[PHP-CVS] cvs: php-src /main rfc1867.c
janiSat May 23 18:42:54 2009 UTC
Modified files:
/php-src/main rfc1867.c
Log:
fix build
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.211r2=1.212diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.211 php-src/main/rfc1867.c:1.212
--- php-src/main/rfc1867.c:1.211Sat May 23 18:03:27 2009
+++ php-src/main/rfc1867.c Sat May 23 18:42:54 2009
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.211 2009/05/23 18:03:27 andrei Exp $ */
+/* $Id: rfc1867.c,v 1.212 2009/05/23 18:42:54 jani Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -578,12 +578,12 @@
return out;
}
-static void register_raw_var_ex(char *var, zval *value, HashTable *array
TSRMLS_DC)
+static void register_raw_var_ex(char *var, zval *value, HashTable *array)
{
- zend_hash_update(array, var, strlen(var)+1, value, sizeof(zval *),
NULL TSRMLS_CC);
+ zend_hash_update(array, var, strlen(var)+1, value, sizeof(zval *),
NULL);
}
-static void register_raw_var(char *var, char *str, int str_len, HashTable
*array TSRMLS_DC)
+static void register_raw_var(char *var, char *str, int str_len, HashTable
*array)
{
zval *new_entry;
assert(str != NULL);
@@ -594,7 +594,7 @@
Z_STRVAL_P(new_entry) = estrndup(str, Z_STRLEN_P(new_entry));
Z_TYPE_P(new_entry) = IS_STRING;
- register_raw_var_ex(var, new_entry, array TSRMLS_DC);
+ register_raw_var_ex(var, new_entry, array);
}
/*
@@ -737,7 +737,7 @@
value_len = 0;
}
-register_raw_var(param, value, value_len, post_vars TSRMLS_DC);
+register_raw_var(param, value, value_len, post_vars);
if (php_rfc1867_callback != NULL) {
multipart_event_formdata event_formdata;
@@ -975,9 +975,9 @@
snprintf(lbuf, llen, %s[name], param);
}
if (s s filename) {
- register_raw_var(lbuf, s+1, strlen(s+1),
files_vars TSRMLS_CC);
+ register_raw_var(lbuf, s+1, strlen(s+1),
files_vars);
} else {
- register_raw_var(lbuf, filename,
strlen(filename), files_vars TSRMLS_CC);
+ register_raw_var(lbuf, filename,
strlen(filename), files_vars);
}
efree(filename);
s = NULL;
@@ -999,7 +999,7 @@
} else {
snprintf(lbuf, llen, %s[type], param);
}
- register_raw_var(lbuf, cd, strlen(cd), files_vars
TSRMLS_CC);
+ register_raw_var(lbuf, cd, strlen(cd), files_vars);
/* Restore Content-Type Header */
if (s != NULL) {
@@ -1013,7 +1013,7 @@
} else {
snprintf(lbuf, llen, %s[tmp_name], param);
}
- register_raw_var(lbuf, temp_filename,
strlen(temp_filename), files_vars TSRMLS_CC);
+ register_raw_var(lbuf, temp_filename,
strlen(temp_filename), files_vars);
{
zval *file_size, *error_type;
@@ -1035,7 +1035,7 @@
} else {
snprintf(lbuf, llen, %s[error],
param);
}
- register_raw_var_ex(lbuf, error_type,
files_vars TSRMLS_CC);
+ register_raw_var_ex(lbuf, error_type,
files_vars);
/* Add $foo[size] */
if (is_arr_upload) {
@@ -1043,7 +1043,7 @@
} else {
snprintf(lbuf, llen, %s[size], param);
}
- register_raw_var_ex(lbuf, file_size, files_vars
TSRMLS_CC);
+ register_raw_var_ex(lbuf, file_size,
files_vars);
}
efree(param);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
janiSat May 23 18:46:10 2009 UTC
Modified files:
/php-src/main rfc1867.c
Log:
ws
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.212r2=1.213diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.212 php-src/main/rfc1867.c:1.213
--- php-src/main/rfc1867.c:1.212Sat May 23 18:42:54 2009
+++ php-src/main/rfc1867.c Sat May 23 18:46:10 2009
@@ -17,13 +17,13 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.212 2009/05/23 18:42:54 jani Exp $ */
+/* $Id: rfc1867.c,v 1.213 2009/05/23 18:46:10 jani Exp $ */
/*
* This product includes software developed by the Apache Group
* for use in the Apache HTTP server project (http://www.apache.org/).
*
- */
+ */
#include stdio.h
#include php.h
@@ -76,14 +76,12 @@
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_EXTENSION, UPLOAD_ERROR_X,
CONST_CS | CONST_PERSISTENT);
}
-
static int unlink_filename(char **filename TSRMLS_DC)
{
VCWD_UNLINK(*filename);
return 0;
}
-
void destroy_uploaded_files_hash(TSRMLS_D)
{
zend_hash_apply(SG(rfc1867_uploaded_files), (apply_func_t)
unlink_filename TSRMLS_CC);
@@ -113,13 +111,11 @@
} multipart_buffer;
-
typedef struct {
char *key;
char *value;
} mime_header_entry;
-
/*
fill up the buffer with client data.
returns number of bytes added to buffer.
@@ -166,7 +162,6 @@
return total_read;
}
-
/* eof if we are out of bytes, or if we hit the final boundary */
static int multipart_buffer_eof(multipart_buffer *self TSRMLS_DC)
{
@@ -177,7 +172,6 @@
}
}
-
/* create new multipart_buffer structure */
static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len)
{
@@ -190,7 +184,7 @@
self-bufsize = minsize;
spprintf(self-boundary, 0, --%s, boundary);
-
+
self-boundary_next_len = spprintf(self-boundary_next, 0, \n--%s,
boundary);
self-buf_begin = self-buffer;
@@ -199,7 +193,6 @@
return self;
}
-
/*
gets the next CRLF terminated line from the input buffer.
if it doesn't find a CRLF, and the buffer isn't completely full, returns
@@ -229,7 +222,7 @@
/* bump the pointer */
self-buf_begin = ptr + 1;
self-bytes_in_buffer -= (self-buf_begin - line);
-
+
} else {/* no LF found */
/* buffer isn't completely full, fail */
@@ -245,7 +238,6 @@
return line;
}
-
/* returns the next CRLF terminated line from the client */
static char *get_line(multipart_buffer *self TSRMLS_DC)
{
@@ -259,7 +251,6 @@
return ptr;
}
-
/* Free header entry */
static void php_free_hdr_entry(mime_header_entry *h)
{
@@ -271,7 +262,6 @@
}
}
-
/* finds a boundary */
static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC)
{
@@ -290,14 +280,13 @@
return 0;
}
-
/* parse headers */
static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header
TSRMLS_DC)
{
char *line;
mime_header_entry prev_entry, entry;
int prev_len, cur_len;
-
+
/* didn't find boundary, abort */
if (!find_boundary(self, self-boundary TSRMLS_CC)) {
return 0;
@@ -308,10 +297,9 @@
while( (line = get_line(self TSRMLS_CC)) strlen(line) 0 )
{
/* add header to table */
-
char *key = line;
char *value = NULL;
-
+
/* space in the beginning means same header */
if (!isspace(line[0])) {
value = strchr(line, ':');
@@ -335,7 +323,7 @@
entry.value[cur_len + prev_len] = '\0';
entry.key = estrdup(prev_entry.key);
-
+
zend_llist_remove_tail(header);
} else {
continue;
@@ -348,7 +336,6 @@
return 1;
}
-
static char *php_mime_get_hdr_value(zend_llist header, char *key)
{
mime_header_entry *entry;
@@ -356,7 +343,7 @@
if (key == NULL) {
return NULL;
}
-
+
entry = zend_llist_get_first(header);
while (entry) {
if (!strcasecmp(entry-key, key)) {
@@ -364,19 +351,17 @@
}
entry = zend_llist_get_next(header);
}
-
+
return NULL;
}
-
-
static char *php_ap_getword(char **line, char stop)
{
char *pos = *line, quote;
char *res;
while (*pos *pos != stop) {
-
+
if ((quote = *pos) == '' || quote == '\'') {
++pos;
while (*pos *pos != quote) {
@@ -390,7 +375,7 @@
++pos;
}
} else ++pos;
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudFri May 1 00:13:22 2009 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Removed code handling non-unicode input (was used when !UG(unicode))
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.206r2=1.207diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.206 php-src/main/rfc1867.c:1.207
--- php-src/main/rfc1867.c:1.206Thu Mar 26 20:02:53 2009
+++ php-src/main/rfc1867.c Fri May 1 00:13:22 2009
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.206 2009/03/26 20:02:53 felipe Exp $ */
+/* $Id: rfc1867.c,v 1.207 2009/05/01 00:13:22 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -49,63 +49,6 @@
if (mbuff) efree(mbuff); \
return; }
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
-#include ext/mbstring/mbstring.h
-
-static void safe_php_register_variable(char *var, char *strval, int val_len,
zval *track_vars_array, zend_bool override_protection TSRMLS_DC);
-
-void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list,
zval *array_ptr TSRMLS_DC)
-{
- int i;
- if (php_mb_encoding_translation(TSRMLS_C)) {
- if (num_vars 0
- php_mb_gpc_encoding_detector(val_list, len_list,
num_vars, NULL TSRMLS_CC) == SUCCESS) {
- php_mb_gpc_encoding_converter(val_list, len_list,
num_vars, NULL, NULL TSRMLS_CC);
- }
- for (i=0; inum_vars; i+=2){
- safe_php_register_variable(val_list[i], val_list[i+1],
len_list[i+1], array_ptr, 0 TSRMLS_CC);
- efree(val_list[i]);
- efree(val_list[i+1]);
- }
- efree(val_list);
- efree(len_list);
- }
-}
-
-void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int
*num_vars_max, int inc TSRMLS_DC)
-{
- /* allow only even increments */
- if (inc 1) {
- inc++;
- }
- (*num_vars_max) += inc;
- *pval_list = (char **)erealloc(*pval_list,
(*num_vars_max+2)*sizeof(char *));
- *plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int));
-}
-
-void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list,
int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC)
-{
- char **val_list=*pval_list;
- int *len_list=*plen_list;
-
- if (*num_vars=*num_vars_max){
- php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max,
- 16 TSRMLS_CC);
- /* in case realloc relocated the buffer */
- val_list = *pval_list;
- len_list = *plen_list;
- }
-
- val_list[*num_vars] = (char *)estrdup(param);
- len_list[*num_vars] = strlen(param);
- (*num_vars)++;
- val_list[*num_vars] = (char *)estrdup(value);
- len_list[*num_vars] = strlen(value);
- (*num_vars)++;
-}
-
-#endif
-
/* The longest property name we use in an uploaded file array */
#define MAX_SIZE_OF_INDEX sizeof([tmp_name])
@@ -134,66 +77,6 @@
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_EXTENSION, UPLOAD_ERROR_X,
CONST_CS | CONST_PERSISTENT);
}
-static void normalize_protected_variable(char *varname TSRMLS_DC)
-{
- char *s=varname, *index=NULL, *indexend=NULL, *p;
-
- /* overjump leading space */
- while (*s == ' ') {
- s++;
- }
-
- /* and remove it */
- if (s != varname) {
- memmove(varname, s, strlen(s)+1);
- }
-
- for (p=varname; *p *p != '['; p++) {
- switch(*p) {
- case ' ':
- case '.':
- *p='_';
- break;
- }
- }
-
- /* find index */
- index = strchr(varname, '[');
- if (index) {
- index++;
- s=index;
- } else {
- return;
- }
-
- /* done? */
- while (index) {
-
- while (*index == ' ' || *index == '\r' || *index == '\n' ||
*index=='\t') {
- index++;
- }
- indexend = strchr(index, ']');
- indexend = indexend ? indexend + 1 : index + strlen(index);
-
- if (s != index) {
- memmove(s, index, strlen(index)+1);
- s += indexend-index;
- } else {
- s = indexend;
- }
-
- if (*s == '[') {
- s++;
- index = s;
- } else {
- index = NULL;
- }
- }
-
- *s = '\0';
-}
-
-
static void
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudFri May 1 00:15:07 2009 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Removed code for register_globals in file uploads
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.207r2=1.208diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.207 php-src/main/rfc1867.c:1.208
--- php-src/main/rfc1867.c:1.207Fri May 1 00:13:22 2009
+++ php-src/main/rfc1867.c Fri May 1 00:15:07 2009
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.207 2009/05/01 00:13:22 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.208 2009/05/01 00:15:07 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1136,7 +1136,6 @@
array_index = eustrndup(start_arr+1,
array_len-2);
}
- /* Add $foo_name */
if (lbuf) {
efree(lbuf);
}
@@ -1146,9 +1145,6 @@
if (is_arr_upload) {
if (abuf) efree(abuf);
