_url_parse(loc);
1105 
1106 			if (new_url != NULL) {
1107 				zend_string_release(http_headers);
1108 				zend_string_release(http_body);
1109 				efree(loc);
1110 				if (new_url->scheme == NULL && new_url->path != NULL) {
1111 					new_url->scheme = phpurl->scheme ? estrdup(phpurl->scheme) : NULL;
1112 					new_url->host = phpurl->host ? estrdup(phpurl->host) : NULL;
1113 					new_url->port = phpurl->port;
1114 					if (new_url->path && new_url->path[0] != '/') {
1115 						if (phpurl->path) {
1116 							char *t = phpurl->path;
1117 							char *p = strrchr(t, '/');
1118 							if (p) {
1119 								char *s = emalloc((p - t) + strlen(new_url->path) + 2);
1120 								strncpy(s, t, (p - t) + 1);
1121 								s[(p - t) + 1] = 0;
1122 								strcat(s, new_url->path);
1123 								efree(new_url->path);
1124 								new_url->path = s;
1125 							}
1126 						} else {
1127 							char *s = emalloc(strlen(new_url->path) + 2);
1128 							s[0] = '/'; s[1] = 0;
1129 							strcat(s, new_url->path);
1130 							efree(new_url->path);
1131 							new_url->path = s;
1132 						}
1133 					}
1134 				}
1135 				phpurl = new_url;
1136 
1137 				if (--redirect_max < 1) {
1138 					add_soap_fault(this_ptr, "HTTP", "Redirection limit reached, aborting", NULL, NULL);
1139 					smart_str_free(&soap_headers_z);
1140 					return FALSE;
1141 				}
1142 
1143 				goto try_again;
1144 			}
1145 		}
1146 	} else if (http_status == 401) {
1147 		/* Digest authentication */
1148 		zval *digest, *login, *password;
1149 		char *auth = get_http_header_value(ZSTR_VAL(http_headers), "WWW-Authenticate: ");
1150 
1151 		if (auth &&
1152 				strstr(auth, "Digest") == auth &&
1153 		    ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) == NULL ||
1154 		     Z_TYPE_P(digest) != IS_ARRAY) &&
1155 		    (login = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_login", sizeof("_login")-1)) != NULL &&
1156 		    Z_TYPE_P(login) == IS_STRING &&
1157 		    (password = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_password", sizeof("_password")-1)) != NULL &&
1158 		    Z_TYPE_P(password) == IS_STRING) {
1159 			char *s;
1160 			zval digest;
1161 
1162 			ZVAL_UNDEF(&digest);
1163 			s = auth + sizeof("Digest")-1;
1164 			while (*s != '\0') {
1165 				char *name, *val;
1166 				while (*s == ' ') ++s;
1167 				name = s;
1168 				while (*s != '\0' && *s != '=') ++s;
1169 				if (*s == '=') {
1170 					*s = '\0';
1171 					++s;
1172 					if (*s == '"') {
1173 						++s;
1174 						val = s;
1175 						while (*s != '\0' && *s != '"') ++s;
1176 					} else {
1177 						val = s;
1178 						while (*s != '\0' && *s != ' ' && *s != ',') ++s;
1179 					}
1180 					if (*s != '\0') {
1181 						if (*s != ',') {
1182 							*s = '\0';
1183 							++s;
1184 							while (*s != '\0' && *s != ',') ++s;
1185 							if (*s != '\0') ++s;
1186 						} else {
1187 							*s = '\0';
1188 							++s;
1189 						}
1190 					}
1191 					if (Z_TYPE(digest) == IS_UNDEF) {
1192 						array_init(&digest);
1193 					}
1194 					add_assoc_string(&digest, name, val);
1195 				}
1196 			}
1197 
1198 			if (Z_TYPE(digest) != IS_UNDEF) {
1199 				php_url *new_url  = emalloc(sizeof(php_url));
1200 
1201 				Z_DELREF(digest);
1202 				add_property_zval_ex(this_ptr, "_digest", sizeof("_digest")-1, &digest);
1203 
1204 				*new_url = *phpurl;
1205 				if (phpurl->scheme) phpurl->scheme = estrdup(phpurl->scheme);
