423 lines
13 KiB
Diff
423 lines
13 KiB
Diff
|
diff -x '*.o' -x '*.lo' -c -r php-4.4.4.original/main/rfc1867.c php-4.4.4/main/rfc1867.c
|
||
|
*** php-4.4.4.original/main/rfc1867.c 2006-01-01 11:47:00.000000000 -0200
|
||
|
--- php-4.4.4/main/rfc1867.c 2006-12-17 21:53:19.000000000 -0200
|
||
|
***************
|
||
|
*** 34,39 ****
|
||
|
--- 34,41 ----
|
||
|
|
||
|
#undef DEBUG_FILE_UPLOAD
|
||
|
|
||
|
+ PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void **extra TSRMLS_DC) = NULL;
|
||
|
+
|
||
|
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
|
||
|
#include "ext/mbstring/mbstring.h"
|
||
|
|
||
|
***************
|
||
|
*** 128,133 ****
|
||
|
--- 130,136 ----
|
||
|
#define UPLOAD_ERROR_D 4 /* No file uploaded */
|
||
|
#define UPLOAD_ERROR_E 6 /* Missing /tmp or similar directory */
|
||
|
#define UPLOAD_ERROR_F 7 /* Failed to write file to disk */
|
||
|
+ #define UPLOAD_ERROR_X 8 /* File upload stopped by extension */
|
||
|
|
||
|
void php_rfc1867_register_constants(TSRMLS_D)
|
||
|
{
|
||
|
***************
|
||
|
*** 138,143 ****
|
||
|
--- 141,147 ----
|
||
|
REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE", UPLOAD_ERROR_D, CONST_CS | CONST_PERSISTENT);
|
||
|
REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E, CONST_CS | CONST_PERSISTENT);
|
||
|
REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT);
|
||
|
+ REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION", UPLOAD_ERROR_X, CONST_CS | CONST_PERSISTENT);
|
||
|
}
|
||
|
|
||
|
static void normalize_protected_variable(char *varname TSRMLS_DC)
|
||
|
***************
|
||
|
*** 749,755 ****
|
||
|
XXX: this is horrible memory-usage-wise, but we only expect
|
||
|
to do this on small pieces of form data.
|
||
|
*/
|
||
|
! static char *multipart_buffer_read_body(multipart_buffer *self TSRMLS_DC)
|
||
|
{
|
||
|
char buf[FILLUNIT], *out=NULL;
|
||
|
int total_bytes=0, read_bytes=0;
|
||
|
--- 753,759 ----
|
||
|
XXX: this is horrible memory-usage-wise, but we only expect
|
||
|
to do this on small pieces of form data.
|
||
|
*/
|
||
|
! static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int *len TSRMLS_DC)
|
||
|
{
|
||
|
char buf[FILLUNIT], *out=NULL;
|
||
|
int total_bytes=0, read_bytes=0;
|
||
|
***************
|
||
|
*** 761,766 ****
|
||
|
--- 765,771 ----
|
||
|
}
|
||
|
|
||
|
if (out) out[total_bytes] = '\0';
|
||
|
+ *len = total_bytes;
|
||
|
|
||
|
return out;
|
||
|
}
|
||
|
***************
|
||
|
*** 786,797 ****
|
||
|
--- 791,805 ----
|
||
|
zval *array_ptr = (zval *) arg;
|
||
|
int fd=-1;
|
||
|
zend_llist header;
|
||
|
+ void *event_extra_data = NULL;
|
||
|
|
||
|
+ fprintf(stderr, "%s %ld %ld %ld\n", __FILE__, __LINE__, SG(request_info).content_length, SG(post_max_size));
|
||
|
if (SG(request_info).content_length > SG(post_max_size)) {
|
||
|
sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||
|
/* Get the boundary */
|
||
|
boundary = strstr(content_type_dup, "boundary");
|
||
|
if (!boundary || !(boundary=strchr(boundary, '='))) {
|
||
|
***************
|
||
|
*** 802,807 ****
|
||
|
--- 810,816 ----
|
||
|
boundary++;
|
||
|
boundary_len = strlen(boundary);
|
||
|
|
||
|
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||
|
if (boundary[0] == '"') {
|
||
|
boundary++;
|
||
|
boundary_end = strchr(boundary, '"');
|
||
|
***************
|
||
|
*** 818,823 ****
|
||
|
--- 827,833 ----
|
||
|
boundary_len = boundary_end-boundary;
|
||
|
}
|
||
|
|
||
|
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||
|
/* Initialize the buffer */
|
||
|
if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) {
|
||
|
sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer");
|
||
|
***************
|
