johannes                                 Mon, 25 Jan 2010 23:26:15 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=294031

Log:
Merge rfc1867.c changes

r292762 - Fixed bug #48190 (Content-type parameter "boundary" is not case-
   insensitive in HTTP uploads). (iliaa)
r292771 - WS + CS + folding tags (jani)
r292777 - Sync with HEAD (jani)

Bug: http://bugs.php.net/48190 (Closed) Content-type parameter "boundary" is 
not case-insensitive in HTTP uploads
      
Changed paths:
    _U  php/php-src/branches/PHP_5_3_2/
    U   php/php-src/branches/PHP_5_3_2/NEWS
    U   php/php-src/branches/PHP_5_3_2/main/rfc1867.c

Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292719,292765
/php/php-src/trunk:284726
   + /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292719,292762,292765,292771,292777
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3_2/NEWS	2010-01-25 23:17:52 UTC (rev 294030)
+++ php/php-src/branches/PHP_5_3_2/NEWS	2010-01-25 23:26:15 UTC (rev 294031)
@@ -7,6 +7,8 @@
   (Ilia)
 - Added stream_resolve_include_path(). (Mikko)

+- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive
+  in HTTP uploads). (Ilia)
 - Fixed bug #47409 (extract() problem with array containing word "this").
   (Ilia, chrisstocktonaz at gmail dot com)


Modified: php/php-src/branches/PHP_5_3_2/main/rfc1867.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/main/rfc1867.c	2010-01-25 23:17:52 UTC (rev 294030)
+++ php/php-src/branches/PHP_5_3_2/main/rfc1867.c	2010-01-25 23:26:15 UTC (rev 294031)
@@ -13,7 +13,7 @@
    | lice...@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
    | Authors: Rasmus Lerdorf <ras...@php.net>                             |
-   |          Jani Taskinen <sni...@php.net>                              |
+   |          Jani Taskinen <j...@php.net>                                |
    +----------------------------------------------------------------------+
  */

@@ -23,7 +23,7 @@
  *  This product includes software developed by the Apache Group
  *  for use in the Apache HTTP server project (http://www.apache.org/).
  *
- */
+ */

 #include <stdio.h>
 #include "php.h"
@@ -32,6 +32,7 @@
 #include "php_globals.h"
 #include "php_variables.h"
 #include "rfc1867.h"
+#include "ext/standard/php_string.h"

 #define DEBUG_FILE_UPLOAD ZEND_DEBUG

@@ -43,7 +44,7 @@
 static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC);

 #define SAFE_RETURN { \
-    php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \
+	php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \
 	if (lbuf) efree(lbuf); \
 	if (abuf) efree(abuf); \
 	if (array_index) efree(array_index); \
@@ -55,7 +56,7 @@
 	if (mbuff) efree(mbuff); \
 	return; }

-void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr  TSRMLS_DC)
+void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr  TSRMLS_DC) /* {{{ */
 {
 	int i;
 	if (php_mb_encoding_translation(TSRMLS_C)) {
@@ -63,17 +64,18 @@
 			php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) {
 			php_mb_gpc_encoding_converter(val_list, len_list, num_vars, NULL, NULL TSRMLS_CC);
 		}
-		for (i=0; i<num_vars; i+=2){
+		for (i = 0; i<num_vars; i += 2) {
 			safe_php_register_variable(val_list[i], val_list[i+1], len_list[i+1], array_ptr, 0 TSRMLS_CC);
 			efree(val_list[i]);
 			efree(val_list[i+1]);
-		}
+		}
 		efree(val_list);
 		efree(len_list);
 	}
 }
+/* }}} */

-void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max, int inc  TSRMLS_DC)
+void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max, int inc  TSRMLS_DC) /* {{{ */
 {
 	/* allow only even increments */
 	if (inc & 1) {
@@ -83,15 +85,15 @@
 	*pval_list = (char **)erealloc(*pval_list, (*num_vars_max+2)*sizeof(char *));
 	*plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int));
 }
+/* }}} */

