ID: 9930
User Update by: [EMAIL PROTECTED]
Status: Open
Bug Type: *General Issues
Description: only small psubset of rfc1867 accepted
One comment to the listing of the diff, above:
The second argument to the function strpbrk starts with a blank and a tabulator. This
is not (easily) recognized in that listing.
Andreas
Previous Comments:
---------------------------------------------------------------------------
[2001-03-22 11:34:24] [EMAIL PROTECTED]
Hello,
the documentation tells in chapter 19: "PHP is capable of receiving file uploads from
any RFC-1867 compliant browser (...).". If the implementation does not, I think it is
a bug. So I submit a bug-report, not a feature-request.
The code, which should handle RFC-1867 compliant POST-bodies, is in the file
main/rfc1867.c. But it do not accept many possiblilities, which are allowed by
RFC-1867, RFC-2045 and RFC-822, in its version 1.60.
First, it anly allows one Header-field in every part of the POST-body. (see also
Bugid 7685)
Second, it still do not handle atoms as parameter-values correctly. (see also Bugid
8486)
Third, it does not accept whitespaces at all allowed places (around the '=' in the
parameter).
Fourth, it does not recognize folded headerfields as been folded.
Fifth, it does not handle comments at all.
The first two should be handled correctly, if a PHP-script should be usable from
Lynx. I have changed the file rfc1867.c in a way, that more POST-bodies are accepted,
but also my version is still not accepting all RFC-1867 compliant POST-bodies. It
misses all changes to the part of handling the filename-parameter and do not handle
comments at all.
Here is a context-diff between the version 1.60 of your CVS and my version:
*** rfc1867.c.v1.60 Thu Mar 22 14:42:35 2001
--- rfc1867.c Thu Mar 22 17:10:43 2001
***************
*** 151,184 ****
} else {
Done = 1;
}
break;
case 1: /* Check content-disposition */
! if (strncasecmp(ptr, "Content-Disposition:
form-data;", 31)) {
if (rem < 31) {
SAFE_RETURN;
}
! php_error(E_WARNING, "File Upload Mime headers
garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4));
! SAFE_RETURN;
}
loc = memchr(ptr, 'n', rem);
name = strstr(ptr, " name=");
if (name && name < loc) {
name += 6;
! s = memchr(name, '"', loc - name);
! if ( name == s ) {
name++;
s = memchr(name, '"', loc - name);
if(!s) {
php_error(E_WARNING, "File
Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2),
*(name + 3), *(name + 4));
SAFE_RETURN;
}
- } else if(!s) {
- s = loc;
} else {
! php_error(E_WARNING, "File Upload Mime
headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3),
*(name + 4));
! SAFE_RETURN;
}
if (namebuf) {
efree(namebuf);
}
namebuf = estrndup(name, s-name);
--- 151,193 ----
} else {
Done = 1;
}
break;
case 1: /* Check content-disposition */
! while (strncasecmp(ptr, "Content-Disposition:
form-data;", 31)) {
if (rem < 31) {
SAFE_RETURN;
}
! if (ptr[1] == 'n') {
! /* empty line as end of header found
*/
! php_error(E_WARNING, "File Upload Mime
headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr +
4));
! SAFE_RETURN;
! }
! /* some other headerfield found, skip it */
! loc = (char *) memchr(ptr, 'n', rem)+1;
! while (*loc == ' ' || *loc == 't')
! /* other field is folded, skip it */
! loc = (char *) memchr(loc, 'n',
rem-(loc-ptr))+1;
! rem -= (loc - ptr);
! ptr = loc;
}
loc = memchr(ptr, 'n', rem);
+ while (loc[1] == ' ' || loc[1] == 't')
+ /* field is folded, look for end */
+ loc = memchr(loc+1, 'n', rem-(loc-ptr)-1);
name = strstr(ptr, " name=");
if (name && name < loc) {
name += 6;
! if ( *name == '"' ) {
name++;
s = memchr(name, '"', loc - name);
if(!s) {
php_error(E_WARNING, "File
Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2),
*(name + 3), *(name + 4));
SAFE_RETURN;
}
} else {
! s = strpbrk(name, "
()<>@,;:\"/[]?=rn");
}
if (namebuf) {
efree(namebuf);
}
namebuf = estrndup(name, s-name);
***************
*** 185,197 ****
if (lbuf) {
efree(lbuf);
}
lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX +
1);
state = 2;
! loc2 = memchr(loc + 1, 'n', rem);
! rem -= (loc2 - ptr) + 1;
! ptr = loc2 + 1;
/* is_arr_upload is true when name of file
upload field
* ends in [.*]
* start_arr is set to point to 1st [
* end_arr points to last ]
*/
--- 194,210 ----
if (lbuf) {
efree(lbuf);
}
lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX +
1);
state = 2;
! loc2 = loc;
! while (loc2[2] != 'n') {
! /* empty line as end of header not yet
found */
! loc2 = memchr(loc2 + 1, 'n',
rem-(loc2-ptr)-1);
! }
! rem -= (loc2 - ptr) + 3;
! ptr = loc2 + 3;
/* is_arr_upload is true when name of file
upload field
* ends in [.*]
* start_arr is set to point to 1st [
* end_arr points to last ]
*/
I have tried some POST-bodies, one of them shown here:
--xnyLAaB03X^M
Content-Type: text/plain;^M
charset=iso-8859-1^M
Content-Disposition: form-data;^M
name=postarg;^M
x-info="Andreas Pistoor"^M
^M
input^M
--xnyLAaB03X--^M
Kind regards
Andreas Pistoor
---------------------------------------------------------------------------
Full Bug description available at: http://bugs.php.net/?id=9930
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
