@@ -113,6 +113,7 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
113113 int redirected = ((flags & HTTP_WRAPPER_REDIRECTED ) != 0 );
114114 int follow_location = 1 ;
115115 php_stream_filter * transfer_encoding = NULL ;
116+ int response_code ;
116117
117118 tmp_line [0 ] = '\0' ;
118119
@@ -657,7 +658,6 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
657658
658659 if (php_stream_get_line (stream , tmp_line , sizeof (tmp_line ) - 1 , & tmp_line_len ) != NULL ) {
659660 zval * http_response ;
660- int response_code ;
661661
662662 if (tmp_line_len > 9 ) {
663663 response_code = atoi (tmp_line + 9 );
@@ -731,7 +731,9 @@ php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, char *path,
731731 http_header_line [http_header_line_length ] = '\0' ;
732732
733733 if (!strncasecmp (http_header_line , "Location: " , 10 )) {
734- if (context && php_stream_context_get_option (context , "http" , "follow_location" , & tmpzval ) == SUCCESS ) {
734+ /* we only care about Location for 300, 301, 302, 303 and 307 */
735+ /* see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.1 */
736+ if ((response_code >= 300 && response_code < 304 || 307 == response_code ) && context && php_stream_context_get_option (context , "http" , "follow_location" , & tmpzval ) == SUCCESS ) {
735737 SEPARATE_ZVAL (tmpzval );
736738 convert_to_long_ex (tmpzval );
737739 follow_location = Z_LVAL_PP (tmpzval );
0 commit comments