Attachment #59711 for bug #136704

View | Details | Raw Unified | Return to bug 136704
Collapse All | Expand All

Lines 8-10 Link Here

(-)Snoopy-1.2/AUTHORS (+1 lines)
8		8
9	Gene Wood <gene_wood@users.sourceforge.net>	9	Gene Wood <gene_wood@users.sourceforge.net>
10	- bug fixes	10	- bug fixes
		11	- security fixes

Lines 1-3 Link Here

(-)Snoopy-1.2/ChangeLog (+8 lines)
		1	Version 1.2.1
		2	-----------
		3	- fixed potential security issue with unchecked variables being passed to exec (for https with curl) (gene_wood)
		4	- fixed BUG # 1086830 : submitlinks,fetchlinks and submittext expandlinks with the URI of the original page not the refreshed page (gene_wood)
		5	- fixed BUG # 1077870 : Snoopy can't deal with multiple spaces in a refresh tag (gene_wood)
		6	- fixed BUG # 864047 : Root relative links are treated as relative (gene_wood)
		7	- fixed BUG # 1097134 : Undefined URI_PARTS["path"] generates Notice (gene_wood)
		8
1	Version 1.2	9	Version 1.2
2	-----------	10	-----------
3	- fixed BUG # 1014823 : Meta redirect regex inaccurate (gene_wood)	11	- fixed BUG # 1014823 : Meta redirect regex inaccurate (gene_wood)

Lines 1-3 Link Here

(-)Snoopy-1.2/FAQ (+6 lines)
		1	Q: Why can't I fetch https pages?
		2	A: Using Snoopy to fetch an https page requires curl. Check if curl is installed on your host. If curl is installed, it may be located in a different place than the default. By default Snoopy looks for curl in /usr/local/bin/curl. Run 'which curl' and find out your location. If it differs from the default, then you'll need to set the $snoopy->curl_path variable to the location of your curl installation. Here's an example of the code :
		3	include "Snoopy.class.php";
		4	$snoopy = new Snoopy;
		5	$snoopy->curl_path="/usr/bin/curl";
		6
1	Q: where does the function preg_match_all come from?	7	Q: where does the function preg_match_all come from?
2	A: PCRE functions in PHP 3.0.9 and later	8	A: PCRE functions in PHP 3.0.9 and later
3		9

Lines 1-5 Link Here

(-)Snoopy-1.2/NEWS (-1 / +6 lines)
		1	RELEASE NOTE: v1.2.1
		2	October 24, 2005
		3
		4	Fixed a few outstanding bugs and a potential security hole.
		5
1	RELEASE NOTE: v1.2	6	RELEASE NOTE: v1.2
2	December 16, 2004	7	November 17, 2004
3		8
4	Fixed a number of outstanding bugs.	9	Fixed a number of outstanding bugs.
5		10

Lines 1-6 Link Here

(-)Snoopy-1.2/README (-1 / +1 lines)
1	NAME:	1	NAME:
2		2
3	Snoopy - the PHP net client v1.2	3	Snoopy - the PHP net client v1.2.1
4		4
5	SYNOPSIS:	5	SYNOPSIS:
6		6




Snoopy - the PHP net client
Author: Monte Ohrt <monte@ispi.net>
Copyright (c): 1999-2000 ispi, all rights reserved
Version: 1.01

 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public

	var $proxy_user		=	"";					// proxy user to use
	var $proxy_pass		=	"";					// proxy password to use
	
	var $agent			=	"Snoopy v1.01";		// agent we masquerade as
	var	$referer		=	"";					// referer info to pass
	var $cookies		=	array();			// array of cookies to pass
												// $cookies["username"]="joe";

	var $maxframes		=	0;					// frame content depth maximum. 0 = disallow
	var $expandlinks	=	true;				// expand links to fully qualified URLs.
												// this only applies to fetchlinks()
												// submitlinks(), and submittext()
	var $passcookies	=	true;				// pass set cookies back through redirects
												// NOTE: this currently does not respect
												// dates, domains or paths.