||
|
*** 844,859 ****
|
||
|
#endif
|
||
|
zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0);
|
||
|
|
||
|
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
|
||
|
{
|
||
|
char buff[FILLUNIT];
|
||
|
char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
|
||
|
! int blen=0, wlen=0;
|
||
|
|
||
|
zend_llist_clean(&header);
|
||
|
|
||
|
if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) {
|
||
|
! SAFE_RETURN;
|
||
|
}
|
||
|
|
||
|
if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {
|
||
|
--- 854,881 ----
|
||
|
#endif
|
||
|
zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0);
|
||
|
|
||
|
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||
|
+ if (php_rfc1867_callback != NULL) {
|
||
|
+ multipart_event_start event_start;
|
||
|
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
|
||
|
+
|
||
|
+ event_start.content_length = SG(request_info).content_length;
|
||
|
+ if (php_rfc1867_callback(MULTIPART_EVENT_START, &event_start, &event_extra_data TSRMLS_CC) == FAILURE) {
|
||
|
+ goto fileupload_done;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
|
||
|
{
|
||
|
char buff[FILLUNIT];
|
||
|
char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
|
||
|
! size_t blen=0, wlen=0;
|
||
|
! off_t offset;
|
||
|
|
||
|
zend_llist_clean(&header);
|
||
|
|
||
|
if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) {
|
||
|
! goto fileupload_done;
|
||
|
}
|
||
|
|
||
|
if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {
|
||
|
***************
|
||
|
*** 895,907 ****
|
||
|
|
||
|
/* Normal form variable, safe to read all data into memory */
|
||
|
if (!filename && param) {
|
||
|
!
|
||
|
! char *value = multipart_buffer_read_body(mbuff TSRMLS_CC);
|
||
|
|
||
|
if (!value) {
|
||
|
value = estrdup("");
|
||
|
}
|
||
|
|
||
|
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
|
||
|
if (php_mb_encoding_translation(TSRMLS_C)) {
|
||
|
php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
|
||
|
--- 917,941 ----
|
||
|
|
||
|
/* Normal form variable, safe to read all data into memory */
|
||
|
if (!filename && param) {
|
||
|
! unsigned int value_len;
|
||
|
! char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC);
|
||
|
! unsigned int new_val_len; /* Dummy variable */
|
||
|
|
||
|
if (!value) {
|
||
|
value = estrdup("");
|
||
|
}
|
||
|
|
||
|
+ if (php_rfc1867_callback != NULL) {
|
||
|
+ multipart_event_formdata event_formdata;
|
||
|
+
|
||
|
+ event_formdata.post_bytes_processed = SG(read_post_bytes);
|
||
|
+ event_formdata.name = param;
|
||
|
+ event_formdata.value = &value;
|
||
|
+ event_formdata.length = value_len;
|
||
|
+ event_formdata.newlength = NULL;
|
||
|
+ php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
|
||
|
+ }
|
||
|
+
|
||
|
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
|
||
|
if (php_mb_encoding_translation(TSRMLS_C)) {
|
||
|
php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
|
||
|
***************
|
||
|
*** 923,944 ****
|
||
|
|
||
|
/* If file_uploads=off, skip the file part */
|
||
|
if (!PG(file_uploads)) {
|
||
|
! if (filename) {
|
||
|
! efree(filename);
|
||
|
! }
|
||
|
! if (param) {
|
||
|
! efree(param);
|
||
|
! }
|
||
|
! continue;
|
||
|
}
|
||
|
|
||
|
/* Return with an error if the posted data is garbled */
|
||
|
! if (!param) {
|
||
|
sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled");
|
||
|
! if (filename) {
|
||
|
! efree(filename);
|
||
|
! }
|
||
|
! SAFE_RETURN;
|
||
|
}
|
||
|
|
||
|
/* New Rule: never repair potential malicious user input */
|
||
|
--- 957,969 ----
|
||
|
|
||
|
/* If file_uploads=off, skip the file part */
|
||
|
if (!PG(file_uploads)) {
|
||
|
! skip_upload = 1;
