From 927580e795176d84561ed7cddbd609afe7717ba0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Johannes=20Schl=C3=BCter?= Date: Mon, 25 Jan 2010 23:26:15 +0000 Subject: [PATCH] Merge rfc1867.c changes r292762 - Fixed bug #48190 (Content-type parameter "boundary" is not case- insensitive in HTTP uploads). (iliaa) r292771 - WS + CS + folding tags (jani) r292777 - Sync with HEAD (jani) --- NEWS | 2 + main/rfc1867.c | 294 ++++++++++++++++++++++++------------------------- 2 files changed, 143 insertions(+), 153 deletions(-) diff --git a/NEWS b/NEWS index 239e257900..6343bf04ff 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ PHP NEWS (Ilia) - Added stream_resolve_include_path(). (Mikko) +- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive + in HTTP uploads). (Ilia) - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) diff --git a/main/rfc1867.c b/main/rfc1867.c index 408eb0fedc..9823c759cc 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -13,7 +13,7 @@ | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Authors: Rasmus Lerdorf | - | Jani Taskinen | + | Jani Taskinen | +----------------------------------------------------------------------+ */ @@ -23,7 +23,7 @@ * This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/). * - */ + */ #include #include "php.h" @@ -32,6 +32,7 @@ #include "php_globals.h" #include "php_variables.h" #include "rfc1867.h" +#include "ext/standard/php_string.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -43,7 +44,7 @@ PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void ** static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC); #define SAFE_RETURN { \ - php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \ + php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \ if (lbuf) efree(lbuf); \ if (abuf) efree(abuf); \ if (array_index) efree(array_index); \ @@ -55,7 +56,7 @@ static void safe_php_register_variable(char *var, char *strval, int val_len, zva if (mbuff) efree(mbuff); \ return; } -void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr TSRMLS_DC) +void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr TSRMLS_DC) /* {{{ */ { int i; if (php_mb_encoding_translation(TSRMLS_C)) { @@ -63,17 +64,18 @@ void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zv php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { php_mb_gpc_encoding_converter(val_list, len_list, num_vars, NULL, NULL TSRMLS_CC); } - for (i=0; i=*num_vars_max){ - php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, - 16 TSRMLS_CC); + if (*num_vars >= *num_vars_max) { + php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, 16 TSRMLS_CC); /* in case realloc relocated the buffer */ val_list = *pval_list; len_list = *plen_list; @@ -104,6 +106,7 @@ void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int len_list[*num_vars] = strlen(value); (*num_vars)++; } +/* }}} */ #else @@ -136,7 +139,7 @@ void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int #define UPLOAD_ERROR_F 7 /* Failed to write file to disk */ #define UPLOAD_ERROR_X 8 /* File upload stopped by extension */ -void php_rfc1867_register_constants(TSRMLS_D) +void php_rfc1867_register_constants(TSRMLS_D) /* {{{ */ { REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_OK", UPLOAD_ERROR_OK, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_INI_SIZE", UPLOAD_ERROR_A, CONST_CS | CONST_PERSISTENT); @@ -147,26 +150,27 @@ void php_rfc1867_register_constants(TSRMLS_D) REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION", UPLOAD_ERROR_X, CONST_CS | CONST_PERSISTENT); } +/* }}} */ -static void normalize_protected_variable(char *varname TSRMLS_DC) +static void normalize_protected_variable(char *varname TSRMLS_DC) /* {{{ */ { - char *s=varname, *index=NULL, *indexend=NULL, *p; - + char *s = varname, *index = NULL, *indexend = NULL, *p; + /* overjump leading space */ while (*s == ' ') { s++; } - + /* and remove it */ if (s != varname) { memmove(varname, s, strlen(s)+1); } - for (p=varname; *p && *p != '['; p++) { + for (p = varname; *p && *p != '['; p++) { switch(*p) { case ' ': case '.': - *p='_'; + *p = '_'; break; } } @@ -175,20 +179,19 @@ static void normalize_protected_variable(char *varname TSRMLS_DC) index = strchr(varname, '['); if (index) { index++; - s=index; + s = index; } else { return; } /* done? */ while (index) { - while (*index == ' ' || *index == '\r' || *index == '\n' || *index=='\t') { index++; } indexend = strchr(index, ']'); indexend = indexend ? indexend + 1 : index + strlen(index); - + if (s != index) { memmove(s, index, strlen(index)+1); s += indexend-index; @@ -201,46 +204,45 @@ static void normalize_protected_variable(char *varname TSRMLS_DC) index = s; } else { index = NULL; - } + } } - *s = '\0'; } +/* }}} */ - -static void add_protected_variable(char *varname TSRMLS_DC) +static void add_protected_variable(char *varname TSRMLS_DC) /* {{{ */ { - int dummy=1; + int dummy = 1; normalize_protected_variable(varname TSRMLS_CC); zend_hash_add(&PG(rfc1867_protected_variables), varname, strlen(varname)+1, &dummy, sizeof(int), NULL); } +/* }}} */ - -static zend_bool is_protected_variable(char *varname TSRMLS_DC) +static zend_bool is_protected_variable(char *varname TSRMLS_DC) /* {{{ */ { normalize_protected_variable(varname TSRMLS_CC); return zend_hash_exists(&PG(rfc1867_protected_variables), varname, strlen(varname)+1); } +/* }}} */ - -static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) +static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) /* {{{ */ { if (override_protection || !is_protected_variable(var TSRMLS_CC)) { php_register_variable_safe(var, strval, val_len, track_vars_array TSRMLS_CC); } } +/* }}} */ - -static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) +static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) /* {{{ */ { if (override_protection || !is_protected_variable(var TSRMLS_CC)) { php_register_variable_ex(var, val, track_vars_array TSRMLS_CC); } } +/* }}} */ - -static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) +static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */ { int register_globals = PG(register_globals); @@ -248,9 +250,9 @@ static void register_http_post_files_variable(char *strvar, char *val, zval *htt safe_php_register_variable(strvar, val, strlen(val), http_post_files, override_protection TSRMLS_CC); PG(register_globals) = register_globals; } +/* }}} */ - -static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) +static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */ { int register_globals = PG(register_globals); @@ -258,27 +260,24 @@ static void register_http_post_files_variable_ex(char *var, zval *val, zval *htt safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC); PG(register_globals) = register_globals; } +/* }}} */ - -static int unlink_filename(char **filename TSRMLS_DC) +static int unlink_filename(char **filename TSRMLS_DC) /* {{{ */ { VCWD_UNLINK(*filename); return 0; } +/* }}} */ - -void destroy_uploaded_files_hash(TSRMLS_D) +void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */ { zend_hash_apply(SG(rfc1867_uploaded_files), (apply_func_t) unlink_filename TSRMLS_CC); zend_hash_destroy(SG(rfc1867_uploaded_files)); FREE_HASHTABLE(SG(rfc1867_uploaded_files)); } +/* }}} */ - -/* - * Following code is based on apache_multipart_buffer.c from libapreq-0.33 package. - * - */ +/* {{{ Following code is based on apache_multipart_buffer.c from libapreq-0.33 package. */ #define FILLUNIT (1024 * 5) @@ -297,17 +296,15 @@ typedef struct { } multipart_buffer; - typedef struct { char *key; char *value; } mime_header_entry; - /* - fill up the buffer with client data. - returns number of bytes added to buffer. -*/ + * Fill up the buffer with client data. + * Returns number of bytes added to buffer. + */ static int fill_buffer(multipart_buffer *self TSRMLS_DC) { int bytes_to_read, total_read = 0, actual_read = 0; @@ -343,7 +340,6 @@ static int fill_buffer(multipart_buffer *self TSRMLS_DC) return total_read; } - /* eof if we are out of bytes, or if we hit the final boundary */ static int multipart_buffer_eof(multipart_buffer *self TSRMLS_DC) { @@ -354,7 +350,6 @@ static int multipart_buffer_eof(multipart_buffer *self TSRMLS_DC) } } - /* create new multipart_buffer structure */ static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len) { @@ -367,7 +362,7 @@ static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len) self->bufsize = minsize; spprintf(&self->boundary, 0, "--%s", boundary); - + self->boundary_next_len = spprintf(&self->boundary_next, 0, "\n--%s", boundary); self->buf_begin = self->buffer; @@ -376,17 +371,16 @@ static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len) return self; } - /* - gets the next CRLF terminated line from the input buffer. - if it doesn't find a CRLF, and the buffer isn't completely full, returns - NULL; otherwise, returns the beginning of the null-terminated line, - minus the CRLF. - - note that we really just look for LF terminated lines. this works - around a bug in internet explorer for the macintosh which sends mime - boundaries that are only LF terminated when you use an image submit - button in a multipart/form-data form. + * Gets the next CRLF terminated line from the input buffer. + * If it doesn't find a CRLF, and the buffer isn't completely full, returns + * NULL; otherwise, returns the beginning of the null-terminated line, + * minus the CRLF. + * + * Note that we really just look for LF terminated lines. This works + * around a bug in internet explorer for the macintosh which sends mime + * boundaries that are only LF terminated when you use an image submit + * button in a multipart/form-data form. */ static char *next_line(multipart_buffer *self) { @@ -406,7 +400,7 @@ static char *next_line(multipart_buffer *self) /* bump the pointer */ self->buf_begin = ptr + 1; self->bytes_in_buffer -= (self->buf_begin - line); - + } else { /* no LF found */ /* buffer isn't completely full, fail */ @@ -422,8 +416,7 @@ static char *next_line(multipart_buffer *self) return line; } - -/* returns the next CRLF terminated line from the client */ +/* Returns the next CRLF terminated line from the client */ static char *get_line(multipart_buffer *self TSRMLS_DC) { char* ptr = next_line(self); @@ -436,7 +429,6 @@ static char *get_line(multipart_buffer *self TSRMLS_DC) return ptr; } - /* Free header entry */ static void php_free_hdr_entry(mime_header_entry *h) { @@ -448,7 +440,6 @@ static void php_free_hdr_entry(mime_header_entry *h) } } - /* finds a boundary */ static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC) { @@ -467,14 +458,13 @@ static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC) return 0; } - /* parse headers */ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header TSRMLS_DC) { char *line; mime_header_entry prev_entry, entry; int prev_len, cur_len; - + /* didn't find boundary, abort */ if (!find_boundary(self, self->boundary TSRMLS_CC)) { return 0; @@ -485,10 +475,9 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T while( (line = get_line(self TSRMLS_CC)) && strlen(line) > 0 ) { /* add header to table */ - char *key = line; char *value = NULL; - + /* space in the beginning means same header */ if (!isspace(line[0])) { value = strchr(line, ':'); @@ -512,7 +501,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T entry.value[cur_len + prev_len] = '\0'; entry.key = estrdup(prev_entry.key); - + zend_llist_remove_tail(header); } else { continue; @@ -525,7 +514,6 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T return 1; } - static char *php_mime_get_hdr_value(zend_llist header, char *key) { mime_header_entry *entry; @@ -533,7 +521,7 @@ static char *php_mime_get_hdr_value(zend_llist header, char *key) if (key == NULL) { return NULL; } - + entry = zend_llist_get_first(&header); while (entry) { if (!strcasecmp(entry->key, key)) { @@ -541,18 +529,16 @@ static char *php_mime_get_hdr_value(zend_llist header, char *key) } entry = zend_llist_get_next(&header); } - + return NULL; } - static char *php_ap_getword(char **line, char stop) { char *pos = *line, quote; char *res; while (*pos && *pos != stop) { - if ((quote = *pos) == '"' || quote == '\'') { ++pos; while (*pos && *pos != quote) { @@ -566,7 +552,6 @@ static char *php_ap_getword(char **line, char stop) ++pos; } } else ++pos; - } if (*pos == '\0') { res = estrdup(*line); @@ -584,7 +569,6 @@ static char *php_ap_getword(char **line, char stop) return res; } - static char *substring_conf(char *start, int len, char quote TSRMLS_DC) { char *result = emalloc(len + 2); @@ -615,7 +599,6 @@ static char *substring_conf(char *start, int len, char quote TSRMLS_DC) return result; } - static char *php_ap_getword_conf(char **line TSRMLS_DC) { char *str = *line, *strend, *res, quote; @@ -677,12 +660,11 @@ look_for_quote: return res; } - /* - search for a string in a fixed-length byte string. - if partial is true, partial matches are allowed at the end of the buffer. - returns NULL if not found, or a pointer to the start of the first match. -*/ + * Search for a string in a fixed-length byte string. + * If partial is true, partial matches are allowed at the end of the buffer. + * Returns NULL if not found, or a pointer to the start of the first match. + */ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int needlen, int partial) { int len = haystacklen; @@ -706,7 +688,6 @@ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int ne return ptr; } - /* read until a boundary condition */ static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, int *end TSRMLS_DC) { @@ -750,7 +731,6 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, i return len; } - /* XXX: this is horrible memory-usage-wise, but we only expect to do this on small pieces of form data. @@ -766,32 +746,35 @@ static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int *le total_bytes += read_bytes; } - if (out) out[total_bytes] = '\0'; + if (out) { + out[total_bytes] = '\0'; + } *len = total_bytes; return out; } - +/* }}} */ /* * The combined READER/HANDLER * */ -SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) +SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ { - char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; - char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; - int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0; - int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous; - zval *http_post_files=NULL; HashTable *uploaded_files=NULL; + char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; + char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL; + int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; + int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous; + zval *http_post_files = NULL; + HashTable *uploaded_files = NULL; #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL; char **val_list = NULL; #endif multipart_buffer *mbuff; zval *array_ptr = (zval *) arg; - int fd=-1; + int fd = -1; zend_llist header; void *event_extra_data = NULL; int llen = 0; @@ -804,7 +787,19 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* Get the boundary */ boundary = strstr(content_type_dup, "boundary"); - if (!boundary || !(boundary=strchr(boundary, '='))) { + if (!boundary) { + int content_type_len = strlen(content_type_dup); + char *content_type_lcase = estrndup(content_type_dup, content_type_len); + + php_strtolower(content_type_lcase, content_type_len); + boundary = strstr(content_type_lcase, "boundary"); + if (boundary) { + boundary = content_type_dup + (boundary - content_type_lcase); + } + efree(content_type_lcase); + } + + if (!boundary || !(boundary = strchr(boundary, '='))) { sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data"); return; } @@ -815,7 +810,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (boundary[0] == '"') { boundary++; boundary_end = strchr(boundary, '"'); - if (!boundary_end) { + if (!boundary_end) { sapi_module.sapi_error(E_WARNING, "Invalid boundary in multipart/form-data POST data"); return; } @@ -866,8 +861,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; - char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; - size_t blen=0, wlen=0; + char *cd = NULL, *param = NULL, *filename = NULL, *tmp = NULL; + size_t blen = 0, wlen = 0; off_t offset; zend_llist_clean(&header); @@ -877,16 +872,16 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) { - char *pair=NULL; - int end=0; - + char *pair = NULL; + int end = 0; + while (isspace(*cd)) { ++cd; } while (*cd && (pair = php_ap_getword(&cd, ';'))) { - char *key=NULL, *word = pair; + char *key = NULL, *word = pair; while (isspace(*cd)) { ++cd; @@ -894,7 +889,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (strchr(pair, '=')) { key = php_ap_getword(&pair, '='); - + if (!strcasecmp(key, "name")) { if (param) { efree(param); @@ -943,8 +938,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) if (php_mb_encoding_translation(TSRMLS_C)) { - php_mb_gpc_stack_variable(param, value, &val_list, &len_list, - &num_vars, &num_vars_max TSRMLS_CC); + php_mb_gpc_stack_variable(param, value, &val_list, &len_list, &num_vars, &num_vars_max TSRMLS_CC); } else { safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC); } @@ -984,7 +978,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled"); goto fileupload_done; } - + if (!param) { is_anonymous = 1; param = emalloc(MAX_SIZE_ANONNAME); @@ -992,12 +986,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } else { is_anonymous = 0; } - + /* New Rule: never repair potential malicious user input */ if (!skip_upload) { char *tmp = param; long c = 0; - + while (*tmp) { if (*tmp == '[') { c++; @@ -1012,7 +1006,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) skip_upload = 1; break; } - tmp++; + tmp++; } } @@ -1022,12 +1016,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* Handle file */ fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC); upload_cnt--; - if (fd==-1) { + if (fd == -1) { sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); cancel_upload = UPLOAD_ERROR_E; } } - + if (!skip_upload && php_rfc1867_callback != NULL) { multipart_event_file_start event_file_start; @@ -1042,21 +1036,20 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } efree(temp_filename); } - temp_filename=""; + temp_filename = ""; efree(param); efree(filename); continue; } } - if (skip_upload) { efree(param); efree(filename); continue; } - if(strlen(filename) == 0) { + if (strlen(filename) == 0) { #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "No file uploaded"); #endif @@ -1080,8 +1073,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) continue; } } - - + if (PG(upload_max_filesize) > 0 && (total_bytes+blen) > PG(upload_max_filesize)) { #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename); @@ -1093,9 +1085,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #endif cancel_upload = UPLOAD_ERROR_B; } else if (blen > 0) { - wlen = write(fd, buff, blen); - + if (wlen == -1) { /* write failed */ #if DEBUG_FILE_UPLOAD @@ -1110,11 +1101,10 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } else { total_bytes += wlen; } - offset += wlen; - } + } } - if (fd!