ID: 9930 Updated by: sniper Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: *General Issues PHP Version: 4.0.4pl1 Assigned To: Comments: Patch committed. Thanks! --Jani Previous Comments: --------------------------------------------------------------------------- [2001-03-29 04:53:24] [EMAIL PROTECTED] Hello Jani, have you recieved my email? I have replyed to yours, as it came from [EMAIL PROTECTED] and you asked me, to send the diff to this address. But the footer of your email is a little bit confusing :-) : "ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=9930&edit=2"; Greetings Andreas --------------------------------------------------------------------------- [2001-03-26 16:28:48] [EMAIL PROTECTED] Could you please create an unified diff? ie. using 'diff -u' and send it (as an attachment) to [EMAIL PROTECTED] ? --Jani --------------------------------------------------------------------------- [2001-03-23 05:30:19] [EMAIL PROTECTED] One comment to the listing of the diff, above: The second argument to the function strpbrk starts with a blank and a tabulator. This is not (easily) recognized in that listing. Andreas --------------------------------------------------------------------------- [2001-03-22 11:34:24] [EMAIL PROTECTED] Hello, the documentation tells in chapter 19: "PHP is capable of receiving file uploads from any RFC-1867 compliant browser (...).". If the implementation does not, I think it is a bug. So I submit a bug-report, not a feature-request. The code, which should handle RFC-1867 compliant POST-bodies, is in the file main/rfc1867.c. But it do not accept many possiblilities, which are allowed by RFC-1867, RFC-2045 and RFC-822, in its version 1.60. First, it anly allows one Header-field in every part of the POST-body. (see also Bugid 7685) Second, it still do not handle atoms as parameter-values correctly. (see also Bugid 8486) Third, it does not accept whitespaces at all allowed places (around the '=' in the parameter). Fourth, it does not recognize folded headerfields as been folded. Fifth, it does not handle comments at all. The first two should be handled correctly, if a PHP-script should be usable from Lynx. I have changed the file rfc1867.c in a way, that more POST-bodies are accepted, but also my version is still not accepting all RFC-1867 compliant POST-bodies. It misses all changes to the part of handling the filename-parameter and do not handle comments at all. Here is a context-diff between the version 1.60 of your CVS and my version: *** rfc1867.c.v1.60 Thu Mar 22 14:42:35 2001 --- rfc1867.c Thu Mar 22 17:10:43 2001 *************** *** 151,184 **** } else { Done = 1; } break; case 1: /* Check content-disposition */ ! if (strncasecmp(ptr, "Content-Disposition: form-data;", 31)) { if (rem < 31) { SAFE_RETURN; } ! php_error(E_WARNING, "File Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4)); ! SAFE_RETURN; } loc = memchr(ptr, 'n', rem); name = strstr(ptr, " name="); if (name && name < loc) { name += 6; ! s = memchr(name, '"', loc - name); ! if ( name == s ) { name++; s = memchr(name, '"', loc - name); if(!s) { php_error(E_WARNING, "File Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3), *(name + 4)); SAFE_RETURN; } - } else if(!s) { - s = loc; } else { ! php_error(E_WARNING, "File Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3), *(name + 4)); ! SAFE_RETURN; } if (namebuf) { efree(namebuf); } namebuf = estrndup(name, s-name); --- 151,193 ---- } else { Done = 1; } break; case 1: /* Check content-disposition */ ! while (strncasecmp(ptr, "Content-Disposition: form-data;", 31)) { if (rem < 31) { SAFE_RETURN; } ! if (ptr[1] == 'n') { ! /* empty line as end of header found */ ! php_error(E_WARNING, "File Upload Mime headers garbled ptr: [%c%c%c%c%c]", *ptr, *(ptr + 1), *(ptr + 2), *(ptr + 3), *(ptr + 4)); ! SAFE_RETURN; ! } ! /* some other headerfield found, skip it */ ! loc = (char *) memchr(ptr, 'n', rem)+1; ! while (*loc == ' ' || *loc == 't') ! /* other field is folded, skip it */ ! loc = (char *) memchr(loc, 'n', rem-(loc-ptr))+1; ! rem -= (loc - ptr); ! ptr = loc; } loc = memchr(ptr, 'n', rem); + while (loc[1] == ' ' || loc[1] == 't') + /* field is folded, look for end */ + loc = memchr(loc+1, 'n', rem-(loc-ptr)-1); name = strstr(ptr, " name="); if (name && name < loc) { name += 6; ! if ( *name == '"' ) { name++; s = memchr(name, '"', loc - name); if(!s) { php_error(E_WARNING, "File Upload Mime headers garbled name: [%c%c%c%c%c]", *name, *(name + 1), *(name + 2), *(name + 3), *(name + 4)); SAFE_RETURN; } } else { ! s = strpbrk(name, " ()<>@,;:\"/[]?=rn"); } if (namebuf) { efree(namebuf); } namebuf = estrndup(name, s-name); *************** *** 185,197 **** if (lbuf) { efree(lbuf); } lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX + 1); state = 2; ! loc2 = memchr(loc + 1, 'n', rem); ! rem -= (loc2 - ptr) + 1; ! ptr = loc2 + 1; /* is_arr_upload is true when name of file upload field * ends in [.*] * start_arr is set to point to 1st [ * end_arr points to last ] */ --- 194,210 ---- if (lbuf) { efree(lbuf); } lbuf = emalloc(s-name + MAX_SIZE_OF_INDEX + 1); state = 2; ! loc2 = loc; ! while (loc2[2] != 'n') { ! /* empty line as end of header not yet found */ ! loc2 = memchr(loc2 + 1, 'n', rem-(loc2-ptr)-1); ! } ! rem -= (loc2 - ptr) + 3; ! ptr = loc2 + 3; /* is_arr_upload is true when name of file upload field * ends in [.*] * start_arr is set to point to 1st [ * end_arr points to last ] */ I have tried some POST-bodies, one of them shown here: --xnyLAaB03X^M Content-Type: text/plain;^M charset=iso-8859-1^M Content-Disposition: form-data;^M name=postarg;^M x-info="Andreas Pistoor"^M ^M input^M --xnyLAaB03X--^M Kind regards Andreas Pistoor --------------------------------------------------------------------------- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=9930&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
