- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
{
if (SG(request_info).post_entry) {
SG(request_info).post_entry->post_handler(SG(request_info).content_type_dup, arg SLS_CC);
- efree(SG(request_info).post_data);
- SG(request_info).post_data = NULL;
+ if (SG(request_info).post_data) {
+ efree(SG(request_info).post_data);
+ SG(request_info).post_data = NULL;
+ }
efree(SG(request_info).content_type_dup);
SG(request_info).content_type_dup = NULL;
}
post_reader_func = post_entry->post_reader;
} else {
if (!sapi_module.default_post_reader) {
- sapi_module.sapi_error(E_ERROR, "Unsupported content type: '%s'", content_type);
+ sapi_module.sapi_error(E_WARNING, "Unsupported content type: '%s'", content_type);
return;
}
SG(request_info).post_entry = NULL;
int read_bytes;
int allocated_bytes=SAPI_POST_BLOCK_SIZE+1;
+ if (SG(request_info).content_length > SG(post_max_size)) {
+ php_error(E_WARNING, "POST Content-Length of %d bytes exceeds the limit of %d bytes",
+ SG(request_info).content_length, SG(post_max_size));
+ return;
+ }
SG(request_info).post_data = emalloc(allocated_bytes);
for (;;) {
break;
}
SG(read_post_bytes) += read_bytes;
+ if (SG(read_post_bytes) > SG(post_max_size)) {
+ php_error(E_WARNING, "Actual POST length does not match Content-Length, and exceeds %d bytes", SG(post_max_size));
+ return;
+ }
if (read_bytes < SAPI_POST_BLOCK_SIZE) {
break;
}
} else {
SG(request_info).headers_only = 0;
}
+ SG(rfc1867_uploaded_files) = NULL;
if (SG(server_context)) {
if (SG(request_info).request_method
&& !strcmp(SG(request_info).request_method, "POST")) {
if (!SG(request_info).content_type) {
- sapi_module.sapi_error(E_ERROR, "No content-type in POST request");
+ sapi_module.sapi_error(E_WARNING, "No content-type in POST request");
+ SG(request_info).content_type_dup = NULL;
+ } else {
+ sapi_read_post_data(SLS_C);
}
- sapi_read_post_data(SLS_C);
} else {
SG(request_info).content_type_dup = NULL;
}
sapi_module.activate(SLS_C);
}
}
- SG(rfc1867_uploaded_files) = NULL;
}
char *query_string;
char *post_data;
char *cookie_data;
- uint content_length;
+ long content_length;
uint post_data_length;
char *path_translated;
char *default_mimetype;
char *default_charset;
HashTable *rfc1867_uploaded_files;
+ long post_max_size;
} sapi_globals_struct;
int new_limit;
if (new_value) {
- new_limit = atoi(new_value);
+ new_limit = php_atoi(new_value);
} else {
new_limit = 1<<30; /* effectively, no limit */
}
STD_PHP_INI_BOOLEAN("allow_call_time_pass_reference","1",PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, allow_call_time_pass_reference, zend_compiler_globals, compiler_globals)
STD_PHP_INI_BOOLEAN("asp_tags", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, asp_tags, zend_compiler_globals, compiler_globals)
STD_PHP_INI_BOOLEAN("display_errors", "1", PHP_INI_ALL, OnUpdateBool, display_errors, php_core_globals, core_globals)
+ STD_PHP_INI_BOOLEAN("display_startup_errors", "0", PHP_INI_ALL, OnUpdateBool, display_startup_errors, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("enable_dl", "1", PHP_INI_SYSTEM, OnUpdateBool, enable_dl, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("error_append_string", NULL, PHP_INI_ALL, OnUpdateString, error_append_string, php_core_globals, core_globals)
STD_PHP_INI_BOOLEAN("error_prepend_string", NULL, PHP_INI_ALL, OnUpdateString, error_prepend_string, php_core_globals, core_globals)
PHP_INI_ENTRY("max_execution_time", "30", PHP_INI_ALL, OnUpdateTimeout)
STD_PHP_INI_ENTRY("open_basedir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, open_basedir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("safe_mode_exec_dir", "1", PHP_INI_SYSTEM, OnUpdateString, safe_mode_exec_dir, php_core_globals, core_globals)
- STD_PHP_INI_ENTRY("upload_max_filesize", "2097152", PHP_INI_ALL, OnUpdateInt, upload_max_filesize, php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("upload_max_filesize", "2M", PHP_INI_ALL, OnUpdateInt, upload_max_filesize, php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("file_uploads", "1", PHP_INI_ALL, OnUpdateBool, file_uploads, php_core_globals, core_globals)
+ STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM, OnUpdateInt, post_max_size, sapi_globals_struct,sapi_globals)
STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("user_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, user_dir, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("variables_order", NULL, PHP_INI_ALL, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals)
PHP_INI_ENTRY("browscap", NULL, PHP_INI_SYSTEM, NULL)
PHP_INI_ENTRY("error_reporting", NULL, PHP_INI_ALL, OnUpdateErrorReporting)
#if MEMORY_LIMIT
- PHP_INI_ENTRY("memory_limit", "8388608", PHP_INI_ALL, OnChangeMemoryLimit)
+ PHP_INI_ENTRY("memory_limit", "8M", PHP_INI_ALL, OnChangeMemoryLimit)
#endif
PHP_INI_ENTRY("precision", "14", PHP_INI_ALL, OnSetPrecision)
PHP_INI_ENTRY("sendmail_from", NULL, PHP_INI_ALL, NULL)
snprintf(log_buffer, 1024, "PHP %s: %s in %s on line %d", error_type_str, buffer, error_filename, error_lineno);
php_log_err(log_buffer);
}
- if (module_initialized && PG(display_errors)) {
+ if (module_initialized && PG(display_errors)
+ && (!PG(during_request_startup) || PG(display_startup_errors))) {
char *prepend_string = INI_STR("error_prepend_string");
char *append_string = INI_STR("error_append_string");
char *error_format;
signal(SIGCHLD,sigchld_handler);
#endif
+ PG(during_request_startup) = 1;
+
global_lock();
php_output_startup();
} else if (PG(implicit_flush)) {
php_start_implicit_flush();
}
-
+
+ /* We turn this off in php_execute_script() */
+ /* PG(during_request_startup) = 0; */
+
return SUCCESS;
}
SG(request_info).headers_only = 0;
SG(request_info).argv0 = NULL;
PG(connection_status) = PHP_CONNECTION_NORMAL;
+ PG(during_request_startup) = 0;
#if HAVE_SETLOCALE
setlocale(LC_CTYPE, "");
UpdateIniFromRegistry(primary_file->filename);
#endif
+ PG(during_request_startup) = 0;
+
if (primary_file->type == ZEND_HANDLE_FILENAME
&& primary_file->filename) {
V_GETCWD(old_cwd, OLD_CWD_SIZE-1);
zend_bool track_errors;
zend_bool display_errors;
+ zend_bool display_startup_errors;
zend_bool log_errors;
char *error_log;
zend_bool html_errors;
- zend_bool modules_activated;
+ zend_bool modules_activated;
+
+ zend_bool file_uploads;
+
+ zend_bool during_request_startup;
};
}
+PHPAPI int php_atoi(const char *str, int str_len)
+{
+ int retval;
+
+ if (!str_len) {
+ str_len = strlen(str);
+ }
+ retval = atoi(str);
+ if (str_len>0) {
+ switch (str[str_len-1]) {
+ case 'k':
+ case 'K':
+ retval *= 1024;
+ break;
+ case 'm':
+ case 'M':
+ retval *= 1048576;
+ break;
+ }
+ }
+ return retval;
+}
+
+
/* Standard message handlers */
PHPAPI PHP_INI_MH(OnUpdateBool)
p = (long *) (base+(size_t) mh_arg1);
- *p = atoi(new_value);
+ *p = php_atoi(new_value, new_value_length);
return SUCCESS;
}
pval *cfg_get_entry(char *name, uint name_length);
+PHPAPI int php_atoi(const char *str, int str_len);
/* Standard message handlers */
PHPAPI PHP_INI_MH(OnUpdateBool);
/*
* Split raw mime stream up into appropriate components
*/
-static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr SLS_DC)
+static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr SLS_DC PLS_DC)
{
char *ptr, *loc, *loc2, *loc3, *s, *name, *filename, *u, *temp_filename;
int len, state = 0, Done = 0, rem, urem;
zend_bool upload_successful;
zend_bool magic_quotes_gpc;
ELS_FETCH();
- PLS_FETCH();
zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0);
char *boundary;
uint boundary_len;
zval *array_ptr = (zval *) arg;
+ PLS_FETCH();
+
+ if (!PG(file_uploads)) {
+ php_error(E_WARNING, "File uploads are disabled");
+ return;
+ }
boundary = strstr(content_type_dup, "boundary");
if (!boundary || !(boundary=strchr(boundary, '='))) {
boundary_len = strlen(boundary);
if (SG(request_info).post_data) {
- php_mime_split(SG(request_info).post_data, SG(request_info).post_data_length, boundary, array_ptr SLS_CC);
+ php_mime_split(SG(request_info).post_data, SG(request_info).post_data_length, boundary, array_ptr SLS_CC PLS_CC);
}
}
;;;;;;;;;;;;;;;;;;;
max_execution_time = 30 ; Maximum execution time of each script, in seconds
-memory_limit = 8388608 ; Maximum amount of memory a script may consume (8MB)
+memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Keeping display_errors enabled on a production web site may reveal
; security information to end users, such as file paths on your Web server,
; your database schema or other information.