|
||
|
}
|
||
|
|
||
|
/* Return with an error if the posted data is garbled */
|
||
|
! if (!param && !filename) {
|
||
|
sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled");
|
||
|
! goto fileupload_done;
|
||
|
}
|
||
|
|
||
|
/* New Rule: never repair potential malicious user input */
|
||
|
***************
|
||
|
*** 974,979 ****
|
||
|
--- 999,1027 ----
|
||
|
cancel_upload = UPLOAD_ERROR_E;
|
||
|
}
|
||
|
}
|
||
|
+
|
||
|
+ if (!skip_upload && php_rfc1867_callback != NULL) {
|
||
|
+ multipart_event_file_start event_file_start;
|
||
|
+
|
||
|
+ event_file_start.post_bytes_processed = SG(read_post_bytes);
|
||
|
+ event_file_start.name = param;
|
||
|
+ event_file_start.filename = &filename;
|
||
|
+ if (php_rfc1867_callback(MULTIPART_EVENT_FILE_START, &event_file_start, &event_extra_data TSRMLS_CC) == FAILURE) {
|
||
|
+ if (temp_filename) {
|
||
|
+ if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */
|
||
|
+ close(fd);
|
||
|
+ unlink(temp_filename);
|
||
|
+ }
|
||
|
+ efree(temp_filename);
|
||
|
+ }
|
||
|
+ temp_filename="";
|
||
|
+ efree(param);
|
||
|
+ efree(filename);
|
||
|
+ continue;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+
|
||
|
if (skip_upload) {
|
||
|
efree(param);
|
||
|
efree(filename);
|
||
|
***************
|
||
|
*** 987,995 ****
|
||
|
--- 1035,1059 ----
|
||
|
cancel_upload = UPLOAD_ERROR_D;
|
||
|
}
|
||
|
|
||
|
+ offset = 0;
|
||
|
end = 0;
|
||
|
while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC)))
|
||
|
{
|
||
|
+ if (php_rfc1867_callback != NULL) {
|
||
|
+ multipart_event_file_data event_file_data;
|
||
|
+
|
||
|
+ event_file_data.post_bytes_processed = SG(read_post_bytes);
|
||
|
+ event_file_data.offset = offset;
|
||
|
+ event_file_data.data = buff;
|
||
|
+ event_file_data.length = blen;
|
||
|
+ event_file_data.newlength = &blen;
|
||
|
+ if (php_rfc1867_callback(MULTIPART_EVENT_FILE_DATA, &event_file_data, &event_extra_data TSRMLS_CC) == FAILURE) {
|
||
|
+ cancel_upload = UPLOAD_ERROR_X;
|
||
|
+ continue;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+
|
||
|
if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) {
|
||
|
sapi_module.sapi_error(E_WARNING, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename);
|
||
|
cancel_upload = UPLOAD_ERROR_A;
|
||
|
***************
|
||
|
*** 1005,1010 ****
|
||
|
--- 1069,1076 ----
|
||
|
} else {
|
||
|
total_bytes += wlen;
|
||
|
}
|
||
|
+
|
||
|
+ offset += wlen;
|
||
|
}
|
||
|
}
|
||
|
if (fd!=-1) {
|
||
|
***************
|
||
|
*** 1025,1030 ****
|
||
|
--- 1091,1107 ----
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
+ if (php_rfc1867_callback != NULL) {
|
||
|
+ multipart_event_file_end event_file_end;
|
||
|
+
|
||
|
+ event_file_end.post_bytes_processed = SG(read_post_bytes);
|
||
|
+ event_file_end.temp_filename = temp_filename;
|
||
|
+ event_file_end.cancel_upload = cancel_upload;
|
||
|
+ if (php_rfc1867_callback(MULTIPART_EVENT_FILE_END, &event_file_end, &event_extra_data TSRMLS_CC) == FAILURE) {
|
||
|
+ cancel_upload = UPLOAD_ERROR_X;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
if (cancel_upload) {
|
||
|
if (temp_filename) {
|
||
|
if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */
|
||
|
***************
|
||
|
*** 1216,1222 ****
|
||
|
efree(param);
|
||
|
}
|
||
|
}
|
||
|
!
|
||
|
SAFE_RETURN;
|
||
|
}
|
||
|
|
||
|
--- 1293,1306 ----
|
||
|
efree(param);
|
||
|
}
|
||
|
}
|
||
|
! fileupload_done:
|
||
|
! if (php_rfc1867_callback != NULL) {
|
||
|
! multipart_event_end event_end;
|
||
|
!
|
||
|
! event_end.post_bytes_processed = SG(read_post_bytes);
|
||
|
! php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC);
|
||
|
! }
|
||
|
!
