php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-8.5'

Browse Source 
* PHP-8.5:
  uri: Use the “includes credentials” rule for WhatWg user/password getters (#20303)
This commit is contained in:
Tim Düsterhus
2025-11-01 14:15:29 +01:00
parent 2f0a0c598c 81f6ba5503
commit 82249dcbf4
7 changed files with 54 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ext/uri/tests/whatwg/modification/password_success_unset_existing.phpt
View File

@@ -15,5 +15,5 @@ var_dump($url2->toAsciiString());
?>
--EXPECT--
string(8) "password"
NULL
string(0) ""
string(29) "https://username@example.com/"

19
ext/uri/tests/whatwg/modification/password_success_unset_existing2.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
Test Uri\WhatWg\Url component modification - password - unsetting existing
--EXTENSIONS--
uri
--FILE--
<?php
$url1 = Uri\WhatWg\Url::parse("https://:password@example.com");
$url2 = $url1->withPassword(null);
var_dump($url1->getPassword());
var_dump($url2->getPassword());
var_dump($url2->toAsciiString());
?>
--EXPECT--
string(8) "password"
NULL
string(20) "https://example.com/"

4
ext/uri/tests/whatwg/modification/password_success_unset_non_existent2.phpt
View File

@@ -14,6 +14,6 @@ var_dump($url2->toAsciiString());
?>
--EXPECT--
NULL
NULL
string(0) ""
string(0) ""
string(29) "https://username@example.com/"

2
ext/uri/tests/whatwg/modification/username_success_unset_existing.phpt
View File

@@ -15,5 +15,5 @@ var_dump($url2->toAsciiString());
?>
--EXPECT--
string(8) "username"
NULL
string(0) ""
string(30) "https://:password@example.com/"

19
ext/uri/tests/whatwg/modification/username_success_unset_existing2.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
Test Uri\WhatWg\Url component modification - username - unsetting existing
--EXTENSIONS--
uri
--FILE--
<?php
$url1 = Uri\WhatWg\Url::parse("https://username:@example.com");
$url2 = $url1->withUsername(null);
var_dump($url1->getUsername());
var_dump($url2->getUsername());
var_dump($url2->toAsciiString());
?>
--EXPECT--
string(8) "username"
NULL
string(20) "https://example.com/"

4
ext/uri/tests/whatwg/modification/username_success_unset_non_existent2.phpt
View File

@@ -14,6 +14,6 @@ var_dump($url2->toAsciiString());
?>
--EXPECT--
NULL
NULL
string(0) ""
string(0) ""
string(30) "https://:password@example.com/"

14
ext/uri/uri_parser_whatwg.c
View File

@@ -274,12 +274,18 @@ static zend_result php_uri_parser_whatwg_scheme_write(void *uri, zval *value, zv
return SUCCESS;
}
/* 4.2. URL miscellaneous: A URL includes credentials if its username or password is not the empty string. */
static bool includes_credentials(const lxb_url_t *lexbor_uri)
{
return lexbor_uri->username.length > 0 || lexbor_uri->password.length > 0;
}
static zend_result php_uri_parser_whatwg_username_read(void *uri, php_uri_component_read_mode read_mode, zval *retval)
{
const lxb_url_t *lexbor_uri = uri;
if (lexbor_uri->username.length) {
ZVAL_STRINGL(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);
if (includes_credentials(lexbor_uri)) {
ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->username.data, lexbor_uri->username.length);
} else {
ZVAL_NULL(retval);
}
@@ -307,8 +313,8 @@ static zend_result php_uri_parser_whatwg_password_read(void *uri, php_uri_compon
{
const lxb_url_t *lexbor_uri = uri;
if (lexbor_uri->password.length > 0) {
ZVAL_STRINGL(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);
if (includes_credentials(lexbor_uri)) {
ZVAL_STRINGL_FAST(retval, (const char *) lexbor_uri->password.data, lexbor_uri->password.length);
} else {
ZVAL_NULL(retval);
}