-void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC)
+void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC) /* {{{ */
 {
-	char **val_list=*pval_list;
-	int *len_list=*plen_list;
+	char **val_list = *pval_list;
+	int *len_list = *plen_list;

-	if (*num_vars>=*num_vars_max){
-		php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max,
-								  16 TSRMLS_CC);
+	if (*num_vars >= *num_vars_max) {
+		php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, 16 TSRMLS_CC);
 		/* in case realloc relocated the buffer */
 		val_list = *pval_list;
 		len_list = *plen_list;
@@ -104,6 +106,7 @@
 	len_list[*num_vars] = strlen(value);
 	(*num_vars)++;
 }
+/* }}} */

 #else

@@ -136,7 +139,7 @@
 #define UPLOAD_ERROR_F    7  /* Failed to write file to disk */
 #define UPLOAD_ERROR_X    8  /* File upload stopped by extension */

-void php_rfc1867_register_constants(TSRMLS_D)
+void php_rfc1867_register_constants(TSRMLS_D) /* {{{ */
 {
 	REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_OK",         UPLOAD_ERROR_OK, CONST_CS | CONST_PERSISTENT);
 	REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_INI_SIZE",   UPLOAD_ERROR_A,  CONST_CS | CONST_PERSISTENT);
@@ -147,26 +150,27 @@
 	REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F,  CONST_CS | CONST_PERSISTENT);
 	REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION",  UPLOAD_ERROR_X,  CONST_CS | CONST_PERSISTENT);
 }
+/* }}} */

-static void normalize_protected_variable(char *varname TSRMLS_DC)
+static void normalize_protected_variable(char *varname TSRMLS_DC) /* {{{ */
 {
-	char *s=varname, *index=NULL, *indexend=NULL, *p;
-
+	char *s = varname, *index = NULL, *indexend = NULL, *p;
+
 	/* overjump leading space */
 	while (*s == ' ') {
 		s++;
 	}
-
+
 	/* and remove it */
 	if (s != varname) {
 		memmove(varname, s, strlen(s)+1);
 	}

-	for (p=varname; *p && *p != '['; p++) {
+	for (p = varname; *p && *p != '['; p++) {
 		switch(*p) {
 			case ' ':
 			case '.':
-				*p='_';
+				*p = '_';
 				break;
 		}
 	}
@@ -175,20 +179,19 @@
 	index = strchr(varname, '[');
 	if (index) {
 		index++;
-		s=index;
+		s = index;
 	} else {
 		return;
 	}

 	/* done? */
 	while (index) {
-
 		while (*index == ' ' || *index == '\r' || *index == '\n' || *index=='\t') {
 			index++;
 		}
 		indexend = strchr(index, ']');
 		indexend = indexend ? indexend + 1 : index + strlen(index);
-
+
 		if (s != index) {
 			memmove(s, index, strlen(index)+1);
 			s += indexend-index;
@@ -201,46 +204,45 @@
 			index = s;
 		} else {
 			index = NULL;
-		}
+		}
 	}
-
 	*s = '\0';
 }
+/* }}} */

-
-static void add_protected_variable(char *varname TSRMLS_DC)
+static void add_protected_variable(char *varname TSRMLS_DC) /* {{{ */
 {
-	int dummy=1;
+	int dummy = 1;

 	normalize_protected_variable(varname TSRMLS_CC);
 	zend_hash_add(&PG(rfc1867_protected_variables), varname, strlen(varname)+1, &dummy, sizeof(int), NULL);
 }
+/* }}} */

-
-static zend_bool is_protected_variable(char *varname TSRMLS_DC)
+static zend_bool is_protected_variable(char *varname TSRMLS_DC) /* {{{ */
 {
 	normalize_protected_variable(varname TSRMLS_CC);
 	return zend_hash_exists(&PG(rfc1867_protected_variables), varname, strlen(varname)+1);
 }
+/* }}} */

