[PHP-CVS] cvs: php-src / NEWS /main rfc1867.c

Wed, 13 Jul 2005 13:44:24 -0700 

iliaa           Wed Jul 13 16:44:09 2005 EDT

  Modified files:              
    /php-src    NEWS 
    /php-src/main       rfc1867.c 
  Log:
  Fixed bug #33673 (Added detection for partially uploaded files).
  
  
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1995&r2=1.1996&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1995 php-src/NEWS:1.1996
--- php-src/NEWS:1.1995 Tue Jul 12 16:40:11 2005
+++ php-src/NEWS        Wed Jul 13 16:44:07 2005
@@ -16,6 +16,7 @@
 - Fixed memory corruption in pg_copy_from() in case the as_null parameter was
   passed. (Derick)
 - Fixed crash inside stream_get_line() when length parameter equals 0. (Ilia)
+- Fixed bug #33673 (Added detection for partially uploaded files). (Ilia)
 - Fixed bug #33605 (substr_compare() crashes with negative offset and length). 
   (Tony)
 - Fixed bug #33597 (setcookie() "expires" date format doesn't comply with RFC).
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.171&r2=1.172&ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.171 php-src/main/rfc1867.c:1.172
--- php-src/main/rfc1867.c:1.171        Mon Apr  4 10:59:40 2005
+++ php-src/main/rfc1867.c      Wed Jul 13 16:44:08 2005
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: rfc1867.c,v 1.171 2005/04/04 14:59:40 thetaphi Exp $ */
+/* $Id: rfc1867.c,v 1.172 2005/07/13 20:44:08 iliaa Exp $ */
 
 /*
  *  This product includes software developed by the Apache Group
@@ -131,6 +131,7 @@
 #define UPLOAD_ERROR_C    3  /* Partially uploaded */
 #define UPLOAD_ERROR_D    4  /* No file uploaded */
 #define UPLOAD_ERROR_E    6  /* Missing /tmp or similar directory */
+#define UPLOAD_ERROR_F    7  /* Failed to write file to disk */
 
 void php_rfc1867_register_constants(TSRMLS_D)
 {
@@ -140,6 +141,7 @@
        REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_PARTIAL",    UPLOAD_ERROR_C,  
CONST_CS | CONST_PERSISTENT);
        REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE",    UPLOAD_ERROR_D,  
CONST_CS | CONST_PERSISTENT);
        REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E,  
CONST_CS | CONST_PERSISTENT);
+       REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F,  
CONST_CS | CONST_PERSISTENT);
 }
 
 static void normalize_protected_variable(char *varname TSRMLS_DC)
@@ -704,7 +706,7 @@
 
 
 /* read until a boundary condition */
-static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes 
TSRMLS_DC)
+static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, 
int *end TSRMLS_DC)
 {
        int len, max;
        char *bound;
@@ -717,6 +719,9 @@
        /* look for a potential boundary match, only read data up to that point 
*/
        if ((bound = php_ap_memstr(self->buf_begin, self->bytes_in_buffer, 
self->boundary_next, self->boundary_next_len, 1))) {
                max = bound - self->buf_begin;
+               if (end && php_ap_memstr(self->buf_begin, 
self->bytes_in_buffer, self->boundary_next, self->boundary_next_len, 0)) {
+                       *end = 1;
+               }
        } else {
                max = self->bytes_in_buffer;
        }
@@ -753,7 +758,7 @@
        char buf[FILLUNIT], *out=NULL;
        int total_bytes=0, read_bytes=0;
 
-       while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf) 
TSRMLS_CC))) {
+       while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf), NULL 
TSRMLS_CC))) {
                out = erealloc(out, total_bytes + read_bytes + 1);
                memcpy(out + total_bytes, buf, read_bytes);
                total_bytes += read_bytes;
@@ -858,6 +863,7 @@
 
                if ((cd = php_mime_get_hdr_value(header, 
"Content-Disposition"))) {
                        char *pair=NULL;
+                       int end=0;
                        
                        while (isspace(*cd)) {
                                ++cd;
@@ -988,7 +994,8 @@
                                cancel_upload = UPLOAD_ERROR_D;
                        }
 
-                       while (!cancel_upload && (blen = 
multipart_buffer_read(mbuff, buff, sizeof(buff) TSRMLS_CC)))
+                       end = 0;
+                       while (!cancel_upload && (blen = 
multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC)))
                        {
                                if (PG(upload_max_filesize) > 0 && total_bytes 
> PG(upload_max_filesize)) {
 #if DEBUG_FILE_UPLOAD
@@ -1007,7 +1014,7 @@
 #if DEBUG_FILE_UPLOAD
                                                
sapi_module.sapi_error(E_NOTICE, "Only %d bytes were written, expected to write 
%d", wlen, blen);
 #endif
-                                               cancel_upload = UPLOAD_ERROR_C;
+                                               cancel_upload = UPLOAD_ERROR_F;
                                        } else {
                                                total_bytes += wlen;
                                        }
@@ -1016,7 +1023,12 @@
                        if (fd!=-1) { /* may not be initialized if file could 
not be created */
                                close(fd);
                        }
-
+                       if (!cancel_upload && !end) {
+#if DEBUG_FILE_UPLOAD
+                               sapi_module.sapi_error(E_NOTICE, "Missing mime 
boundary at the end of the data for file %s", strlen(filename) > 0 ? filename : 
"");
+#endif
+                               cancel_upload = UPLOAD_ERROR_C;
+                       }
 #if DEBUG_FILE_UPLOAD
                        if(strlen(filename) > 0 && total_bytes == 0 && 
!cancel_upload) {
                                sapi_module.sapi_error(E_WARNING, "Uploaded 
file size 0 - file [%s=%s] not saved", param, filename);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to