Permalink
Browse files

Don't leak fsockopen's special HTTPS host in request headers. Fixes #117

  • Loading branch information...
1 parent 0475341 commit 73bfb719c1422468f47a3afa04f6b376bf431fcf @rmccue rmccue committed Jun 1, 2011
Showing with 3 additions and 2 deletions.
  1. +3 −2 SimplePie/File.php
View
@@ -143,16 +143,17 @@ public function __construct($url, $timeout = 10, $redirects = 5, $headers = null
{
$this->method = SIMPLEPIE_FILE_SOURCE_REMOTE | SIMPLEPIE_FILE_SOURCE_FSOCKOPEN;
$url_parts = parse_url($url);
+ $socket_host = $url_parts['host'];
if (isset($url_parts['scheme']) && strtolower($url_parts['scheme']) === 'https')
{
- $url_parts['host'] = "ssl://$url_parts[host]";
+ $socket_host = "ssl://$url_parts[host]";
$url_parts['port'] = 443;
}
if (!isset($url_parts['port']))
{
$url_parts['port'] = 80;
}
- $fp = @fsockopen($url_parts['host'], $url_parts['port'], $errno, $errstr, $timeout);
+ $fp = @fsockopen($socket_host, $url_parts['port'], $errno, $errstr, $timeout);
if (!$fp)
{
$this->error = 'fsockopen error: ' . $errstr;

0 comments on commit 73bfb71

Please sign in to comment.