ID:               38236
 Updated by:       [EMAIL PROTECTED]
 Reported By:      tsteinbr at igd dot fraunhofer dot de
-Status:           Open
+Status:           Assigned
 Bug Type:         HTTP related
 Operating System: Linux (Debian 3.1)
 PHP Version:      5.1.4
-Assigned To:      
+Assigned To:      iliaa


Previous Comments:
------------------------------------------------------------------------

[2006-07-27 13:22:50] tsteinbr at igd dot fraunhofer dot de

Description:
------------
Binary data supplied from the client via multipart/formdata POST
(rfc1867) gets corrupted. Data will be truncated at the first occurence
of a zero byte.


Reproduce code:
---------------
We post a variable called "mydata" containing "test\0test" (test,
binary zero, test). This data is 9 bytes long.

We use the following PHP code to dump all submitted POST data:
var_dump($_POST);

Here's a hex dump of the POST:
0000: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d ----------------
0010: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 64 35 --------------d5
0020: 66 34 30 63 31 30 63 39 32 66 0d 0a 43 6f 6e 74 f40c10c92f..Cont
0030: 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a ent-Disposition:
0040: 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65  form-data; name
0050: 3d 22 6d 79 64 61 74 61 22 0d 0a 0d 0a 74 65 73 ="mydata"....tes
0060: 74 00 74 65 73 74 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d t.test..--------
0070: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d ----------------
0080: 2d 2d 2d 2d 2d 2d 64 35 66 34 30 63 31 30 63 39 ------d5f40c10c9
0090: 32 66 2d 2d 0d 0a                               2f--

And here's C code (using libcurl) that will generate such a request,
which is perfectly RFC1867 compliant:

curl_formadd(&post, &last,
                CURLFORM_COPYNAME, "mydata",
                CURLFORM_PTRCONTENTS, "test\0test",         
               CURLFORM_CONTENTSLENGTH, 9,
               CURLFORM_END);


Expected result:
----------------
array(1) {
  ["mydata"]=>
  string(9) "test"
}



Actual result:
--------------
array(1) {
  ["mydata"]=>
  string(4) "test"
}

Note: The problem can by worked around by using Base64 encoding, etc,
but that's not the point. RFC1867 was created for providing a method of
sending large quantities of binary data or text containing non-ASCII
characters, without the need for inefficient coding. 


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=38236&edit=1

Reply via email to