1 /*
2 +----------------------------------------------------------------------+
3 | Copyright (c) The PHP Group |
4 +----------------------------------------------------------------------+
5 | This source file is subject to version 3.01 of the PHP license, |
6 | that is bundled with this package in the file LICENSE, and is |
7 | available through the world-wide-web at the following url: |
8 | https://www.php.net/license/3_01.txt |
9 | If you did not receive a copy of the PHP license and are unable to |
10 | obtain it through the world-wide-web, please send a note to |
11 | license@php.net so we can mail you a copy immediately. |
12 +----------------------------------------------------------------------+
13 | Authors: Rasmus Lerdorf <rasmus@php.net> |
14 | Jim Winstead <jimw@php.net> |
15 | Hartmut Holzgraefe <hholzgra@php.net> |
16 | Wez Furlong <wez@thebrainroom.com> |
17 | Sara Golemon <pollita@php.net> |
18 +----------------------------------------------------------------------+
19 */
20
21 #include "php.h"
22 #include "php_globals.h"
23 #include "php_streams.h"
24 #include "php_network.h"
25 #include "php_ini.h"
26 #include "ext/standard/basic_functions.h"
27 #include "zend_smart_str.h"
28
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <errno.h>
32 #include <sys/types.h>
33 #include <sys/stat.h>
34 #include <fcntl.h>
35
36 #ifdef PHP_WIN32
37 #define O_RDONLY _O_RDONLY
38 #include "win32/param.h"
39 #else
40 #include <sys/param.h>
41 #endif
42
43 #include "php_standard.h"
44
45 #include <sys/types.h>
46 #ifdef HAVE_SYS_SOCKET_H
47 #include <sys/socket.h>
48 #endif
49
50 #ifdef PHP_WIN32
51 #include <winsock2.h>
52 #else
53 #include <netinet/in.h>
54 #include <netdb.h>
55 #ifdef HAVE_ARPA_INET_H
56 #include <arpa/inet.h>
57 #endif
58 #endif
59
60 #if defined(PHP_WIN32) || defined(__riscos__)
61 #undef AF_UNIX
62 #endif
63
64 #if defined(AF_UNIX)
65 #include <sys/un.h>
66 #endif
67
68 #include "php_fopen_wrappers.h"
69
70 #define HTTP_HEADER_BLOCK_SIZE 1024
71 #define PHP_URL_REDIRECT_MAX 20
72 #define HTTP_HEADER_USER_AGENT 1
73 #define HTTP_HEADER_HOST 2
74 #define HTTP_HEADER_AUTH 4
75 #define HTTP_HEADER_FROM 8
76 #define HTTP_HEADER_CONTENT_LENGTH 16
77 #define HTTP_HEADER_TYPE 32
78 #define HTTP_HEADER_CONNECTION 64
79
80 #define HTTP_WRAPPER_HEADER_INIT 1
81 #define HTTP_WRAPPER_REDIRECTED 2
82 #define HTTP_WRAPPER_KEEP_METHOD 4
83
strip_header(char * header_bag,char * lc_header_bag,const char * lc_header_name)84 static inline void strip_header(char *header_bag, char *lc_header_bag,
85 const char *lc_header_name)
86 {
87 char *lc_header_start = strstr(lc_header_bag, lc_header_name);
88 if (lc_header_start
89 && (lc_header_start == lc_header_bag || *(lc_header_start-1) == '\n')
90 ) {
91 char *header_start = header_bag + (lc_header_start - lc_header_bag);
92 char *lc_eol = strchr(lc_header_start, '\n');
93
94 if (lc_eol) {
95 char *eol = header_start + (lc_eol - lc_header_start);
96 size_t eollen = strlen(lc_eol);
97
98 memmove(lc_header_start, lc_eol+1, eollen);
99 memmove(header_start, eol+1, eollen);
100 } else {
101 *lc_header_start = '\0';
102 *header_start = '\0';
103 }
104 }
105 }
106
check_has_header(const char * headers,const char * header)107 static bool check_has_header(const char *headers, const char *header) {
108 const char *s = headers;
109 while ((s = strstr(s, header))) {
110 if (s == headers || *(s-1) == '\n') {
111 return 1;
112 }
113 s++;
114 }
115 return 0;
116 }
117
php_stream_url_wrap_http_ex(php_stream_wrapper * wrapper,const char * path,const char * mode,int options,zend_string ** opened_path,php_stream_context * context,int redirect_max,int flags,zval * response_header STREAMS_DC)118 static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
119 const char *path, const char *mode, int options, zend_string **opened_path,
120 php_stream_context *context, int redirect_max, int flags,
121 zval *response_header STREAMS_DC) /* {{{ */
122 {
123 php_stream *stream = NULL;
124 php_url *resource = NULL;
125 int use_ssl;
126 int use_proxy = 0;
127 zend_string *tmp = NULL;
128 char *ua_str = NULL;
129 zval *ua_zval = NULL, *tmpzval = NULL, ssl_proxy_peer_name;
130 char location[HTTP_HEADER_BLOCK_SIZE];
131 int reqok = 0;
132 char *http_header_line = NULL;
133 char tmp_line[128];
134 size_t chunk_size = 0, file_size = 0;
135 int eol_detect = 0;
136 zend_string *transport_string;
137 zend_string *errstr = NULL;
138 int have_header = 0;
139 bool request_fulluri = 0, ignore_errors = 0;
140 struct timeval timeout;
141 char *user_headers = NULL;
142 int header_init = ((flags & HTTP_WRAPPER_HEADER_INIT) != 0);