abuf = eustrndup(param,
u_strlen(param)-array_len);
- u_snprintf(lbuf, llen, %S_name[%S], abuf,
array_index);
- } else {
- u_snprintf(lbuf, llen, %S_name, param);
}
/* The \ check should technically be needed for win32
systems only where
@@ -1162,14 +1158,6 @@
s = tmp;
}
- if (!is_anonymous) {
- if (s s filename) {
- safe_u_php_register_variable(lbuf, s+1,
u_strlen(s+1), NULL, 0 TSRMLS_CC);
- } else {
- safe_u_php_register_variable(lbuf,
filename, u_strlen(filename), NULL, 0 TSRMLS_CC);
- }
- }
-
/* Add $foo[name] */
if (is_arr_upload) {
u_snprintf(lbuf, llen, %S[name][%S], abuf,
array_index);
@@ -1201,16 +1189,6 @@
}
}
- /* Add $foo_type */
- if (is_arr_upload) {
- u_snprintf(lbuf, llen, %S_type[%S], abuf,
array_index);
- } else {
- u_snprintf(lbuf, llen, %S_type, param);
- }
- if (!is_anonymous) {
- safe_u_php_register_variable(lbuf, ucd,
ucd_len, NULL, 0 TSRMLS_CC);
- }
-
/* Add $foo[type] */
if (is_arr_upload) {
u_snprintf(lbuf, llen, %S[type][%S], abuf,
array_index);
@@ -1225,11 +1203,6 @@
/* Initialize variables */
add_u_protected_variable(param TSRMLS_CC);
- /* if param is of form xxx[.*] this will cut it to xxx
*/
- if (!is_anonymous) {
- safe_u_php_register_variable(param,
temp_filename, u_strlen(temp_filename), NULL, 1 TSRMLS_CC);
- }
-
/* Add $foo[tmp_name] */
if (is_arr_upload) {
u_snprintf(lbuf, llen, %S[tmp_name][%S],
abuf, array_index);
@@ -1264,16 +1237,6 @@
}
register_u_http_post_files_variable_ex(lbuf,
error_type, http_post_files, 0 TSRMLS_CC);
- /* Add $foo_size */
- if (is_arr_upload) {
- u_snprintf(lbuf, llen, %S_size[%S],
abuf, array_index);
- } else {
- u_snprintf(lbuf, llen, %S_size,
param);
- }
- if (!is_anonymous) {
- safe_u_php_register_variable_ex(lbuf,
file_size, NULL, 0 TSRMLS_CC);
- }
-
/* Add $foo[size] */
if (is_arr_upload) {
u_snprintf(lbuf, llen, %S[size][%S],
abuf, array_index);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudFri May 1 00:18:10 2009 UTC
Modified files:
/php-src/main rfc1867.c
Log:
cleanup
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.208r2=1.209diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.208 php-src/main/rfc1867.c:1.209
--- php-src/main/rfc1867.c:1.208Fri May 1 00:15:07 2009
+++ php-src/main/rfc1867.c Fri May 1 00:18:09 2009
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.208 2009/05/01 00:15:07 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.209 2009/05/01 00:18:09 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -202,14 +202,10 @@
UErrorCode status = U_ZERO_ERROR;
UChar *buf;
int buf_len = 0;
- UConverter *input_conv = UG(http_input_encoding_conv);
+ UConverter *input_conv = ZEND_U_CONVERTER(UG(http_input_encoding_conv));
- if (!input_conv) {
- input_conv = ZEND_U_CONVERTER(UG(output_encoding_conv));
- }
-
- input_conv = ZEND_U_CONVERTER(UG(output_encoding_conv));
zend_string_to_unicode_ex(input_conv, buf, buf_len, in, in_len,
status);
+
if (U_SUCCESS(status)) {
if (out_len)
*out_len = buf_len;
@@ -1134,6 +1130,9 @@
efree(array_index);
}
array_index = eustrndup(start_arr+1,
array_len-2);
+
+ if (abuf) efree(abuf);
+ abuf = eustrndup(param,
u_strlen(param)-array_len);
}
if (lbuf) {
@@ -1142,11 +1141,6 @@
llen = u_strlen(param) + MAX_SIZE_OF_INDEX + 1;
lbuf = eumalloc(llen);
- if (is_arr_upload) {
- if (abuf) efree(abuf);
- abuf = eustrndup(param,
u_strlen(param)-array_len);
- }
-
/* The \ check should technically be needed for win32
systems only where
* it is a valid path separator. However, IE in all its
wisdom always sends
* the full path of the file on the user's filesystem,
which means that unless
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudFri May 1 00:36:43 2009 UTC
Modified files:
/php-src/main rfc1867.c
Log:
revert to allow Andrei to make his changes
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.209r2=1.210diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.209 php-src/main/rfc1867.c:1.210
--- php-src/main/rfc1867.c:1.209Fri May 1 00:18:09 2009
+++ php-src/main/rfc1867.c Fri May 1 00:36:43 2009
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.209 2009/05/01 00:18:09 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.210 2009/05/01 00:36:43 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -49,6 +49,63 @@
if (mbuff) efree(mbuff); \
return; }
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
+#include ext/mbstring/mbstring.h
+
+static void safe_php_register_variable(char *var, char *strval, int val_len,
zval *track_vars_array, zend_bool override_protection TSRMLS_DC);
+
+void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list,
zval *array_ptr TSRMLS_DC)
+{
+ int i;
+ if (php_mb_encoding_translation(TSRMLS_C)) {
+ if (num_vars 0
+ php_mb_gpc_encoding_detector(val_list, len_list,
num_vars, NULL TSRMLS_CC) == SUCCESS) {
+ php_mb_gpc_encoding_converter(val_list, len_list,
num_vars, NULL, NULL TSRMLS_CC);
+ }
+ for (i=0; inum_vars; i+=2){
+ safe_php_register_variable(val_list[i], val_list[i+1],
len_list[i+1], array_ptr, 0 TSRMLS_CC);
+ efree(val_list[i]);
+ efree(val_list[i+1]);
+ }
+ efree(val_list);
+ efree(len_list);
+ }
+}
+
+void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int
*num_vars_max, int inc TSRMLS_DC)
+{
+ /* allow only even increments */
+ if (inc 1) {
+ inc++;
+ }
+ (*num_vars_max) += inc;
+ *pval_list = (char **)erealloc(*pval_list,
(*num_vars_max+2)*sizeof(char *));
+ *plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int));
+}
+
+void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list,
int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC)
+{
+ char **val_list=*pval_list;
+ int *len_list=*plen_list;
+
+ if (*num_vars=*num_vars_max){
+ php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max,
+ 16 TSRMLS_CC);
+ /* in case realloc relocated the buffer */
+ val_list = *pval_list;
+ len_list = *plen_list;
+ }
+
+ val_list[*num_vars] = (char *)estrdup(param);
+ len_list[*num_vars] = strlen(param);
+ (*num_vars)++;
+ val_list[*num_vars] = (char *)estrdup(value);
+ len_list[*num_vars] = strlen(value);
+ (*num_vars)++;
+}
+
+#endif
+
/* The longest property name we use in an uploaded file array */
#define MAX_SIZE_OF_INDEX sizeof([tmp_name])
@@ -77,6 +134,66 @@
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_EXTENSION, UPLOAD_ERROR_X,
CONST_CS | CONST_PERSISTENT);
}
+static void normalize_protected_variable(char *varname TSRMLS_DC)
+{
+ char *s=varname, *index=NULL, *indexend=NULL, *p;
+
+ /* overjump leading space */
+ while (*s == ' ') {
+ s++;
+ }
+
+ /* and remove it */
+ if (s != varname) {
+ memmove(varname, s, strlen(s)+1);
+ }
+
+ for (p=varname; *p *p != '['; p++) {
+ switch(*p) {
+ case ' ':
+ case '.':
+ *p='_';
+ break;
+ }
+ }
+
+ /* find index */
+ index = strchr(varname, '[');
+ if (index) {
+ index++;
+ s=index;
+ } else {
+ return;
+ }
+
+ /* done? */
+ while (index) {
+
+ while (*index == ' ' || *index == '\r' || *index == '\n' ||
*index=='\t') {
+ index++;
+ }
+ indexend = strchr(index, ']');
+ indexend = indexend ? indexend + 1 : index + strlen(index);
+
+ if (s != index) {
+ memmove(s, index, strlen(index)+1);
+ s += indexend-index;
+ } else {
+ s = indexend;
+ }
+
+ if (*s == '[') {
+ s++;
+ index = s;
+ } else {
+ index = NULL;
+ }
+ }
+
+ *s = '\0';
+}
+
+
static void
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudThu Sep 18 19:44:01 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Fixed cleaning of uploaded files
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.201r2=1.202diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.201 php-src/main/rfc1867.c:1.202
--- php-src/main/rfc1867.c:1.201Sun Sep 14 14:55:28 2008
+++ php-src/main/rfc1867.c Thu Sep 18 19:44:01 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.201 2008/09/14 14:55:28 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.202 2008/09/18 19:44:01 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1401,13 +1401,13 @@
if (cancel_upload != UPLOAD_ERROR_E) {
/* file creation failed */
unlink(ascii_temp_filename);
}
+ efree(ascii_temp_filename);
efree(temp_filename);
}
temp_filename = EMPTY_STR;
} else {
- zend_u_hash_add(SG(rfc1867_uploaded_files),
IS_UNICODE, ZSTR(temp_filename), u_strlen(temp_filename) + 1, temp_filename,
sizeof(UChar *), NULL);
+ zend_u_hash_add(SG(rfc1867_uploaded_files),
IS_UNICODE, ZSTR(temp_filename), u_strlen(temp_filename) + 1,
ascii_temp_filename, sizeof(char *), NULL);
}
- efree(ascii_temp_filename);
/* is_arr_upload is true when name of file upload field
* ends in [.*]
@@ -1525,6 +1525,9 @@
}
add_u_protected_variable(lbuf TSRMLS_CC);
register_u_http_post_files_variable(lbuf,
temp_filename, u_strlen(temp_filename), http_post_files, 1 TSRMLS_CC);
+ if (!cancel_upload) {
+ efree(temp_filename);
+ }
{
zval file_size, error_type;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudSun Sep 14 14:55:29 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Fix invalid read in freed area
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.200r2=1.201diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.200 php-src/main/rfc1867.c:1.201
--- php-src/main/rfc1867.c:1.200Mon Sep 8 09:20:33 2008
+++ php-src/main/rfc1867.c Sun Sep 14 14:55:28 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.200 2008/09/08 09:20:33 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.201 2008/09/14 14:55:28 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1507,11 +1507,6 @@
register_u_http_post_files_variable(lbuf, ucd, ucd_len,
http_post_files, 0 TSRMLS_CC);
efree(ucd);
-
- /* Restore Content-Type Header */
- if (s != NULL) {
- *s = 0x3b /*';'*/;
- }
s = EMPTY_STR;
/* Initialize variables */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudMon Sep 8 09:12:02 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
comment out debug printf
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.197r2=1.198diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.197 php-src/main/rfc1867.c:1.198
--- php-src/main/rfc1867.c:1.197Sun Sep 7 14:17:24 2008
+++ php-src/main/rfc1867.c Mon Sep 8 09:12:02 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.197 2008/09/07 14:17:24 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.198 2008/09/08 09:12:02 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -446,7 +446,9 @@
bytes_to_read -= actual_read;
} else {
if (!done) {
+#ifdef DEBUG_FILE_UPLOAD_INTENSIVE
fprintf(stderr,
\n###\n%s\n#\n, self-buffer);
+#endif
done = 1;
}
break;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudMon Sep 8 09:12:51 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
fix empty-value case in rfc1867 post handler
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.198r2=1.199diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.198 php-src/main/rfc1867.c:1.199
--- php-src/main/rfc1867.c:1.198Mon Sep 8 09:12:02 2008
+++ php-src/main/rfc1867.c Mon Sep 8 09:12:51 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.198 2008/09/08 09:12:02 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.199 2008/09/08 09:12:51 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1172,6 +1172,7 @@
goto var_done;
}
} else {
+ u_val_len = 0;
u_val = USTR_MAKE();
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudMon Sep 8 09:20:33 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Fix the Content-Type contains ';' case in rfc1867 post handler