-
-static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC)
+static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) /* {{{ */
 {
 	if (override_protection || !is_protected_variable(var TSRMLS_CC)) {
 		php_register_variable_safe(var, strval, val_len, track_vars_array TSRMLS_CC);
 	}
 }
+/* }}} */

-
-static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC)
+static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) /* {{{ */
 {
 	if (override_protection || !is_protected_variable(var TSRMLS_CC)) {
 		php_register_variable_ex(var, val, track_vars_array TSRMLS_CC);
 	}
 }
+/* }}} */

-
-static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
+static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */
 {
 	int register_globals = PG(register_globals);

@@ -248,9 +250,9 @@
 	safe_php_register_variable(strvar, val, strlen(val), http_post_files, override_protection TSRMLS_CC);
 	PG(register_globals) = register_globals;
 }
+/* }}} */

-
-static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
+static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */
 {
 	int register_globals = PG(register_globals);

@@ -258,28 +260,25 @@
 	safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC);
 	PG(register_globals) = register_globals;
 }
+/* }}} */

-
-static int unlink_filename(char **filename TSRMLS_DC)
+static int unlink_filename(char **filename TSRMLS_DC) /* {{{ */
 {
 	VCWD_UNLINK(*filename);
 	return 0;
 }
+/* }}} */

-
-void destroy_uploaded_files_hash(TSRMLS_D)
+void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */
 {
 	zend_hash_apply(SG(rfc1867_uploaded_files), (apply_func_t) unlink_filename TSRMLS_CC);
 	zend_hash_destroy(SG(rfc1867_uploaded_files));
 	FREE_HASHTABLE(SG(rfc1867_uploaded_files));
 }
+/* }}} */

+/* {{{ Following code is based on apache_multipart_buffer.c from libapreq-0.33 package. */

-/*
- *  Following code is based on apache_multipart_buffer.c from libapreq-0.33 package.
- *
- */
-
 #define FILLUNIT (1024 * 5)

 typedef struct {
@@ -297,17 +296,15 @@

 } multipart_buffer;

-
 typedef struct {
 	char *key;
 	char *value;
 } mime_header_entry;

-
 /*
-  fill up the buffer with client data.
-  returns number of bytes added to buffer.
-*/
+ * Fill up the buffer with client data.
+ * Returns number of bytes added to buffer.
+ */
 static int fill_buffer(multipart_buffer *self TSRMLS_DC)
 {
 	int bytes_to_read, total_read = 0, actual_read = 0;
@@ -343,7 +340,6 @@
 	return total_read;
 }

-
 /* eof if we are out of bytes, or if we hit the final boundary */
 static int multipart_buffer_eof(multipart_buffer *self TSRMLS_DC)
 {
@@ -354,7 +350,6 @@
 	}
 }

-
 /* create new multipart_buffer structure */
 static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len)
 {
@@ -367,7 +362,7 @@
 	self->bufsize = minsize;

 	spprintf(&self->boundary, 0, "--%s", boundary);
-
+
 	self->boundary_next_len = spprintf(&self->boundary_next, 0, "\n--%s", boundary);

 	self->buf_begin = self->buffer;
@@ -376,17 +371,16 @@
 	return self;
 }

-
 /*
-  gets the next CRLF terminated line from the input buffer.
-  if it doesn't find a CRLF, and the buffer isn't completely full, returns
-  NULL; otherwise, returns the beginning of the null-terminated line,
-  minus the CRLF.
-
-  note that we really just look for LF terminated lines. this works
-  around a bug in internet explorer for the macintosh which sends mime
-  boundaries that are only LF terminated when you use an image submit
-  button in a multipart/form-data form.
+ * Gets the next CRLF terminated line from the input buffer.
+ * If it doesn't find a CRLF, and the buffer isn't completely full, returns
+ * NULL; otherwise, returns the beginning of the null-terminated line,
+ * minus the CRLF.
+ *
+ * Note that we really just look for LF terminated lines. This works
+ * around a bug in internet explorer for the macintosh which sends mime
+ * boundaries that are only LF terminated when you use an image submit
+ * button in a multipart/form-data form.
  */
 static char *next_line(multipart_buffer *self)
 {
@@ -406,7 +400,7 @@
 		/* bump the pointer */
 		self->buf_begin = ptr + 1;
 		self->bytes_in_buffer -= (self->buf_begin - line);
-
+
 	} else {	/* no LF found */