1206 				if (phpurl->user) phpurl->user = estrdup(phpurl->user);
1207 				if (phpurl->pass) phpurl->pass = estrdup(phpurl->pass);
1208 				if (phpurl->host) phpurl->host = estrdup(phpurl->host);
1209 				if (phpurl->path) phpurl->path = estrdup(phpurl->path);
1210 				if (phpurl->query) phpurl->query = estrdup(phpurl->query);
1211 				if (phpurl->fragment) phpurl->fragment = estrdup(phpurl->fragment);
1212 				phpurl = new_url;
1213 
1214 				efree(auth);
1215 				zend_string_release(http_headers);
1216 				zend_string_release(http_body);
1217 
1218 				goto try_again;
1219 			}
1220 		}
1221 		if (auth) efree(auth);
1222 	}
1223 	smart_str_free(&soap_headers_z);
1224 
1225 	/* Check and see if the server even sent a xml document */
1226 	content_type = get_http_header_value(ZSTR_VAL(http_headers), "Content-Type: ");
1227 	if (content_type) {
1228 		char *pos = NULL;
1229 		int cmplen;
1230 		pos = strstr(content_type,";");
1231 		if (pos != NULL) {
1232 			cmplen = pos - content_type;
1233 		} else {
1234 			cmplen = strlen(content_type);
1235 		}
1236 		if (strncmp(content_type, "text/xml", cmplen) == 0 ||
1237 		    strncmp(content_type, "application/soap+xml", cmplen) == 0) {
1238 			content_type_xml = 1;
1239 /*
1240 			if (strncmp(http_body, "<?xml", 5)) {
1241 				zval *err;
1242 				MAKE_STD_ZVAL(err);
1243 				ZVAL_STRINGL(err, http_body, http_body_size, 1);
1244 				add_soap_fault(this_ptr, "HTTP", "Didn't receive an xml document", NULL, err);
1245 				efree(content_type);
1246 				zend_string_release(http_headers);
1247 				efree(http_body);
1248 				return FALSE;
1249 			}
1250 */
1251 		}
1252 		efree(content_type);
1253 	}
1254 
1255 	/* Decompress response */
1256 	content_encoding = get_http_header_value(ZSTR_VAL(http_headers), "Content-Encoding: ");
1257 	if (content_encoding) {
1258 		zval func;
1259 		zval retval;
1260 		zval params[1];
1261 
1262 		if ((strcmp(content_encoding,"gzip") == 0 ||
1263 		     strcmp(content_encoding,"x-gzip") == 0) &&
1264 		     zend_hash_str_exists(EG(function_table), "gzinflate", sizeof("gzinflate")-1)) {
1265 			ZVAL_STRING(&func, "gzinflate");
1266 			ZVAL_STRINGL(&params[0], http_body->val+10, http_body->len-10);
1267 		} else if (strcmp(content_encoding,"deflate") == 0 &&
1268 		           zend_hash_str_exists(EG(function_table), "gzuncompress", sizeof("gzuncompress")-1)) {
1269 			ZVAL_STRING(&func, "gzuncompress");
1270 			ZVAL_STR_COPY(&params[0], http_body);
1271 		} else {
1272 			efree(content_encoding);
1273 			zend_string_release(http_headers);
1274 			zend_string_release(http_body);
1275 			if (http_msg) {
1276 				efree(http_msg);
1277 			}
1278 			add_soap_fault(this_ptr, "HTTP", "Unknown Content-Encoding", NULL, NULL);
1279 			return FALSE;
1280 		}
1281 		if (call_user_function(CG(function_table), (zval*)NULL, &func, &retval, 1, params) == SUCCESS &&
1282 		    Z_TYPE(retval) == IS_STRING) {
1283 			zval_ptr_dtor(&params[0]);
1284 			zval_ptr_dtor(&func);
1285 			zend_string_release(http_body);
1286 			ZVAL_COPY_VALUE(return_value, &retval);
1287 		} else {
1288 			zval_ptr_dtor(&params[0]);
1289 			zval_ptr_dtor(&func);
1290 			efree(content_encoding);
1291 			zend_string_release(http_headers);
1292 			zend_string_release(http_body);
1293 			add_soap_fault(this_ptr, "HTTP", "Can't uncompress compressed response", NULL, NULL);
1294 			if (http_msg) {
1295 				efree(http_msg);
1296 			}
1297 			return FALSE;
