[PHP-CVS] cvs: php4 /main rfc1867.c
iliaa Wed Mar 5 12:00:10 2003 EDT
Modified files:
/php4/main rfc1867.c
Log:
Fixed bug #22550 (overflow protection for upload_max_filesize ini setting).
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.134 php4/main/rfc1867.c:1.135
--- php4/main/rfc1867.c:1.134 Thu Feb 20 17:21:49 2003
+++ php4/main/rfc1867.c Wed Mar 5 12:00:09 2003
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: rfc1867.c,v 1.134 2003/02/20 22:21:49 rasmus Exp $ */
+/* $Id: rfc1867.c,v 1.135 2003/03/05 17:00:09 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -861,7 +861,7 @@
while (!cancel_upload (blen = multipart_buffer_read(mbuff,
buff, sizeof(buff) TSRMLS_CC)))
{
- if (total_bytes PG(upload_max_filesize)) {
+ if (PG(upload_max_filesize) 0 total_bytes
PG(upload_max_filesize)) {
sapi_module.sapi_error(E_WARNING,
upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved,
PG(upload_max_filesize), param, filename);
cancel_upload = UPLOAD_ERROR_A;
} else if (max_file_size (total_bytes
max_file_size)) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
sesser Sat Dec 14 05:45:26 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
cleanup
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.127 php4/main/rfc1867.c:1.128
--- php4/main/rfc1867.c:1.127 Tue Dec 10 10:58:31 2002
+++ php4/main/rfc1867.c Sat Dec 14 05:45:25 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.127 2002/12/10 15:58:31 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.128 2002/12/14 10:45:25 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -813,13 +813,7 @@
/* If file_uploads=off, skip the file part */
if (!PG(file_uploads)) {
- if (filename) {
- efree(filename);
- }
- if (param) {
- efree(param);
- }
- continue;
+ skip_upload = 1;
}
/* Return with an error if the posted data is garbled */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
iliaa Tue Dec 10 10:36:26 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
Removed a pointless check. Thanks Stefan.
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.125 php4/main/rfc1867.c:1.126
--- php4/main/rfc1867.c:1.125 Fri Dec 6 19:48:13 2002
+++ php4/main/rfc1867.c Tue Dec 10 10:36:26 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.125 2002/12/07 00:48:13 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.126 2002/12/10 15:36:26 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -840,9 +840,7 @@
}
}
if (skip_upload) {
- if (param) {
- efree(param);
- }
+ efree(param);
if (filename) {
efree(filename);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
iliaa Tue Dec 10 10:58:31 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
Removed one more unneeded check.
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.126 php4/main/rfc1867.c:1.127
--- php4/main/rfc1867.c:1.126 Tue Dec 10 10:36:26 2002
+++ php4/main/rfc1867.c Tue Dec 10 10:58:31 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.126 2002/12/10 15:36:26 iliaa Exp $ */
+/* $Id: rfc1867.c,v 1.127 2002/12/10 15:58:31 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -841,9 +841,7 @@
}
if (skip_upload) {
efree(param);
- if (filename) {
- efree(filename);
- }
+ efree(filename);
continue;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
iliaa Fri Dec 6 19:48:13 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
Fixed bugs #20725 #20860. Post form variables get lost if the uploaded
files cannot be written to disk.
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.124 php4/main/rfc1867.c:1.125
--- php4/main/rfc1867.c:1.124 Fri Nov 22 14:34:17 2002
+++ php4/main/rfc1867.c Fri Dec 6 19:48:13 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.124 2002/11/22 19:34:17 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.125 2002/12/07 00:48:13 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -686,7 +686,7 @@
{
char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL,
*array_index=NULL;
char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL;
- int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
array_len=0, max_file_size=0;
+ int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0,
+array_len=0, max_file_size=0, skip_upload=0;
zval *http_post_files=NULL;
zend_bool magic_quotes_gpc;
multipart_buffer *mbuff;
@@ -831,14 +831,23 @@
SAFE_RETURN;
}
- /* Handle file */
- fp = php_open_temporary_file(PG(upload_tmp_dir), php,
temp_filename TSRMLS_CC);
- if (!fp) {
- efree(param);
- efree(filename);
- sapi_module.sapi_error(E_WARNING, File upload error -
unable to create a temporary file);
- SAFE_RETURN;
+ if (!skip_upload) {
+ /* Handle file */
+ fp = php_open_temporary_file(PG(upload_tmp_dir),
+php, temp_filename TSRMLS_CC);
+ if (!fp) {
+ sapi_module.sapi_error(E_WARNING, File upload
+error - unable to create a temporary file);
+ skip_upload = 1;
+ }
}
+ if (skip_upload) {
+ if (param) {
+ efree(param);
+ }
+ if (filename) {
+ efree(filename);
+ }
+ continue;
+ }
total_bytes = 0;
cancel_upload = 0;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
sesser Fri Nov 22 14:34:18 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
little fix
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.123 php4/main/rfc1867.c:1.124
--- php4/main/rfc1867.c:1.123 Thu Nov 14 11:30:07 2002
+++ php4/main/rfc1867.c Fri Nov 22 14:34:17 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.123 2002/11/14 16:30:07 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.124 2002/11/22 19:34:17 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -72,7 +72,7 @@