			$this->pass = $URI_PARTS["pass"];
		if (empty($URI_PARTS["query"]))
			$URI_PARTS["query"] = '';
		if (empty($URI_PARTS["path"]))
			$URI_PARTS["path"] = '';
				
		switch($URI_PARTS["scheme"])
		{

			$this->pass = $URI_PARTS["pass"];
		if (empty($URI_PARTS["query"]))
			$URI_PARTS["query"] = '';
		if (empty($URI_PARTS["path"]))
			$URI_PARTS["path"] = '';

		switch($URI_PARTS["scheme"])
		{

	{
		if ($this->fetch($URI))
		{			
			if($this->lastredirectaddr)
				$URI = $this->lastredirectaddr;
			if(is_array($this->results))
			{
				for($x=0;$x<count($this->results);$x++)

	{
		if($this->submit($URI,$formvars, $formfiles))
		{			
			if($this->lastredirectaddr)
				$URI = $this->lastredirectaddr;
			if(is_array($this->results))
			{
				for($x=0;$x<count($this->results);$x++)

	{
		if($this->submit($URI,$formvars, $formfiles))
		{			
			if($this->lastredirectaddr)
				$URI = $this->lastredirectaddr;
			if(is_array($this->results))
			{
				for($x=0;$x<count($this->results);$x++)


		$match = preg_replace("|/[^\/\.]+\.[^\/\.]+$|","",$match[0]);
		$match = preg_replace("|/$|","",$match);
		$match_part = parse_url($match);
		$match_root =
		$match_part["scheme"]."://".$match_part["host"];
				
		$search = array( 	"|^http://".preg_quote($this->host)."|i",
							"|^(\/)|i",
							"|^(?!http://)(?!mailto:)|i",
							"|/\./|",
							"|/[^\/]+/\.\./|"
						);
						
		$replace = array(	"",
							$match_root."/",
							$match."/",
							"/",
							"/"

			$headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
			
		for($curr_header = 0; $curr_header < count($headers); $curr_header++)
			$safer_header = strtr( $headers[$curr_header], "\"", " " );
			$cmdline_params .= " -H \"".$safer_header."\"";
		
		if(!empty($body))
			$cmdline_params .= " -d \"$body\"";


		// check if there is a a redirect meta tag
		
		if(preg_match("'<meta[\s]*http-equiv[^>]*?content[\s]*=[\s]*[\"\']?\d+;[\s]*URL[\s]*=[\s]*([^\"\']*?)[\"\']?>'i",$results,$match))
		{
			$this->_redirectaddr = $this->_expandlinks($match[1],$URI);	
		}