|
||
|
SAFE_RETURN;
|
||
|
}
|
||
|
|
||
|
diff -x '*.o' -x '*.lo' -c -r php-4.4.4.original/main/rfc1867.h php-4.4.4/main/rfc1867.h
|
||
|
*** php-4.4.4.original/main/rfc1867.h 2002-07-11 22:49:58.000000000 -0300
|
||
|
--- php-4.4.4/main/rfc1867.h 2006-12-17 21:51:56.000000000 -0200
|
||
|
***************
|
||
|
*** 1,13 ****
|
||
|
--- 1,76 ----
|
||
|
+ /*
|
||
|
+ +----------------------------------------------------------------------+
|
||
|
+ | PHP Version 5 |
|
||
|
+ +----------------------------------------------------------------------+
|
||
|
+ | Copyright (c) 1997-2006 The PHP Group |
|
||
|
+ +----------------------------------------------------------------------+
|
||
|
+ | This source file is subject to version 3.01 of the PHP license, |
|
||
|
+ | that is bundled with this package in the file LICENSE, and is |
|
||
|
+ | available through the world-wide-web at the following url: |
|
||
|
+ | http://www.php.net/license/3_01.txt |
|
||
|
+ | If you did not receive a copy of the PHP license and are unable to |
|
||
|
+ | obtain it through the world-wide-web, please send a note to |
|
||
|
+ | license@php.net so we can mail you a copy immediately. |
|
||
|
+ +----------------------------------------------------------------------+
|
||
|
+ | Author: |
|
||
|
+ +----------------------------------------------------------------------+
|
||
|
+ */
|
||
|
+
|
||
|
+ /* $Id: rfc1867.h,v 1.13.2.1.2.2 2006/07/26 13:22:06 tony2001 Exp $ */
|
||
|
+
|
||
|
#ifndef RFC1867_H
|
||
|
#define RFC1867_H
|
||
|
|
||
|
#include "SAPI.h"
|
||
|
|
||
|
#define MULTIPART_CONTENT_TYPE "multipart/form-data"
|
||
|
+ #define MULTIPART_EVENT_START 0
|
||
|
+ #define MULTIPART_EVENT_FORMDATA 1
|
||
|
+ #define MULTIPART_EVENT_FILE_START 2
|
||
|
+ #define MULTIPART_EVENT_FILE_DATA 3
|
||
|
+ #define MULTIPART_EVENT_FILE_END 4
|
||
|
+ #define MULTIPART_EVENT_END 5
|
||
|
+
|
||
|
+ typedef struct _multipart_event_start {
|
||
|
+ size_t content_length;
|
||
|
+ } multipart_event_start;
|
||
|
+
|
||
|
+ typedef struct _multipart_event_formdata {
|
||
|
+ size_t post_bytes_processed;
|
||
|
+ char *name;
|
||
|
+ char **value;
|
||
|
+ size_t length;
|
||
|
+ size_t *newlength;
|
||
|
+ } multipart_event_formdata;
|
||
|
+
|
||
|
+ typedef struct _multipart_event_file_start {
|
||
|
+ size_t post_bytes_processed;
|
||
|
+ char *name;
|
||
|
+ char **filename;
|
||
|
+ } multipart_event_file_start;
|
||
|
+
|
||
|
+ typedef struct _multipart_event_file_data {
|
||
|
+ size_t post_bytes_processed;
|
||
|
+ off_t offset;
|
||
|
+ char *data;
|
||
|
+ size_t length;
|
||
|
+ size_t *newlength;
|
||
|
+ } multipart_event_file_data;
|
||
|
+
|
||
|
+ typedef struct _multipart_event_file_end {
|
||
|
+ size_t post_bytes_processed;
|
||
|
+ char *temp_filename;
|
||
|
+ int cancel_upload;
|
||
|
+ } multipart_event_file_end;
|
||
|
+
|
||
|
+ typedef struct _multipart_event_end {
|
||
|
+ size_t post_bytes_processed;
|
||
|
+ } multipart_event_end;
|
||
|
|
||
|
SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler);
|
||
|
|
||
|
void destroy_uploaded_files_hash(TSRMLS_D);
|
||
|
void php_rfc1867_register_constants(TSRMLS_D);
|
||
|
+ extern PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void **extra TSRMLS_DC);
|
||
|
|
||
|
#endif /* RFC1867_H */
|