static void normalize_protected_variable(char *varname TSRMLS_DC)
{
- char *s=varname, *index=NULL, *indexend=NULL;
+ char *s=varname, *index=NULL, *indexend=NULL, *p;
/* overjump leading space */
while (*s == ' ') {
@@ -82,6 +82,15 @@
/* and remove it */
if (s != varname) {
memcpy(varname, s, strlen(s)+1);
+ }
+
+ for (p=varname; *p *p != '['; p++) {
+ switch(*p) {
+ case ' ':
+ case '.':
+ *p='_';
+ break;
+ }
}
/* find index */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main rfc1867.c
On Thu, Oct 24, 2002 at 03:47:21PM +0900, Moriyoshi Koizumi wrote : This commit occurred on the HEAD branch. Was it intended for some other branch or is the log message incorrect? Neither, though I don't know what you really mean. My previous patch to main/rfc1867.c was wrong, so I've corrected it. Is something going wrong with that? He meant your log message: MFH; we would see a nasty problem again if it was not fixed... MFH means Merge from HEAD and thus it surely puzzles people if you actually apply it to HEAD and not to a branch. -- GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc $ grep docref_root php.ini docref_root = http://landonize.it/?how=urltheme=classicfilter=RichyHuser=imajesurl=http%3A%2F%2Fphp.net%2F/; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] cvs: php4 /main rfc1867.c
Oooh, sorry for the confusion, I've ever misused it. Thank you for letting me know. I'll use as accurate words as possible from now on and please notify me if you find my abuse of words :) Moriyoshi Markus Fischer [EMAIL PROTECTED] wrote: On Thu, Oct 24, 2002 at 03:47:21PM +0900, Moriyoshi Koizumi wrote : This commit occurred on the HEAD branch. Was it intended for some other branch or is the log message incorrect? Neither, though I don't know what you really mean. My previous patch to main/rfc1867.c was wrong, so I've corrected it. Is something going wrong with that? He meant your log message: MFH; we would see a nasty problem again if it was not fixed... MFH means Merge from HEAD and thus it surely puzzles people if you actually apply it to HEAD and not to a branch. -- GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc $ grep docref_root php.ini docref_root = http://landonize.it/?how=urltheme=classicfilter=RichyHuser=imajesurl=http%3A%2F%2Fphp.net%2F/; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
moriyoshi Wed Oct 23 22:56:28 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
MFH; we would see a nasty problem again if it was not fixed...
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.120 php4/main/rfc1867.c:1.121
--- php4/main/rfc1867.c:1.120 Wed Oct 23 19:25:27 2002
+++ php4/main/rfc1867.c Wed Oct 23 22:56:28 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.120 2002/10/23 23:25:27 moriyoshi Exp $ */
+/* $Id: rfc1867.c,v 1.121 2002/10/24 02:56:28 moriyoshi Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -510,13 +510,15 @@
if (start[i] == '\\' (start[i + 1] == '\\' || (quote start[i +
1] == quote))) {
*resp++ = start[++i];
} else {
- *resp++ = start[i];
#if HAVE_MBSTRING !defined(COMPILE_DL_MBSTRING)
if (php_mb_encoding_translation(TSRMLS_C)) {
size_t j = php_mb_mbchar_bytes(start+i TSRMLS_CC);
while (j-- 0) {
- *resp++ = start[++i];
+ *resp++ = start[i++];
}
+ --i;
+ } else {
+ *resp++ = start[i];
}
#endif
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php4 /main rfc1867.c
sesser Mon Oct 7 07:23:25 2002 EDT
Modified files:
/php4/main rfc1867.c
Log:
Closing protected variables hole
Index: php4/main/rfc1867.c
diff -u php4/main/rfc1867.c:1.116 php4/main/rfc1867.c:1.117
--- php4/main/rfc1867.c:1.116 Sat Aug 17 07:48:21 2002
+++ php4/main/rfc1867.c Mon Oct 7 07:23:24 2002
@@ -16,7 +16,7 @@
| Jani Taskinen [EMAIL PROTECTED] |
+--+
*/
-/* $Id: rfc1867.c,v 1.116 2002/08/17 11:48:21 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.117 2002/10/07 11:23:24 sesser Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -70,16 +70,68 @@
REGISTER_MAIN_LONG_CONSTANT(UPLOAD_ERR_NO_FILE,UPLOAD_ERROR_D, CONST_CS
| CONST_PERSISTENT);
}
+static void normalize_protected_variable(char *varname TSRMLS_DC)
+{
+ char *s=varname, *index=NULL, *indexend=NULL;
+
+ /* overjump leading space */
+ while (*s == ' ') {
+ s++;
+ }
+
+ /* and remove it */
+ if (s != varname) {
+ memcpy(varname, s, strlen(s)+1);
+ }
+
+ /* find index */
+ index = strchr(varname, '[');
+ if (index) {
+ index++;
+ s=index;
+ } else {
+ return;
+ }
+
+ /* done? */
+ while (index) {
+
+ while (*index == ' ' || *index == '\r' || *index == '\n' ||
+*index=='\t') {
+ index++;
+ }
+ indexend = strchr(index, ']');
+ indexend = indexend ? indexend + 1 : index + strlen(index);
+
+ if (s != index) {
+ memcpy(s, index, strlen(s)+1);
+ s += indexend-index;
+ } else {
+ s = indexend;
+ }
+
+ if (*s == '[') {
+ s++;
+ index = s;
+ } else {
+ index = NULL;
+ }
+ }
+ *s++='\0';
+}
+
+
static void add_protected_variable(char *varname TSRMLS_DC)
{
int dummy=1;
+ normalize_protected_variable(varname TSRMLS_CC);
zend_hash_add(PG(rfc1867_protected_variables), varname, strlen(varname)+1,
dummy, sizeof(int), NULL);
}
static zend_bool is_protected_variable(char *varname TSRMLS_DC)
{
+ normalize_protected_variable(varname TSRMLS_CC);
return zend_hash_exists(PG(rfc1867_protected_variables), varname,
strlen(varname)+1);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
