File php7-CVE-2021-21705.patch of Package php7.22873

Index: php-7.4.6/ext/filter/logical_filters.c
===================================================================
--- php-7.4.6.orig/ext/filter/logical_filters.c	2020-05-12 10:09:22.000000000 +0200
+++ php-7.4.6/ext/filter/logical_filters.c	2021-07-09 14:56:54.242534739 +0200
@@ -555,6 +555,22 @@ void php_filter_validate_domain(PHP_INPU
 }
 /* }}} */
 
+static int is_userinfo_valid(zend_string *str)
+{
+	const char *valid = "-._~!$&'()*+,;=:";
+	const char *p = ZSTR_VAL(str);
+	while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) {
+		if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) {
+			p++;
+		} else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) {
+			p += 3;
+		} else {
+			return 0;
+		}
+	}
+	return 1;
+}
+
 void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 {
 	php_url *url;
@@ -615,6 +631,15 @@ bad_url:
 		php_url_free(url);
 		RETURN_VALIDATION_FAILED
 	}
+
+	if (url->user != NULL && !is_userinfo_valid(url->user)
+		|| url->pass != NULL && !is_userinfo_valid(url->pass)
+	) {
+		php_url_free(url);
+		RETURN_VALIDATION_FAILED
+
+	}
+
 	php_url_free(url);
 }
 /* }}} */