Only in php-4.4.9: c Only in php-4.4.9: config.cache Only in php-4.4.9: config.log Only in php-4.4.9: config.nice Only in php-4.4.9: config.status Only in php-4.4.9: do-conf.module Only in php-4.4.9: include Only in php-4.4.9: libs Only in php-4.4.9: libtool Only in php-4.4.9/main: build-defs.h Only in php-4.4.9/main: internal_functions.c Only in php-4.4.9/main: internal_functions_cli.c Only in php-4.4.9/main: php_config.h diff -x '*.o' -x '*.lo' -c -r php-4.4.9.original/main/rfc1867.c php-4.4.9/main/rfc1867.c *** php-4.4.9.original/main/rfc1867.c 2007-12-31 05:22:55.000000000 -0200 --- php-4.4.9/main/rfc1867.c 2009-01-14 22:23:28.000000000 -0200 *************** *** 34,39 **** --- 34,41 ---- #undef DEBUG_FILE_UPLOAD + PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void **extra TSRMLS_DC) = NULL; + #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) #include "ext/mbstring/mbstring.h" *************** *** 128,133 **** --- 130,136 ---- #define UPLOAD_ERROR_D 4 /* No file uploaded */ #define UPLOAD_ERROR_E 6 /* Missing /tmp or similar directory */ #define UPLOAD_ERROR_F 7 /* Failed to write file to disk */ + #define UPLOAD_ERROR_X 8 /* File upload stopped by extension */ void php_rfc1867_register_constants(TSRMLS_D) { *************** *** 138,143 **** --- 141,147 ---- REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE", UPLOAD_ERROR_D, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT); + REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION", UPLOAD_ERROR_X, CONST_CS | CONST_PERSISTENT); } static void normalize_protected_variable(char *varname TSRMLS_DC) *************** *** 787,798 **** --- 791,805 ---- zval *array_ptr = (zval *) arg; int fd=-1; zend_llist header; + void *event_extra_data = NULL; + fprintf(stderr, "%s %ld %ld %ld\n", __FILE__, __LINE__, SG(request_info).content_length, SG(post_max_size)); if (SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); return; } + fprintf(stderr, "%s %d\n", __FILE__, __LINE__); /* Get the boundary */ boundary = strstr(content_type_dup, "boundary"); if (!boundary || !(boundary=strchr(boundary, '='))) { *************** *** 803,808 **** --- 810,816 ---- boundary++; boundary_len = strlen(boundary); + fprintf(stderr, "%s %d\n", __FILE__, __LINE__); if (boundary[0] == '"') { boundary++; boundary_end = strchr(boundary, '"'); *************** *** 819,824 **** --- 827,833 ---- boundary_len = boundary_end-boundary; } + fprintf(stderr, "%s %d\n", __FILE__, __LINE__); /* Initialize the buffer */ if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) { sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer"); *************** *** 845,860 **** #endif zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0); while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; ! int blen=0, wlen=0; zend_llist_clean(&header); if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) { ! SAFE_RETURN; } if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) { --- 854,881 ---- #endif zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0); + fprintf(stderr, "%s %d\n", __FILE__, __LINE__); + if (php_rfc1867_callback != NULL) { + multipart_event_start event_start; + fprintf(stderr, "%s %d\n", __FILE__, __LINE__); + + event_start.content_length = SG(request_info).content_length; + if (php_rfc1867_callback(MULTIPART_EVENT_START, &event_start, &event_extra_data TSRMLS_CC) == FAILURE) { + goto fileupload_done; + } + } + while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; ! size_t blen=0, wlen=0; ! off_t offset; zend_llist_clean(&header); if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) { ! goto fileupload_done; } if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) { *************** *** 896,908 **** /* Normal form variable, safe to read all data into memory */ if (!filename && param) { ! unsigned int value_len; char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC); if (!value) { value = estrdup(""); } #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) if (php_mb_encoding_translation(TSRMLS_C)) { php_mb_gpc_stack_variable(param, value, &val_list, &len_list, --- 917,941 ---- /* Normal form variable, safe to read all data into memory */ if (!filename && param) { ! unsigned int value_len; char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC); + unsigned int new_val_len; /* Dummy variable */ if (!value) { value = estrdup(""); } + if (php_rfc1867_callback != NULL) { + multipart_event_formdata event_formdata; + + event_formdata.post_bytes_processed = SG(read_post_bytes); + event_formdata.name = param; + event_formdata.value = &value; + event_formdata.length = value_len; + event_formdata.newlength = NULL; + php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC); + } + #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) if (php_mb_encoding_translation(TSRMLS_C)) { php_mb_gpc_stack_variable(param, value, &val_list, &len_list, *************** *** 924,945 **** /* If file_uploads=off, skip the file part */ if (!PG(file_uploads)) { ! if (filename) { ! efree(filename); ! } ! if (param) { ! efree(param); ! } ! continue; } /* Return with an error if the posted data is garbled */ ! if (!param) { sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled"); ! if (filename) { ! efree(filename); ! } ! SAFE_RETURN; } /* New Rule: never repair potential malicious user input */ --- 957,969 ---- /* If file_uploads=off, skip the file part */ if (!PG(file_uploads)) { ! skip_upload = 1; } /* Return with an error if the posted data is garbled */ ! if (!param && !filename) { sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled"); ! goto fileupload_done; } /* New Rule: never repair potential malicious user input */ *************** *** 975,980 **** --- 999,1027 ---- cancel_upload = UPLOAD_ERROR_E; } } + + if (!skip_upload && php_rfc1867_callback != NULL) { + multipart_event_file_start event_file_start; + + event_file_start.post_bytes_processed = SG(read_post_bytes); + event_file_start.name = param; + event_file_start.filename = &filename; + if (php_rfc1867_callback(MULTIPART_EVENT_FILE_START, &event_file_start, &event_extra_data TSRMLS_CC) == FAILURE) { + if (temp_filename) { + if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ + close(fd); + unlink(temp_filename); + } + efree(temp_filename); + } + temp_filename=""; + efree(param); + efree(filename); + continue; + } + } + + if (skip_upload) { efree(param); efree(filename); *************** *** 988,996 **** --- 1035,1059 ---- cancel_upload = UPLOAD_ERROR_D; } + offset = 0; end = 0; while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC))) { + if (php_rfc1867_callback != NULL) { + multipart_event_file_data event_file_data; + + event_file_data.post_bytes_processed = SG(read_post_bytes); + event_file_data.offset = offset; + event_file_data.data = buff; + event_file_data.length = blen; + event_file_data.newlength = &blen; + if (php_rfc1867_callback(MULTIPART_EVENT_FILE_DATA, &event_file_data, &event_extra_data TSRMLS_CC) == FAILURE) { + cancel_upload = UPLOAD_ERROR_X; + continue; + } + } + + if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) { sapi_module.sapi_error(E_WARNING, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename); cancel_upload = UPLOAD_ERROR_A; *************** *** 1006,1011 **** --- 1069,1076 ---- } else { total_bytes += wlen; } + + offset += wlen; } } if (fd!=-1) { *************** *** 1026,1031 **** --- 1091,1107 ---- } #endif + if (php_rfc1867_callback != NULL) { + multipart_event_file_end event_file_end; + + event_file_end.post_bytes_processed = SG(read_post_bytes); + event_file_end.temp_filename = temp_filename; + event_file_end.cancel_upload = cancel_upload; + if (php_rfc1867_callback(MULTIPART_EVENT_FILE_END, &event_file_end, &event_extra_data TSRMLS_CC) == FAILURE) { + cancel_upload = UPLOAD_ERROR_X; + } + } + if (cancel_upload) { if (temp_filename) { if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */ *************** *** 1217,1223 **** efree(param); } } ! SAFE_RETURN; } --- 1293,1306 ---- efree(param); } } ! fileupload_done: ! if (php_rfc1867_callback != NULL) { ! multipart_event_end event_end; ! ! event_end.post_bytes_processed = SG(read_post_bytes); ! php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC); ! } ! SAFE_RETURN; } diff -x '*.o' -x '*.lo' -c -r php-4.4.9.original/main/rfc1867.h php-4.4.9/main/rfc1867.h *** php-4.4.9.original/main/rfc1867.h 2002-07-11 22:49:58.000000000 -0300 --- php-4.4.9/main/rfc1867.h 2009-01-14 22:10:01.000000000 -0200 *************** *** 1,13 **** --- 1,76 ---- + /* + +----------------------------------------------------------------------+ + | PHP Version 5 | + +----------------------------------------------------------------------+ + | Copyright (c) 1997-2006 The PHP Group | + +----------------------------------------------------------------------+ + | This source file is subject to version 3.01 of the PHP license, | + | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | + | http://www.php.net/license/3_01.txt | + | If you did not receive a copy of the PHP license and are unable to | + | obtain it through the world-wide-web, please send a note to | + | license@php.net so we can mail you a copy immediately. | + +----------------------------------------------------------------------+ + | Author: | + +----------------------------------------------------------------------+ + */ + + /* $Id: rfc1867.h,v 1.13.2.1.2.2 2006/07/26 13:22:06 tony2001 Exp $ */ + #ifndef RFC1867_H #define RFC1867_H #include "SAPI.h" #define MULTIPART_CONTENT_TYPE "multipart/form-data" + #define MULTIPART_EVENT_START 0 + #define MULTIPART_EVENT_FORMDATA 1 + #define MULTIPART_EVENT_FILE_START 2 + #define MULTIPART_EVENT_FILE_DATA 3 + #define MULTIPART_EVENT_FILE_END 4 + #define MULTIPART_EVENT_END 5 + + typedef struct _multipart_event_start { + size_t content_length; + } multipart_event_start; + + typedef struct _multipart_event_formdata { + size_t post_bytes_processed; + char *name; + char **value; + size_t length; + size_t *newlength; + } multipart_event_formdata; + + typedef struct _multipart_event_file_start { + size_t post_bytes_processed; + char *name; + char **filename; + } multipart_event_file_start; + + typedef struct _multipart_event_file_data { + size_t post_bytes_processed; + off_t offset; + char *data; + size_t length; + size_t *newlength; + } multipart_event_file_data; + + typedef struct _multipart_event_file_end { + size_t post_bytes_processed; + char *temp_filename; + int cancel_upload; + } multipart_event_file_end; + + typedef struct _multipart_event_end { + size_t post_bytes_processed; + } multipart_event_end; SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler); void destroy_uploaded_files_hash(TSRMLS_D); void php_rfc1867_register_constants(TSRMLS_D); + extern PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void **extra TSRMLS_DC); #endif /* RFC1867_H */ Only in php-4.4.9/main: rfc1867.h.rej Only in php-4.4.9: Makefile Only in php-4.4.9: Makefile.fragments Only in php-4.4.9: Makefile.objects Only in php-4.4.9: modules Only in php-4.4.9: php4.spec Only in php-4.4.9/sapi/apache: libphp4.module Only in php-4.4.9/sapi/cli: php.1 Only in php-4.4.9/scripts/man1: php-config.1 Only in php-4.4.9/scripts/man1: phpize.1 Only in php-4.4.9/scripts: php-config Only in php-4.4.9/scripts: phpize Only in php-4.4.9/TSRM: tsrm_config.h Only in php-4.4.9/Zend: zend_config.h