From: foobar <sniper@php.net>
Date: Wed, 2 May 2001 01:18:53 +0000 (+0000)
Subject: Now the file uploads 'work' also on Lynx. This patch was submitted
X-Git-Tag: php-4.0.6RC1~199
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bf417a3b725e6565d2d741b7b0d3ec6b020b95c3;p=php

Now the file uploads 'work' also on Lynx. This patch was submitted
by Andreas Pistoor <andreas@erestor.f2s.com> and I have tested it a
quite long time now and didn't notive any problems. Bug: #9930
---

diff --git a/main/rfc1867.c b/main/rfc1867.c
index d4240d552f..6c87cc7d6f 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -153,30 +153,39 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr S
 				}
 				break;
 			case 1:			/* Check content-disposition */
-				if (strncasecmp(ptr, "Content-Disposition: form-data;", 31)) {
+				while (strncasecmp(ptr, "Content-Disposition: form-data;", 31)) {
 					if (rem < 31) {
 						SAFE_RETURN;
 					}
-					php_error(E_WARNING, "File Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4));
-					SAFE_RETURN;
+					if (ptr[1] == '\n') {
+                                                /* empty line as end of header found */
+						php_error(E_WARNING, "File Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4));
+						SAFE_RETURN;
+                                        }
+					/* some other headerfield found, skip it */
+                                        loc = (char *) memchr(ptr, '\n', rem)+1;
+					while (*loc == ' ' || *loc == '\t')
+						/* other field is folded, skip it */
+                                        	loc = (char *) memchr(loc, '\n', rem-(loc-ptr))+1;
+					rem -= (loc - ptr);
+					ptr = loc;
 				}
 				loc = memchr(ptr, '\n', rem);
+				while (loc[1] == ' ' || loc[1] == '\t')
+					/* field is folded, look for end */
+					loc = memchr(loc+1, '\n', rem-(loc-ptr)-1);
 				name = strstr(ptr, " name=");
 				if (name && name < loc) {
 					name += 6;
-					s = memchr(name, '\"', loc - name);
-					if ( name == s ) { 
+					if ( *name == '\"' ) { 
 						name++;
 						s = memchr(name, '\"', loc - name);
 						if(!s) {
 							php_error(E_WARNING, "File Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3), *(name + 4));
 							SAFE_RETURN;
 						}
-					} else if(!s) {
-						s = loc;
 					} else {
-						php_error(E_WARNING, "File Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3), *(name + 4));
-						SAFE_RETURN;
+						s = strpbrk(name, " \t()<>@,;:\\\"/[]?=\r\n");
 					}
 					if (namebuf) {
 						efree(namebuf);
@@ -187,9 +196,13 @@ static void php_mime_split(char *buf, int cnt, char *boundary, zval *array_ptr S
 					}
 					lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX + 1);
 					state = 2;
-					loc2 = memchr(loc + 1, '\n', rem);
-					rem -= (loc2 - ptr) + 1;
-					ptr = loc2 + 1;
+					loc2 = loc;
+					while (loc2[2] != '\n') {
+						/* empty line as end of header not yet found */
+						loc2 = memchr(loc2 + 1, '\n', rem-(loc2-ptr)-1);
+					}
+					rem -= (loc2 - ptr) + 3;
+					ptr = loc2 + 3;
 					/* is_arr_upload is true when name of file upload field
 					 * ends in [.*]
 					 * start_arr is set to point to 1st [