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.199r2=1.200diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.199 php-src/main/rfc1867.c:1.200
--- php-src/main/rfc1867.c:1.199Mon Sep 8 09:12:51 2008
+++ php-src/main/rfc1867.c Mon Sep 8 09:20:33 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.199 2008/09/08 09:12:51 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.200 2008/09/08 09:20:33 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1484,6 +1484,7 @@
s = u_strchr(ucd, 0x3b /*';'*/);
if (s != NULL) {
*s = 0;
+ ucd_len = u_strlen(ucd);
}
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudSun Sep 7 14:17:24 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
More accurate max_file_size / upload_max_filesize (fixes #45124)
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.196r2=1.197diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.196 php-src/main/rfc1867.c:1.197
--- php-src/main/rfc1867.c:1.196Sat Sep 6 17:17:44 2008
+++ php-src/main/rfc1867.c Sun Sep 7 14:17:24 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.196 2008/09/06 17:17:44 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.197 2008/09/07 14:17:24 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1335,12 +1335,12 @@
}
- if (PG(upload_max_filesize) 0 total_bytes
PG(upload_max_filesize)) {
+ if (PG(upload_max_filesize) 0
(total_bytes+blen) PG(upload_max_filesize)) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
upload_max_filesize of %ld bytes exceeded - file [%r=%r] not saved,
PG(upload_max_filesize), param, filename);
#endif
cancel_upload = UPLOAD_ERROR_A;
- } else if (max_file_size (total_bytes
max_file_size)) {
+ } else if (max_file_size ((total_bytes+blen)
max_file_size)) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
MAX_FILE_SIZE of %ld bytes exceeded - file [%r=%r] not saved, max_file_size,
param, filename);
#endif
@@ -1882,12 +1882,12 @@
}
- if (PG(upload_max_filesize) 0 total_bytes
PG(upload_max_filesize)) {
+ if (PG(upload_max_filesize) 0
(total_bytes+blen) PG(upload_max_filesize)) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved,
PG(upload_max_filesize), param, filename);
#endif
cancel_upload = UPLOAD_ERROR_A;
- } else if (max_file_size (total_bytes
max_file_size)) {
+ } else if (max_file_size ((total_bytes+blen)
max_file_size)) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved, max_file_size,
param, filename);
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c rfc1867.h ZendEngine2 zend.h
lbarnaudSat Sep 6 08:27:38 2008 UTC
Modified files:
/ZendEngine2zend.h
/php-src/main rfc1867.c rfc1867.h
Log:
Ported rfc1867 hooks to HEAD
http://cvs.php.net/viewvc.cgi/ZendEngine2/zend.h?r1=1.361r2=1.362diff_format=u
Index: ZendEngine2/zend.h
diff -u ZendEngine2/zend.h:1.361 ZendEngine2/zend.h:1.362
--- ZendEngine2/zend.h:1.361Fri Aug 15 19:45:24 2008
+++ ZendEngine2/zend.h Sat Sep 6 08:27:38 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: zend.h,v 1.361 2008/08/15 19:45:24 felipe Exp $ */
+/* $Id: zend.h,v 1.362 2008/09/06 08:27:38 lbarnaud Exp $ */
#ifndef ZEND_H
#define ZEND_H
@@ -290,6 +290,7 @@
# define EMPTY_ZSTR empty_zstr
#endif
+#define PZSTR(x) ((zstr*)((void*)(x)))
#define EMPTY_STR ((UChar*)\0\0)
#undef SUCCESS
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.194r2=1.195diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.194 php-src/main/rfc1867.c:1.195
--- php-src/main/rfc1867.c:1.194Sat Sep 6 08:22:25 2008
+++ php-src/main/rfc1867.c Sat Sep 6 08:27:38 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.194 2008/09/06 08:22:25 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.195 2008/09/06 08:27:38 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -35,6 +35,8 @@
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
+PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void
**extra TSRMLS_DC) = NULL;
+
#define SAFE_RETURN { \
if (lbuf) efree(lbuf); \
if (abuf) efree(abuf); \
@@ -118,6 +120,7 @@
#define UPLOAD_ERROR_D4 /* No file uploaded */
#define UPLOAD_ERROR_E6 /* Missing /tmp or similar directory */
#define UPLOAD_ERROR_F7 /* Failed to write file to disk */
+#define UPLOAD_ERROR_X8 /* File upload stopped by extension */
void php_rfc1867_register_constants(TSRMLS_D)
{
@@ -128,6 +131,7 @@
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_NO_FILE,UPLOAD_ERROR_D,
CONST_CS | CONST_PERSISTENT);
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_NO_TMP_DIR, UPLOAD_ERROR_E,
CONST_CS | CONST_PERSISTENT);
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_CANT_WRITE, UPLOAD_ERROR_F,
CONST_CS | CONST_PERSISTENT);
+ REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_EXTENSION, UPLOAD_ERROR_X,
CONST_CS | CONST_PERSISTENT);
}
static void normalize_protected_variable(char *varname TSRMLS_DC)
@@ -1007,6 +1011,7 @@
zval *array_ptr = (zval *) arg;
FILE *fp;
zend_llist header;
+ void *event_extra_data = NULL;
UConverter *input_conv = UG(http_input_encoding_conv);
U_STRING_DECL(name_key, name, 4);
U_STRING_DECL(filename_key, filename, 8);
@@ -1076,18 +1081,28 @@
input_conv = ZEND_U_CONVERTER(UG(output_encoding_conv));
}
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_start event_start;
+
+ event_start.content_length = SG(request_info).content_length;
+ if (php_rfc1867_callback(MULTIPART_EVENT_START, event_start,
event_extra_data TSRMLS_CC) == FAILURE) {
+ goto fileupload_done;
+ }
+ }
+
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
char *cd=NULL;
- int blen=0, wlen=0;
+ size_t blen=0, wlen=0;
+ off_t offset;
UChar *param = NULL, *filename = NULL, *tmp = NULL;
int32_t param_len;
zend_llist_clean(header);
if (!multipart_buffer_headers(mbuff, header TSRMLS_CC)) {
- SAFE_RETURN;
+ goto fileupload_done;
}
if ((cd = php_mime_get_hdr_value(header,
Content-Disposition))) {
@@ -1159,9 +1174,37 @@
}
/* UTODO use input filtering */
- /* if (sapi_module.input_filter(PARSE_POST,
param, value, strlen(value), new_val_len TSRMLS_CC)) { */
+ /* if (sapi_module.input_filter(PARSE_POST,
param, u_val, u_val_len, new_val_len TSRMLS_CC)) { */
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_formdata
event_formdata;
+ size_t newlength = 0;
+
+
event_formdata.post_bytes_processed = SG(read_post_bytes);
+ event_formdata.name =
ZSTR(param);
+ event_formdata.value =
PZSTR(u_val);
+
[PHP-CVS] cvs: php-src /main rfc1867.c
lbarnaudSat Sep 6 17:17:45 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
Fixed #43540 (rfc1867 handler newlength problem)
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.195r2=1.196diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.195 php-src/main/rfc1867.c:1.196
--- php-src/main/rfc1867.c:1.195Sat Sep 6 08:27:38 2008
+++ php-src/main/rfc1867.c Sat Sep 6 17:17:44 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.195 2008/09/06 08:27:38 lbarnaud Exp $ */
+/* $Id: rfc1867.c,v 1.196 2008/09/06 17:17:44 lbarnaud Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1177,7 +1177,7 @@
/* if (sapi_module.input_filter(PARSE_POST,
param, u_val, u_val_len, new_val_len TSRMLS_CC)) { */
if (php_rfc1867_callback != NULL) {
multipart_event_formdata
event_formdata;
- size_t newlength = 0;
+ size_t newlength = (size_t)
u_val_len;
event_formdata.post_bytes_processed = SG(read_post_bytes);
event_formdata.name =
ZSTR(param);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
tony2001Fri Mar 14 13:10:23 2008 UTC
Modified files:
/php-src/main rfc1867.c
Log:
check if return value of write() is -1 and abort upload in this case setting
the correct error status
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.192r2=1.193diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.192 php-src/main/rfc1867.c:1.193
--- php-src/main/rfc1867.c:1.192Mon Dec 31 07:12:18 2007
+++ php-src/main/rfc1867.c Fri Mar 14 13:10:22 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.192 2007/12/31 07:12:18 sebastian Exp $ */
+/* $Id: rfc1867.c,v 1.193 2008/03/14 13:10:22 tony2001 Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1263,7 +1263,13 @@
} else if (blen 0) {
wlen = fwrite(buff, 1, blen, fp);
- if (wlen blen) {
+ if (wlen == -1) {
+ /* write failed */
+#if DEBUG_FILE_UPLOAD
+
sapi_module.sapi_error(E_NOTICE, write() failed - %s, strerror(errno));
+#endif
+ cancel_upload = UPLOAD_ERROR_F;
+ } else if (wlen blen) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE, Only %d bytes were written, expected to write
%d, wlen, blen);
#endif
@@ -1712,7 +1718,13 @@
} else if (blen 0) {
wlen = write(fd, buff, blen);
- if (wlen blen) {
+ if (wlen == -1) {
+ /* write failed */
+#if DEBUG_FILE_UPLOAD
+
sapi_module.sapi_error(E_NOTICE, write() failed - %s, strerror(errno));
+#endif
+ cancel_upload = UPLOAD_ERROR_F;
+ } else if (wlen blen) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE, Only %d bytes were written, expected to write
%d, wlen, blen);
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
derick Tue Dec 18 10:53:00 2007 UTC Modified files: /php-src/main rfc1867.c Log: - Fixed typo. http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.190r2=1.191diff_format=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.190 php-src/main/rfc1867.c:1.191 --- php-src/main/rfc1867.c:1.190Sat Feb 24 16:25:55 2007 +++ php-src/main/rfc1867.c Tue Dec 18 10:52:59 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.190 2007/02/24 16:25:55 helly Exp $ */ +/* $Id: rfc1867.c,v 1.191 2007/12/18 10:52:59 derick Exp $ */ /* * This product includes software developed by the Apache Group @@ -1332,7 +1332,7 @@ } /* The \ check should technically be needed for win32 systems only where -* it is a valid path separator. However, IE in all it's wisdom always sends +* it is a valid path separator. However, IE in all its wisdom always sends * the full path of the file on the user's filesystem, which means that unless * the user does basename() they get a bogus file name. Until IE's user base drops * to nill or problem is fixed this code must remain enabled for all systems. -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
tony2001Thu Jul 13 12:17:26 2006 UTC
Modified files:
/php-src/main rfc1867.c
Log:
fix C++ comments in C code and comment out unused variable
http://cvs.php.net/viewvc.cgi/php-src/main/rfc1867.c?r1=1.185r2=1.186diff_format=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.185 php-src/main/rfc1867.c:1.186
--- php-src/main/rfc1867.c:1.185Wed Mar 8 00:43:29 2006
+++ php-src/main/rfc1867.c Thu Jul 13 12:17:25 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.185 2006/03/08 00:43:29 pajoye Exp $ */
+/* $Id: rfc1867.c,v 1.186 2006/07/13 12:17:25 tony2001 Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1145,7 +1145,7 @@
UErrorCode status = U_ZERO_ERROR;
char *value = multipart_buffer_read_body(mbuff
TSRMLS_CC);
- unsigned int new_val_len; /* Dummy variable */
+ /* unsigned int new_val_len; Dummy variable */
if (value) {
/* UTODO use 'charset' parameter for
conversion */
@@ -1159,9 +1159,9 @@
}
/* UTODO use input filtering */
- //if (sapi_module.input_filter(PARSE_POST,
param, value, strlen(value), new_val_len TSRMLS_CC)) {
+ /* if (sapi_module.input_filter(PARSE_POST,
param, value, strlen(value), new_val_len TSRMLS_CC)) { */
safe_u_php_register_variable(param,
u_val, u_val_len, array_ptr, 0 TSRMLS_CC);
- //}
+ /* } */
if (!u_strcasecmp(param, maxfilesize_key, 0)) {
max_file_size = zend_u_strtol(u_val,
NULL, 10);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
It can be closed, I think.