=-1) { /* may not be initialized if file could not be created */ + if (fd != -1) { /* may not be initialized if file could not be created */ close(fd); } if (!cancel_upload && !end) { @@ -1124,12 +1114,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) cancel_upload = UPLOAD_ERROR_C; } #if DEBUG_FILE_UPLOAD - if(strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) { + if (strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) { sapi_module.sapi_error(E_WARNING, "Uploaded file size 0 - file [%s=%s] not saved", param, filename); cancel_upload = 5; } -#endif - +#endif if (php_rfc1867_callback != NULL) { multipart_event_file_end event_file_end; @@ -1148,15 +1137,14 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } efree(temp_filename); } - temp_filename=""; + temp_filename = ""; } else { zend_hash_add(SG(rfc1867_uploaded_files), temp_filename, strlen(temp_filename) + 1, &temp_filename, sizeof(char *), NULL); } /* is_arr_upload is true when name of file upload field * ends in [.*] - * start_arr is set to point to 1st [ - */ + * start_arr is set to point to 1st [ */ is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']'); if (is_arr_upload) { @@ -1164,16 +1152,16 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (array_index) { efree(array_index); } - array_index = estrndup(start_arr+1, array_len-2); + array_index = estrndup(start_arr + 1, array_len - 2); } - + /* Add $foo_name */ if (llen < strlen(param) + MAX_SIZE_OF_INDEX + 1) { llen = strlen(param); lbuf = (char *) safe_erealloc(lbuf, llen, 1, MAX_SIZE_OF_INDEX + 1); llen += MAX_SIZE_OF_INDEX + 1; } - + if (is_arr_upload) { if (abuf) efree(abuf); abuf = estrndup(param, strlen(param)-array_len); @@ -1184,14 +1172,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) if (php_mb_encoding_translation(TSRMLS_C)) { - if (num_vars>=num_vars_max){ - php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max, - 1 TSRMLS_CC); + if (num_vars >= num_vars_max) { + php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max, 1 TSRMLS_CC); } val_list[num_vars] = filename; len_list[num_vars] = strlen(filename); num_vars++; - if(php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { + if (php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { str_len = strlen(filename); php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC); } @@ -1202,13 +1189,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) num_vars--; goto filedone; } -#endif +#endif /* The \ check should technically be needed for win32 systems only where * it is a valid path separator. However, IE in all it's wisdom always sends * the full path of the file on the user's filesystem, which means that unless - * the user does basename() they get a bogus file name. Until IE's user base drops - * to nill or problem is fixed this code must remain enabled for all systems. - */ + * the user does basename() they get a bogus file name. Until IE's user base drops + * to nill or problem is fixed this code must remain enabled for all systems. */ s = strrchr(filename, '\\'); if ((tmp = strrchr(filename, '/')) > s) { s = tmp; @@ -1224,9 +1210,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #endif #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) -filedone: +filedone: #endif - + if (!is_anonymous) { if (s && s > filename) { safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); @@ -1248,11 +1234,11 @@ filedone: } efree(filename); s = NULL; - + /* Possible Content-Type: */ if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) { cd = ""; - } else { + } else { /* fix for Opera 6.01 */ s = strchr(cd, ';'); if (s != NULL) { @@ -1297,7 +1283,7 @@ filedone: ZVAL_STRING(&zfilename, temp_filename, 1); safe_php_register_variable_ex(param, &zfilename, NULL, 1 TSRMLS_CC); } - + /* Add $foo[tmp_name] */ if (is_arr_upload) { snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index); @@ -1322,8 +1308,8 @@ filedone: } else { file_size.value.lval = total_bytes; file_size.type = IS_LONG; - } - + } + if (is_arr_upload) { snprintf(lbuf, llen, "%s[error][%s]", abuf, array_index); } else { @@ -1339,7 +1325,7 @@ filedone: } if (!is_anonymous) { safe_php_register_variable_ex(lbuf, &file_size, NULL, 0 TSRMLS_CC); - } + } /* Add $foo[size] */ if (is_arr_upload) { @@ -1352,16 +1338,18 @@ filedone: efree(param); } } + fileupload_done: if (php_rfc1867_callback != NULL) { multipart_event_end event_end; - + event_end.post_bytes_processed = SG(read_post_bytes); php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC); } - + SAFE_RETURN; } +/* }}} */ /* * Local variables: -- 2.40.0