https for suhosin.filter.action + unittests

author: Ben Fuhrmannek 2015-01-27 18:34:37 +0100
committer: Ben Fuhrmannek 2015-01-27 18:34:37 +0100
commit: 4085730874e1d88bb5b675633a171ae20989e45a (patch)
tree: f4e3b7cd262a89abebf9e4fc006b3036b0c3e3d7
parent: 784331fc2217f9084a57be7cb0e153532453fefd (diff)
4 files changed, 50 insertions, 2 deletions
diff --git a/Changelog b/Changelog
index c69827d..98472a1 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,6 @@
 2015-xx-xx - 0.9.38-dev
-        - removed code compatibility for PHP <5.4 (lots of code + ifdefs)
+    - removed code compatibility for PHP <5.4 (lots of code + ifdefs)
+    - allow https location for suhosin.filter.action
 2014-12-12 - 0.9.37.1
    - Changed version string to 0.9.37.1 (without -dev)
diff --git a/execute.c b/execute.c
index 7f646fe..bc7dc59 100644
--- a/execute.c
+++ b/execute.c
@@ -423,7 +423,8 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
                
                        if (*action) {
                        
-                                if (strncmp("http://", action, sizeof("http://")-1)==0) {
+                                if (strncasecmp("http://", action, sizeof("http://")-1)==0
+                                || strncasecmp("https://", action, sizeof("https://")-1)==0) {
                                        sapi_header_line ctr = {0};
                                
                                        if (code == -1) {
diff --git a/tests/filter/filter_action_302.phpt b/tests/filter/filter_action_302.phpt
new file mode 100644
index 0000000..e7bd49b
--- /dev/null
+++ b/tests/filter/filter_action_302.phpt
@@ -0,0 +1,22 @@
+--TEST--
+suhosin filter action: 302 redirect
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=0
+suhosin.log.script=0
+suhosin.request.disallow_nul=1
+suhosin.filter.action=302,http://example.com/
+--SKIPIF--
+<?php include('../skipifcli.inc'); ?>
+--CGI--
+--COOKIE--
+x=%00
+--FILE--
+<?php
+echo 'this is wrong!';
+?>
+--EXPECTHEADERS--
+Status: 302 Moved Temporarily
+Location: http://example.com/
+--EXPECTF--
diff --git a/tests/filter/filter_action_php.phpt b/tests/filter/filter_action_php.phpt
new file mode 100644
index 0000000..0ea50d6
--- /dev/null
+++ b/tests/filter/filter_action_php.phpt
@@ -0,0 +1,24 @@
+--TEST--
+suhosin filter action: fallback PHP file
+--FOO--
+<?php die("FALLBACK\n"); ?>
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=0
+suhosin.log.script=0
+suhosin.request.disallow_nul=1
+suhosin.filter.action=404,filter_action_php.phpt
+--SKIPIF--
+<?php include('../skipifcli.inc'); ?>
+--COOKIE--
+x=%00
+--FILE--
+<?php
+echo 'this is wrong!';
+?>
+--EXPECTF--
+%s
+%s
+%s
+FALLBACK
+\ No newline at end of file
author	Ben Fuhrmannek	2015-01-27 18:34:37 +0100
committer	Ben Fuhrmannek	2015-01-27 18:34:37 +0100
commit	4085730874e1d88bb5b675633a171ae20989e45a (patch)
tree	f4e3b7cd262a89abebf9e4fc006b3036b0c3e3d7
parent	784331fc2217f9084a57be7cb0e153532453fefd (diff)

diff --git a/Changelog b/Changelog index c69827d..98472a1 100644 --- a/Changelog +++ b/Changelog
@@ -1,5 +1,6 @@
1	2015-xx-xx - 0.9.38-dev	1	2015-xx-xx - 0.9.38-dev
2	- removed code compatibility for PHP <5.4 (lots of code + ifdefs)	2	- removed code compatibility for PHP <5.4 (lots of code + ifdefs)
		3	- allow https location for suhosin.filter.action
3		4
4	2014-12-12 - 0.9.37.1	5	2014-12-12 - 0.9.37.1
5	- Changed version string to 0.9.37.1 (without -dev)	6	- Changed version string to 0.9.37.1 (without -dev)


diff --git a/execute.c b/execute.c index 7f646fe..bc7dc59 100644 --- a/execute.c +++ b/execute.c
@@ -423,7 +423,8 @@ static void suhosin_execute_ex(zend_op_array *op_array, int zo, long dummy TSRML
423		423
424	if (*action) {	424	if (*action) {
425		425
426	if (strncmp("http://", action, sizeof("http://")-1)==0) {	426	if (strncasecmp("http://", action, sizeof("http://")-1)==0
		427	\|\| strncasecmp("https://", action, sizeof("https://")-1)==0) {
427	sapi_header_line ctr = {0};	428	sapi_header_line ctr = {0};
428		429
429	if (code == -1) {	430	if (code == -1) {


diff --git a/tests/filter/filter_action_302.phpt b/tests/filter/filter_action_302.phpt new file mode 100644 index 0000000..e7bd49b --- /dev/null +++ b/tests/filter/filter_action_302.phpt
@@ -0,0 +1,22 @@
		1	--TEST--
		2	suhosin filter action: 302 redirect
		3	--INI--
		4	suhosin.log.syslog=0
		5	suhosin.log.sapi=0
		6	suhosin.log.stdout=0
		7	suhosin.log.script=0
		8	suhosin.request.disallow_nul=1
		9	suhosin.filter.action=302,http://example.com/
		10	--SKIPIF--
		11	<?php include('../skipifcli.inc'); ?>
		12	--CGI--
		13	--COOKIE--
		14	x=%00
		15	--FILE--
		16	<?php
		17	echo 'this is wrong!';
		18	?>
		19	--EXPECTHEADERS--
		20	Status: 302 Moved Temporarily
		21	Location: http://example.com/
		22	--EXPECTF--


diff --git a/tests/filter/filter_action_php.phpt b/tests/filter/filter_action_php.phpt new file mode 100644 index 0000000..0ea50d6 --- /dev/null +++ b/tests/filter/filter_action_php.phpt
@@ -0,0 +1,24 @@
		1	--TEST--
		2	suhosin filter action: fallback PHP file
		3	--FOO--
		4	<?php die("FALLBACK\n"); ?>
		5	--INI--
		6	suhosin.log.syslog=0
		7	suhosin.log.sapi=0
		8	suhosin.log.stdout=0
		9	suhosin.log.script=0
		10	suhosin.request.disallow_nul=1
		11	suhosin.filter.action=404,filter_action_php.phpt
		12	--SKIPIF--
		13	<?php include('../skipifcli.inc'); ?>
		14	--COOKIE--
		15	x=%00
		16	--FILE--
		17	<?php
		18	echo 'this is wrong!';
		19	?>
		20	--EXPECTF--
		21	%s
		22	%s
		23	%s
		24	FALLBACK \ No newline at end of file