-Andrei
On Nov 11, 2005, at 9:38 AM, Antony Dovgal wrote:
Once again..
Is the bug #34362 still valid after this fix ?
On 11.11.2005 20:34, Andrei Zmievski wrote:
andreiFri Nov 11 12:34:19 2005 EDT
Modified files: /php-src/mainrfc1867.c Log:
Re-fix Marcus's fix.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?
r1=1.177r2=1.178ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.177 php-src/main/rfc1867.c:1.178
--- php-src/main/rfc1867.c:1.177Fri Nov 11 11:50:08 2005
+++ php-src/main/rfc1867.cFri Nov 11 12:34:16 2005
@@ -17,7 +17,7 @@
+
--+
*/
-/* $Id: rfc1867.c,v 1.177 2005/11/11 16:50:08 helly Exp $ */
+/* $Id: rfc1867.c,v 1.178 2005/11/11 17:34:16 andrei Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -41,7 +41,6 @@
static void safe_php_register_variable(char *var, char *strval,
zval *track_vars_array, zend_bool override_protection TSRMLS_DC);
#define SAFE_RETURN { \
-php_mb_flush_gpc_variables(num_vars, val_list, len_list,
array_ptr TSRMLS_CC); \
if (lbuf) efree(lbuf); \
if (abuf) efree(abuf); \
if (array_index) efree(array_index); \
@@ -1045,10 +1044,6 @@
U_STRING_DECL(filename_key, filename, 8);
U_STRING_DECL(maxfilesize_key, MAX_FILE_SIZE, 13);
static zend_bool did_string_init = FALSE;
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
-int num_vars = 0, *len_list = NULL;
-char **val_list = NULL;
-#endif
if (SG(request_info).content_length SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, POST Content-Length of
%ld bytes exceeds the limit of %ld bytes, SG
(request_info).content_length, SG(post_max_size));
@@ -1601,6 +1596,7 @@
zend_llist_clean(header);
if (!multipart_buffer_headers(mbuff, header TSRMLS_CC)) {
+php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
@@ -1680,6 +1676,7 @@
/* Return with an error if the posted data is garbled */
if (!param !filename) {
sapi_module.sapi_error(E_WARNING, File Upload
Mime headers garbled);
+php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
@@ -1986,6 +1983,7 @@
}
}
+php_mb_flush_gpc_variables(num_vars, val_list, len_list,
array_ptr TSRMLS_CC);
SAFE_RETURN;
}
--
Wbr, Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
On 12.11.2005 12:12, Andrei Zmievski wrote: It can be closed, I think. Yup. It's already done. -- Wbr, Antony Dovgal -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
andrei Sat Nov 12 06:12:01 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Grr. Re-re-fix the fix.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.178r2=1.179ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.178 php-src/main/rfc1867.c:1.179
--- php-src/main/rfc1867.c:1.178Fri Nov 11 12:34:16 2005
+++ php-src/main/rfc1867.c Sat Nov 12 06:11:53 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.178 2005/11/11 17:34:16 andrei Exp $ */
+/* $Id: rfc1867.c,v 1.179 2005/11/12 11:11:53 andrei Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -35,11 +35,6 @@
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
-#include ext/mbstring/mbstring.h
-
-static void safe_php_register_variable(char *var, char *strval, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC);
-
#define SAFE_RETURN { \
if (lbuf) efree(lbuf); \
if (abuf) efree(abuf); \
@@ -52,6 +47,11 @@
if (mbuff) efree(mbuff); \
return; }
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
+#include ext/mbstring/mbstring.h
+
+static void safe_php_register_variable(char *var, char *strval, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC);
+
void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list,
zval *array_ptr TSRMLS_DC)
{
int i;
@@ -102,19 +102,6 @@
(*num_vars)++;
}
-#else
-
-#define SAFE_RETURN { \
- if (lbuf) efree(lbuf); \
- if (abuf) efree(abuf); \
- if (array_index) efree(array_index); \
- zend_hash_destroy(PG(rfc1867_protected_variables)); \
- zend_llist_destroy(header); \
- if (mbuff-boundary_next) efree(mbuff-boundary_next); \
- if (mbuff-boundary) efree(mbuff-boundary); \
- if (mbuff-buffer) efree(mbuff-buffer); \
- if (mbuff) efree(mbuff); \
- return; }
#endif
/* The longest property name we use in an uploaded file array */
@@ -1596,7 +1583,9 @@
zend_llist_clean(header);
if (!multipart_buffer_headers(mbuff, header TSRMLS_CC)) {
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
+#endif
SAFE_RETURN;
}
@@ -1676,7 +1665,9 @@
/* Return with an error if the posted data is garbled */
if (!param !filename) {
sapi_module.sapi_error(E_WARNING, File Upload
Mime headers garbled);
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
+#endif
SAFE_RETURN;
}
@@ -1983,7 +1974,9 @@
}
}
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr
TSRMLS_CC);
+#endif
SAFE_RETURN;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
helly Fri Nov 11 11:50:10 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Fix build
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.176r2=1.177ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.176 php-src/main/rfc1867.c:1.177
--- php-src/main/rfc1867.c:1.176Tue Sep 27 13:50:00 2005
+++ php-src/main/rfc1867.c Fri Nov 11 11:50:08 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.176 2005/09/27 17:50:00 andrei Exp $ */
+/* $Id: rfc1867.c,v 1.177 2005/11/11 16:50:08 helly Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1045,6 +1045,10 @@
U_STRING_DECL(filename_key, filename, 8);
U_STRING_DECL(maxfilesize_key, MAX_FILE_SIZE, 13);
static zend_bool did_string_init = FALSE;
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
+ int num_vars = 0, *len_list = NULL;
+ char **val_list = NULL;
+#endif
if (SG(request_info).content_length SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, POST Content-Length of %ld
bytes exceeds the limit of %ld bytes, SG(request_info).content_length,
SG(post_max_size));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
Does it fix this issue http://bugs.php.net/bug.php?id=34362 ?
On 11.11.2005 19:50, Marcus Boerger wrote:
helly Fri Nov 11 11:50:10 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Fix build
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.176r2=1.177ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.176 php-src/main/rfc1867.c:1.177
--- php-src/main/rfc1867.c:1.176Tue Sep 27 13:50:00 2005
+++ php-src/main/rfc1867.c Fri Nov 11 11:50:08 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.176 2005/09/27 17:50:00 andrei Exp $ */
+/* $Id: rfc1867.c,v 1.177 2005/11/11 16:50:08 helly Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1045,6 +1045,10 @@
U_STRING_DECL(filename_key, filename, 8);
U_STRING_DECL(maxfilesize_key, MAX_FILE_SIZE, 13);
static zend_bool did_string_init = FALSE;
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
+ int num_vars = 0, *len_list = NULL;
+ char **val_list = NULL;
+#endif
if (SG(request_info).content_length SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, POST Content-Length of %ld bytes
exceeds the limit of %ld bytes, SG(request_info).content_length, SG(post_max_size));
--
Wbr,
Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
andrei Fri Nov 11 12:34:19 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Re-fix Marcus's fix.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.177r2=1.178ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.177 php-src/main/rfc1867.c:1.178
--- php-src/main/rfc1867.c:1.177Fri Nov 11 11:50:08 2005
+++ php-src/main/rfc1867.c Fri Nov 11 12:34:16 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.177 2005/11/11 16:50:08 helly Exp $ */
+/* $Id: rfc1867.c,v 1.178 2005/11/11 17:34:16 andrei Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -41,7 +41,6 @@
static void safe_php_register_variable(char *var, char *strval, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC);
#define SAFE_RETURN { \
-php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr
TSRMLS_CC); \
if (lbuf) efree(lbuf); \
if (abuf) efree(abuf); \
if (array_index) efree(array_index); \
@@ -1045,10 +1044,6 @@
U_STRING_DECL(filename_key, filename, 8);
U_STRING_DECL(maxfilesize_key, MAX_FILE_SIZE, 13);
static zend_bool did_string_init = FALSE;
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
- int num_vars = 0, *len_list = NULL;
- char **val_list = NULL;
-#endif
if (SG(request_info).content_length SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, POST Content-Length of %ld
bytes exceeds the limit of %ld bytes, SG(request_info).content_length,
SG(post_max_size));
@@ -1601,6 +1596,7 @@
zend_llist_clean(header);
if (!multipart_buffer_headers(mbuff, header TSRMLS_CC)) {
+ php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
@@ -1680,6 +1676,7 @@
/* Return with an error if the posted data is garbled */
if (!param !filename) {
sapi_module.sapi_error(E_WARNING, File Upload
Mime headers garbled);
+ php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
@@ -1986,6 +1983,7 @@
}
}
+ php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr
TSRMLS_CC);
SAFE_RETURN;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
Once again..
Is the bug #34362 still valid after this fix ?
