From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 29 Dec 2009 15:57:54 +0000 (+0000)
Subject: Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP... 
X-Git-Tag: php-5.2.13RC1~63
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=37d2b9746987e6f24777d487dbf0e40468ae8960;p=php

Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads).
---

diff --git a/NEWS b/NEWS
index 03e9a5dfaf..f542608fc3 100644
--- a/NEWS
+++ b/NEWS
@@ -20,6 +20,8 @@ PHP                                                                        NEWS
   (Jani)
 - Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
 - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia)
+- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive
+  in HTTP uploads). (Ilia)
 - Fixed bug #47409 (extract() problem with array containing word "this").
   (Ilia, chrisstocktonaz at gmail dot com)
 - Fixed bug #47002 (Field truncation when reading from dbase dbs with more
diff --git a/main/rfc1867.c b/main/rfc1867.c
index 3de809a749..20c447e567 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -33,6 +33,7 @@
 #include "php_variables.h"
 #include "rfc1867.h"
 #include "php_ini.h"
+#include "ext/standard/php_string.h"
 
 #define DEBUG_FILE_UPLOAD ZEND_DEBUG
 
@@ -796,6 +797,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 	void *event_extra_data = NULL;
 	int llen = 0;
 	int upload_cnt = INI_INT("max_file_uploads");
+	
+	
 
 	if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) {
 		sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
@@ -804,6 +807,18 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 
 	/* Get the boundary */
 	boundary = strstr(content_type_dup, "boundary");
+	if (!boundary) {
+		int content_type_len = strlen(content_type_dup);
+		char *content_type_lcase = estrndup(content_type_dup, content_type_len);
+
+		php_strtolower(content_type_lcase, content_type_len);
+		boundary = strstr(content_type_lcase, "boundary");
+		if (boundary) {
+			boundary = content_type_dup + (boundary - content_type_lcase);
+		}
+		efree(content_type_lcase);
+	}
+
 	if (!boundary || !(boundary=strchr(boundary, '='))) {
 		sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data");
 		return;