 		/* buffer isn't completely full, fail */
@@ -422,8 +416,7 @@
 	return line;
 }

-
-/* returns the next CRLF terminated line from the client */
+/* Returns the next CRLF terminated line from the client */
 static char *get_line(multipart_buffer *self TSRMLS_DC)
 {
 	char* ptr = next_line(self);
@@ -436,7 +429,6 @@
 	return ptr;
 }

-
 /* Free header entry */
 static void php_free_hdr_entry(mime_header_entry *h)
 {
@@ -448,7 +440,6 @@
 	}
 }

-
 /* finds a boundary */
 static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC)
 {
@@ -467,14 +458,13 @@
 	return 0;
 }

-
 /* parse headers */
 static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header TSRMLS_DC)
 {
 	char *line;
 	mime_header_entry prev_entry, entry;
 	int prev_len, cur_len;
-
+
 	/* didn't find boundary, abort */
 	if (!find_boundary(self, self->boundary TSRMLS_CC)) {
 		return 0;
@@ -485,10 +475,9 @@
 	while( (line = get_line(self TSRMLS_CC)) && strlen(line) > 0 )
 	{
 		/* add header to table */
-
 		char *key = line;
 		char *value = NULL;
-
+
 		/* space in the beginning means same header */
 		if (!isspace(line[0])) {
 			value = strchr(line, ':');
@@ -512,7 +501,7 @@
 			entry.value[cur_len + prev_len] = '\0';

 			entry.key = estrdup(prev_entry.key);
-
+
 			zend_llist_remove_tail(header);
 		} else {
 			continue;
@@ -525,7 +514,6 @@
 	return 1;
 }

-
 static char *php_mime_get_hdr_value(zend_llist header, char *key)
 {
 	mime_header_entry *entry;
@@ -533,7 +521,7 @@
 	if (key == NULL) {
 		return NULL;
 	}
-
+
 	entry = zend_llist_get_first(&header);
 	while (entry) {
 		if (!strcasecmp(entry->key, key)) {
@@ -541,18 +529,16 @@
 		}
 		entry = zend_llist_get_next(&header);
 	}
-
+
 	return NULL;
 }

-
 static char *php_ap_getword(char **line, char stop)
 {
 	char *pos = *line, quote;
 	char *res;

 	while (*pos && *pos != stop) {
-
 		if ((quote = *pos) == '"' || quote == '\'') {
 			++pos;
 			while (*pos && *pos != quote) {
@@ -566,7 +552,6 @@
 				++pos;
 			}
 		} else ++pos;
-
 	}
 	if (*pos == '\0') {
 		res = estrdup(*line);
@@ -584,7 +569,6 @@
 	return res;
 }

-
 static char *substring_conf(char *start, int len, char quote TSRMLS_DC)
 {
 	char *result = emalloc(len + 2);
@@ -615,7 +599,6 @@
 	return result;
 }

-
 static char *php_ap_getword_conf(char **line TSRMLS_DC)
 {
 	char *str = *line, *strend, *res, quote;
@@ -677,12 +660,11 @@
 	return res;
 }

-
 /*
-  search for a string in a fixed-length byte string.
-  if partial is true, partial matches are allowed at the end of the buffer.
-  returns NULL if not found, or a pointer to the start of the first match.
-*/
+ * Search for a string in a fixed-length byte string.
+ * If partial is true, partial matches are allowed at the end of the buffer.
+ * Returns NULL if not found, or a pointer to the start of the first match.
+ */
 static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int needlen, int partial)
 {
 	int len = haystacklen;
@@ -706,7 +688,6 @@
 	return ptr;
 }