143 int redirected = ((flags & HTTP_WRAPPER_REDIRECTED) != 0);
144 int redirect_keep_method = ((flags & HTTP_WRAPPER_KEEP_METHOD) != 0);
145 bool follow_location = 1;
146 php_stream_filter *transfer_encoding = NULL;
147 int response_code;
148 smart_str req_buf = {0};
149 bool custom_request_method;
150
151 tmp_line[0] = '\0';
152
153 if (redirect_max < 1) {
154 php_stream_wrapper_log_error(wrapper, options, "Redirection limit reached, aborting");
155 return NULL;
156 }
157
158 resource = php_url_parse(path);
159 if (resource == NULL) {
160 return NULL;
161 }
162
163 ZEND_ASSERT(resource->scheme);
164 if (!zend_string_equals_literal_ci(resource->scheme, "http") &&
165 !zend_string_equals_literal_ci(resource->scheme, "https")) {
166 if (!context ||
167 (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) == NULL ||
168 Z_TYPE_P(tmpzval) != IS_STRING ||
169 Z_STRLEN_P(tmpzval) == 0) {
170 php_url_free(resource);
171 return php_stream_open_wrapper_ex(path, mode, REPORT_ERRORS, NULL, context);
172 }
173 /* Called from a non-http wrapper with http proxying requested (i.e. ftp) */
174 request_fulluri = 1;
175 use_ssl = 0;
176 use_proxy = 1;
177 transport_string = zend_string_copy(Z_STR_P(tmpzval));
178 } else {
179 /* Normal http request (possibly with proxy) */
180
181 if (strpbrk(mode, "awx+")) {
182 php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper does not support writeable connections");
183 php_url_free(resource);
184 return NULL;
185 }
186
187 use_ssl = (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's';
188 /* choose default ports */
189 if (use_ssl && resource->port == 0)
190 resource->port = 443;
191 else if (resource->port == 0)
192 resource->port = 80;
193
194 if (context &&
195 (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "proxy")) != NULL &&
196 Z_TYPE_P(tmpzval) == IS_STRING &&
197 Z_STRLEN_P(tmpzval) > 0) {
198 use_proxy = 1;
199 transport_string = zend_string_copy(Z_STR_P(tmpzval));
200 } else {
201 transport_string = zend_strpprintf(0, "%s://%s:%d", use_ssl ? "ssl" : "tcp", ZSTR_VAL(resource->host), resource->port);
202 }
203 }
204
205 if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
206 double d = zval_get_double(tmpzval);
207 #ifndef PHP_WIN32
208 timeout.tv_sec = (time_t) d;
209 timeout.tv_usec = (size_t) ((d - timeout.tv_sec) * 1000000);
210 #else
211 timeout.tv_sec = (long) d;
212 timeout.tv_usec = (long) ((d - timeout.tv_sec) * 1000000);
213 #endif
214 } else {
215 #ifndef PHP_WIN32
216 timeout.tv_sec = FG(default_socket_timeout);
217 #else
218 timeout.tv_sec = (long)FG(default_socket_timeout);
219 #endif
220 timeout.tv_usec = 0;
221 }
222
223 stream = php_stream_xport_create(ZSTR_VAL(transport_string), ZSTR_LEN(transport_string), options,
224 STREAM_XPORT_CLIENT | STREAM_XPORT_CONNECT,
225 NULL, &timeout, context, &errstr, NULL);
226
227 if (stream) {
228 php_stream_set_option(stream, PHP_STREAM_OPTION_READ_TIMEOUT, 0, &timeout);
229 }
230
231 if (errstr) {
232 php_stream_wrapper_log_error(wrapper, options, "%s", ZSTR_VAL(errstr));
233 zend_string_release_ex(errstr, 0);
234 errstr = NULL;
235 }
236
237 zend_string_release(transport_string);
238
239 if (stream && use_proxy && use_ssl) {
240 smart_str header = {0};
241
242 /* Set peer_name or name verification will try to use the proxy server name */
243 if (!context || (tmpzval = php_stream_context_get_option(context, "ssl", "peer_name")) == NULL) {
244 ZVAL_STR_COPY(&ssl_proxy_peer_name, resource->host);
245 php_stream_context_set_option(PHP_STREAM_CONTEXT(stream), "ssl", "peer_name", &ssl_proxy_peer_name);
246 zval_ptr_dtor(&ssl_proxy_peer_name);
247 }
248
249 smart_str_appendl(&header, "CONNECT ", sizeof("CONNECT ")-1);
250 smart_str_appends(&header, ZSTR_VAL(resource->host));
251 smart_str_appendc(&header, ':');
252 smart_str_append_unsigned(&header, resource->port);
253 smart_str_appendl(&header, " HTTP/1.0\r\n", sizeof(" HTTP/1.0\r\n")-1);
254
255 /* check if we have Proxy-Authorization header */
256 if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
257 char *s, *p;
258
259 if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
260 zval *tmpheader = NULL;
261
262 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
263 if (Z_TYPE_P(tmpheader) == IS_STRING) {
264 s = Z_STRVAL_P(tmpheader);
265 do {
266 while (*s == ' ' || *s == '\t') s++;
267 p = s;
268 while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
269 if (*p == ':') {
270 p++;
271 if (p - s == sizeof("Proxy-Authorization:") - 1 &&
272 zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
273 "Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
274 while (*p != 0 && *p != '\r' && *p !='\n') p++;
