lbarnaud Fri May 1 00:36:43 2009 UTC Modified files: /php-src/main rfc1867.c Log: revert to allow Andrei to make his changes
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.209&r2=1.210&diff_format=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.209 php-src/main/rfc1867.c:1.210 --- php-src/main/rfc1867.c:1.209 Fri May 1 00:18:09 2009 +++ php-src/main/rfc1867.c Fri May 1 00:36:43 2009 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: rfc1867.c,v 1.209 2009/05/01 00:18:09 lbarnaud Exp $ */ +/* $Id: rfc1867.c,v 1.210 2009/05/01 00:36:43 lbarnaud Exp $ */ /* * This product includes software developed by the Apache Group @@ -49,6 +49,63 @@ if (mbuff) efree(mbuff); \ return; } +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) +#include "ext/mbstring/mbstring.h" + +static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC); + +void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr TSRMLS_DC) +{ + int i; + if (php_mb_encoding_translation(TSRMLS_C)) { + if (num_vars > 0 && + php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { + php_mb_gpc_encoding_converter(val_list, len_list, num_vars, NULL, NULL TSRMLS_CC); + } + for (i=0; i<num_vars; i+=2){ + safe_php_register_variable(val_list[i], val_list[i+1], len_list[i+1], array_ptr, 0 TSRMLS_CC); + efree(val_list[i]); + efree(val_list[i+1]); + } + efree(val_list); + efree(len_list); + } +} + +void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max, int inc TSRMLS_DC) +{ + /* allow only even increments */ + if (inc & 1) { + inc++; + } + (*num_vars_max) += inc; + *pval_list = (char **)erealloc(*pval_list, (*num_vars_max+2)*sizeof(char *)); + *plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int)); +} + +void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC) +{ + char **val_list=*pval_list; + int *len_list=*plen_list; + + if (*num_vars>=*num_vars_max){ + php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, + 16 TSRMLS_CC); + /* in case realloc relocated the buffer */ + val_list = *pval_list; + len_list = *plen_list; + } + + val_list[*num_vars] = (char *)estrdup(param); + len_list[*num_vars] = strlen(param); + (*num_vars)++; + val_list[*num_vars] = (char *)estrdup(value); + len_list[*num_vars] = strlen(value); + (*num_vars)++; +} + +#endif + /* The longest property name we use in an uploaded file array */ #define MAX_SIZE_OF_INDEX sizeof("[tmp_name]") @@ -77,6 +134,66 @@ REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION", UPLOAD_ERROR_X, CONST_CS | CONST_PERSISTENT); } +static void normalize_protected_variable(char *varname TSRMLS_DC) +{ + char *s=varname, *index=NULL, *indexend=NULL, *p; + + /* overjump leading space */ + while (*s == ' ') { + s++; + } + + /* and remove it */ + if (s != varname) { + memmove(varname, s, strlen(s)+1); + } + + for (p=varname; *p && *p != '['; p++) { + switch(*p) { + case ' ': + case '.': + *p='_'; + break; + } + } + + /* find index */ + index = strchr(varname, '['); + if (index) { + index++; + s=index; + } else { + return; + } + + /* done? */ + while (index) { + + while (*index == ' ' || *index == '\r' || *index == '\n' || *index=='\t') { + index++; + } + indexend = strchr(index, ']'); + indexend = indexend ? indexend + 1 : index + strlen(index); + + if (s != index) { + memmove(s, index, strlen(index)+1); + s += indexend-index; + } else { + s = indexend; + } + + if (*s == '[') { + s++; + index = s; + } else { + index = NULL; + } + } + + *s = '\0'; +} + + static void normalize_u_protected_variable(UChar *varname TSRMLS_DC) { UChar *s=varname, *index=NULL, *indexend=NULL, *p; @@ -138,6 +255,15 @@ *s++ = 0; } +static void add_protected_variable(char *varname TSRMLS_DC) +{ + int dummy=1; + + normalize_protected_variable(varname TSRMLS_CC); + zend_hash_add(&PG(rfc1867_protected_variables), varname, strlen(varname)+1, &dummy, sizeof(int), NULL); +} + + static void