-
 /* read until a boundary condition */
 static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, int *end TSRMLS_DC)
 {
@@ -750,7 +731,6 @@
 	return len;
 }

-
 /*
   XXX: this is horrible memory-usage-wise, but we only expect
   to do this on small pieces of form data.
@@ -766,32 +746,35 @@
 		total_bytes += read_bytes;
 	}

-	if (out) out[total_bytes] = '\0';
+	if (out) {
+		out[total_bytes] = '\0';
+	}
 	*len = total_bytes;

 	return out;
 }
+/* }}} */

-
 /*
  * The combined READER/HANDLER
  *
  */

-SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
+SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
 {
-	char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL;
-	char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL;
-	int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0;
-	int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous;
-	zval *http_post_files=NULL; HashTable *uploaded_files=NULL;
+	char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL;
+	char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL;
+	int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
+	int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous;
+	zval *http_post_files = NULL;
+	HashTable *uploaded_files = NULL;
 #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
 	int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL;
 	char **val_list = NULL;
 #endif
 	multipart_buffer *mbuff;
 	zval *array_ptr = (zval *) arg;
-	int fd=-1;
+	int fd = -1;
 	zend_llist header;
 	void *event_extra_data = NULL;
 	int llen = 0;
@@ -804,7 +787,19 @@

 	/* Get the boundary */
 	boundary = strstr(content_type_dup, "boundary");
-	if (!boundary || !(boundary=strchr(boundary, '='))) {
+	if (!boundary) {
+		int content_type_len = strlen(content_type_dup);
+		char *content_type_lcase = estrndup(content_type_dup, content_type_len);
+
+		php_strtolower(content_type_lcase, content_type_len);
+		boundary = strstr(content_type_lcase, "boundary");
+		if (boundary) {
+			boundary = content_type_dup + (boundary - content_type_lcase);
+		}
+		efree(content_type_lcase);
+	}
+
+	if (!boundary || !(boundary = strchr(boundary, '='))) {
 		sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data");
 		return;
 	}
@@ -815,7 +810,7 @@
 	if (boundary[0] == '"') {
 		boundary++;
 		boundary_end = strchr(boundary, '"');
-		if (!boundary_end) {
+		if (!boundary_end) {
 			sapi_module.sapi_error(E_WARNING, "Invalid boundary in multipart/form-data POST data");
 			return;
 		}
@@ -866,8 +861,8 @@
 	while (!multipart_buffer_eof(mbuff TSRMLS_CC))
 	{
 		char buff[FILLUNIT];
-		char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
-		size_t blen=0, wlen=0;
+		char *cd = NULL, *param = NULL, *filename = NULL, *tmp = NULL;
+		size_t blen = 0, wlen = 0;
 		off_t offset;

 		zend_llist_clean(&header);
@@ -877,16 +872,16 @@
 		}

 		if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {
-			char *pair=NULL;
-			int end=0;
-
+			char *pair = NULL;
+			int end = 0;
+
 			while (isspace(*cd)) {
 				++cd;
 			}

 			while (*cd && (pair = php_ap_getword(&cd, ';')))
 			{
-				char *key=NULL, *word = pair;
+				char *key = NULL, *word = pair;

 				while (isspace(*cd)) {
 					++cd;
@@ -894,7 +889,7 @@

 				if (strchr(pair, '=')) {
 					key = php_ap_getword(&pair, '=');
-
+
 					if (!strcasecmp(key, "name")) {
 						if (param) {
 							efree(param);
@@ -943,8 +938,7 @@