+display_startup_errors = Off ; Even when display_errors is on, errors that occur during
+ ; PHP's startup sequence are not displayed. It's strongly
+ ; recommended to keep display_startup_errors off, except for
+ ; when debugging.
log_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
; variables (that would contain the GET information). If you
; don't use these variables, you should turn it off for
; increased performance
+post_max_size = 8M ; Maximum size of POST data that PHP will accept.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
include_path = ; UNIX: "/path1:/path2" Windows: "\path1;\path2"
doc_root = ; the root of the php pages, used only if nonempty
user_dir = ; the directory under which php opens the script using /~username, used only if nonempty
-;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified)
-upload_max_filesize = 2097152 ; 2 Meg default limit on file uploads
extension_dir = ./ ; directory in which the loadable extensions (modules) reside
enable_dl = On ; Whether or not to enable the dl() function.
; The dl() function does NOT properly work in multithreaded
; on them.
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+file_uploads = On ; Whether to allow HTTP file uploads
+;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified)
+upload_max_filesize = 2M ; Maximum allowed size for uploaded files
+
+
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;
max_execution_time = 30 ; Maximum execution time of each script, in seconds
-memory_limit = 8388608 ; Maximum amount of memory a script may consume (8MB)
+memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Keeping display_errors enabled on a production web site may reveal
; security information to end users, such as file paths on your Web server,
; your database schema or other information.
+display_startup_errors = Off ; Even when display_errors is on, errors that occur during
+ ; PHP's startup sequence are not displayed. It's strongly
+ ; recommended to keep display_startup_errors off, except for
+ ; when debugging.
log_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
; don't use these variables, you should turn it off for
; increased performance (you should try not to use it anyway,
; for less likelihood of security bugs in your code).
+post_max_size = 8M ; Maximum size of POST data that PHP will accept.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
include_path = ; UNIX: "/path1:/path2" Windows: "\path1;\path2"
doc_root = ; the root of the php pages, used only if nonempty
user_dir = ; the directory under which php opens the script using /~username, used only if nonempty
-;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified)
-upload_max_filesize = 2097152 ; 2 Meg default limit on file uploads
extension_dir = ./ ; directory in which the loadable extensions (modules) reside
enable_dl = On ; Whether or not to enable the dl() function.
; The dl() function does NOT properly work in multithreaded
; on them.
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+file_uploads = On ; Whether to allow HTTP file uploads
+;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified)
+upload_max_filesize = 2M ; Maximum allowed size for uploaded files
+
+
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;
max_execution_time = 30 ; Maximum execution time of each script, in seconds
-memory_limit = 8388608 ; Maximum amount of memory a script may consume (8MB)
+memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Keeping display_errors enabled on a production web site may reveal
; security information to end users, such as file paths on your Web server,
; your database schema or other information.
+display_startup_errors = Off ; Even when display_errors is on, errors that occur during
+ ; PHP's startup sequence are not displayed. It's strongly
+ ; recommended to keep display_startup_errors off, except for
+ ; when debugging.
log_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
; don't use these variables, you should turn it off for
; increased performance (you should try not to use it anyway,
; for less likelihood of security bugs in your code).
+post_max_size = 8M ; Maximum size of POST data that PHP will accept.
gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead.
; Magic quotes
include_path = ; UNIX: "/path1:/path2" Windows: "\path1;\path2"
doc_root = ; the root of the php pages, used only if nonempty
user_dir = ; the directory under which php opens the script using /~username, used only if nonempty
-;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified)
-upload_max_filesize = 2097152 ; 2 Meg default limit on file uploads
extension_dir = ./ ; directory in which the loadable extensions (modules) reside
enable_dl = On ; Whether or not to enable the dl() function.
; The dl() function does NOT properly work in multithreaded
; on them.
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+file_uploads = On ; Whether to allow HTTP file uploads
+;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified)
+upload_max_filesize = 2M ; Maximum allowed size for uploaded files
+
+
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
projects / php / commitdiff