Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP URL fragments are sent to server. Regression of 7.28.1 and possibly 7.20.0 bugfixes. #4412

Closed
alex-konev opened this issue Sep 24, 2019 · 1 comment

Comments

@alex-konev
Copy link

commented Sep 24, 2019

I did this

  1. curl -vL 'https://share.polymail.io/v1/z/b/NWQ4ODk4NTlkM2Ni/DlLKWxOvfPlY4FkW1o9AA1xYq8QsM3uCBE3kbpbSIPSQGrhQTJglRuoopzFLnhC1jhC88xL3fnMKDszEwi170MWDwxikK_8BEbMrnwrWsZ3WBIbEXrmvdSk6WZ7GxerR5FLp4hlezkvBB-66BAXgOucslcYDBjhJoOF98gT46r7JZXLrjA1rlhV0wMvKmlZfVacRBmi_o-mYGpD0jmnYnQRXDHub4u5glsuqPtWlEqLi4WqOt1aAoENAdoKhYv9REVCZ-T_HGmsA5og5IlUxAzFnzia7NF2kxPdQ8kA=' > /dev/null

  2. curl -v 'https://ufa.maximilians.ru/corporate-new-year/#green?utm_source=yandex&utm_medium=newyear&utm_campaign=ufa-kms' > /dev/null

Both requests resulted with 404 HTTP code. Tried 2 different OS and lib versions.

Possible regression of https://sourceforge.net/p/curl/bugs/1159/
and PHP 7.20.0 BIGFIX "fragment part of URLs are no longer sent to the server"

When performing the same commands with curl 7.29.0 it works as expected and I am getting HTTP 200 codes at the end.
Correct lib version:
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets

I expected the following

  1. Expected to be redirected to https://ufa.maximilians.ru/corporate-new-year/#green?utm_source=yandex&utm_medium=newyear&utm_campaign=ufa-kms
    and to get the page located at https://ufa.maximilians.ru/corporate-new-year/
  2. Expected to get the page to get the page located at https://ufa.maximilians.ru/corporate-new-year/

curl/libcurl version

curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1b zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh/0.8.6/openssl/zlib nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

curl 7.66.0 (x86_64-redhat-linux-gnu) libcurl/7.66.0 OpenSSL/1.0.1e-fips zlib/1.2.3 c-ares/1.15.0 libssh2/1.8.2 nghttp2/1.6.0
Release-Date: 2019-09-11
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL UnixSockets

operating system

Ubuntu 19.04
Linux 5.0.0-29-generic #31-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux

CentOS release 6.10 (Final)
Linux 2.6.32-754.18.2.el6.x86_64 #1 SMP x86_64 x86_64 x86_64 GNU/Linux

@bagder bagder added HTTP URL labels Sep 24, 2019
@bagder

This comment has been minimized.

Copy link
Member

commented Sep 24, 2019

Silly bug, clearly a lack of imagination when I've written tests for the parser. This bug is triggered when there's a question mark within the fragment. PR pending.

bagder added a commit that referenced this issue Sep 24, 2019
The parser would check for a query part before fragment, which caused it
to do wrong when the fragment contains a question mark.

Extended test 1560 to verify.

Reported-by: Alex Konev
Fixes #4412
@bagder bagder closed this in 6e7733f Sep 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.