Return to bug 136704

Lines 5-11 Link Here

(-)Snoopy-1.2/Snoopy.class.php (-7 / +22 lines)
5	Snoopy - the PHP net client	5	Snoopy - the PHP net client
6	Author: Monte Ohrt <monte@ispi.net>	6	Author: Monte Ohrt <monte@ispi.net>
7	Copyright (c): 1999-2000 ispi, all rights reserved	7	Copyright (c): 1999-2000 ispi, all rights reserved
8	Version: 1.2	8	Version: 1.01
9		9
10	* This library is free software; you can redistribute it and/or	10	* This library is free software; you can redistribute it and/or
11	* modify it under the terms of the GNU Lesser General Public	11	* modify it under the terms of the GNU Lesser General Public
Lines 48-54 Link Here
48	var $proxy_user = ""; // proxy user to use	48	var $proxy_user = ""; // proxy user to use
49	var $proxy_pass = ""; // proxy password to use	49	var $proxy_pass = ""; // proxy password to use
50		50
51	var $agent = "Snoopy v1.2"; // agent we masquerade as	51	var $agent = "Snoopy v1.01"; // agent we masquerade as
52	var $referer = ""; // referer info to pass	52	var $referer = ""; // referer info to pass
53	var $cookies = array(); // array of cookies to pass	53	var $cookies = array(); // array of cookies to pass
54	// $cookies["username"]="joe";	54	// $cookies["username"]="joe";
Lines 61-67 Link Here
61	var $maxframes = 0; // frame content depth maximum. 0 = disallow	61	var $maxframes = 0; // frame content depth maximum. 0 = disallow
62	var $expandlinks = true; // expand links to fully qualified URLs.	62	var $expandlinks = true; // expand links to fully qualified URLs.
63	// this only applies to fetchlinks()	63	// this only applies to fetchlinks()
64	// or submitlinks()	64	// submitlinks(), and submittext()
65	var $passcookies = true; // pass set cookies back through redirects	65	var $passcookies = true; // pass set cookies back through redirects
66	// NOTE: this currently does not respect	66	// NOTE: this currently does not respect
67	// dates, domains or paths.	67	// dates, domains or paths.
Lines 137-142 Link Here
137	$this->pass = $URI_PARTS["pass"];	137	$this->pass = $URI_PARTS["pass"];
138	if (empty($URI_PARTS["query"]))	138	if (empty($URI_PARTS["query"]))
139	$URI_PARTS["query"] = '';	139	$URI_PARTS["query"] = '';
		140	if (empty($URI_PARTS["path"]))
		141	$URI_PARTS["path"] = '';
140		142
141	switch($URI_PARTS["scheme"])	143	switch($URI_PARTS["scheme"])
142	{	144	{
Lines 287-292 Link Here
287	$this->pass = $URI_PARTS["pass"];	289	$this->pass = $URI_PARTS["pass"];
288	if (empty($URI_PARTS["query"]))	290	if (empty($URI_PARTS["query"]))
289	$URI_PARTS["query"] = '';	291	$URI_PARTS["query"] = '';
		292	if (empty($URI_PARTS["path"]))
		293	$URI_PARTS["path"] = '';
290		294
291	switch($URI_PARTS["scheme"])	295	switch($URI_PARTS["scheme"])
292	{	296	{
Lines 438-444 Link Here
438	{	442	{
439	if ($this->fetch($URI))	443	if ($this->fetch($URI))
440	{	444	{
441		445	if($this->lastredirectaddr)
		446	$URI = $this->lastredirectaddr;
442	if(is_array($this->results))	447	if(is_array($this->results))
443	{	448	{
444	for($x=0;$x<count($this->results);$x++)	449	for($x=0;$x<count($this->results);$x++)
Lines 518-523 Link Here
518	{	523	{
519	if($this->submit($URI,$formvars, $formfiles))	524	if($this->submit($URI,$formvars, $formfiles))
520	{	525	{
		526	if($this->lastredirectaddr)
		527	$URI = $this->lastredirectaddr;
521	if(is_array($this->results))	528	if(is_array($this->results))
522	{	529	{
523	for($x=0;$x<count($this->results);$x++)	530	for($x=0;$x<count($this->results);$x++)
Lines 550-555 Link Here
550	{	557	{
551	if($this->submit($URI,$formvars, $formfiles))	558	if($this->submit($URI,$formvars, $formfiles))
552	{	559	{
		560	if($this->lastredirectaddr)
		561	$URI = $this->lastredirectaddr;
553	if(is_array($this->results))	562	if(is_array($this->results))
554	{	563	{
555	for($x=0;$x<count($this->results);$x++)	564	for($x=0;$x<count($this->results);$x++)
Lines 739-752 Link Here
739		748
740	$match = preg_replace("\|/[^\/\.]+\.[^\/\.]+$\|","",$match[0]);	749	$match = preg_replace("\|/[^\/\.]+\.[^\/\.]+$\|","",$match[0]);
741	$match = preg_replace("\|/$\|","",$match);	750	$match = preg_replace("\|/$\|","",$match);
		751	$match_part = parse_url($match);
		752	$match_root =
		753	$match_part["scheme"]."://".$match_part["host"];
742		754
743	$search = array( "\|^http://".preg_quote($this->host)."\|i",	755	$search = array( "\|^http://".preg_quote($this->host)."\|i",
744	"\|^(?!http://)(\/)?(?!mailto:)\|i",	756	"\|^(\/)\|i",
		757	"\|^(?!http://)(?!mailto:)\|i",
745	"\|/\./\|",	758	"\|/\./\|",
746	"\|/[^\/]+/\.\./\|"	759	"\|/[^\/]+/\.\./\|"
747	);	760	);
748		761
749	$replace = array( "",	762	$replace = array( "",
		763	$match_root."/",
750	$match."/",	764	$match."/",
751	"/",	765	"/",
752	"/"	766	"/"
Lines 979-985 Link Here
979	$headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);	993	$headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
980		994
981	for($curr_header = 0; $curr_header < count($headers); $curr_header++)	995	for($curr_header = 0; $curr_header < count($headers); $curr_header++)
982	$cmdline_params .= " -H \"".$headers[$curr_header]."\"";	996	$safer_header = strtr( $headers[$curr_header], "\"", " " );
		997	$cmdline_params .= " -H \"".$safer_header."\"";
983		998
984	if(!empty($body))	999	if(!empty($body))
985	$cmdline_params .= " -d \"$body\"";	1000	$cmdline_params .= " -d \"$body\"";
Lines 1037-1043 Link Here
1037		1052
1038	// check if there is a a redirect meta tag	1053	// check if there is a a redirect meta tag
1039		1054
1040	if(preg_match("'<meta[\s]http-equiv[^>]?content[\s]=[\s][\"\']?\d+;[\s]+URL[\s]=[\s]([^\"\']*?)[\"\']?>'i",$results,$match))	1055	if(preg_match("'<meta[\s]http-equiv[^>]?content[\s]=[\s][\"\']?\d+;[\s]URL[\s]=[\s]([^\"\']?)[\"\']?>'i",$results,$match))
1041	{	1056	{
1042	$this->_redirectaddr = $this->_expandlinks($match[1],$URI);	1057	$this->_redirectaddr = $this->_expandlinks($match[1],$URI);
1043	}	1058	}