275 smart_str_appendl(&header, s, p - s);
276 smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
277 goto finish;
278 } else {
279 while (*p != 0 && *p != '\r' && *p !='\n') p++;
280 }
281 }
282 s = p;
283 while (*s == '\r' || *s == '\n') s++;
284 } while (*s != 0);
285 }
286 } ZEND_HASH_FOREACH_END();
287 } else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
288 s = Z_STRVAL_P(tmpzval);
289 do {
290 while (*s == ' ' || *s == '\t') s++;
291 p = s;
292 while (*p != 0 && *p != ':' && *p != '\r' && *p !='\n') p++;
293 if (*p == ':') {
294 p++;
295 if (p - s == sizeof("Proxy-Authorization:") - 1 &&
296 zend_binary_strcasecmp(s, sizeof("Proxy-Authorization:") - 1,
297 "Proxy-Authorization:", sizeof("Proxy-Authorization:") - 1) == 0) {
298 while (*p != 0 && *p != '\r' && *p !='\n') p++;
299 smart_str_appendl(&header, s, p - s);
300 smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
301 goto finish;
302 } else {
303 while (*p != 0 && *p != '\r' && *p !='\n') p++;
304 }
305 }
306 s = p;
307 while (*s == '\r' || *s == '\n') s++;
308 } while (*s != 0);
309 }
310 }
311 finish:
312 smart_str_appendl(&header, "\r\n", sizeof("\r\n")-1);
313
314 if (php_stream_write(stream, ZSTR_VAL(header.s), ZSTR_LEN(header.s)) != ZSTR_LEN(header.s)) {
315 php_stream_wrapper_log_error(wrapper, options, "Cannot connect to HTTPS server through proxy");
316 php_stream_close(stream);
317 stream = NULL;
318 }
319 smart_str_free(&header);
320
321 if (stream) {
322 char header_line[HTTP_HEADER_BLOCK_SIZE];
323
324 /* get response header */
325 while (php_stream_gets(stream, header_line, HTTP_HEADER_BLOCK_SIZE-1) != NULL) {
326 if (header_line[0] == '\n' ||
327 header_line[0] == '\r' ||
328 header_line[0] == '\0') {
329 break;
330 }
331 }
332 }
333
334 /* enable SSL transport layer */
335 if (stream) {
336 if (php_stream_xport_crypto_setup(stream, STREAM_CRYPTO_METHOD_SSLv23_CLIENT, NULL) < 0 ||
337 php_stream_xport_crypto_enable(stream, 1) < 0) {
338 php_stream_wrapper_log_error(wrapper, options, "Cannot connect to HTTPS server through proxy");
339 php_stream_close(stream);
340 stream = NULL;
341 }
342 }
343 }
344
345 if (stream == NULL)
346 goto out;
347
348 /* avoid buffering issues while reading header */
349 if (options & STREAM_WILL_CAST)
350 chunk_size = php_stream_set_chunk_size(stream, 1);
351
352 /* avoid problems with auto-detecting when reading the headers -> the headers
353 * are always in canonical \r\n format */
354 eol_detect = stream->flags & (PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
355 stream->flags &= ~(PHP_STREAM_FLAG_DETECT_EOL | PHP_STREAM_FLAG_EOL_MAC);
356
357 php_stream_context_set(stream, context);
358
359 php_stream_notify_info(context, PHP_STREAM_NOTIFY_CONNECT, NULL, 0);
360
361 if (header_init && context && (tmpzval = php_stream_context_get_option(context, "http", "max_redirects")) != NULL) {
362 redirect_max = (int)zval_get_long(tmpzval);
363 }
364
365 custom_request_method = 0;
366 if (context && (tmpzval = php_stream_context_get_option(context, "http", "method")) != NULL) {
367 if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
368 /* As per the RFC, automatically redirected requests MUST NOT use other methods than
369 * GET and HEAD unless it can be confirmed by the user. */
370 if (!redirected || redirect_keep_method
371 || zend_string_equals_literal(Z_STR_P(tmpzval), "GET")
372 || zend_string_equals_literal(Z_STR_P(tmpzval), "HEAD")
373 ) {
374 custom_request_method = 1;
375 smart_str_append(&req_buf, Z_STR_P(tmpzval));
376 smart_str_appendc(&req_buf, ' ');
377 }
378 }
379 }
380
381 if (!custom_request_method) {
382 smart_str_appends(&req_buf, "GET ");
383 }
384
385 /* Should we send the entire path in the request line, default to no. */
386 if (!request_fulluri && context &&
387 (tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
388 request_fulluri = zend_is_true(tmpzval);
389 }
390
391 if (request_fulluri) {
392 /* Ask for everything */
393 smart_str_appends(&req_buf, path);
394 } else {
395 /* Send the traditional /path/to/file?query_string */
396
397 /* file */
398 if (resource->path && ZSTR_LEN(resource->path)) {
399 smart_str_appends(&req_buf, ZSTR_VAL(resource->path));
400 } else {
401 smart_str_appendc(&req_buf, '/');
402 }
403
404 /* query string */
405 if (resource->query) {
406 smart_str_appendc(&req_buf, '?');
407 smart_str_appends(&req_buf, ZSTR_VAL(resource->query));
408 }
409 }
410
411 /* protocol version we are speaking */
412 if (context && (tmpzval = php_stream_context_get_option(context, "http", "protocol_version")) != NULL) {
413 char *protocol_version;
