From:             [EMAIL PROTECTED]
Operating system: any
PHP version:      4.0.4pl1
PHP Bug Type:     *General Issues
Bug description:  only small psubset of rfc1867 accepted

 Hello,
 the documentation tells in chapter 19: "PHP is capable of receiving file uploads from 
any RFC-1867 compliant browser (...).". If the implementation does not, I think it is 
a bug. So I submit a bug-report, not a feature-request.
 The code, which should handle RFC-1867 compliant POST-bodies, is in the file 
main/rfc1867.c. But it do not accept many possiblilities, which are allowed by 
RFC-1867, RFC-2045 and RFC-822, in its version 1.60.
 First, it anly allows one Header-field in every part of the POST-body. (see also 
Bugid 7685)
 Second, it still do not handle atoms as parameter-values correctly. (see also Bugid 
8486)
 Third, it does not accept whitespaces at all allowed places (around the '=' in the 
parameter).
 Fourth, it does not recognize folded headerfields as been folded.
 Fifth, it does not handle comments at all.

 The first two should be handled correctly, if a PHP-script should be usable from 
Lynx. I have changed the file rfc1867.c in a way, that more POST-bodies are accepted, 
but also my version is still not accepting all RFC-1867 compliant POST-bodies. It 
misses all changes to the part of handling the filename-parameter and do not handle 
comments at all.

 Here is a context-diff between the version 1.60 of your CVS and my version:

*** rfc1867.c.v1.60     Thu Mar 22 14:42:35 2001
--- rfc1867.c   Thu Mar 22 17:10:43 2001
***************
*** 151,184 ****
                                } else {
                                        Done = 1;
                                }
                                break;
                        case 1:                 /* Check content-disposition */
!                               if (strncasecmp(ptr, "Content-Disposition: 
form-data;", 31)) {
                                        if (rem < 31) {
                                                SAFE_RETURN;
                                        }
!                                       php_error(E_WARNING, "File Upload Mime headers 
garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4));
!                                       SAFE_RETURN;
                                }
                                loc = memchr(ptr, '\n', rem);
                                name = strstr(ptr, " name=");
                                if (name && name < loc) {
                                        name += 6;
!                                       s = memchr(name, '\"', loc - name);
!                                       if ( name == s ) {
                                                name++;
                                                s = memchr(name, '\"', loc - name);
                                                if(!s) {
                                                        php_error(E_WARNING, "File 
Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), 
*(name + 3), *(name + 4));
                                                        SAFE_RETURN;
                                                }
-                                       } else if(!s) {
-                                               s = loc;
                                        } else {
!                                               php_error(E_WARNING, "File Upload Mime 
headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3), 
*(name + 4));
!                                               SAFE_RETURN;
                                        }
                                        if (namebuf) {
                                                efree(namebuf);
                                        }
                                        namebuf = estrndup(name, s-name);
--- 151,193 ----
                                } else {
                                        Done = 1;
                                }
                                break;
                        case 1:                 /* Check content-disposition */
!                               while (strncasecmp(ptr, "Content-Disposition: 
form-data;", 31)) {
                                        if (rem < 31) {
                                                SAFE_RETURN;
                                        }
!                                       if (ptr[1] == '\n') {
!                                                 /* empty line as end of header found 
*/
!                                               php_error(E_WARNING, "File Upload Mime 
headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 
4));
!                                               SAFE_RETURN;
!                                         }
!                                       /* some other headerfield found, skip it */
!                                         loc = (char *) memchr(ptr, '\n', rem)+1;
!                                       while (*loc == ' ' || *loc == '\t')
!                                               /* other field is folded, skip it */
!                                               loc = (char *) memchr(loc, '\n', 
rem-(loc-ptr))+1;
!                                       rem -= (loc - ptr);
!                                       ptr = loc;
                                }
                                loc = memchr(ptr, '\n', rem);
+                               while (loc[1] == ' ' || loc[1] == '\t')
+                                       /* field is folded, look for end */
+                                       loc = memchr(loc+1, '\n', rem-(loc-ptr)-1);
                                name = strstr(ptr, " name=");
                                if (name && name < loc) {
                                        name += 6;
!                                       if ( *name == '\"' ) {
                                                name++;
                                                s = memchr(name, '\"', loc - name);
                                                if(!s) {
                                                        php_error(E_WARNING, "File 
Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), 
*(name + 3), *(name + 4));
                                                        SAFE_RETURN;
                                                }
                                        } else {
!                                               s = strpbrk(name, "     
()<>@,;:\\\"/[]?=\r\n");
                                        }
                                        if (namebuf) {
                                                efree(namebuf);
                                        }
                                        namebuf = estrndup(name, s-name);
***************
*** 185,197 ****
                                        if (lbuf) {
                                                efree(lbuf);
                                        }
                                        lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX + 1);
                                        state = 2;
!                                       loc2 = memchr(loc + 1, '\n', rem);
!                                       rem -= (loc2 - ptr) + 1;
!                                       ptr = loc2 + 1;
                                        /* is_arr_upload is true when name of file 
upload field
                                         * ends in [.*]
                                         * start_arr is set to point to 1st [
                                         * end_arr points to last ]
                                         */
--- 194,210 ----
                                        if (lbuf) {
                                                efree(lbuf);
                                        }
                                        lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX + 1);
                                        state = 2;
!                                       loc2 = loc;
!                                       while (loc2[2] != '\n') {
!                                               /* empty line as end of header not yet 
found */
!                                               loc2 = memchr(loc2 + 1, '\n', 
rem-(loc2-ptr)-1);
!                                       }
!                                       rem -= (loc2 - ptr) + 3;
!                                       ptr = loc2 + 3;
                                        /* is_arr_upload is true when name of file 
upload field
                                         * ends in [.*]
                                         * start_arr is set to point to 1st [
                                         * end_arr points to last ]
                                         */


 I have tried some POST-bodies, one of them shown here:
--xnyLAaB03X^M
Content-Type: text/plain;^M
 charset=iso-8859-1^M
Content-Disposition: form-data;^M
 name=postarg;^M
 x-info="Andreas Pistoor"^M
^M
input^M
--xnyLAaB03X--^M

 Kind regards
 Andreas Pistoor



-- 
Edit Bug report at: http://bugs.php.net/?id=9930&edit=1



-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to