 #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
 					if (php_mb_encoding_translation(TSRMLS_C)) {
-						php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
-												  &num_vars, &num_vars_max TSRMLS_CC);
+						php_mb_gpc_stack_variable(param, value, &val_list, &len_list, &num_vars, &num_vars_max TSRMLS_CC);
 					} else {
 						safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC);
 					}
@@ -984,7 +978,7 @@
 				sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled");
 				goto fileupload_done;
 			}
-
+
 			if (!param) {
 				is_anonymous = 1;
 				param = emalloc(MAX_SIZE_ANONNAME);
@@ -992,12 +986,12 @@
 			} else {
 				is_anonymous = 0;
 			}
-
+
 			/* New Rule: never repair potential malicious user input */
 			if (!skip_upload) {
 				char *tmp = param;
 				long c = 0;
-
+
 				while (*tmp) {
 					if (*tmp == '[') {
 						c++;
@@ -1012,7 +1006,7 @@
 						skip_upload = 1;
 						break;
 					}
-					tmp++;
+					tmp++;
 				}
 			}

@@ -1022,12 +1016,12 @@
 				/* Handle file */
 				fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC);
 				upload_cnt--;
-				if (fd==-1) {
+				if (fd == -1) {
 					sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file");
 					cancel_upload = UPLOAD_ERROR_E;
 				}
 			}
-
+
 			if (!skip_upload && php_rfc1867_callback != NULL) {
 				multipart_event_file_start event_file_start;

@@ -1042,21 +1036,20 @@
 						}
 						efree(temp_filename);
 					}
-					temp_filename="";
+					temp_filename = "";
 					efree(param);
 					efree(filename);
 					continue;
 				}
 			}

-
 			if (skip_upload) {
 				efree(param);
 				efree(filename);
 				continue;
 			}

-			if(strlen(filename) == 0) {
+			if (strlen(filename) == 0) {
 #if DEBUG_FILE_UPLOAD
 				sapi_module.sapi_error(E_NOTICE, "No file uploaded");
 #endif
@@ -1080,8 +1073,7 @@
 						continue;
 					}
 				}
-
-
+
 				if (PG(upload_max_filesize) > 0 && (total_bytes+blen) > PG(upload_max_filesize)) {
 #if DEBUG_FILE_UPLOAD
 					sapi_module.sapi_error(E_NOTICE, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename);
@@ -1093,9 +1085,8 @@
 #endif
 					cancel_upload = UPLOAD_ERROR_B;
 				} else if (blen > 0) {
-
 					wlen = write(fd, buff, blen);
-
+
 					if (wlen == -1) {
 						/* write failed */
 #if DEBUG_FILE_UPLOAD
@@ -1110,11 +1101,10 @@
 					} else {
 						total_bytes += wlen;
 					}
-
 					offset += wlen;
-				}
+				}
 			}
-			if (fd!=-1) { /* may not be initialized if file could not be created */
+			if (fd != -1) { /* may not be initialized if file could not be created */
 				close(fd);
 			}
 			if (!cancel_upload && !end) {
@@ -1124,12 +1114,11 @@
 				cancel_upload = UPLOAD_ERROR_C;
 			}
 #if DEBUG_FILE_UPLOAD
-			if(strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) {
+			if (strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) {
 				sapi_module.sapi_error(E_WARNING, "Uploaded file size 0 - file [%s=%s] not saved", param, filename);
 				cancel_upload = 5;
 			}
-#endif
-
+#endif
 			if (php_rfc1867_callback != NULL) {
 				multipart_event_file_end event_file_end;

@@ -1148,15 +1137,14 @@
 					}
 					efree(temp_filename);
 				}
-				temp_filename="";
+				temp_filename = "";
 			} else {
 				zend_hash_add(SG(rfc1867_uploaded_files), temp_filename, strlen(temp_filename) + 1, &temp_filename, sizeof(char *), NULL);
 			}

