iliaa Tue, 29 Dec 2009 15:57:54 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=292762
Log: Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). Bug: http://bugs.php.net/48190 (Assigned) Content-type parameter "boundary" is not case-insensitive in HTTP uploads Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/main/rfc1867.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/main/rfc1867.c U php/php-src/trunk/main/rfc1867.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2009-12-29 15:53:35 UTC (rev 292761) +++ php/php-src/branches/PHP_5_2/NEWS 2009-12-29 15:57:54 UTC (rev 292762) @@ -20,6 +20,8 @@ (Jani) - Fixed bug #50394 (Reference argument converted to value in __call). (Stas) - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia) +- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive + in HTTP uploads). (Ilia) - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) - Fixed bug #47002 (Field truncation when reading from dbase dbs with more Modified: php/php-src/branches/PHP_5_2/main/rfc1867.c =================================================================== --- php/php-src/branches/PHP_5_2/main/rfc1867.c 2009-12-29 15:53:35 UTC (rev 292761) +++ php/php-src/branches/PHP_5_2/main/rfc1867.c 2009-12-29 15:57:54 UTC (rev 292762) @@ -33,6 +33,7 @@ #include "php_variables.h" #include "rfc1867.h" #include "php_ini.h" +#include "ext/standard/php_string.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -796,6 +797,8 @@ void *event_extra_data = NULL; int llen = 0; int upload_cnt = INI_INT("max_file_uploads"); + + if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); @@ -804,6 +807,18 @@ /* Get the boundary */ boundary = strstr(content_type_dup, "boundary"); + if (!boundary) { + int content_type_len = strlen(content_type_dup); + char *content_type_lcase = estrndup(content_type_dup, content_type_len); + + php_strtolower(content_type_lcase, content_type_len); + boundary = strstr(content_type_lcase, "boundary"); + if (boundary) { + boundary = content_type_dup + (boundary - content_type_lcase); + } + efree(content_type_lcase); + } + if (!boundary || !(boundary=strchr(boundary, '='))) { sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data"); return; Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2009-12-29 15:53:35 UTC (rev 292761) +++ php/php-src/branches/PHP_5_3/NEWS 2009-12-29 15:57:54 UTC (rev 292762) @@ -7,6 +7,8 @@ (Ilia) - Added stream_resolve_include_path(). (Mikko) +- Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive + in HTTP uploads). (Ilia) - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) Modified: php/php-src/branches/PHP_5_3/main/rfc1867.c =================================================================== --- php/php-src/branches/PHP_5_3/main/rfc1867.c 2009-12-29 15:53:35 UTC (rev 292761) +++ php/php-src/branches/PHP_5_3/main/rfc1867.c 2009-12-29 15:57:54 UTC (rev 292762) @@ -32,6 +32,7 @@ #include "php_globals.h" #include "php_variables.h" #include "rfc1867.h" +#include "ext/standard/php_string.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -796,6 +797,8 @@ void *event_extra_data = NULL; int llen = 0; int upload_cnt = INI_INT("max_file_uploads"); + + if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); @@ -804,6 +807,18 @@ /* Get the boundary */ boundary = strstr(content_type_dup, "boundary"); + if (!boundary) { + int content_type_len = strlen(content_type_dup); + char *content_type_lcase = estrndup(content_type_dup, content_type_len); + + php_strtolower(content_type_lcase, content_type_len); + boundary = strstr(content_type_lcase, "boundary"); + if (boundary) { + boundary = content_type_dup + (boundary - content_type_lcase); + } + efree(content_type_lcase); + } + if (!boundary || !(boundary=strchr(boundary, '='))) { sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data"); return; Modified: php/php-src/trunk/main/rfc1867.c =================================================================== --- php/php-src/trunk/main/rfc1867.c 2009-12-29 15:53:35 UTC (rev 292761) +++ php/php-src/trunk/main/rfc1867.c 2009-12-29 15:57:54 UTC (rev 292762) @@ -32,6 +32,7 @@ #include "php_globals.h" #include "php_variables.h" #include "rfc1867.h" +#include "ext/standard/php_string.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -595,6 +596,8 @@ void *event_extra_data = NULL; int llen = 0; int upload_cnt = INI_INT("max_file_uploads"); + + if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); @@ -603,6 +606,18 @@ /* Get the boundary */ boundary = strstr(content_type_dup, "boundary"); + if (!boundary) { + int content_type_len = strlen(content_type_dup); + char *content_type_lcase = estrndup(content_type_dup, content_type_len); + + php_strtolower(content_type_lcase, content_type_len); + boundary = strstr(content_type_lcase, "boundary"); + if (boundary) { + boundary = content_type_dup + (boundary - content_type_lcase); + } + efree(content_type_lcase); + } + if (!boundary || !(boundary=strchr(boundary, '='))) { sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data"); return;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php