introduce strict mode

Author: devnexen

ext/filter/logical_filters.c

@@ -592,7 +592,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 	}
 
 	/* Use parse_url - if it returns false, we return NULL */
-	url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value));
+	url = php_url_parse_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), false);
 
 	if (url == NULL) {
 		RETURN_VALIDATION_FAILED

ext/soap/php_http.c

@@ -422,7 +422,7 @@ int make_http_soap_request(zval        *this_ptr,
 	}
 
 	if (location != NULL && location[0] != '\000') {
-		phpurl = php_url_parse(location);
+		phpurl = php_url_parse(location, false);
 	}
 
 	tmp = Z_CLIENT_STREAM_CONTEXT_P(this_ptr);
@@ -1096,7 +1096,7 @@ int make_http_soap_request(zval        *this_ptr,
 		char *loc;
 
 		if ((loc = get_http_header_value(ZSTR_VAL(http_headers), "Location: ")) != NULL) {
-			php_url *new_url  = php_url_parse(loc);
+			php_url *new_url  = php_url_parse(loc, false);
 
 			if (new_url != NULL) {
 				zend_string_release_ex(http_headers, 0);

ext/standard/basic_functions.stub.php

@@ -3418,7 +3418,7 @@ function uniqid(string $prefix = "", bool $more_entropy = false): string {}
  * @return int|string|array<string, int|string>|null|false
  * @refcount 1
  */
-function parse_url(string $url, int $component = -1): int|string|array|null|false {}
+function parse_url(string $url, int $component = -1, bool $strict = true): int|string|array|null|false {}
 
 /**
  * @compile-time-eval

ext/standard/basic_functions_arginfo.h

@@ -133,7 +133,7 @@ static php_stream *php_ftp_fopen_connect(php_stream_wrapper *wrapper, const char
 	char *transport;
 	int transport_len;
 
-	resource = php_url_parse(path);
+	resource = php_url_parse(path, false);
 	if (resource == NULL || resource->path == NULL) {
 		if (resource && presource) {
 			*presource = resource;
@@ -949,8 +949,8 @@ static int php_stream_ftp_rename(php_stream_wrapper *wrapper, const char *url_fr
 	int result;
 	char tmp_line[512];
 
-	resource_from = php_url_parse(url_from);
-	resource_to = php_url_parse(url_to);
+	resource_from = php_url_parse(url_from, false);
+	resource_to = php_url_parse(url_to, false);
 	/* Must be same scheme (ftp/ftp or ftps/ftps), same host, and same port
 		(or a 21/0 0/21 combination which is also "same")
 	   Also require paths to/from */

ext/standard/ftp_fopen_wrapper.c

@@ -153,7 +153,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 		return NULL;
 	}
 
-	resource = php_url_parse(path);
+	resource = php_url_parse(path, false);
 	if (resource == NULL) {
 		return NULL;
 	}
@@ -888,7 +888,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
 
 			php_url_free(resource);
 			/* check for invalid redirection URLs */
-			if ((resource = php_url_parse(new_path)) == NULL) {
+			if ((resource = php_url_parse(new_path, false)) == NULL) {
 				php_stream_wrapper_log_error(wrapper, options, "Invalid redirect URL! %s", new_path);
 				goto out;
 			}

ext/standard/http_fopen_wrapper.c

@@ -14,18 +14,13 @@ include_once(__DIR__ . '/urls.inc');
 foreach ($urls as $url) {
     echo "\n--> $url: ";
     $str = zend_create_unterminated_string($url);
-    try {
-    	var_dump(parse_url($str));
-    } catch (ValueError $e) {
-	echo $e->getMessage() . "\n";
-    } finally {
-    	zend_terminate_string($str);
-    }
+    var_dump(parse_url($str, strict: false));
+    zend_terminate_string($str);
 }
 
 echo "Done";
 ?>
---EXPECTF--
+--EXPECT--
 --> 64.246.30.37: array(1) {
   ["path"]=>
   string(12) "64.246.30.37"
@@ -773,7 +768,7 @@ echo "Done";
   string(9) "/blah.com"
 }
 