1298 		}
1299 		efree(content_encoding);
1300 	} else {
1301 		ZVAL_STR(return_value, http_body);
1302 	}
1303 
1304 	zend_string_release(http_headers);
1305 
1306 	if (http_status >= 400) {
1307 		int error = 0;
1308 
1309 		if (Z_STRLEN_P(return_value) == 0) {
1310 			error = 1;
1311 		} else if (Z_STRLEN_P(return_value) > 0) {
1312 			if (!content_type_xml) {
1313 				char *s = Z_STRVAL_P(return_value);
1314 
1315 				while (*s != '\0' && *s < ' ') {
1316 					s++;
1317 				}
1318 				if (strncmp(s, "<?xml", 5)) {
1319 					error = 1;
1320 				}
1321 			}
1322 		}
1323 
1324 		if (error) {
1325 			zval_ptr_dtor(return_value);
1326 			ZVAL_UNDEF(return_value);
1327 			add_soap_fault(this_ptr, "HTTP", http_msg, NULL, NULL);
1328 			efree(http_msg);
1329 			return FALSE;
1330 		}
1331 	}
1332 
1333 	if (http_msg) {
1334 		efree(http_msg);
1335 	}
1336 
1337 	return TRUE;
1338 }
1339 
get_http_header_value(char * headers,char * type)1340 static char *get_http_header_value(char *headers, char *type)
1341 {
1342 	char *pos, *tmp = NULL;
1343 	int typelen, headerslen;
1344 
1345 	typelen = strlen(type);
1346 	headerslen = strlen(headers);
1347 
1348 	/* header `titles' can be lower case, or any case combination, according
1349 	 * to the various RFC's. */
1350 	pos = headers;
1351 	do {
1352 		/* start of buffer or start of line */
1353 		if (strncasecmp(pos, type, typelen) == 0) {
1354 			char *eol;
1355 
1356 			/* match */
1357 			tmp = pos + typelen;
1358 			eol = strchr(tmp, '\n');
1359 			if (eol == NULL) {
1360 				eol = headers + headerslen;
1361 			} else if (eol > tmp && *(eol-1) == '\r') {
1362 				eol--;
1363 			}
1364 			return estrndup(tmp, eol - tmp);
1365 		}
1366 
1367 		/* find next line */
1368 		pos = strchr(pos, '\n');
1369 		if (pos) {
1370 			pos++;
1371 		}
1372 
1373 	} while (pos);
1374 
1375 	return NULL;
1376 }
1377 
get_http_body(php_stream * stream,int close,char * headers)1378 static zend_string* get_http_body(php_stream *stream, int close, char *headers)
1379 {
1380 	zend_string *http_buf = NULL;
1381 	char *header;
1382 	int header_close = close, header_chunked = 0, header_length = 0, http_buf_size = 0;
1383 
1384 	if (!close) {
1385 		header = get_http_header_value(headers, "Connection: ");
1386 		if (header) {
1387 			if(!strncasecmp(header, "close", sizeof("close")-1)) header_close = 1;
1388 			efree(header);
1389 		}
1390 	}
1391 	header = get_http_header_value(headers, "Transfer-Encoding: ");
1392 	if (header) {
1393 		if(!strncasecmp(header, "chunked", sizeof("chunked")-1)) header_chunked = 1;
1394 		efree(header);
1395 	}
1396 	header = get_http_header_value(headers, "Content-Length: ");
1397 	if (header) {
1398 		header_length = atoi(header);
1399 		efree(header);
1400 		if (!header_length && !header_chunked) {
1401 			/* Empty response */
1402 			return ZSTR_EMPTY_ALLOC();
1403 		}
1404 	}
1405 
1406 	if (header_chunked) {
1407 		char ch, done, headerbuf[8192];
1408 
1409 		done = FALSE;
1410 
1411 		while (!done) {
1412 			int buf_size = 0;
1413 
1414 			php_stream_gets(stream, headerbuf, sizeof(headerbuf));
1415 			if (sscanf(headerbuf, "%x", &buf_size) > 0 ) {
1416 				if (buf_size > 0) {
1417 					int len_size = 0;
1418 
1419 					if (http_buf_size + buf_size + 1 < 0) {
1420 						if (http_buf) {
1421 							zend_string_release(http_buf);
1422 						}
1423 						return NULL;
1424 					}
1425 
1426 					if (http_buf) {