add_u_protected_variable(UChar *varname TSRMLS_DC) { int dummy=1; @@ -147,6 +273,13 @@ } +static zend_bool is_protected_variable(char *varname TSRMLS_DC) +{ + normalize_protected_variable(varname TSRMLS_CC); + return zend_hash_exists(&PG(rfc1867_protected_variables), varname, strlen(varname)+1); +} + + static zend_bool is_u_protected_variable(UChar *varname TSRMLS_DC) { normalize_u_protected_variable(varname TSRMLS_CC); @@ -154,6 +287,22 @@ } +static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) +{ + if (override_protection || !is_protected_variable(var TSRMLS_CC)) { + php_register_variable_safe(var, strval, val_len, track_vars_array TSRMLS_CC); + } +} + + +static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) +{ + if (override_protection || !is_protected_variable(var TSRMLS_CC)) { + php_register_variable_ex(var, val, track_vars_array TSRMLS_CC); + } +} + + static void safe_u_php_register_variable(UChar *var, UChar *str_val, int str_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) { if (override_protection || !is_u_protected_variable(var TSRMLS_CC)) { @@ -170,12 +319,24 @@ } +static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) +{ + safe_php_register_variable(strvar, val, strlen(val), http_post_files, override_protection TSRMLS_CC); +} + + static void register_u_http_post_files_variable(UChar *strvar, UChar *val, int val_len, zval *http_post_files, zend_bool override_protection TSRMLS_DC) { safe_u_php_register_variable(strvar, val, val_len, http_post_files, override_protection TSRMLS_CC); } +static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) +{ + safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC); +} + + static void register_u_http_post_files_variable_ex(UChar *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) { safe_u_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC); @@ -202,10 +363,14 @@ UErrorCode status = U_ZERO_ERROR; UChar *buf; int buf_len = 0; - UConverter *input_conv = ZEND_U_CONVERTER(UG(http_input_encoding_conv)); + UConverter *input_conv = UG(http_input_encoding_conv); - zend_string_to_unicode_ex(input_conv, &buf, &buf_len, in, in_len, &status); + if (!input_conv) { + input_conv = ZEND_U_CONVERTER(UG(output_encoding_conv)); + } + input_conv = ZEND_U_CONVERTER(UG(output_encoding_conv)); + zend_string_to_unicode_ex(input_conv, &buf, &buf_len, in, in_len, &status); if (U_SUCCESS(status)) { if (out_len) *out_len = buf_len; @@ -536,6 +701,45 @@ } +static char *php_ap_getword(char **line, char stop) +{ + char *pos = *line, quote; + char *res; + + while (*pos && *pos != stop) { + + if ((quote = *pos) == '"' || quote == '\'') { + ++pos; + while (*pos && *pos != quote) { + if (*pos == '\\' && pos[1] && pos[1] == quote) { + pos += 2; + } else { + ++pos; + } + } + if (*pos) { + ++pos; + } + } else ++pos; + + } + if (*pos == '\0') { + res = estrdup(*line); + *line += strlen(*line); + return res; + } + + res = estrndup(*line, pos - *line); + + while (*pos == stop) { + ++pos; + } + + *line = pos; + return res; +} + + static UChar *substring_u_conf(UChar *start, int len, UChar quote TSRMLS_DC) { UChar *result = eumalloc(len + 2); @@ -555,6 +759,37 @@ } +static char *substring_conf(char *start, int len, char quote TSRMLS_DC) +{ + char *result = emalloc(len + 2); + char *resp = result; + int i; + + for (i = 0; i < len; ++i) { + if (start[i] == '\\' && (start[i + 1] == '\\' || (quote && start[i + 1] == quote))) { + *resp++ = start[++i]; + } else { +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + if (php_mb_encoding_translation(TSRMLS_C)) { + size_t j = php_mb_gpc_mbchar_bytes(start+i TSRMLS_CC); + while (j-- > 0 && i < len) { + *resp++ = start[i++]; + } + --i; + } else { + *resp++ = start[i]; + } +#else + *resp++ = start[i]; +#endif + } + } + + *resp = '\0'; + return result; +} + + static UChar *php_u_ap_getword_conf(UChar **line TSRMLS_DC) { UChar *str = *line, *strend, *res, quote; @@ -610,6 +845,68 @@ } +static char *php_ap_getword_conf(char **line TSRMLS_DC) +{ + char *str = *line, *strend, *res, quote; + +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + if (php_mb_encoding_translation(TSRMLS_C)) { + int len=strlen(str); + php_mb_gpc_encoding_detector(&str, &len, 1, NULL TSRMLS_CC); + } +#endif + + while (*str && isspace(*str)) { + ++str; + } + + if (!