Permalink
Browse files

Don't leak fsockopen's special HTTPS host in request headers. Fixes #117

  • Loading branch information...
rmccue committed Jun 1, 2011
1 parent cce56bb commit 8402bb2b0c451feaeebc767d1243ccdca77e6bd9
Showing with 3 additions and 2 deletions.
  1. +3 −2 simplepie.inc
View
@@ -7739,16 +7739,17 @@ class SimplePie_File
{
$this->method = SIMPLEPIE_FILE_SOURCE_REMOTE | SIMPLEPIE_FILE_SOURCE_FSOCKOPEN;
$url_parts = parse_url($url);
+ $socket_host = $url_parts['host'];
if (isset($url_parts['scheme']) && strtolower($url_parts['scheme']) === 'https')
{
- $url_parts['host'] = "ssl://$url_parts[host]";
+ $socket_host = "ssl://$url_parts[host]";
$url_parts['port'] = 443;
}
if (!isset($url_parts['port']))
{
$url_parts['port'] = 80;
}
- $fp = @fsockopen($url_parts['host'], $url_parts['port'], $errno, $errstr, $timeout);
+ $fp = @fsockopen($socket_host, $url_parts['port'], $errno, $errstr, $timeout);
if (!$fp)
{
$this->error = 'fsockopen error: ' . $errstr;

0 comments on commit 8402bb2

Please sign in to comment.