From de07d85f2389688ecb089bf7cd094c98e9e261c0 Mon Sep 17 00:00:00 2001 From: Christina Thee Roperto Date: Mon, 18 Jul 2022 22:46:01 +1000 Subject: [PATCH] MDL-72349 filelib: update strip_double_headers function --- lib/filelib.php | 4 +- lib/tests/filelib_test.php | 149 +++++++++++++++++++++++++++++++++++++ 2 files changed, 151 insertions(+), 2 deletions(-) diff --git a/lib/filelib.php b/lib/filelib.php index 2449a64766a..ba22c9da3cc 100644 --- a/lib/filelib.php +++ b/lib/filelib.php @@ -4201,14 +4201,14 @@ class curl { $crlf = "\r\n"; return preg_replace( // HTTP version and status code (ignore value of code). - '~^HTTP/1\..*' . $crlf . + '~^HTTP/[1-9](\.[0-9])?.*' . $crlf . // Header name: character between 33 and 126 decimal, except colon. // Colon. Header value: any character except \r and \n. CRLF. '(?:[\x21-\x39\x3b-\x7e]+:[^' . $crlf . ']+' . $crlf . ')*' . // Headers are terminated by another CRLF (blank line). $crlf . // Second HTTP status code, this time must be 200. - '(HTTP/1.[01] 200 )~', '$1', $input); + '(HTTP/[1-9](\.[0-9])? 200)~', '$2', $input); } } diff --git a/lib/tests/filelib_test.php b/lib/tests/filelib_test.php index b66a2481273..faaa198a801 100644 --- a/lib/tests/filelib_test.php +++ b/lib/tests/filelib_test.php @@ -976,6 +976,155 @@ EOF; $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexample)); // Test it does nothing to the 'plain' data. $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexpected)); + + $httpsexample = << +... +EOF; + $httpsexpected = << +... +EOF; + // For HTTP, replace the \n with \r\n. + $httpsexample = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexample); + $httpsexpected = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexpected); + + // Test stripping works OK. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexample)); + // Test it does nothing to the 'plain' data. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexpected)); + + $httpsexample = << +... +EOF; + $httpsexpected = << +... +EOF; + // For HTTP, replace the \n with \r\n. + $httpsexample = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexample); + $httpsexpected = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexpected); + + // Test stripping works OK. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexample)); + // Test it does nothing to the 'plain' data. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexpected)); + + $httpsexample = << +... +EOF; + $httpsexpected = << +... +EOF; + // For HTTP, replace the \n with \r\n. + $httpsexample = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexample); + $httpsexpected = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexpected); + + // Test stripping works OK. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexample)); + // Test it does nothing to the 'plain' data. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexpected)); + + $httpsexample = << +... +EOF; + $httpsexpected = << +... +EOF; + // For HTTP, replace the \n with \r\n. + $httpsexample = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexample); + $httpsexpected = preg_replace("~(?!<\r)\n~", "\r\n", $httpsexpected); + + // Test stripping works OK. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexample)); + // Test it does nothing to the 'plain' data. + $this->assertSame($httpsexpected, curl::strip_double_headers($httpsexpected)); + } /**