*str) { + *line = str; + return estrdup(""); + } + + if ((quote = *str) == '"' || quote == '\'') { + strend = str + 1; +look_for_quote: + while (*strend && *strend != quote) { + if (*strend == '\\' && strend[1] && strend[1] == quote) { + strend += 2; + } else { + ++strend; + } + } + if (*strend && *strend == quote) { + char p = *(strend + 1); + if (p != '\r' && p != '\n' && p != '\0') { + strend++; + goto look_for_quote; + } + } + + res = substring_conf(str + 1, strend - str - 1, quote TSRMLS_CC); + + if (*strend == quote) { + ++strend; + } + + } else { + + strend = str; + while (*strend && !isspace(*strend)) { + ++strend; + } + res = substring_conf(str, strend - str, 0 TSRMLS_CC); + } + + while (*strend && isspace(*strend)) { + ++strend; + } + + *line = strend; + return res; +} + + /* search for a string in a fixed-length byte string. if partial is true, partial matches are allowed at the end of the buffer. @@ -704,12 +1001,7 @@ return out; } -/* - * The combined READER/HANDLER - * - */ - -SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) +static SAPI_POST_HANDLER_FUNC(rfc1867_post_handler_unicode) { char *boundary, *boundary_end = NULL; UChar *temp_filename=NULL, *array_index = NULL, *lbuf = NULL, *abuf = NULL; @@ -1130,17 +1422,23 @@ efree(array_index); } array_index = eustrndup(start_arr+1, array_len-2); - - if (abuf) efree(abuf); - abuf = eustrndup(param, u_strlen(param)-array_len); } + /* Add $foo_name */ if (lbuf) { efree(lbuf); } llen = u_strlen(param) + MAX_SIZE_OF_INDEX + 1; lbuf = eumalloc(llen); + if (is_arr_upload) { + if (abuf) efree(abuf); + abuf = eustrndup(param, u_strlen(param)-array_len); + u_snprintf(lbuf, llen, "%S_name[%S]", abuf, array_index); + } else { + u_snprintf(lbuf, llen, "%S_name", param); + } + /* The \ check should technically be needed for win32 systems only where * it is a valid path separator. However, IE in all its wisdom always sends * the full path of the file on the user's filesystem, which means that unless @@ -1152,6 +1450,14 @@ s = tmp; } + if (!is_anonymous) { + if (s && s > filename) { + safe_u_php_register_variable(lbuf, s+1, u_strlen(s+1), NULL, 0 TSRMLS_CC); + } else { + safe_u_php_register_variable(lbuf, filename, u_strlen(filename), NULL, 0 TSRMLS_CC); + } + } + /* Add $foo[name] */ if (is_arr_upload) { u_snprintf(lbuf, llen, "%S[name][%S]", abuf, array_index); @@ -1183,6 +1489,16 @@ } } + /* Add $foo_type */ + if (is_arr_upload) { + u_snprintf(lbuf, llen, "%S_type[%S]", abuf, array_index); + } else { + u_snprintf(lbuf, llen, "%S_type", param); + } + if (!is_anonymous) { + safe_u_php_register_variable(lbuf, ucd, ucd_len, NULL, 0 TSRMLS_CC); + } + /* Add $foo[type] */ if (is_arr_upload) { u_snprintf(lbuf, llen, "%S[type][%S]", abuf, array_index); @@ -1197,6 +1513,11 @@ /* Initialize variables */ add_u_protected_variable(param TSRMLS_CC); + /* if param is of form xxx[.