On 11.11.2005 20:34, Andrei Zmievski wrote:
andrei Fri Nov 11 12:34:19 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Re-fix Marcus's fix.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.177r2=1.178ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.177 php-src/main/rfc1867.c:1.178
--- php-src/main/rfc1867.c:1.177Fri Nov 11 11:50:08 2005
+++ php-src/main/rfc1867.c Fri Nov 11 12:34:16 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.177 2005/11/11 16:50:08 helly Exp $ */
+/* $Id: rfc1867.c,v 1.178 2005/11/11 17:34:16 andrei Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -41,7 +41,6 @@
static void safe_php_register_variable(char *var, char *strval, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC);
#define SAFE_RETURN { \
-php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr
TSRMLS_CC); \
if (lbuf) efree(lbuf); \
if (abuf) efree(abuf); \
if (array_index) efree(array_index); \
@@ -1045,10 +1044,6 @@
U_STRING_DECL(filename_key, filename, 8);
U_STRING_DECL(maxfilesize_key, MAX_FILE_SIZE, 13);
static zend_bool did_string_init = FALSE;
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
- int num_vars = 0, *len_list = NULL;
- char **val_list = NULL;
-#endif
if (SG(request_info).content_length SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, POST Content-Length of %ld bytes
exceeds the limit of %ld bytes, SG(request_info).content_length, SG(post_max_size));
@@ -1601,6 +1596,7 @@
zend_llist_clean(header);
if (!multipart_buffer_headers(mbuff, header TSRMLS_CC)) {
+ php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
@@ -1680,6 +1676,7 @@
/* Return with an error if the posted data is garbled */
if (!param !filename) {
sapi_module.sapi_error(E_WARNING, File Upload Mime
headers garbled);
+ php_mb_flush_gpc_variables(num_vars, val_list,
len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
@@ -1986,6 +1983,7 @@
}
}
+ php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC);
SAFE_RETURN;
}
--
Wbr,
Antony Dovgal
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
andrei Tue Sep 27 13:50:00 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Unicode fixes.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.175r2=1.176ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.175 php-src/main/rfc1867.c:1.176
--- php-src/main/rfc1867.c:1.175Wed Aug 31 16:42:14 2005
+++ php-src/main/rfc1867.c Tue Sep 27 13:50:00 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.175 2005/08/31 20:42:14 andrei Exp $ */
+/* $Id: rfc1867.c,v 1.176 2005/09/27 17:50:00 andrei Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1227,22 +1227,24 @@
/* New Rule: never repair potential malicious user
input */
if (!skip_upload) {
UChar32 c = 0;
- int32_t ic;
+ int32_t ic, l_ic;
long l = 0;
for (ic = 0; ic param_len; ) {
+ l_ic = ic;
U16_NEXT(param, ic, param_len, c);
if (c == 0x5b /*'['*/) {
l++;
} else if (c == 0x5d /*']'*/) {
l--;
+ l_ic = ic;
U16_NEXT(param, ic, param_len,
c);
if (ic param_len c != 0x5b
/*'['*/) {
skip_upload = 1;
break;
} else {
- /* decrement index so
that the same character is retrieved again */
- ic--;
+ /* go back so that the
same character is retrieved again */
+ ic = l_ic;
}
}
if (l 0) {
@@ -1281,12 +1283,12 @@
{
if (PG(upload_max_filesize) 0 total_bytes
PG(upload_max_filesize)) {
#if DEBUG_FILE_UPLOAD
- sapi_module.sapi_error(E_NOTICE,
upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved,
PG(upload_max_filesize), param, filename);
+ sapi_module.sapi_error(E_NOTICE,
upload_max_filesize of %ld bytes exceeded - file [%r=%r] not saved,
PG(upload_max_filesize), param, filename);
#endif
cancel_upload = UPLOAD_ERROR_A;
} else if (max_file_size (total_bytes
max_file_size)) {
#if DEBUG_FILE_UPLOAD
- sapi_module.sapi_error(E_NOTICE,
MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved, max_file_size,
param, filename);
+ sapi_module.sapi_error(E_NOTICE,
MAX_FILE_SIZE of %ld bytes exceeded - file [%r=%r] not saved, max_file_size,
param, filename);
#endif
cancel_upload = UPLOAD_ERROR_B;
} else if (blen 0) {
@@ -1313,7 +1315,7 @@
}
#if DEBUG_FILE_UPLOAD
if(u_strlen(filename) 0 total_bytes == 0
!cancel_upload) {
- sapi_module.sapi_error(E_WARNING, Uploaded
file size 0 - file [%v=%v] not saved, param, filename);
+ sapi_module.sapi_error(E_WARNING, Uploaded
file size 0 - file [%r=%r] not saved, param, filename);
cancel_upload = 5;
}
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
andrei Wed Aug 31 16:42:18 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Further work on Unicode support in file uploads.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.174r2=1.175ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.174 php-src/main/rfc1867.c:1.175
--- php-src/main/rfc1867.c:1.174Thu Aug 11 19:36:05 2005
+++ php-src/main/rfc1867.c Wed Aug 31 16:42:14 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.174 2005/08/11 23:36:05 andrei Exp $ */
+/* $Id: rfc1867.c,v 1.175 2005/08/31 20:42:14 andrei Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -273,6 +273,15 @@
}
+static void add_u_protected_variable(UChar *varname TSRMLS_DC)
+{
+ int dummy=1;
+
+ normalize_u_protected_variable(varname TSRMLS_CC);
+ zend_u_hash_add(PG(rfc1867_protected_variables), IS_UNICODE, varname,
u_strlen(varname)+1, dummy, sizeof(int), NULL);
+}
+
+
static zend_bool is_protected_variable(char *varname TSRMLS_DC)
{
normalize_protected_variable(varname TSRMLS_CC);
@@ -311,6 +320,14 @@
}
+static void safe_u_php_register_variable_ex(UChar *var, zval *val, zval
*track_vars_array, zend_bool override_protection TSRMLS_DC)
+{
+ if (override_protection || !is_u_protected_variable(var TSRMLS_CC)) {
+ php_u_register_variable_ex(var, val, track_vars_array
TSRMLS_CC);
+ }
+}
+
+
static void register_http_post_files_variable(char *strvar, char *val, zval
*http_post_files, zend_bool override_protection TSRMLS_DC)
{
int register_globals = PG(register_globals);
@@ -321,6 +338,16 @@
}
+static void register_u_http_post_files_variable(UChar *strvar, UChar *val,
int32_t val_len, zval *http_post_files, zend_bool override_protection TSRMLS_DC)
+{
+ int register_globals = PG(register_globals);
+
+ PG(register_globals) = 0;
+ safe_u_php_register_variable(strvar, val, val_len, http_post_files,
override_protection TSRMLS_CC);
+ PG(register_globals) = register_globals;
+}
+
+
static void register_http_post_files_variable_ex(char *var, zval *val, zval
*http_post_files, zend_bool override_protection TSRMLS_DC)
{
int register_globals = PG(register_globals);
@@ -331,6 +358,16 @@
}
+static void register_u_http_post_files_variable_ex(UChar *var, zval *val, zval
*http_post_files, zend_bool override_protection TSRMLS_DC)
+{
+ int register_globals = PG(register_globals);
+
+ PG(register_globals) = 0;
+ safe_u_php_register_variable_ex(var, val, http_post_files,
override_protection TSRMLS_CC);
+ PG(register_globals) = register_globals;
+}
+
+
static int unlink_filename(char **filename TSRMLS_DC)
{
VCWD_UNLINK(*filename);
@@ -991,15 +1028,13 @@
static SAPI_POST_HANDLER_FUNC(rfc1867_post_handler_unicode)
{
- char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL,
*array_index=NULL;
- char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL;
+ char *boundary, *boundary_end = NULL;
+ UChar *temp_filename=NULL, *array_index = NULL, *lbuf = NULL, *abuf =
NULL;
+ UChar *start_arr = NULL, *s = NULL;
+ char *ascii_temp_filename = NULL;
int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0;
int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous;
zval *http_post_files=NULL; HashTable *uploaded_files=NULL;
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
- int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL;
- char **val_list = NULL;
-#endif
zend_bool magic_quotes_gpc;
multipart_buffer *mbuff;
zval *array_ptr = (zval *) arg;
@@ -1060,12 +1095,6 @@
INIT_PZVAL(http_post_files);
PG(http_globals)[TRACK_VARS_FILES] = http_post_files;
-#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
- if (php_mb_encoding_translation(TSRMLS_C)) {
- val_list = (char **)ecalloc(num_vars_max+2, sizeof(char *));
- len_list = (int *)ecalloc(num_vars_max+2, sizeof(int));
- }
-#endif
zend_llist_init(header, sizeof(mime_header_entry), (llist_dtor_func_t)
php_free_hdr_entry, 0);
if (!did_string_init) {
@@ -1082,9 +,9 @@
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
- char *cd=NULL, *tmp=NULL;
+ char *cd=NULL;
int blen=0, wlen=0;
- UChar *param = NULL, *filename = NULL;
+ UChar *param = NULL, *filename = NULL, *tmp = NULL;
int32_t param_len;
zend_llist_clean(header);
@@ -1096,19 +1125,20 @@
if ((cd = php_mime_get_hdr_value(header,
Content-Disposition))) {
UChar *pair = NULL;
UChar *ucd =
[PHP-CVS] cvs: php-src /main rfc1867.c
iliaa Mon Feb 14 19:25:39 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Prune uploaded file names to \ on all OSes, read comments for explanation.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.169r2=1.170ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.169 php-src/main/rfc1867.c:1.170
--- php-src/main/rfc1867.c:1.169Mon Jan 31 21:33:07 2005
+++ php-src/main/rfc1867.c Mon Feb 14 19:25:38 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.169 2005/02/01 02:33:07 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.170 2005/02/15 00:25:38 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1077,11 +1077,7 @@
str_len = strlen(filename);
php_mb_gpc_encoding_converter(filename, str_len, 1, NULL, NULL TSRMLS_CC);
}
-#ifdef PHP_WIN32
s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
-#else
- s = filename;
-#endif
if ((tmp = php_mb_strrchr(filename, '/'
TSRMLS_CC)) s) {
s = tmp;
}
@@ -1089,12 +1085,13 @@
goto filedone;
}
#endif
-
-#ifdef PHP_WIN32
+ /* The \ check should technically be needed for win32
systems only where
+* it is a valid path separator. However, IE in all
it's wisdom always sends
+* the full path of the file on the user's filesystem,
which means that unless
+* the user does basename() they get a bogus file name.
Until IE's user base drops
+* to nill or problem is fixed this code must remain
enabled for all systems.
+*/
s = strrchr(filename, '\\');
-#else
- s = filename;
-#endif
if ((tmp = strrchr(filename, '/')) s) {
s = tmp;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
iliaa Mon Jan 31 21:33:07 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Final version of filename upload handling.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.168r2=1.169ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.168 php-src/main/rfc1867.c:1.169
--- php-src/main/rfc1867.c:1.168Mon Jan 24 17:35:23 2005
+++ php-src/main/rfc1867.c Mon Jan 31 21:33:07 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.168 2005/01/24 22:35:23 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.169 2005/02/01 02:33:07 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -32,7 +32,6 @@
#include php_globals.h
#include php_variables.h
#include rfc1867.h
-#include ext/standard/php_string.h
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -1078,7 +1077,11 @@
str_len = strlen(filename);
php_mb_gpc_encoding_converter(filename, str_len, 1, NULL, NULL TSRMLS_CC);
}
+#ifdef PHP_WIN32
s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
+#else
+ s = filename;
+#endif
if ((tmp = php_mb_strrchr(filename, '/'
TSRMLS_CC)) s) {
s = tmp;
}
@@ -1086,9 +1089,25 @@
goto filedone;
}
#endif
- php_basename(filename, strlen(filename), NULL, 0, s,
NULL TSRMLS_CC);
- efree(filename);
- filename = s;
+
+#ifdef PHP_WIN32
+ s = strrchr(filename, '\\');
+#else
+ s = filename;
+#endif
+ if ((tmp = strrchr(filename, '/')) s) {
+ s = tmp;
+ }
+#ifdef PHP_WIN32
+ if (PG(magic_quotes_gpc)) {
+ s = s ? s : filename;
+ tmp = strrchr(s, '\'');
+ s = tmp s ? tmp : s;
+ tmp = strrchr(s, '');
+ s = tmp s ? tmp : s;
+ }
+#endif
+
#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
filedone:
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
moriyoshi Mon Jan 24 11:47:19 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Revert irrelevant part.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.166r2=1.167ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.166 php-src/main/rfc1867.c:1.167
--- php-src/main/rfc1867.c:1.166Thu Jan 20 12:44:58 2005
+++ php-src/main/rfc1867.c Mon Jan 24 11:47:18 2005
@@ -6,7 +6,6 @@
+--+
| This source file is subject to version 3.0 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is|
-
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_0.txt. |
| If you did not receive a copy of the PHP license and are unable to |
@@ -18,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.166 2005/01/20 17:44:58 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.167 2005/01/24 16:47:18 moriyoshi Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -33,7 +32,6 @@
#include php_globals.h
#include php_variables.h
#include rfc1867.h
-#include ext/standard/php_string.h
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -849,7 +847,7 @@
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
- char *cd=NULL,*param=NULL,*filename=NULL;
+ char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
int blen=0, wlen=0;
zend_llist_clean(header);
@@ -1079,16 +1077,30 @@
str_len = strlen(filename);
php_mb_gpc_encoding_converter(filename, str_len, 1, NULL, NULL TSRMLS_CC);
}
+ s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
+ if ((tmp = php_mb_strrchr(filename, '/'
TSRMLS_CC)) s) {
+ s = tmp;
+ }
num_vars--;
+ } else {
+ s = strrchr(filename, '\\');
+ if ((tmp = strrchr(filename, '/')) s) {
+ s = tmp;
+ }
+ }
+#else
+ s = strrchr(filename, '\\');
+ if ((tmp = strrchr(filename, '/')) s) {
+ s = tmp;
}
#endif
- /* ensure that the uploaded file name only contains the
path */
- php_basename(filename, strlen(filename), NULL, 0, s,
NULL TSRMLS_CC);
- efree(filename);
- filename = s;
-
+
if (!is_anonymous) {
- safe_php_register_variable(lbuf, filename,
NULL, 0 TSRMLS_CC);
+ if (s s filename) {
+ safe_php_register_variable(lbuf, s+1,
NULL, 0 TSRMLS_CC);
+ } else {
+ safe_php_register_variable(lbuf,
filename, NULL, 0 TSRMLS_CC);
+ }
}
/* Add $foo[name] */
@@ -1097,7 +1109,11 @@
} else {
sprintf(lbuf, %s[name], param);
}
- register_http_post_files_variable(lbuf, filename,
http_post_files, 0 TSRMLS_CC);
+ if (s s filename) {
+ register_http_post_files_variable(lbuf, s+1,
http_post_files, 0 TSRMLS_CC);
+ } else {
+ register_http_post_files_variable(lbuf,
filename, http_post_files, 0 TSRMLS_CC);
+ }
efree(filename);
s = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
I can understand your reasoning for wanting to changing the multibyte
specific code, but why is the non-multibyte related code being altered?