414 spprintf(&protocol_version, 0, "%.1F", zval_get_double(tmpzval));
415
416 smart_str_appends(&req_buf, " HTTP/");
417 smart_str_appends(&req_buf, protocol_version);
418 smart_str_appends(&req_buf, "\r\n");
419 efree(protocol_version);
420 } else {
421 smart_str_appends(&req_buf, " HTTP/1.1\r\n");
422 }
423
424 if (context && (tmpzval = php_stream_context_get_option(context, "http", "header")) != NULL) {
425 tmp = NULL;
426
427 if (Z_TYPE_P(tmpzval) == IS_ARRAY) {
428 zval *tmpheader = NULL;
429 smart_str tmpstr = {0};
430
431 ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(tmpzval), tmpheader) {
432 if (Z_TYPE_P(tmpheader) == IS_STRING) {
433 smart_str_append(&tmpstr, Z_STR_P(tmpheader));
434 smart_str_appendl(&tmpstr, "\r\n", sizeof("\r\n") - 1);
435 }
436 } ZEND_HASH_FOREACH_END();
437 smart_str_0(&tmpstr);
438 /* Remove newlines and spaces from start and end. there's at least one extra \r\n at the end that needs to go. */
439 if (tmpstr.s) {
440 tmp = php_trim(tmpstr.s, NULL, 0, 3);
441 smart_str_free(&tmpstr);
442 }
443 } else if (Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval)) {
444 /* Remove newlines and spaces from start and end php_trim will estrndup() */
445 tmp = php_trim(Z_STR_P(tmpzval), NULL, 0, 3);
446 }
447 if (tmp && ZSTR_LEN(tmp)) {
448 char *s;
449 char *t;
450
451 user_headers = estrndup(ZSTR_VAL(tmp), ZSTR_LEN(tmp));
452
453 if (ZSTR_IS_INTERNED(tmp)) {
454 tmp = zend_string_init(ZSTR_VAL(tmp), ZSTR_LEN(tmp), 0);
455 } else if (GC_REFCOUNT(tmp) > 1) {
456 GC_DELREF(tmp);
457 tmp = zend_string_init(ZSTR_VAL(tmp), ZSTR_LEN(tmp), 0);
458 }
459
460 /* Make lowercase for easy comparison against 'standard' headers */
461 zend_str_tolower(ZSTR_VAL(tmp), ZSTR_LEN(tmp));
462 t = ZSTR_VAL(tmp);
463
464 if (!header_init && !redirect_keep_method) {
465 /* strip POST headers on redirect */
466 strip_header(user_headers, t, "content-length:");
467 strip_header(user_headers, t, "content-type:");
468 }
469
470 if (check_has_header(t, "user-agent:")) {
471 have_header |= HTTP_HEADER_USER_AGENT;
472 }
473 if (check_has_header(t, "host:")) {
474 have_header |= HTTP_HEADER_HOST;
475 }
476 if (check_has_header(t, "from:")) {
477 have_header |= HTTP_HEADER_FROM;
478 }
479 if (check_has_header(t, "authorization:")) {
480 have_header |= HTTP_HEADER_AUTH;
481 }
482 if (check_has_header(t, "content-length:")) {
483 have_header |= HTTP_HEADER_CONTENT_LENGTH;
484 }
485 if (check_has_header(t, "content-type:")) {
486 have_header |= HTTP_HEADER_TYPE;
487 }
488 if (check_has_header(t, "connection:")) {
489 have_header |= HTTP_HEADER_CONNECTION;
490 }
491
492 /* remove Proxy-Authorization header */
493 if (use_proxy && use_ssl && (s = strstr(t, "proxy-authorization:")) &&
494 (s == t || *(s-1) == '\n')) {
495 char *p = s + sizeof("proxy-authorization:") - 1;
496
497 while (s > t && (*(s-1) == ' ' || *(s-1) == '\t')) s--;
498 while (*p != 0 && *p != '\r' && *p != '\n') p++;
499 while (*p == '\r' || *p == '\n') p++;
500 if (*p == 0) {
501 if (s == t) {
502 efree(user_headers);
503 user_headers = NULL;
504 } else {
505 while (s > t && (*(s-1) == '\r' || *(s-1) == '\n')) s--;
506 user_headers[s - t] = 0;
507 }
508 } else {
509 memmove(user_headers + (s - t), user_headers + (p - t), strlen(p) + 1);
510 }
511 }
512
513 }
514 if (tmp) {
515 zend_string_release_ex(tmp, 0);
516 }
517 }
518
519 /* auth header if it was specified */
520 if (((have_header & HTTP_HEADER_AUTH) == 0) && resource->user) {
521 /* make scratch large enough to hold the whole URL (over-estimate) */
522 size_t scratch_len = strlen(path) + 1;
523 char *scratch = emalloc(scratch_len);
524 zend_string *stmp;
525
526 /* decode the strings first */
527 php_url_decode(ZSTR_VAL(resource->user), ZSTR_LEN(resource->user));
528
529 strcpy(scratch, ZSTR_VAL(resource->user));
530 strcat(scratch, ":");
531
532 /* Note: password is optional! */
533 if (resource->pass) {
534 php_url_decode(ZSTR_VAL(resource->pass), ZSTR_LEN(resource->pass));
535 strcat(scratch, ZSTR_VAL(resource->pass));
536 }
537
538 stmp = php_base64_encode((unsigned char*)scratch, strlen(scratch));
539
540 smart_str_appends(&req_buf, "Authorization: Basic ");
541 smart_str_appends(&req_buf, ZSTR_VAL(stmp));
542 smart_str_appends(&req_buf, "\r\n");
543
544 php_stream_notify_info(context, PHP_STREAM_NOTIFY_AUTH_REQUIRED, NULL, 0);
545
546 zend_string_free(stmp);
547 efree(scratch);
548 }
549
550 /* if the user has configured who they are, send a From: line */
551 if (!(have_header & HTTP_HEADER_FROM) && FG(from_address)) {
552 smart_str_appends(&req_buf, "From: ");
553 smart_str_appends(&req_buf, FG(from_address));
554 smart_str_appends(&req_buf, "\r\n");