*] this will cut it to xxx */ + if (!is_anonymous) { + safe_u_php_register_variable(param, temp_filename, u_strlen(temp_filename), NULL, 1 TSRMLS_CC); + } + /* Add $foo[tmp_name] */ if (is_arr_upload) { u_snprintf(lbuf, llen, "%S[tmp_name][%S]", abuf, array_index); @@ -1231,6 +1552,16 @@ } register_u_http_post_files_variable_ex(lbuf, &error_type, http_post_files, 0 TSRMLS_CC); + /* Add $foo_size */ + if (is_arr_upload) { + u_snprintf(lbuf, llen, "%S_size[%S]", abuf, array_index); + } else { + u_snprintf(lbuf, llen, "%S_size", param); + } + if (!is_anonymous) { + safe_u_php_register_variable_ex(lbuf, &file_size, NULL, 0 TSRMLS_CC); + } + /* Add $foo[size] */ if (is_arr_upload) { u_snprintf(lbuf, llen, "%S[size][%S]", abuf, array_index); @@ -1254,6 +1585,584 @@ SAFE_RETURN; } +static SAPI_POST_HANDLER_FUNC(rfc1867_post_handler_legacy) +{ + char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; + char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; + int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0; + int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous; + zval *http_post_files=NULL; HashTable *uploaded_files=NULL; +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL; + char **val_list = NULL; +#endif + multipart_buffer *mbuff; + zval *array_ptr = (zval *) arg; + int fd=-1; + zend_llist header; + void *event_extra_data = NULL; + int llen = 0; + + if (SG(request_info).content_length > SG(post_max_size)) { + sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); + return; + } + + /* Get the boundary */ + boundary = strstr(content_type_dup, "boundary"); + if (!boundary || !(boundary=strchr(boundary, '='))) { + sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data"); + return; + } + + boundary++; + boundary_len = strlen(boundary); + + if (boundary[0] == '"') { + boundary++; + boundary_end = strchr(boundary, '"'); + if (!boundary_end) { + sapi_module.sapi_error(E_WARNING, "Invalid boundary in multipart/form-data POST data"); + return; + } + } else { + /* search for the end of the boundary */ + boundary_end = strchr(boundary, ','); + } + if (boundary_end) { + boundary_end[0] = '\0'; + boundary_len = boundary_end-boundary; + } + + /* Initialize the buffer */ + if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) { + sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer"); + return; + } + + /* Initialize $_FILES[] */ + zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0); + + ALLOC_HASHTABLE(uploaded_files); + zend_hash_init(uploaded_files, 5, NULL, (dtor_func_t) free_estring, 0); + SG(rfc1867_uploaded_files) = uploaded_files; + + ALLOC_ZVAL(http_post_files); + array_init(http_post_files); + INIT_PZVAL(http_post_files); + PG(http_globals)[TRACK_VARS_FILES] = http_post_files; + +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + if (php_mb_encoding_translation(TSRMLS_C)) { + val_list = (char **)ecalloc(num_vars_max+2, sizeof(char *)); + len_list = (int *)ecalloc(num_vars_max+2, sizeof(int)); + } +#endif + zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0); + + if (php_rfc1867_callback != NULL) { + multipart_event_start event_start; + + event_start.content_length = SG(request_info).content_length; + if (php_rfc1867_callback(MULTIPART_EVENT_START, &event_start, &event_extra_data TSRMLS_CC) == FAILURE) { + goto fileupload_done; + } + } + + + while (!multipart_buffer_eof(mbuff TSRMLS_CC)) + { + char buff[FILLUNIT]; + char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; + size_t blen=0, wlen=0; + off_t offset; + + zend_llist_clean(&header); + + if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) { + goto fileupload_done; + } + + if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) { + char *pair=NULL; + int end=0; + + while (isspace(*cd)) { + ++cd; + } + + while (*cd && (pair = php_ap_getword(&cd, ';'))) + { + char *key=NULL, *word = pair; + + while (isspace(*cd)) { + ++cd; + } + + if (strchr(pair, '=')) { + key = php_ap_getword(&pair, '='); + + if (!strcasecmp(key, "name")) { + if (param) { + efree(param); + } + param = php_ap_getword_conf(&pair TSRMLS_CC); + } else if (!strcasecmp(key, "filename")) { + if (filename) { + efree(filename); + } + filename = php_ap_getword_conf(&pair TSRMLS_CC); + } + } + if (key) { + efree(key); + } + efree(word); + } + + /* Normal form variable, safe to read all data into memory */ + if (!filename && param) { + unsigned int