You also effectively re-introduced a bug that Stefan's fix addressed,
which was escape char (\) being considered to be part of the path when
magic_quotes_gpc is enabled.
If multibyte languages require special handling, that's fine and is
perfectly understandable. However, let's keep the security patches in
and have generic non-multibyte behavior that does not cause unnecessary
filename pruning.
Ilia
Moriyoshi Koizumi wrote:
moriyoshi Mon Jan 24 11:47:19 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Revert irrelevant part.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.166r2=1.167ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.166 php-src/main/rfc1867.c:1.167
--- php-src/main/rfc1867.c:1.166 Thu Jan 20 12:44:58 2005
+++ php-src/main/rfc1867.c Mon Jan 24 11:47:18 2005
@@ -6,7 +6,6 @@
+--+
| This source file is subject to version 3.0 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is|
-
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_0.txt. |
| If you did not receive a copy of the PHP license and are unable to |
@@ -18,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.166 2005/01/20 17:44:58 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.167 2005/01/24 16:47:18 moriyoshi Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -33,7 +32,6 @@
#include php_globals.h
#include php_variables.h
#include rfc1867.h
-#include ext/standard/php_string.h
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -849,7 +847,7 @@
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
- char *cd=NULL,*param=NULL,*filename=NULL;
+ char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
int blen=0, wlen=0;
zend_llist_clean(header);
@@ -1079,16 +1077,30 @@
str_len = strlen(filename);
php_mb_gpc_encoding_converter(filename, str_len, 1, NULL, NULL TSRMLS_CC);
}
+s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
+if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) s) {
+ s = tmp;
+}
num_vars--;
+ } else {
+s = strrchr(filename, '\\');
+if ((tmp = strrchr(filename, '/')) s) {
+ s = tmp;
+}
+ }
+#else
+ s = strrchr(filename, '\\');
+ if ((tmp = strrchr(filename, '/')) s) {
+s = tmp;
}
#endif
- /* ensure that the uploaded file name only contains the path */
- php_basename(filename, strlen(filename), NULL, 0, s, NULL TSRMLS_CC);
- efree(filename);
- filename = s;
-
+
if (!is_anonymous) {
-safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC);
+if (s s filename) {
+ safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC);
+} else {
+ safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC);
+}
}
/* Add $foo[name] */
@@ -1097,7 +1109,11 @@
} else {
sprintf(lbuf, %s[name], param);
}
- register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
+ if (s s filename) {
+register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC);
+ } else {
+register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
+ }
efree(filename);
s = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
Hi,
On 2005/01/25, at 1:59, Ilia Alshanetsky wrote:
I can understand your reasoning for wanting to changing the multibyte
specific code, but why is the non-multibyte related code being
altered? You also effectively re-introduced a bug that Stefan's fix
addressed, which was escape char (\) being considered to be part of
the path when magic_quotes_gpc is enabled.
While I wasn't informed at all there was such an issue addressed, I took
it into consideration and couldn't replicate the problem with
my patch. Can you please tell me the way I can go through that
situation?
If multibyte languages require special handling, that's fine and is
perfectly understandable. However, let's keep the security patches in
and have generic non-multibyte behavior that does not cause
unnecessary filename pruning.
It requires no special handling. But, if you'd needed to fix it, then
you
should have thought of a way to fix them altogether in the first place.
Moriyoshi
Ilia
Moriyoshi Koizumi wrote:
moriyoshi Mon Jan 24 11:47:19 2005 EDT
Modified files: /php-src/main rfc1867.c Log:
- Revert irrelevant part.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?
r1=1.166r2=1.167ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.166 php-src/main/rfc1867.c:1.167
--- php-src/main/rfc1867.c:1.166 Thu Jan 20 12:44:58 2005
+++ php-src/main/rfc1867.c Mon Jan 24 11:47:18 2005
@@ -6,7 +6,6 @@
+-
-+
| This source file is subject to version 3.0 of the PHP license,
|
| that is bundled with this package in the file LICENSE, and is
|
-
| available through the world-wide-web at the following url:
|
| http://www.php.net/license/3_0.txt.
|
| If you did not receive a copy of the PHP license and are unable
to |
@@ -18,7 +17,7 @@
+-
-+
*/
-/* $Id: rfc1867.c,v 1.166 2005/01/20 17:44:58 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.167 2005/01/24 16:47:18 moriyoshi Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -33,7 +32,6 @@
#include php_globals.h
#include php_variables.h
#include rfc1867.h
-#include ext/standard/php_string.h
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -849,7 +847,7 @@
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
- char *cd=NULL,*param=NULL,*filename=NULL;
+ char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
int blen=0, wlen=0;
zend_llist_clean(header);
@@ -1079,16 +1077,30 @@
str_len = strlen(filename);
php_mb_gpc_encoding_converter(filename, str_len, 1, NULL,
NULL TSRMLS_CC);
}
+s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
+if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) s) {
+ s = tmp;
+}
num_vars--;
+ } else {
+s = strrchr(filename, '\\');
+if ((tmp = strrchr(filename, '/')) s) {
+ s = tmp;
+}
+ }
+#else
+ s = strrchr(filename, '\\');
+ if ((tmp = strrchr(filename, '/')) s) {
+s = tmp;
}
#endif
- /* ensure that the uploaded file name only contains the path */
- php_basename(filename, strlen(filename), NULL, 0, s, NULL
TSRMLS_CC);
- efree(filename);
- filename = s;
-
+
if (!is_anonymous) {
-safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC);
+if (s s filename) {
+ safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC);
+} else {
+ safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC);
+}
}
/* Add $foo[name] */
@@ -1097,7 +1109,11 @@
} else {
sprintf(lbuf, %s[name], param);
}
- register_http_post_files_variable(lbuf, filename,
http_post_files, 0 TSRMLS_CC);
+ if (s s filename) {
+register_http_post_files_variable(lbuf, s+1, http_post_files, 0
TSRMLS_CC);
+ } else {
+register_http_post_files_variable(lbuf, filename,
http_post_files, 0 TSRMLS_CC);
+ }
efree(filename);
s = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
iliaa Mon Jan 24 17:35:24 2005 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Use multibyte specific code for handling files and generic basename based
code in all other instances.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.167r2=1.168ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.167 php-src/main/rfc1867.c:1.168
--- php-src/main/rfc1867.c:1.167Mon Jan 24 11:47:18 2005
+++ php-src/main/rfc1867.c Mon Jan 24 17:35:23 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.167 2005/01/24 16:47:18 moriyoshi Exp $ */
+/* $Id: rfc1867.c,v 1.168 2005/01/24 22:35:23 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -32,6 +32,7 @@
#include php_globals.h
#include php_variables.h
#include rfc1867.h
+#include ext/standard/php_string.h
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -1082,17 +1083,14 @@
s = tmp;
}
num_vars--;
- } else {
- s = strrchr(filename, '\\');
- if ((tmp = strrchr(filename, '/')) s) {
- s = tmp;
- }
- }
-#else
- s = strrchr(filename, '\\');
- if ((tmp = strrchr(filename, '/')) s) {
- s = tmp;
+ goto filedone;
}
+#endif
+ php_basename(filename, strlen(filename), NULL, 0, s,
NULL TSRMLS_CC);
+ efree(filename);
+ filename = s;
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
+filedone:
#endif
if (!is_anonymous) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Sat Nov 20 13:49:37 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Fixed: strip quotes from filename
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.164r2=1.165ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.164 php-src/main/rfc1867.c:1.165
--- php-src/main/rfc1867.c:1.164Wed Nov 10 19:38:04 2004
+++ php-src/main/rfc1867.c Sat Nov 20 13:49:36 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.164 2004/11/11 00:38:04 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.165 2004/11/20 18:49:36 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1094,7 +1094,15 @@
s = tmp;
}
#endif
+
if (!is_anonymous) {
+ if (PG(magic_quotes_gpc)) {
+ s = s ? s : filename;
+ tmp = strrchr(s, '\'');
+ s = tmp s ? tmp : s;
+ tmp = strrchr(s, '');
+ s = tmp s ? tmp : s;
+ }
if (s s filename) {
safe_php_register_variable(lbuf, s+1,
NULL, 0 TSRMLS_CC);
} else {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
iliaa Wed Nov 10 19:38:06 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Fixed bug #30750 (Meaningful error message when upload directory is not
accessible).
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.163r2=1.164ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.163 php-src/main/rfc1867.c:1.164
--- php-src/main/rfc1867.c:1.163Mon Sep 13 12:00:23 2004
+++ php-src/main/rfc1867.c Wed Nov 10 19:38:04 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.163 2004/09/13 16:00:23 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.164 2004/11/11 00:38:04 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -130,6 +130,7 @@
#define UPLOAD_ERROR_B2 /* Uploaded file exceeded MAX_FILE_SIZE */
#define UPLOAD_ERROR_C3 /* Partially uploaded */
#define UPLOAD_ERROR_D4 /* No file uploaded */
+#define UPLOAD_ERROR_E6 /* Missing /tmp or similar directory */
void php_rfc1867_register_constants(TSRMLS_D)
{
@@ -138,6 +139,7 @@
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_FORM_SIZE, UPLOAD_ERROR_B,
CONST_CS | CONST_PERSISTENT);
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_PARTIAL,UPLOAD_ERROR_C,
CONST_CS | CONST_PERSISTENT);
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_NO_FILE,UPLOAD_ERROR_D,
CONST_CS | CONST_PERSISTENT);
+ REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_NO_TMP_DIR, UPLOAD_ERROR_E,
CONST_CS | CONST_PERSISTENT);
}
static void normalize_protected_variable(char *varname TSRMLS_DC)
@@ -963,12 +965,14 @@
}
}
+ total_bytes = cancel_upload = 0;
+
if (!skip_upload) {
/* Handle file */
fp =
php_open_temporary_file(PG(upload_tmp_dir), php, temp_filename TSRMLS_CC);
if (!fp) {
sapi_module.sapi_error(E_WARNING, File
upload error - unable to create a temporary file);
- skip_upload = 1;
+ cancel_upload = UPLOAD_ERROR_E;
}
}
if (skip_upload) {
@@ -977,9 +981,6 @@
continue;
}
- total_bytes = 0;
- cancel_upload = 0;
-
if(strlen(filename) == 0) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE, No file
uploaded);
@@ -1011,11 +1012,13 @@
total_bytes += wlen;
}
}
- }
- fclose(fp);
+ }
+ if (fp) { /* may not be initialized if file could not
be created */
+ fclose(fp);
+ }
#if DEBUG_FILE_UPLOAD
- if(strlen(filename) 0 total_bytes == 0) {
+ if(strlen(filename) 0 total_bytes == 0
!cancel_upload) {
sapi_module.sapi_error(E_WARNING, Uploaded
file size 0 - file [%s=%s] not saved, param, filename);
cancel_upload = 5;
}
@@ -1023,7 +1026,9 @@
if (cancel_upload) {
if (temp_filename) {
- unlink(temp_filename);
+ if (cancel_upload != UPLOAD_ERROR_E) {
/* file creation failed */
+ unlink(temp_filename);
+ }
efree(temp_filename);
}
temp_filename=;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Mon Sep 13 12:00:23 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
only allow valid arrays at this point
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.162r2=1.163ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.162 php-src/main/rfc1867.c:1.163
--- php-src/main/rfc1867.c:1.162Sun Sep 12 06:45:14 2004
+++ php-src/main/rfc1867.c Mon Sep 13 12:00:23 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.162 2004/09/12 10:45:14 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.163 2004/09/13 16:00:23 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -950,6 +950,10 @@
c++;
} else if (*tmp == ']') {
c--;
+ if (tmp[1] tmp[1] != '[') {
+ skip_upload = 1;
+ break;
+ }
}
if (c 0) {
skip_upload = 1;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Sun Sep 12 06:45:15 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
New Rule: Never try to repair potential malicious user input
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.161r2=1.162ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.161 php-src/main/rfc1867.c:1.162
--- php-src/main/rfc1867.c:1.161Wed Aug 11 00:27:01 2004
+++ php-src/main/rfc1867.c Sun Sep 12 06:45:14 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.161 2004/08/11 04:27:01 pollita Exp $ */
+/* $Id: rfc1867.c,v 1.162 2004/09/12 10:45:14 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -939,6 +939,25 @@
} else {
is_anonymous = 0;
}
+
+ /* New Rule: never repair potential malicious user input */
+ if (!skip_upload) {
+ char *tmp = param;
+ long c = 0;
+
+ while (*tmp) {
+ if (*tmp == '[') {
+ c++;
+ } else if (*tmp == ']') {
+ c--;
+ }
+ if (c 0) {
+ skip_upload = 1;
+ break;
+ }
+ tmp++;
+ }
+ }
if (!skip_upload) {
/* Handle file */
@@ -1013,10 +1032,6 @@
* start_arr is set to point to 1st [
*/
is_arr_upload = (start_arr = strchr(param,'['))
(param[strlen(param)-1] == ']');
- /* handle unterminated [ */
- if (!is_arr_upload start_arr) {
- *start_arr = '_';
- }
if (is_arr_upload) {
array_len = strlen(start_arr);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
pollita Wed Aug 11 00:27:01 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Minor format specifier fixes
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.160r2=1.161ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.160 php-src/main/rfc1867.c:1.161
--- php-src/main/rfc1867.c:1.160Sun Jul 25 15:19:26 2004
+++ php-src/main/rfc1867.c Wed Aug 11 00:27:01 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.160 2004/07/25 19:19:26 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.161 2004/08/11 04:27:01 pollita Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -786,7 +786,7 @@
zend_llist header;
if (SG(request_info).content_length SG(post_max_size)) {
- sapi_module.sapi_error(E_WARNING, POST Content-Length of %d bytes
exceeds the limit of %d bytes, SG(request_info).content_length, SG(post_max_size));
+ sapi_module.sapi_error(E_WARNING, POST Content-Length of %ld bytes
exceeds the limit of %ld bytes, SG(request_info).content_length, SG(post_max_size));
return;
}
@@ -981,7 +981,7 @@
if (wlen blen) {
#if DEBUG_FILE_UPLOAD
- sapi_module.sapi_error(E_NOTICE, Only
%d bytes were written, expected to write %ld, wlen, blen);
+ sapi_module.sapi_error(E_NOTICE, Only
%d bytes were written, expected to write %d, wlen, blen);
#endif
cancel_upload = UPLOAD_ERROR_C;
} else {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
iliaa Sun Jul 25 15:19:26 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Fixed bug #29369 (Uploaded files with ' or in their names get their names
truncated at those characters).