555 }
556
557 /* Send Host: header so name-based virtual hosts work */
558 if ((have_header & HTTP_HEADER_HOST) == 0) {
559 smart_str_appends(&req_buf, "Host: ");
560 smart_str_appends(&req_buf, ZSTR_VAL(resource->host));
561 if ((use_ssl && resource->port != 443 && resource->port != 0) ||
562 (!use_ssl && resource->port != 80 && resource->port != 0)) {
563 smart_str_appendc(&req_buf, ':');
564 smart_str_append_unsigned(&req_buf, resource->port);
565 }
566 smart_str_appends(&req_buf, "\r\n");
567 }
568
569 /* Send a Connection: close header to avoid hanging when the server
570 * interprets the RFC literally and establishes a keep-alive connection,
571 * unless the user specifically requests something else by specifying a
572 * Connection header in the context options. Send that header even for
573 * HTTP/1.0 to avoid issues when the server respond with an HTTP/1.1
574 * keep-alive response, which is the preferred response type. */
575 if ((have_header & HTTP_HEADER_CONNECTION) == 0) {
576 smart_str_appends(&req_buf, "Connection: close\r\n");
577 }
578
579 if (context &&
580 (ua_zval = php_stream_context_get_option(context, "http", "user_agent")) != NULL &&
581 Z_TYPE_P(ua_zval) == IS_STRING) {
582 ua_str = Z_STRVAL_P(ua_zval);
583 } else if (FG(user_agent)) {
584 ua_str = FG(user_agent);
585 }
586
587 if (((have_header & HTTP_HEADER_USER_AGENT) == 0) && ua_str) {
588 #define _UA_HEADER "User-Agent: %s\r\n"
589 char *ua;
590 size_t ua_len;
591
592 ua_len = sizeof(_UA_HEADER) + strlen(ua_str);
593
594 /* ensure the header is only sent if user_agent is not blank */
595 if (ua_len > sizeof(_UA_HEADER)) {
596 ua = emalloc(ua_len + 1);
597 if ((ua_len = slprintf(ua, ua_len, _UA_HEADER, ua_str)) > 0) {
598 ua[ua_len] = 0;
599 smart_str_appendl(&req_buf, ua, ua_len);
600 } else {
601 php_error_docref(NULL, E_WARNING, "Cannot construct User-agent header");
602 }
603 efree(ua);
604 }
605 }
606
607 if (user_headers) {
608 /* A bit weird, but some servers require that Content-Length be sent prior to Content-Type for POST
609 * see bug #44603 for details. Since Content-Type maybe part of user's headers we need to do this check first.
610 */
611 if (
612 (header_init || redirect_keep_method) &&
613 context &&
614 !(have_header & HTTP_HEADER_CONTENT_LENGTH) &&
615 (tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
616 Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0
617 ) {
618 smart_str_appends(&req_buf, "Content-Length: ");
619 smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
620 smart_str_appends(&req_buf, "\r\n");
621 have_header |= HTTP_HEADER_CONTENT_LENGTH;
622 }
623
624 smart_str_appends(&req_buf, user_headers);
625 smart_str_appends(&req_buf, "\r\n");
626 efree(user_headers);
627 }
628
629 /* Request content, such as for POST requests */
630 if ((header_init || redirect_keep_method) && context &&
631 (tmpzval = php_stream_context_get_option(context, "http", "content")) != NULL &&
632 Z_TYPE_P(tmpzval) == IS_STRING && Z_STRLEN_P(tmpzval) > 0) {
633 if (!(have_header & HTTP_HEADER_CONTENT_LENGTH)) {
634 smart_str_appends(&req_buf, "Content-Length: ");
635 smart_str_append_unsigned(&req_buf, Z_STRLEN_P(tmpzval));
636 smart_str_appends(&req_buf, "\r\n");
637 }
638 if (!(have_header & HTTP_HEADER_TYPE)) {
639 smart_str_appends(&req_buf, "Content-Type: application/x-www-form-urlencoded\r\n");
640 php_error_docref(NULL, E_NOTICE, "Content-type not specified assuming application/x-www-form-urlencoded");
641 }
642 smart_str_appends(&req_buf, "\r\n");
643 smart_str_appendl(&req_buf, Z_STRVAL_P(tmpzval), Z_STRLEN_P(tmpzval));
644 } else {
645 smart_str_appends(&req_buf, "\r\n");
646 }
647
648 /* send it */
649 php_stream_write(stream, ZSTR_VAL(req_buf.s), ZSTR_LEN(req_buf.s));
650
651 location[0] = '\0';
652
653 if (Z_ISUNDEF_P(response_header)) {
654 array_init(response_header);
655 }
656
657 {
658 /* get response header */
659 size_t tmp_line_len;
660 if (!php_stream_eof(stream) &&
661 php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL) {
662 zval http_response;
663
664 if (tmp_line_len > 9) {
665 response_code = atoi(tmp_line + 9);
666 } else {
667 response_code = 0;
668 }
669 if (context && NULL != (tmpzval = php_stream_context_get_option(context, "http", "ignore_errors"))) {
670 ignore_errors = zend_is_true(tmpzval);
671 }
672 /* when we request only the header, don't fail even on error codes */
673 if ((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) {
674 reqok = 1;
675 }
676
677 /* status codes of 1xx are "informational", and will be followed by a real response
