From: Dmitry Stogov <dmitry@zend.com>
Date: Wed, 28 May 2014 06:15:15 +0000 (+0400)
Subject: Avoid in-place modification
X-Git-Tag: POST_PHPNG_MERGE~266
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=066ea2204e225f061ae86a02dfad8ca480eaeffb;p=php

Avoid in-place modification
---

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 173502877e..41c19eab02 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -2532,37 +2532,34 @@ static int _php_curl_setopt(php_curl *ch, long option, zval *zvalue TSRMLS_DC) /
 					 * must be explicitly cast to long in curl_formadd
 					 * use since curl needs a long not an int. */
 					if (!ch->safe_upload && *postval == '@') {
-						char *type, *filename;
+						char *name, *type, *filename;
 						++postval;
 
 						php_error_docref("curl.curlfile" TSRMLS_CC, E_DEPRECATED,
 								"The usage of the @filename API for file uploading is deprecated. Please use the CURLFile class instead");
 
-						if ((type = php_memnstr(postval, ";type=", sizeof(";type=") - 1,
-										postval + Z_STRLEN_P(current)))) {
+						name = estrndup(postval, Z_STRLEN_P(current));
+						if ((type = php_memnstr(name, ";type=", sizeof(";type=") - 1,
+										name + Z_STRLEN_P(current)))) {
 							*type = '\0';
 						}
-						if ((filename = php_memnstr(postval, ";filename=", sizeof(";filename=") - 1,
-										postval + Z_STRLEN_P(current)))) {
+						if ((filename = php_memnstr(name, ";filename=", sizeof(";filename=") - 1,
+										name + Z_STRLEN_P(current)))) {
 							*filename = '\0';
 						}
 						/* open_basedir check */
-						if (php_check_open_basedir(postval TSRMLS_CC)) {
+						if (php_check_open_basedir(name TSRMLS_CC)) {
+							efree(name);
 							return FAILURE;
 						}
 						error = curl_formadd(&first, &last,
 										CURLFORM_COPYNAME, string_key->val,
 										CURLFORM_NAMELENGTH, string_key->len,
-										CURLFORM_FILENAME, filename ? filename + sizeof(";filename=") - 1 : postval,
+										CURLFORM_FILENAME, filename ? filename + sizeof(";filename=") - 1 : name,
 										CURLFORM_CONTENTTYPE, type ? type + sizeof(";type=") - 1 : "application/octet-stream",
-										CURLFORM_FILE, postval,
+										CURLFORM_FILE, name,
 										CURLFORM_END);
-						if (type) {
-							*type = ';';
-						}
-						if (filename) {
-							*filename = ';';
-						}
+						efree(name);
 					} else {
 						error = curl_formadd(&first, &last,
 											 CURLFORM_COPYNAME, string_key->val,