 			/* is_arr_upload is true when name of file upload field
 			 * ends in [.*]
-			 * start_arr is set to point to 1st [
-			 */
+			 * start_arr is set to point to 1st [ */
 			is_arr_upload =	(start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']');

 			if (is_arr_upload) {
@@ -1164,16 +1152,16 @@
 				if (array_index) {
 					efree(array_index);
 				}
-				array_index = estrndup(start_arr+1, array_len-2);
+				array_index = estrndup(start_arr + 1, array_len - 2);
 			}
-
+
 			/* Add $foo_name */
 			if (llen < strlen(param) + MAX_SIZE_OF_INDEX + 1) {
 				llen = strlen(param);
 				lbuf = (char *) safe_erealloc(lbuf, llen, 1, MAX_SIZE_OF_INDEX + 1);
 				llen += MAX_SIZE_OF_INDEX + 1;
 			}
-
+
 			if (is_arr_upload) {
 				if (abuf) efree(abuf);
 				abuf = estrndup(param, strlen(param)-array_len);
@@ -1184,14 +1172,13 @@

 #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
 			if (php_mb_encoding_translation(TSRMLS_C)) {
-				if (num_vars>=num_vars_max){
-					php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max,
-											  1 TSRMLS_CC);
+				if (num_vars >= num_vars_max) {
+					php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max, 1 TSRMLS_CC);
 				}
 				val_list[num_vars] = filename;
 				len_list[num_vars] = strlen(filename);
 				num_vars++;
-				if(php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) {
+				if (php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) {
 					str_len = strlen(filename);
 					php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC);
 				}
@@ -1202,13 +1189,12 @@
 				num_vars--;
 				goto filedone;
 			}
-#endif
+#endif
 			/* The \ check should technically be needed for win32 systems only where
 			 * it is a valid path separator. However, IE in all it's wisdom always sends
 			 * the full path of the file on the user's filesystem, which means that unless
-			 * the user does basename() they get a bogus file name. Until IE's user base drops
-			 * to nill or problem is fixed this code must remain enabled for all systems.
-			 */
+			 * the user does basename() they get a bogus file name. Until IE's user base drops
+			 * to nill or problem is fixed this code must remain enabled for all systems. */
 			s = strrchr(filename, '\\');
 			if ((tmp = strrchr(filename, '/')) > s) {
 				s = tmp;
@@ -1224,9 +1210,9 @@
 #endif

 #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
-filedone:
+filedone:
 #endif
-
+
 			if (!is_anonymous) {
 				if (s && s > filename) {
 					safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC);
@@ -1248,11 +1234,11 @@
 			}
 			efree(filename);
 			s = NULL;
-
+
 			/* Possible Content-Type: */
 			if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) {
 				cd = "";
-			} else {
+			} else {
 				/* fix for Opera 6.01 */
 				s = strchr(cd, ';');
 				if (s != NULL) {
@@ -1297,7 +1283,7 @@
 					ZVAL_STRING(&zfilename, temp_filename, 1);
 					safe_php_register_variable_ex(param, &zfilename, NULL, 1 TSRMLS_CC);
 				}
-
+
 				/* Add $foo[tmp_name] */
 				if (is_arr_upload) {
 					snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index);
@@ -1322,8 +1308,8 @@
 				} else {
 					file_size.value.lval = total_bytes;
 					file_size.type = IS_LONG;
-				}
-
+				}
+
 				if (is_arr_upload) {
 					snprintf(lbuf, llen, "%s[error][%s]", abuf, array_index);
 				} else {
@@ -1339,7 +1325,7 @@
 				}
 				if (!is_anonymous) {
 					safe_php_register_variable_ex(lbuf, &file_size, NULL, 0 TSRMLS_CC);
-				}
+				}

 				/* Add $foo[size] */
 				if (is_arr_upload) {
@@ -1352,16 +1338,18 @@
 			efree(param);
 		}
 	}
+
 fileupload_done:
 	if (php_rfc1867_callback != NULL) {
 		multipart_event_end event_end;
-
+
 		event_end.post_bytes_processed = SG(read_post_bytes);
 		php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC);
 	}
-
+
 	SAFE_RETURN;
 }
+/* }}} */

 /*
  * Local variables:
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to