678 * e.g "100 Continue". RFC 7231 states that unexpected 1xx status MUST be parsed,
679 * and MAY be ignored. As such, we need to skip ahead to the "real" status*/
680 if (response_code >= 100 && response_code < 200 && response_code != 101) {
681 /* consume lines until we find a line starting 'HTTP/1' */
682 while (
683 !php_stream_eof(stream)
684 && php_stream_get_line(stream, tmp_line, sizeof(tmp_line) - 1, &tmp_line_len) != NULL
685 && ( tmp_line_len < sizeof("HTTP/1") - 1 || strncasecmp(tmp_line, "HTTP/1", sizeof("HTTP/1") - 1) )
686 );
687
688 if (tmp_line_len > 9) {
689 response_code = atoi(tmp_line + 9);
690 } else {
691 response_code = 0;
692 }
693 }
694 /* all status codes in the 2xx range are defined by the specification as successful;
695 * all status codes in the 3xx range are for redirection, and so also should never
696 * fail */
697 if (response_code >= 200 && response_code < 400) {
698 reqok = 1;
699 } else {
700 switch(response_code) {
701 case 403:
702 php_stream_notify_error(context, PHP_STREAM_NOTIFY_AUTH_RESULT,
703 tmp_line, response_code);
704 break;
705 default:
706 /* safety net in the event tmp_line == NULL */
707 if (!tmp_line_len) {
708 tmp_line[0] = '\0';
709 }
710 php_stream_notify_error(context, PHP_STREAM_NOTIFY_FAILURE,
711 tmp_line, response_code);
712 }
713 }
714 if (tmp_line_len >= 1 && tmp_line[tmp_line_len - 1] == '\n') {
715 --tmp_line_len;
716 if (tmp_line_len >= 1 &&tmp_line[tmp_line_len - 1] == '\r') {
717 --tmp_line_len;
718 }
719 } else {
720 // read and discard rest of status line
721 char *line = php_stream_get_line(stream, NULL, 0, NULL);
722 efree(line);
723 }
724 ZVAL_STRINGL(&http_response, tmp_line, tmp_line_len);
725 zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_response);
726 } else {
727 php_stream_close(stream);
728 stream = NULL;
729 php_stream_wrapper_log_error(wrapper, options, "HTTP request failed!");
730 goto out;
731 }
732 }
733
734 /* read past HTTP headers */
735
736 while (!php_stream_eof(stream)) {
737 size_t http_header_line_length;
738
739 if (http_header_line != NULL) {
740 efree(http_header_line);
741 }
742 if ((http_header_line = php_stream_get_line(stream, NULL, 0, &http_header_line_length)) && *http_header_line != '\n' && *http_header_line != '\r') {
743 char *e = http_header_line + http_header_line_length - 1;
744 char *http_header_value;
745
746 while (e >= http_header_line && (*e == '\n' || *e == '\r')) {
747 e--;
748 }
749
750 /* The primary definition of an HTTP header in RFC 7230 states:
751 * > Each header field consists of a case-insensitive field name followed
752 * > by a colon (":"), optional leading whitespace, the field value, and
753 * > optional trailing whitespace. */
754
755 /* Strip trailing whitespace */
756 while (e >= http_header_line && (*e == ' ' || *e == '\t')) {
757 e--;
758 }
759
760 /* Terminate header line */
761 e++;
762 *e = '\0';
763 http_header_line_length = e - http_header_line;
764
765 http_header_value = memchr(http_header_line, ':', http_header_line_length);
766 if (http_header_value) {
767 http_header_value++; /* Skip ':' */
768
769 /* Strip leading whitespace */
770 while (http_header_value < e
771 && (*http_header_value == ' ' || *http_header_value == '\t')) {
772 http_header_value++;
773 }
774 } else {
775 /* There is no colon. Set the value to the end of the header line, which is
776 * effectively an empty string. */
777 http_header_value = e;
778 }
779
780 if (!strncasecmp(http_header_line, "Location:", sizeof("Location:")-1)) {
781 if (context && (tmpzval = php_stream_context_get_option(context, "http", "follow_location")) != NULL) {
782 follow_location = zval_is_true(tmpzval);
783 } else if (!((response_code >= 300 && response_code < 304)
784 || 307 == response_code || 308 == response_code)) {
785 /* we shouldn't redirect automatically
786 if follow_location isn't set and response_code not in (300, 301, 302, 303 and 307)
787 see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1
788 RFC 7238 defines 308: http://tools.ietf.org/html/rfc7238 */
789 follow_location = 0;
790 }
791 strlcpy(location, http_header_value, sizeof(location));
792 } else if (!strncasecmp(http_header_line, "Content-Type:", sizeof("Content-Type:")-1)) {
793 php_stream_notify_info(context, PHP_STREAM_NOTIFY_MIME_TYPE_IS, http_header_value, 0);
794 } else if (!strncasecmp(http_header_line, "Content-Length:", sizeof("Content-Length:")-1)) {
795 /* https://www.rfc-editor.org/rfc/rfc9110.html#name-content-length */
796 const char *ptr = http_header_value;
797 /* must contain only digits, no + or - symbols */
798 if (*ptr >= '0' && *ptr <= '9') {
799 char *endptr = NULL;