---> x://::abc/?: Invalid port (abc)
+--> x://::abc/?: bool(false)
 
 --> http://::?: array(3) {
   ["scheme"]=>
@@ -802,9 +797,9 @@ echo "Done";
   int(6)
 }
 
---> http://?:/: Invalid host (?:/)
+--> http://?:/: bool(false)
 
---> http://@?:/: Invalid host (?:/)
+--> http://@?:/: bool(false)
 
 --> file:///:: array(2) {
   ["scheme"]=>
@@ -895,32 +890,31 @@ echo "Done";
   string(1) "/"
 }
 
---> http:///blah.com: Invalid host (%s)
+--> http:///blah.com: bool(false)
 
---> http://:80: Invalid host (%s)
+--> http://:80: bool(false)
 
---> http://user@:80: Invalid host (%s)
+--> http://user@:80: bool(false)
 
---> http://user:pass@:80: Invalid host (%s)
+--> http://user:pass@:80: bool(false)
 
---> http://:: Invalid host (%s)
+--> http://:: bool(false)
 
---> http://@/: Invalid host (%s)
+--> http://@/: bool(false)
 
---> http://@:/: Invalid host (%s)
+--> http://@:/: bool(false)
 
---> http://:/: Invalid host (%s)
+--> http://:/: bool(false)
 
---> http://?: Invalid host (%s)
+--> http://?: bool(false)
 
---> http://#: Invalid host (%s)
+--> http://#: bool(false)
 
---> http://?:: Invalid host (%s)
+--> http://?:: bool(false)
 
---> http://:?: Invalid host (%s)
+--> http://:?: bool(false)
 
---> http://blah.com:123456: Invalid port (%s)
+--> http://blah.com:123456: bool(false)
 
---> http://blah.com:abcdef: Invalid port (%s
-)
+--> http://blah.com:abcdef: bool(false)
 Done

ext/standard/tests/url/parse_url_unterminated.phpt

@@ -76,9 +76,9 @@ PHPAPI char *php_replace_controlchars(char *str)
 	return php_replace_controlchars_ex(str, strlen(str));
 }
 
-PHPAPI php_url *php_url_parse(char const *str)
+PHPAPI php_url *php_url_parse(char const *str, bool strict)
 {
-	return php_url_parse_ex(str, strlen(str));
+	return php_url_parse_ex(str, strlen(str), strict);
 }
 
 static const char *binary_strcspn(const char *s, const char *e, const char *chars) {
@@ -93,15 +93,15 @@ static const char *binary_strcspn(const char *s, const char *e, const char *char
 }
 
 /* {{{ php_url_parse */
-PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
+PHPAPI php_url *php_url_parse_ex(char const *str, size_t length, bool strict)
 {
 	bool has_port;
-	return php_url_parse_ex2(str, length, &has_port);
+	return php_url_parse_ex2(str, length, strict, &has_port);
 }
 
 /* {{{ php_url_parse_ex2
  */
-PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool *has_port)
+PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool strict, bool *has_port)
 {
 	char port_buf[6];
 	php_url *ret = ecalloc(1, sizeof(php_url));
@@ -203,12 +203,16 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool *has_port
 				    s += 2;
 				}
 			} else {
-				zend_value_error("Invalid port (%s)", port_buf);
+				if (strict) {
+					zend_value_error("Invalid port (%s)", port_buf);
+				}
 				php_url_free(ret);
 				return NULL;
 			}
 		} else if (p == pp && pp == ue) {
-			zend_value_error("Invalid path (%s)", str);
+				if (strict) {
+					zend_value_error("Invalid path (%s)", str);
+				}
 			php_url_free(ret);
 			return NULL;
 		} else if (s + 1 < ue && *s == '/' && *(s + 1) == '/') { /* relative-scheme URL */
@@ -256,7 +260,9 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool *has_port
 		if (!ret->port) {
 			p++;
 			if (e-p > 5) { /* port cannot be longer then 5 characters */
-				zend_value_error("Invalid port (%s)", p);
+				if (strict) {
+					zend_value_error("Invalid port (%s)", p);
+				}
 				php_url_free(ret);
 				return NULL;
 			} else if (e - p > 0) {
@@ -269,7 +275,9 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool *has_port
 					*has_port = 1;
 					ret->port = (unsigned short)port;
 				} else {
-					zend_value_error("Invalid port (%s)", port_buf);
+				        if (strict) {
+						zend_value_error("Invalid port (%s)", port_buf);
+					}
 					php_url_free(ret);
 					return NULL;
 				}
@@ -282,7 +290,9 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool *has_port
 