value_len; + char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC); + unsigned int new_val_len; /* Dummy variable */ + + if (!value) { + value = estrdup(""); + } + + if (sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { + if (php_rfc1867_callback != NULL) { + multipart_event_formdata event_formdata; + size_t newlength = 0; + + event_formdata.post_bytes_processed = SG(read_post_bytes); + event_formdata.name = ZSTR(param); + event_formdata.value = PZSTR(value); + event_formdata.length = new_val_len; + event_formdata.newlength = &newlength; + if (php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC) == FAILURE) { + efree(param); + efree(value); + continue; + } + new_val_len = newlength; + } + +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + if (php_mb_encoding_translation(TSRMLS_C)) { + php_mb_gpc_stack_variable(param, value, &val_list, &len_list, + &num_vars, &num_vars_max TSRMLS_CC); + } else { + safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC); + } +#else + safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC); +#endif + } else if (php_rfc1867_callback != NULL) { + multipart_event_formdata event_formdata; + + event_formdata.post_bytes_processed = SG(read_post_bytes); + event_formdata.name = ZSTR(param); + event_formdata.value = PZSTR(value); + event_formdata.length = value_len; + event_formdata.newlength = NULL; + php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + } + + if (!strcasecmp(param, "MAX_FILE_SIZE")) { + max_file_size = atol(value); + } + + efree(param); + efree(value); + continue; + } + + /* If file_uploads=off, skip the file part */ + if (!PG(file_uploads)) { + skip_upload = 1; + } + + /* Return with an error if the posted data is garbled */ + if (!param && !filename) { + sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled"); + goto fileupload_done; + } + + if (!param) { + is_anonymous = 1; + param = emalloc(MAX_SIZE_ANONNAME); + snprintf(param, MAX_SIZE_ANONNAME, "%u", anonindex++); + } else { + is_anonymous = 0; + } + + /* New Rule: never repair potential malicious user input */ + if (!skip_upload) { + char *tmp = param; + long c = 0; + + while (*tmp) { + if (*tmp == '[') { + c++; + } else if (*tmp == ']') { + c--; + if (tmp[1] && tmp[1] != '[') { + skip_upload = 1; + break; + } + } + if (c < 0) { + skip_upload = 1; + break; + } + tmp++; + } + } + + total_bytes = cancel_upload = 0; + + if (!skip_upload) { + /* Handle file */ + fd = php_open_temporary_fd(PG(upload_tmp_dir), "php", &temp_filename TSRMLS_CC); + if (fd==-1) { + sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); + cancel_upload = UPLOAD_ERROR_E; + } + } + + if (!skip_upload && php_rfc1867_callback != NULL) { + multipart_event_file_start event_file_start; + + event_file_start.post_bytes_processed = SG(read_post_bytes); + event_file_start.name = ZSTR(param); + event_file_start.filename = PZSTR(filename); + if (php_rfc1867_callback(MULTIPART_EVENT_FILE_START, &event_file_start, &event_extra_data TSRMLS_CC) == FAILURE) { + if (temp_filename) { + if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ + close(fd); + unlink(temp_filename); + } + efree(temp_filename); + } + temp_filename=""; + efree(param); + efree(filename); + continue; + } + } + + + if (skip_upload) { + efree(param); + efree(filename); + continue; + } + + if(strlen(filename) == 0) { +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "No file uploaded"); +#endif + cancel_upload = UPLOAD_ERROR_D; + } + + offset = 0; + end = 0; + while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC))) + { + if (php_rfc1867_callback != NULL) { + multipart_event_file_data event_file_data; + + event_file_data.post_bytes_processed = SG(read_post_bytes); + event_file_data.offset = offset; + event_file_data.data = buff; + event_file_data.length = blen; + event_file_data.newlength = &blen; + if (php_rfc1867_callback(MULTIPART_EVENT_FILE_DATA, &event_file_data, &event_extra_data TSRMLS_CC) == FAILURE) { + cancel_upload = UPLOAD_ERROR_X; + continue; + } + } + + + if (PG(upload_max_filesize) > 0 && (total_bytes+blen) > PG(upload_max_filesize)) { +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename); +#endif + cancel_upload = UPLOAD_ERROR_A; + } else if (max_file_size && ((total_bytes+blen) > max_file_size)) { +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved", max_file_size, param, filename); +#endif + cancel_upload = UPLOAD_ERROR_B; + } else if (blen > 0) { + wlen = write(fd, buff, blen); + + if (wlen == -1) { + /* write failed */ +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "write() failed - %s", strerror(errno)); +#endif + cancel_upload = UPLOAD_ERROR_F; + } else if (wlen < blen) { +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "Only %d bytes were written, expected to write %d", wlen, blen); +#endif + cancel_upload = UPLOAD_ERROR_F; + } else { + total_bytes += wlen; + } + + offset += wlen; + } + } + if (fd!=-1) { /* may not be initialized if file could not be created */ + close(fd); + } + if (!cancel_upload && !end) { +#if DEBUG_FILE_UPLOAD + sapi_module.sapi_error(E_NOTICE, "Missing mime boundary at the end of the data for file %s", strlen(filename) > 0 ? filename : ""); +#endif + cancel_upload = UPLOAD_ERROR_C; + } +#if DEBUG_FILE_UPLOAD + if(strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) { + sapi_module.sapi_error(E_WARNING, "Uploaded file size 0 - file [%s=%s] not saved", param, filename); + cancel_upload = 5; + } +#endif + + if (php_rfc1867_callback != NULL) { + multipart_event_file_end event_file_end; + + event_file_end.post_bytes_processed = SG(read_post_bytes); + event_file_end.temp_filename = ZSTR(temp_filename); + event_file_end.cancel_upload = cancel_upload; + if (php_rfc1867_callback(MULTIPART_EVENT_FILE_END, &event_file_end, &event_extra_data TSRMLS_CC) == FAILURE) { + cancel_upload = UPLOAD_ERROR_X; + } + } + + if (cancel_upload) { + if (temp_filename) { + if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ + unlink(temp_filename); + } + efree(temp_filename); + } + temp_filename=""; + } else { + zend_hash_add(SG(rfc1867_uploaded_files), temp_filename, strlen(temp_filename) + 1, &temp_filename, sizeof(char *), NULL); + } + + /* is_arr_upload is true when name of file upload field + * ends in [.*] + * start_arr is set to point to 1st [ + */ + is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']'); + + if (is_arr_upload) { + array_len = strlen(start_arr); + if (array_index) { + efree(array_index); + } + array_index = estrndup(start_arr+1, array_len-2); + } + + /* Add $foo_name */ + if (lbuf) { + efree(lbuf); + } + llen = strlen(param) + MAX_SIZE_OF_INDEX + 1; + lbuf = (char *) emalloc(llen); + + if (is_arr_upload) { + if (abuf) efree(abuf); + abuf = estrndup(param, strlen(param)-array_len); + snprintf(lbuf, llen, "%s_name[%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s_name", param); + } + +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + if (php_mb_encoding_translation(TSRMLS_C)) { + if (num_vars>=num_vars_max){ + php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max, + 1 TSRMLS_CC); + } + val_list[num_vars] = filename; + len_list[num_vars] = strlen(filename); + num_vars++; + if(php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { + str_len = strlen(filename); + php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC); + } + s = php_mb_strrchr(filename, '\\' TSRMLS_CC); + if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) > s) { + s = tmp; + } + num_vars--; + goto filedone; + } +#endif + /* The \ check should technically be needed for win32 systems only where + * it is a valid path separator. However, IE in all it's wisdom always sends + * the full path of the file on the user's filesystem, which means that unless + * the user