800 size_t parsed = ZEND_STRTOUL(ptr, &endptr, 10);
801 /* check whether there was no garbage in the header value and the conversion was successful */
802 if (endptr && !*endptr) {
803 /* truncate for 32-bit such that no negative file sizes occur */
804 file_size = MIN(parsed, ZEND_LONG_MAX);
805 php_stream_notify_file_size(context, file_size, http_header_line, 0);
806 }
807 }
808 } else if (
809 !strncasecmp(http_header_line, "Transfer-Encoding:", sizeof("Transfer-Encoding:")-1)
810 && !strncasecmp(http_header_value, "Chunked", sizeof("Chunked")-1)
811 ) {
812
813 /* create filter to decode response body */
814 if (!(options & STREAM_ONLY_GET_HEADERS)) {
815 zend_long decode = 1;
816
817 if (context && (tmpzval = php_stream_context_get_option(context, "http", "auto_decode")) != NULL) {
818 decode = zend_is_true(tmpzval);
819 }
820 if (decode) {
821 transfer_encoding = php_stream_filter_create("dechunk", NULL, php_stream_is_persistent(stream));
822 if (transfer_encoding) {
823 /* don't store transfer-encodeing header */
824 continue;
825 }
826 }
827 }
828 }
829
830 {
831 zval http_header;
832 ZVAL_STRINGL(&http_header, http_header_line, http_header_line_length);
833 zend_hash_next_index_insert(Z_ARRVAL_P(response_header), &http_header);
834 }
835 } else {
836 break;
837 }
838 }
839
840 if (!reqok || (location[0] != '\0' && follow_location)) {
841 if (!follow_location || (((options & STREAM_ONLY_GET_HEADERS) || ignore_errors) && redirect_max <= 1)) {
842 goto out;
843 }
844
845 if (location[0] != '\0')
846 php_stream_notify_info(context, PHP_STREAM_NOTIFY_REDIRECTED, location, 0);
847
848 php_stream_close(stream);
849 stream = NULL;
850
851 if (transfer_encoding) {
852 php_stream_filter_free(transfer_encoding);
853 transfer_encoding = NULL;
854 }
855
856 if (location[0] != '\0') {
857
858 char new_path[HTTP_HEADER_BLOCK_SIZE];
859 char loc_path[HTTP_HEADER_BLOCK_SIZE];
860
861 *new_path='\0';
862 if (strlen(location)<8 || (strncasecmp(location, "http://", sizeof("http://")-1) &&
863 strncasecmp(location, "https://", sizeof("https://")-1) &&
864 strncasecmp(location, "ftp://", sizeof("ftp://")-1) &&
865 strncasecmp(location, "ftps://", sizeof("ftps://")-1)))
866 {
867 if (*location != '/') {
868 if (*(location+1) != '\0' && resource->path) {
869 char *s = strrchr(ZSTR_VAL(resource->path), '/');
870 if (!s) {
871 s = ZSTR_VAL(resource->path);
872 if (!ZSTR_LEN(resource->path)) {
873 zend_string_release_ex(resource->path, 0);
874 resource->path = ZSTR_INIT_LITERAL("/", 0);
875 s = ZSTR_VAL(resource->path);
876 } else {
877 *s = '/';
878 }
879 }
880 s[1] = '\0';
881 if (resource->path &&
882 ZSTR_VAL(resource->path)[0] == '/' &&
883 ZSTR_VAL(resource->path)[1] == '\0') {
884 snprintf(loc_path, sizeof(loc_path) - 1, "%s%s", ZSTR_VAL(resource->path), location);
885 } else {
886 snprintf(loc_path, sizeof(loc_path) - 1, "%s/%s", ZSTR_VAL(resource->path), location);
887 }
888 } else {
889 snprintf(loc_path, sizeof(loc_path) - 1, "/%s", location);
890 }
891 } else {
892 strlcpy(loc_path, location, sizeof(loc_path));
893 }
894 if ((use_ssl && resource->port != 443) || (!use_ssl && resource->port != 80)) {
895 snprintf(new_path, sizeof(new_path) - 1, "%s://%s:%d%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), resource->port, loc_path);
896 } else {
897 snprintf(new_path, sizeof(new_path) - 1, "%s://%s%s", ZSTR_VAL(resource->scheme), ZSTR_VAL(resource->host), loc_path);
898 }
899 } else {
900 strlcpy(new_path, location, sizeof(new_path));
901 }
902
903 php_url_free(resource);
904 /* check for invalid redirection URLs */
905 if ((resource = php_url_parse(new_path)) == NULL) {
906 php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path);
907 goto out;
908 }
909
910 #define CHECK_FOR_CNTRL_CHARS(val) { \
911 if (val) { \
912 unsigned char *s, *e; \
913 ZSTR_LEN(val) = php_url_decode(ZSTR_VAL(val), ZSTR_LEN(val)); \
914 s = (unsigned char*)ZSTR_VAL(val); e = s + ZSTR_LEN(val); \
915 while (s < e) { \
916 if (iscntrl(*s)) { \
917 php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path); \
918 goto out; \
919 } \
920 s++; \
921 } \
922 } \
923 }
924 /* check for control characters in login, password & path */
925 if (strncasecmp(new_path, "http://", sizeof("http://") - 1) || strncasecmp(new_path, "https://", sizeof("https://") - 1)) {
926 CHECK_FOR_CNTRL_CHARS(resource->user);
927 CHECK_FOR_CNTRL_CHARS(resource->pass);
928 CHECK_FOR_CNTRL_CHARS(resource->path);
929 }
930 int new_flags = HTTP_WRAPPER_REDIRECTED;
931 if (response_code == 307 || response_code == 308) {
932 /* RFC 7538 specifies that status code 308 does not allow changing the request method from POST to GET.