 	/* check if we have a valid host, if we don't reject the string as url */
 	if ((p-s) < 1) {
-		zend_value_error("Invalid host (%s)", s);
+		if (strict) {
+			zend_value_error("Invalid host (%s)", s);
+		}
 		php_url_free(ret);
 		return NULL;
 	}
@@ -340,18 +350,23 @@ PHP_FUNCTION(parse_url)
 	php_url *resource;
 	zend_long key = -1;
 	zval tmp;
-	bool has_port;
+	bool has_port, strict = true;
 
-	ZEND_PARSE_PARAMETERS_START(1, 2)
+	ZEND_PARSE_PARAMETERS_START(1, 3)
 		Z_PARAM_STRING(str, str_len)
 		Z_PARAM_OPTIONAL
 		Z_PARAM_LONG(key)
+		Z_PARAM_BOOL(strict)
 	ZEND_PARSE_PARAMETERS_END();
 
-	resource = php_url_parse_ex2(str, str_len, &has_port);
+	resource = php_url_parse_ex2(str, str_len, strict, &has_port);
 	if (resource == NULL) {
 		/* @todo Find a method to determine why php_url_parse_ex() failed */
-		RETURN_FALSE;
+		if (strict) {
+			RETURN_THROWS();
+		} else {
+			RETURN_FALSE;
+		}
 	}
 
 	if (key > -1) {

ext/standard/url.c

@@ -29,9 +29,9 @@ typedef struct php_url {
 } php_url;
 
 PHPAPI void php_url_free(php_url *theurl);
-PHPAPI php_url *php_url_parse(char const *str);
-PHPAPI php_url *php_url_parse_ex(char const *str, size_t length);
-PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool *has_port);
+PHPAPI php_url *php_url_parse(char const *str, bool strict);
+PHPAPI php_url *php_url_parse_ex(char const *str, size_t length, bool strict);
+PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, bool strict, bool *has_port);
 PHPAPI size_t php_url_decode(char *str, size_t len); /* return value: length of decoded string */
 PHPAPI size_t php_raw_url_decode(char *str, size_t len); /* return value: length of decoded string */
 PHPAPI zend_string *php_url_encode(char const *s, size_t len);

ext/standard/url.h

@@ -185,7 +185,7 @@ static inline void append_modified_url(smart_str *url, smart_str *dest, smart_st
 	php_url *url_parts;
 
 	smart_str_0(url); /* FIXME: Bug #70480 php_url_parse_ex() crashes by processing chars exceed len */
-	url_parts = php_url_parse_ex(ZSTR_VAL(url->s), ZSTR_LEN(url->s));
+	url_parts = php_url_parse_ex(ZSTR_VAL(url->s), ZSTR_LEN(url->s), false);
 
 	/* Ignore malformed URLs */
 	if (!url_parts) {
@@ -380,7 +380,7 @@ static int check_host_whitelist(url_adapt_state_ex_t *ctx)
 	ZEND_ASSERT(ctx->tag_type == TAG_FORM);
 
 	if (ctx->attr_val.s && ZSTR_LEN(ctx->attr_val.s)) {
-		url_parts = php_url_parse_ex(ZSTR_VAL(ctx->attr_val.s), ZSTR_LEN(ctx->attr_val.s));
+		url_parts = php_url_parse_ex(ZSTR_VAL(ctx->attr_val.s), ZSTR_LEN(ctx->attr_val.s), false);
 	} else {
 		return SUCCESS; /* empty URL is valid */
 	}