does basename() they get a bogus file name. Until IE's user base drops + * to nill or problem is fixed this code must remain enabled for all systems. + */ + s = strrchr(filename, '\\'); + if ((tmp = strrchr(filename, '/')) > s) { + s = tmp; + } + +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) +filedone: +#endif + + if (!is_anonymous) { + if (s && s > filename) { + safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); + } else { + safe_php_register_variable(lbuf, filename, strlen(filename), NULL, 0 TSRMLS_CC); + } + } + + /* Add $foo[name] */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[name][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[name]", param); + } + if (s && s > filename) { + register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); + } else { + register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); + } + efree(filename); + s = NULL; + + /* Possible Content-Type: */ + if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) { + cd = ""; + } else { + /* fix for Opera 6.01 */ + s = strchr(cd, ';'); + if (s != NULL) { + *s = '\0'; + } + } + + /* Add $foo_type */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s_type[%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s_type", param); + } + if (!is_anonymous) { + safe_php_register_variable(lbuf, cd, strlen(cd), NULL, 0 TSRMLS_CC); + } + + /* Add $foo[type] */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[type][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[type]", param); + } + register_http_post_files_variable(lbuf, cd, http_post_files, 0 TSRMLS_CC); + + /* Restore Content-Type Header */ + if (s != NULL) { + *s = ';'; + } + s = ""; + + /* Initialize variables */ + add_protected_variable(param TSRMLS_CC); + + /* if param is of form xxx[.*] this will cut it to xxx */ + if (!is_anonymous) { + safe_php_register_variable(param, temp_filename, strlen(temp_filename), NULL, 1 TSRMLS_CC); + } + + /* Add $foo[tmp_name] */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[tmp_name]", param); + } + add_protected_variable(lbuf TSRMLS_CC); + register_http_post_files_variable(lbuf, temp_filename, http_post_files, 1 TSRMLS_CC); + + { + zval file_size, error_type; + + error_type.value.lval = cancel_upload; + error_type.type = IS_LONG; + + /* Add $foo[error] */ + if (cancel_upload) { + file_size.value.lval = 0; + file_size.type = IS_LONG; + } else { + file_size.value.lval = total_bytes; + file_size.type = IS_LONG; + } + + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[error][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[error]", param); + } + register_http_post_files_variable_ex(lbuf, &error_type, http_post_files, 0 TSRMLS_CC); + + /* Add $foo_size */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s_size[%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s_size", param); + } + if (!is_anonymous) { + safe_php_register_variable_ex(lbuf, &file_size, NULL, 0 TSRMLS_CC); + } + + /* Add $foo[size] */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[size][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[size]", param); + } + register_http_post_files_variable_ex(lbuf, &file_size, http_post_files, 0 TSRMLS_CC); + } + efree(param); + } + } + +fileupload_done: +#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) + php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); +#endif + + if (php_rfc1867_callback != NULL) { + multipart_event_end event_end; + + event_end.post_bytes_processed = SG(read_post_bytes); + php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC); + } + + SAFE_RETURN; +} + +/* + * The combined READER/HANDLER + * + */ + +SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) +{ + rfc1867_post_handler_unicode(content_type_dup, arg TSRMLS_CC); +} + /* * Local variables: * tab-width: 4
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php