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.159r2=1.160ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.159 php-src/main/rfc1867.c:1.160
--- php-src/main/rfc1867.c:1.159Sat Jul 10 03:46:09 2004
+++ php-src/main/rfc1867.c Sun Jul 25 15:19:26 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.159 2004/07/10 07:46:09 andi Exp $ */
+/* $Id: rfc1867.c,v 1.160 2004/07/25 19:19:26 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -632,6 +632,7 @@
if ((quote = *str) == '' || quote == '\'') {
strend = str + 1;
+look_for_quote:
while (*strend *strend != quote) {
if (*strend == '\\' strend[1] strend[1] == quote) {
strend += 2;
@@ -639,6 +640,14 @@
++strend;
}
}
+ if (*strend *strend == quote) {
+ char p = *(strend + 1);
+ if (p != '\r' p != '\n' p != '\0') {
+ strend++;
+ goto look_for_quote;
+ }
+ }
+
res = substring_conf(str + 1, strend - str - 1, quote TSRMLS_CC);
if (*strend == quote) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Sun May 23 06:00:59 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
This is more correct.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.157r2=1.158ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.157 php-src/main/rfc1867.c:1.158
--- php-src/main/rfc1867.c:1.157Fri May 21 04:16:13 2004
+++ php-src/main/rfc1867.c Sun May 23 06:00:59 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.157 2004/05/21 08:16:13 derick Exp $ */
+/* $Id: rfc1867.c,v 1.158 2004/05/23 10:00:59 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1044,19 +1044,19 @@
php_mb_gpc_encoding_converter(filename,
str_len, 1, NULL, NULL TSRMLS_CC);
}
s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
- if (tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) {
+ if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC))
s) {
s = tmp;
}
num_vars--;
} else {
s = strrchr(filename, '\\');
- if (tmp = strrchr(filename, '/')) {
+ if ((tmp = strrchr(filename, '/')) s) {
s = tmp;
}
}
#else
s = strrchr(filename, '\\');
- if (tmp = strrchr(filename, '/')) {
+ if ((tmp = strrchr(filename, '/')) s) {
s = tmp;
}
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
derick Fri May 21 04:11:43 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Fixed bug #28456 (Problem with enclosed / in uploaded file names)
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.155r2=1.156ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.155 php-src/main/rfc1867.c:1.156
--- php-src/main/rfc1867.c:1.155Tue May 11 11:30:54 2004
+++ php-src/main/rfc1867.c Fri May 21 04:11:43 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.155 2004/05/11 15:30:54 derick Exp $ */
+/* $Id: rfc1867.c,v 1.156 2004/05/21 08:11:43 derick Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -835,7 +835,7 @@
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
- char *cd=NULL,*param=NULL,*filename=NULL;
+ char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
int blen=0, wlen=0;
zend_llist_clean(header);
@@ -1044,12 +1044,21 @@
php_mb_gpc_encoding_converter(filename,
str_len, 1, NULL, NULL TSRMLS_CC);
}
s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
+ if (tmp = php_mb_strrchr(filename, '/')) {
+ s = tmp;
+ }
num_vars--;
} else {
s = strrchr(filename, '\\');
+ if (tmp = strrchr(filename, '/')) {
+ s = tmp;
+ }
}
#else
s = strrchr(filename, '\\');
+ if (tmp = strrchr(filename, '/')) {
+ s = tmp;
+ }
#endif
if (!is_anonymous) {
if (s s filename) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
derick Fri May 21 04:16:13 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Fixed TSRM problem in latest commit.
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.156r2=1.157ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.156 php-src/main/rfc1867.c:1.157
--- php-src/main/rfc1867.c:1.156Fri May 21 04:11:43 2004
+++ php-src/main/rfc1867.c Fri May 21 04:16:13 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.156 2004/05/21 08:11:43 derick Exp $ */
+/* $Id: rfc1867.c,v 1.157 2004/05/21 08:16:13 derick Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -1044,7 +1044,7 @@
php_mb_gpc_encoding_converter(filename,
str_len, 1, NULL, NULL TSRMLS_CC);
}
s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
- if (tmp = php_mb_strrchr(filename, '/')) {
+ if (tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) {
s = tmp;
}
num_vars--;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
derick Tue May 11 11:30:54 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Fixed defines
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.154r2=1.155ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.154 php-src/main/rfc1867.c:1.155
--- php-src/main/rfc1867.c:1.154Thu Mar 25 16:27:23 2004
+++ php-src/main/rfc1867.c Tue May 11 11:30:54 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.154 2004/03/25 21:27:23 derick Exp $ */
+/* $Id: rfc1867.c,v 1.155 2004/05/11 15:30:54 derick Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -948,7 +948,7 @@
cancel_upload = 0;
if(strlen(filename) == 0) {
-#ifdef DEBUG_FILE_UPLOAD
+#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE, No file uploaded);
#endif
cancel_upload = UPLOAD_ERROR_D;
@@ -957,12 +957,12 @@
while (!cancel_upload (blen = multipart_buffer_read(mbuff,
buff, sizeof(buff) TSRMLS_CC)))
{
if (PG(upload_max_filesize) 0 total_bytes
PG(upload_max_filesize)) {
-#ifdef DEBUG_FILE_UPLOAD
+#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved,
PG(upload_max_filesize), param, filename);
#endif
cancel_upload = UPLOAD_ERROR_A;
} else if (max_file_size (total_bytes
max_file_size)) {
-#ifdef DEBUG_FILE_UPLOAD
+#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved, max_file_size, param,
filename);
#endif
cancel_upload = UPLOAD_ERROR_B;
@@ -970,7 +970,7 @@
wlen = fwrite(buff, 1, blen, fp);
if (wlen blen) {
-#ifdef DEBUG_FILE_UPLOAD
+#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE, Only
%d bytes were written, expected to write %ld, wlen, blen);
#endif
cancel_upload = UPLOAD_ERROR_C;
@@ -981,7 +981,7 @@
}
fclose(fp);
-#ifdef DEBUG_FILE_UPLOAD
+#if DEBUG_FILE_UPLOAD
if(strlen(filename) 0 total_bytes == 0) {
sapi_module.sapi_error(E_WARNING, Uploaded file size
0 - file [%s=%s] not saved, param, filename);
cancel_upload = 5;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c ZendEngine2 zend_operators.c
derick Wed Mar 24 09:28:41 2004 EDT
Modified files:
/ZendEngine2zend_operators.c
/php-src/main rfc1867.c
Log:
- Revert bogus commit
http://cvs.php.net/diff.php/ZendEngine2/zend_operators.c?r1=1.186r2=1.187ty=u
Index: ZendEngine2/zend_operators.c
diff -u ZendEngine2/zend_operators.c:1.186 ZendEngine2/zend_operators.c:1.187
--- ZendEngine2/zend_operators.c:1.186 Wed Mar 24 08:31:19 2004
+++ ZendEngine2/zend_operators.cWed Mar 24 09:28:40 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: zend_operators.c,v 1.186 2004/03/24 13:31:19 derick Exp $ */
+/* $Id: zend_operators.c,v 1.187 2004/03/24 14:28:40 derick Exp $ */
#include ctype.h
@@ -34,6 +34,8 @@
#include ext/bcmath/number.h
#endif
+#define LONG_SIGN_MASK (1L (8*sizeof(long)-1))
+
ZEND_API int zend_atoi(const char *str, int str_len)
{
int retval;
@@ -725,8 +727,8 @@
long lval = op1-value.lval + op2-value.lval;
/* check for overflow by comparing sign bits */
- if ( (op1-value.lval LONG_MIN) == (op2-value.lval LONG_MIN)
-(op1-value.lval LONG_MIN) != (lval LONG_MIN)) {
+ if ( (op1-value.lval LONG_SIGN_MASK) == (op2-value.lval
LONG_SIGN_MASK)
+(op1-value.lval LONG_SIGN_MASK) != (lval
LONG_SIGN_MASK)) {
result-value.dval = (double) op1-value.lval + (double)
op2-value.lval;
result-type = IS_DOUBLE;
@@ -765,8 +767,8 @@
long lval = op1-value.lval - op2-value.lval;
/* check for overflow by comparing sign bits */
- if ( (op1-value.lval LONG_MIN) != (op2-value.lval LONG_MIN)
-(op1-value.lval LONG_MIN) != (lval LONG_MIN)) {
+ if ( (op1-value.lval LONG_SIGN_MASK) != (op2-value.lval
LONG_SIGN_MASK)
+(op1-value.lval LONG_SIGN_MASK) != (lval
LONG_SIGN_MASK)) {
result-value.dval = (double) op1-value.lval - (double)
op2-value.lval;
result-type = IS_DOUBLE;
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.152r2=1.153ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.152 php-src/main/rfc1867.c:1.153
--- php-src/main/rfc1867.c:1.152Wed Mar 24 08:31:20 2004
+++ php-src/main/rfc1867.c Wed Mar 24 09:28:41 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.152 2004/03/24 13:31:20 derick Exp $ */
+/* $Id: rfc1867.c,v 1.153 2004/03/24 14:28:41 derick Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -957,22 +957,16 @@
while (!cancel_upload (blen = multipart_buffer_read(mbuff,
buff, sizeof(buff) TSRMLS_CC)))
{
if (PG(upload_max_filesize) 0 total_bytes
PG(upload_max_filesize)) {
-#ifdef DEBUG_FILE_UPLOAD
- sapi_module.sapi_error(E_NOTICE,
upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved,
PG(upload_max_filesize), param, filename);
-#endif
+ sapi_module.sapi_error(E_WARNING,
upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved,
PG(upload_max_filesize), param, filename);
cancel_upload = UPLOAD_ERROR_A;
} else if (max_file_size (total_bytes
max_file_size)) {
-#ifdef DEBUG_FILE_UPLOAD
- sapi_module.sapi_error(E_NOTICE,
MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved, max_file_size, param,
filename);
-#endif
+ sapi_module.sapi_error(E_WARNING,
MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved, max_file_size, param,
filename);
cancel_upload = UPLOAD_ERROR_B;
} else if (blen 0) {
wlen = fwrite(buff, 1, blen, fp);
if (wlen blen) {
-#ifdef DEBUG_FILE_UPLOAD
- sapi_module.sapi_error(E_NOTICE, Only
%d bytes were written, expected to write %ld, wlen, blen);
-#endif
+ sapi_module.sapi_error(E_WARNING,
Only %d bytes were written, expected to write %ld, wlen, blen);
cancel_upload = UPLOAD_ERROR_C;
} else {
total_bytes += wlen;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Thu Feb 12 13:27:34 2004 EDT
Modified files:
/php-src/main rfc1867.c
Log:
better write into the correct buffer
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.150r2=1.151ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.150 php-src/main/rfc1867.c:1.151
--- php-src/main/rfc1867.c:1.150Thu Jan 8 03:17:54 2004
+++ php-src/main/rfc1867.c Thu Feb 12 13:27:33 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.150 2004/01/08 08:17:54 andi Exp $ */
+/* $Id: rfc1867.c,v 1.151 2004/02/12 18:27:33 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -90,6 +90,9 @@
if (*num_vars=*num_vars_max){
php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max,
16 TSRMLS_CC);
+ /* in case realloc relocated the buffer */
+ val_list = *pval_list;
+ len_list = *plen_list;
}
val_list[*num_vars] = (char *)estrdup(param);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
derick Sun Dec 7 09:47:36 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
- Add comment, I put this ina week ago and it already confused me :)
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.148 php-src/main/rfc1867.c:1.149
--- php-src/main/rfc1867.c:1.148Sat Nov 29 10:24:35 2003
+++ php-src/main/rfc1867.c Sun Dec 7 09:47:35 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.148 2003/11/29 15:24:35 derick Exp $ */