933 * RFC 7231 does the same for status code 307.
934 * To keep consistency between POST and PATCH requests, we'll also not change the request method from PATCH to GET, even though it's allowed it's not mandated by the RFC. */
935 new_flags |= HTTP_WRAPPER_KEEP_METHOD;
936 }
937 stream = php_stream_url_wrap_http_ex(
938 wrapper, new_path, mode, options, opened_path, context,
939 --redirect_max, new_flags, response_header STREAMS_CC);
940 } else {
941 php_stream_wrapper_log_error(wrapper, options, "HTTP request failed! %s", tmp_line);
942 }
943 }
944 out:
945
946 smart_str_free(&req_buf);
947
948 if (http_header_line) {
949 efree(http_header_line);
950 }
951
952 if (resource) {
953 php_url_free(resource);
954 }
955
956 if (stream) {
957 if (header_init) {
958 ZVAL_COPY(&stream->wrapperdata, response_header);
959 }
960 php_stream_notify_progress_init(context, 0, file_size);
961
962 /* Restore original chunk size now that we're done with headers */
963 if (options & STREAM_WILL_CAST)
964 php_stream_set_chunk_size(stream, (int)chunk_size);
965
966 /* restore the users auto-detect-line-endings setting */
967 stream->flags |= eol_detect;
968
969 /* as far as streams are concerned, we are now at the start of
970 * the stream */
971 stream->position = 0;
972
973 /* restore mode */
974 strlcpy(stream->mode, mode, sizeof(stream->mode));
975
976 if (transfer_encoding) {
977 php_stream_filter_append(&stream->readfilters, transfer_encoding);
978 }
979
980 /* It's possible that the server already sent in more data than just the headers.
981 * We account for this by adjusting the progress counter by the difference of
982 * already read header data and the body. */
983 if (stream->writepos > stream->readpos) {
984 php_stream_notify_progress_increment(context, stream->writepos - stream->readpos, 0);
985 }
986 }
987
988 return stream;
989 }
990 /* }}} */
991
php_stream_url_wrap_http(php_stream_wrapper * wrapper,const char * path,const char * mode,int options,zend_string ** opened_path,php_stream_context * context STREAMS_DC)992 php_stream *php_stream_url_wrap_http(php_stream_wrapper *wrapper, const char *path, const char *mode, int options, zend_string **opened_path, php_stream_context *context STREAMS_DC) /* {{{ */
993 {
994 php_stream *stream;
995 zval headers;
996 ZVAL_UNDEF(&headers);
997
998 stream = php_stream_url_wrap_http_ex(
999 wrapper, path, mode, options, opened_path, context,
1000 PHP_URL_REDIRECT_MAX, HTTP_WRAPPER_HEADER_INIT, &headers STREAMS_CC);
1001
1002 if (!Z_ISUNDEF(headers)) {
1003 if (FAILURE == zend_set_local_var_str(
1004 "http_response_header", sizeof("http_response_header")-1, &headers, 0)) {
1005 zval_ptr_dtor(&headers);
1006 }
1007 }
1008
1009 return stream;
1010 }
1011 /* }}} */
1012
php_stream_http_stream_stat(php_stream_wrapper * wrapper,php_stream * stream,php_stream_statbuf * ssb)1013 static int php_stream_http_stream_stat(php_stream_wrapper *wrapper, php_stream *stream, php_stream_statbuf *ssb) /* {{{ */
1014 {
1015 /* one day, we could fill in the details based on Date: and Content-Length:
1016 * headers. For now, we return with a failure code to prevent the underlying
1017 * file's details from being used instead. */
1018 return -1;
1019 }
1020 /* }}} */
1021
1022 static const php_stream_wrapper_ops http_stream_wops = {
1023 php_stream_url_wrap_http,
1024 NULL, /* stream_close */
1025 php_stream_http_stream_stat,
1026 NULL, /* stat_url */
1027 NULL, /* opendir */
1028 "http",
1029 NULL, /* unlink */
1030 NULL, /* rename */
1031 NULL, /* mkdir */
1032 NULL, /* rmdir */
1033 NULL
1034 };
1035
1036 PHPAPI const php_stream_wrapper php_stream_http_wrapper = {
1037 &http_stream_wops,
1038 NULL,
1039 1 /* is_url */
1040 };
1041