1427 						http_buf = zend_string_realloc(http_buf, http_buf_size + buf_size, 0);
1428 					} else {
1429 						http_buf = zend_string_alloc(buf_size, 0);
1430 					}
1431 
1432 					while (len_size < buf_size) {
1433 						int len_read = php_stream_read(stream, http_buf->val + http_buf_size, buf_size - len_size);
1434 						if (len_read <= 0) {
1435 							/* Error or EOF */
1436 							done = TRUE;
1437 						  break;
1438 						}
1439 						len_size += len_read;
1440 	 					http_buf_size += len_read;
1441  					}
1442 
1443 					/* Eat up '\r' '\n' */
1444 					ch = php_stream_getc(stream);
1445 					if (ch == '\r') {
1446 						ch = php_stream_getc(stream);
1447 					}
1448 					if (ch != '\n') {
1449 						/* Somthing wrong in chunked encoding */
1450 						if (http_buf) {
1451 							zend_string_release(http_buf);
1452 						}
1453 						return NULL;
1454 					}
1455  				}
1456 			} else {
1457 				/* Somthing wrong in chunked encoding */
1458 				if (http_buf) {
1459 					zend_string_release(http_buf);
1460 				}
1461 				return NULL;
1462 			}
1463 			if (buf_size == 0) {
1464 				done = TRUE;
1465 			}
1466 		}
1467 
1468 		/* Ignore trailer headers */
1469 		while (1) {
1470 			if (!php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1471 				break;
1472 			}
1473 
1474 			if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1475 			    (headerbuf[0] == '\n')) {
1476 				/* empty line marks end of headers */
1477 				break;
1478 			}
1479 		}
1480 
1481 		if (http_buf == NULL) {
1482 			return ZSTR_EMPTY_ALLOC();
1483 		}
1484 
1485 	} else if (header_length) {
1486 		if (header_length < 0 || header_length >= INT_MAX) {
1487 			return NULL;
1488 		}
1489 		http_buf = zend_string_alloc(header_length, 0);
1490 		while (http_buf_size < header_length) {
1491 			int len_read = php_stream_read(stream, http_buf->val + http_buf_size, header_length - http_buf_size);
1492 			if (len_read <= 0) {
1493 				break;
1494 			}
1495 			http_buf_size += len_read;
1496 		}
1497 	} else if (header_close) {
1498 		do {
1499 			int len_read;
1500 			if (http_buf) {
1501 				http_buf = zend_string_realloc(http_buf, http_buf_size + 4096, 0);
1502 			} else {
1503 				http_buf = zend_string_alloc(4096, 0);
1504 			}
1505 			len_read = php_stream_read(stream, http_buf->val + http_buf_size, 4096);
1506 			if (len_read > 0) {
1507 				http_buf_size += len_read;
1508 			}
1509 		} while(!php_stream_eof(stream));
1510 	} else {
1511 		return NULL;
1512 	}
1513 
1514 	http_buf->val[http_buf_size] = '\0';
1515 	http_buf->len = http_buf_size;
1516 	return http_buf;
1517 }
1518 
get_http_headers(php_stream * stream)1519 static zend_string *get_http_headers(php_stream *stream)
1520 {
1521 	smart_str tmp_response = {0};
1522 	char headerbuf[8192];
1523 
1524 	while (php_stream_gets(stream, headerbuf, sizeof(headerbuf))) {
1525 		if ((headerbuf[0] == '\r' && headerbuf[1] == '\n') ||
1526 		    (headerbuf[0] == '\n')) {
1527 			/* empty line marks end of headers */
1528 			smart_str_0(&tmp_response);
1529 			return tmp_response.s;
1530 		}
1531 
1532 		/* add header to collection */
1533 		smart_str_appends(&tmp_response, headerbuf);
1534 	}
1535 
1536 	smart_str_free(&tmp_response);
1537 	return NULL;
1538 }
1539 /*
1540  * Local variables:
1541  * tab-width: 4
1542  * c-basic-offset: 4
1543  * End:
1544  * vim600: sw=4 ts=4 fdm=marker
1545  * vim<600: sw=4 ts=4
1546  */
1547