+/* $Id: rfc1867.c,v 1.149 2003/12/07 14:47:35 derick Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -881,7 +881,7 @@
if (!filename param) {
char *value = multipart_buffer_read_body(mbuff
TSRMLS_CC);
- unsigned int new_val_len;
+ unsigned int new_val_len; /* Dummy variable */
if (!value) {
value = estrdup();
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
If we allow odd increments (the code actually increased the limit by 1) the boundary check is worthless. The last time I commited something I added a +2 so catch all kinds of off-by-one or off-by-two (this already catched the filename) Example: num_vars = 10 and num_var_max = 11 if (num_vars = num_vars_max) is false and the buffer is not resized but we write to array[10] and array[11] (where array[10] was the last allocated). This happens everytime we allow odd increments. In the current code this is no security threat, because always 2 more are allocated. Nevertheless now the code stays within the boundary and the 2 element safety buffer isnt needed anymore. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
Okay, thank you for letting me know it in detail. BTW There should have been more cleaner code :) I'll take a look at it if time permits. Moriyoshi On 2003/11/14, at 0:25, Stefan Esser wrote: If we allow odd increments (the code actually increased the limit by 1) the boundary check is worthless. The last time I commited something I added a +2 so catch all kinds of off-by-one or off-by-two (this already catched the filename) Example: num_vars = 10 and num_var_max = 11 if (num_vars = num_vars_max) is false and the buffer is not resized but we write to array[10] and array[11] (where array[10] was the last allocated). This happens everytime we allow odd increments. In the current code this is no security threat, because always 2 more are allocated. Nevertheless now the code stays within the boundary and the 2 element safety buffer isnt needed anymore. Stefan -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Wed Nov 12 17:34:59 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Fix odd increments to repair the boundary checks.
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.145 php-src/main/rfc1867.c:1.146
--- php-src/main/rfc1867.c:1.145Wed Nov 5 18:27:41 2003
+++ php-src/main/rfc1867.c Wed Nov 12 17:34:58 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.145 2003/11/05 23:27:41 hirokawa Exp $ */
+/* $Id: rfc1867.c,v 1.146 2003/11/12 22:34:58 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -73,6 +73,10 @@
void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max,
int inc TSRMLS_DC)
{
+ /* allow only even increments */
+ if (inc 1) {
+ inc++;
+ }
(*num_vars_max) += inc;
*pval_list = (char **)erealloc(*pval_list, (*num_vars_max+2)*sizeof(char *));
*plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int));
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php-src /main rfc1867.c
sesser Wed Nov 12 17:34:59 2003 EDT Modified files: /php-src/main rfc1867.c Log: Fix odd increments to repair the boundary checks. I might be missing something, but what is the exact problem behind the description? As far as I'm concerned, that weird increment is necessary because the variable name and its value are stored alternately in the vector. Moriyoshi -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
hirokawaWed Nov 5 18:27:42 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
added buffer reallocation for filename.
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.144 php-src/main/rfc1867.c:1.145
--- php-src/main/rfc1867.c:1.144Mon Nov 3 06:46:33 2003
+++ php-src/main/rfc1867.c Wed Nov 5 18:27:41 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.144 2003/11/03 11:46:33 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.145 2003/11/05 23:27:41 hirokawa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -71,18 +71,23 @@
}
}
+void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max,
int inc TSRMLS_DC)
+{
+ (*num_vars_max) += inc;
+ *pval_list = (char **)erealloc(*pval_list, (*num_vars_max+2)*sizeof(char *));
+ *plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int));
+}
+
void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int
**plen_list, int *num_vars, int *num_vars_max TSRMLS_DC)
{
char **val_list=*pval_list;
int *len_list=*plen_list;
- if (*num_vars=*num_vars_max){
- (*num_vars_max) += 16;
- *pval_list = (char **)erealloc(val_list, (*num_vars_max+2)*sizeof(char
*));
- *plen_list = (int *)erealloc(len_list, (*num_vars_max+2)*sizeof(int));
- val_list=*pval_list;
- len_list=*plen_list;
+ if (*num_vars=*num_vars_max){
+ php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max,
+ 16 TSRMLS_CC);
}
+
val_list[*num_vars] = (char *)estrdup(param);
len_list[*num_vars] = strlen(param);
(*num_vars)++;
@@ -1012,6 +1017,10 @@
#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
if (php_mb_encoding_translation(TSRMLS_C)) {
+ if (num_vars=num_vars_max){
+ php_mb_gpc_realloc_buffer(val_list,
len_list, num_vars_max,
+
1 TSRMLS_CC);
+ }
val_list[num_vars] = filename;
len_list[num_vars] = strlen(filename);
num_vars++;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Mon Nov 3 04:16:25 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
It is usually a good idea to write only into allocated bufferspace.
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.142 php-src/main/rfc1867.c:1.143
--- php-src/main/rfc1867.c:1.142Wed Oct 22 10:14:04 2003
+++ php-src/main/rfc1867.c Mon Nov 3 04:16:24 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.142 2003/10/22 14:14:04 hirokawa Exp $ */
+/* $Id: rfc1867.c,v 1.143 2003/11/03 09:16:24 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -78,8 +78,8 @@
if (*num_vars=*num_vars_max){
(*num_vars_max) += 16;
- *pval_list = (char **)erealloc(val_list, *num_vars_max*sizeof(char *));
- *plen_list = (int *)erealloc(len_list, *num_vars_max*sizeof(int));
+ *pval_list = (char **)erealloc(val_list, (*num_vars_max+2)*sizeof(char
*));
+ *plen_list = (int *)erealloc(len_list, (*num_vars_max+2)*sizeof(int));
val_list=*pval_list;
len_list=*plen_list;
}
@@ -755,7 +755,7 @@
int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous;
zval *http_post_files=NULL;
#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
- int str_len = 0, num_vars = 0, num_vars_max = 2*10+1, *len_list = NULL;
+ int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL;
char **val_list = NULL;
#endif
zend_bool magic_quotes_gpc;
@@ -814,8 +814,8 @@
#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
if (php_mb_encoding_translation(TSRMLS_C)) {
- val_list = (char **)ecalloc(num_vars_max, sizeof(char *));
- len_list = (int *)ecalloc(num_vars_max, sizeof(int));
+ val_list = (char **)ecalloc(num_vars_max+2, sizeof(char *));
+ len_list = (int *)ecalloc(num_vars_max+2, sizeof(int));
}
#endif
zend_llist_init(header, sizeof(mime_header_entry), (llist_dtor_func_t)
php_free_hdr_entry, 0);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sesser Mon Nov 3 06:46:34 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Fixed possible crashbug.
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.143 php-src/main/rfc1867.c:1.144
--- php-src/main/rfc1867.c:1.143Mon Nov 3 04:16:24 2003
+++ php-src/main/rfc1867.c Mon Nov 3 06:46:33 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.143 2003/11/03 09:16:24 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.144 2003/11/03 11:46:33 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -139,7 +139,7 @@
/* and remove it */
if (s != varname) {
- memcpy(varname, s, strlen(s)+1);
+ memmove(varname, s, strlen(s)+1);
}
for (p=varname; *p *p != '['; p++) {
@@ -170,7 +170,7 @@
indexend = indexend ? indexend + 1 : index + strlen(index);
if (s != index) {
- memcpy(s, index, strlen(s)+1);
+ memmove(s, index, strlen(index)+1);
s += indexend-index;
} else {
s = indexend;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
moriyoshi Thu Jul 3 11:26:12 2003 EDT Modified files: /php-src/main rfc1867.c Log: Fix build Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.140 php-src/main/rfc1867.c:1.141 --- php-src/main/rfc1867.c:1.140Wed Jul 2 22:59:04 2003 +++ php-src/main/rfc1867.c Thu Jul 3 11:26:12 2003 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: rfc1867.c,v 1.140 2003/07/03 02:59:04 sniper Exp $ */ +/* $Id: rfc1867.c,v 1.141 2003/07/03 15:26:12 moriyoshi Exp $ */ /* * This product includes software developed by the Apache Group @@ -700,7 +700,7 @@ int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous; zval *http_post_files=NULL; #if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING) - int str_len=0 + int str_len = 0; #endif zend_bool magic_quotes_gpc; multipart_buffer *mbuff; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
iliaa Wed Jul 2 20:55:20 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Compiler warning fix.
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.138 php-src/main/rfc1867.c:1.139
--- php-src/main/rfc1867.c:1.138Sat Jun 28 19:37:18 2003
+++ php-src/main/rfc1867.c Wed Jul 2 20:55:20 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.138 2003/06/28 23:37:18 hirokawa Exp $ */
+/* $Id: rfc1867.c,v 1.139 2003/07/03 00:55:20 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -696,8 +696,10 @@
{
char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL,
*array_index=NULL;
char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL;
- int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0, max_file_size=0, skip_upload=0, str_len=0, anonindex=0, is_anonymous;
- zval *http_post_files=NULL;
+ int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0, max_file_size=0, skip_upload=0, anonindex=0, is_anonymous;zval
*http_post_files=NULL;
+#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
+ int str_len=0
+#endif
zend_bool magic_quotes_gpc;
multipart_buffer *mbuff;
zval *array_ptr = (zval *) arg;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src /main rfc1867.c
sniper Wed Jul 2 22:59:05 2003 EDT
Modified files:
/php-src/main rfc1867.c
Log:
Cut the long line a bit for readability..
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.139 php-src/main/rfc1867.c:1.140
--- php-src/main/rfc1867.c:1.139Wed Jul 2 20:55:20 2003
+++ php-src/main/rfc1867.c Wed Jul 2 22:59:04 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.139 2003/07/03 00:55:20 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.140 2003/07/03 02:59:04 sniper Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -696,7 +696,9 @@
{
char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL,
*array_index=NULL;
char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL;
- int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0, max_file_size=0, skip_upload=0, anonindex=0, is_anonymous;zval
*http_post_files=NULL;
+ int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0;
+ int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous;
+ zval *http_post_files=NULL;
#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
int str_len=0
#endif
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
