diff options
| author | Jani Taskinen <jani@php.net> | 2009-12-29 18:59:58 +0000 |
|---|---|---|
| committer | Jani Taskinen <jani@php.net> | 2009-12-29 18:59:58 +0000 |
| commit | 1a64bb9c05f7ffec365b8481c8d35a3c6650a1cf (patch) | |
| tree | ba00abf6ec86a98a99caa309699a6fa3ede288ca | |
| parent | eac3e3e4a445bdb8bddd066dc1cb32f6dc8d7cc5 (diff) | |
| download | php-git-1a64bb9c05f7ffec365b8481c8d35a3c6650a1cf.tar.gz | |
- WS + CS + folding tags
| -rw-r--r-- | main/rfc1867.c | 271 |
1 files changed, 121 insertions, 150 deletions
diff --git a/main/rfc1867.c b/main/rfc1867.c index d37c1de760..9594e67ce1 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -13,7 +13,7 @@ | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Authors: Rasmus Lerdorf <rasmus@php.net> | - | Jani Taskinen <sniper@php.net> | + | Jani Taskinen <jani@php.net> | +----------------------------------------------------------------------+ */ @@ -23,7 +23,7 @@ * This product includes software developed by the Apache Group * for use in the Apache HTTP server project (http://www.apache.org/). * - */ + */ #include <stdio.h> #include "php.h" @@ -44,7 +44,7 @@ PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void ** static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC); #define SAFE_RETURN { \ - php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \ + php_mb_flush_gpc_variables(num_vars, val_list, len_list, array_ptr TSRMLS_CC); \ if (lbuf) efree(lbuf); \ if (abuf) efree(abuf); \ if (array_index) efree(array_index); \ @@ -56,7 +56,7 @@ static void safe_php_register_variable(char *var, char *strval, int val_len, zva if (mbuff) efree(mbuff); \ return; } -void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr TSRMLS_DC) +void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zval *array_ptr TSRMLS_DC) /* {{{ */ { int i; if (php_mb_encoding_translation(TSRMLS_C)) { @@ -64,17 +64,18 @@ void php_mb_flush_gpc_variables(int num_vars, char **val_list, int *len_list, zv php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { php_mb_gpc_encoding_converter(val_list, len_list, num_vars, NULL, NULL TSRMLS_CC); } - for (i=0; i<num_vars; i+=2){ + for (i = 0; i<num_vars; i += 2) { safe_php_register_variable(val_list[i], val_list[i+1], len_list[i+1], array_ptr, 0 TSRMLS_CC); efree(val_list[i]); efree(val_list[i+1]); - } + } efree(val_list); efree(len_list); } } +/* }}} */ -void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max, int inc TSRMLS_DC) +void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars_max, int inc TSRMLS_DC) /* {{{ */ { /* allow only even increments */ if (inc & 1) { @@ -84,15 +85,15 @@ void php_mb_gpc_realloc_buffer(char ***pval_list, int **plen_list, int *num_vars *pval_list = (char **)erealloc(*pval_list, (*num_vars_max+2)*sizeof(char *)); *plen_list = (int *)erealloc(*plen_list, (*num_vars_max+2)*sizeof(int)); } +/* }}} */ -void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC) +void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int **plen_list, int *num_vars, int *num_vars_max TSRMLS_DC) /* {{{ */ { - char **val_list=*pval_list; - int *len_list=*plen_list; + char **val_list = *pval_list; + int *len_list = *plen_list; - if (*num_vars>=*num_vars_max){ - php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, - 16 TSRMLS_CC); + if (*num_vars >= *num_vars_max) { + php_mb_gpc_realloc_buffer(pval_list, plen_list, num_vars_max, 16 TSRMLS_CC); /* in case realloc relocated the buffer */ val_list = *pval_list; len_list = *plen_list; @@ -105,6 +106,7 @@ void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int len_list[*num_vars] = strlen(value); (*num_vars)++; } +/* }}} */ #else @@ -137,7 +139,7 @@ void php_mb_gpc_stack_variable(char *param, char *value, char ***pval_list, int #define UPLOAD_ERROR_F 7 /* Failed to write file to disk */ #define UPLOAD_ERROR_X 8 /* File upload stopped by extension */ -void php_rfc1867_register_constants(TSRMLS_D) +void php_rfc1867_register_constants(TSRMLS_D) /* {{{ */ { REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_OK", UPLOAD_ERROR_OK, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_INI_SIZE", UPLOAD_ERROR_A, CONST_CS | CONST_PERSISTENT); @@ -148,26 +150,27 @@ void php_rfc1867_register_constants(TSRMLS_D) REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT); REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION", UPLOAD_ERROR_X, CONST_CS | CONST_PERSISTENT); } +/* }}} */ -static void normalize_protected_variable(char *varname TSRMLS_DC) +static void normalize_protected_variable(char *varname TSRMLS_DC) /* {{{ */ { - char *s=varname, *index=NULL, *indexend=NULL, *p; - + char *s = varname, *index = NULL, *indexend = NULL, *p; + /* overjump leading space */ while (*s == ' ') { s++; } - + /* and remove it */ if (s != varname) { memmove(varname, s, strlen(s)+1); } - for (p=varname; *p && *p != '['; p++) { + for (p = varname; *p && *p != '['; p++) { switch(*p) { case ' ': case '.': - *p='_'; + *p = '_'; break; } } @@ -176,20 +179,19 @@ static void normalize_protected_variable(char *varname TSRMLS_DC) index = strchr(varname, '['); if (index) { index++; - s=index; + s = index; } else { return; } /* done? */ while (index) { - while (*index == ' ' || *index == '\r' || *index == '\n' || *index=='\t') { index++; } indexend = strchr(index, ']'); indexend = indexend ? indexend + 1 : index + strlen(index); - + if (s != index) { memmove(s, index, strlen(index)+1); s += indexend-index; @@ -202,46 +204,45 @@ static void normalize_protected_variable(char *varname TSRMLS_DC) index = s; } else { index = NULL; - } + } } - *s = '\0'; } +/* }}} */ - -static void add_protected_variable(char *varname TSRMLS_DC) +static void add_protected_variable(char *varname TSRMLS_DC) /* {{{ */ { - int dummy=1; + int dummy = 1; normalize_protected_variable(varname TSRMLS_CC); zend_hash_add(&PG(rfc1867_protected_variables), varname, strlen(varname)+1, &dummy, sizeof(int), NULL); } +/* }}} */ - -static zend_bool is_protected_variable(char *varname TSRMLS_DC) +static zend_bool is_protected_variable(char *varname TSRMLS_DC) /* {{{ */ { normalize_protected_variable(varname TSRMLS_CC); return zend_hash_exists(&PG(rfc1867_protected_variables), varname, strlen(varname)+1); } +/* }}} */ - -static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) +static void safe_php_register_variable(char *var, char *strval, int val_len, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) /* {{{ */ { if (override_protection || !is_protected_variable(var TSRMLS_CC)) { php_register_variable_safe(var, strval, val_len, track_vars_array TSRMLS_CC); } } +/* }}} */ - -static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) +static void safe_php_register_variable_ex(char *var, zval *val, zval *track_vars_array, zend_bool override_protection TSRMLS_DC) /* {{{ */ { if (override_protection || !is_protected_variable(var TSRMLS_CC)) { php_register_variable_ex(var, val, track_vars_array TSRMLS_CC); } } +/* }}} */ - -static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) +static void register_http_post_files_variable(char *strvar, char *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */ { int register_globals = PG(register_globals); @@ -249,9 +250,9 @@ static void register_http_post_files_variable(char *strvar, char *val, zval *htt safe_php_register_variable(strvar, val, strlen(val), http_post_files, override_protection TSRMLS_CC); PG(register_globals) = register_globals; } +/* }}} */ - -static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) +static void register_http_post_files_variable_ex(char *var, zval *val, zval *http_post_files, zend_bool override_protection TSRMLS_DC) /* {{{ */ { int register_globals = PG(register_globals); @@ -259,27 +260,24 @@ static void register_http_post_files_variable_ex(char *var, zval *val, zval *htt safe_php_register_variable_ex(var, val, http_post_files, override_protection TSRMLS_CC); PG(register_globals) = register_globals; } +/* }}} */ - -static int unlink_filename(char **filename TSRMLS_DC) +static int unlink_filename(char **filename TSRMLS_DC) /* {{{ */ { VCWD_UNLINK(*filename); return 0; } +/* }}} */ - -void destroy_uploaded_files_hash(TSRMLS_D) +void destroy_uploaded_files_hash(TSRMLS_D) /* {{{ */ { zend_hash_apply(SG(rfc1867_uploaded_files), (apply_func_t) unlink_filename TSRMLS_CC); zend_hash_destroy(SG(rfc1867_uploaded_files)); FREE_HASHTABLE(SG(rfc1867_uploaded_files)); } +/* }}} */ - -/* - * Following code is based on apache_multipart_buffer.c from libapreq-0.33 package. - * - */ +/* {{{ Following code is based on apache_multipart_buffer.c from libapreq-0.33 package. */ #define FILLUNIT (1024 * 5) @@ -298,17 +296,15 @@ typedef struct { } multipart_buffer; - typedef struct { char *key; char *value; } mime_header_entry; - /* - fill up the buffer with client data. - returns number of bytes added to buffer. -*/ + * Fill up the buffer with client data. + * returns number of bytes added to buffer. + */ static int fill_buffer(multipart_buffer *self TSRMLS_DC) { int bytes_to_read, total_read = 0, actual_read = 0; @@ -344,7 +340,6 @@ static int fill_buffer(multipart_buffer *self TSRMLS_DC) return total_read; } - /* eof if we are out of bytes, or if we hit the final boundary */ static int multipart_buffer_eof(multipart_buffer *self TSRMLS_DC) { @@ -355,7 +350,6 @@ static int multipart_buffer_eof(multipart_buffer *self TSRMLS_DC) } } - /* create new multipart_buffer structure */ static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len) { @@ -368,7 +362,7 @@ static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len) self->bufsize = minsize; spprintf(&self->boundary, 0, "--%s", boundary); - + self->boundary_next_len = spprintf(&self->boundary_next, 0, "\n--%s", boundary); self->buf_begin = self->buffer; @@ -377,17 +371,16 @@ static multipart_buffer *multipart_buffer_new(char *boundary, int boundary_len) return self; } - /* - gets the next CRLF terminated line from the input buffer. - if it doesn't find a CRLF, and the buffer isn't completely full, returns - NULL; otherwise, returns the beginning of the null-terminated line, - minus the CRLF. - - note that we really just look for LF terminated lines. this works - around a bug in internet explorer for the macintosh which sends mime - boundaries that are only LF terminated when you use an image submit - button in a multipart/form-data form. + * Gets the next CRLF terminated line from the input buffer. + * If it doesn't find a CRLF, and the buffer isn't completely full, returns + * NULL; otherwise, returns the beginning of the null-terminated line, + * minus the CRLF. + * + * Note that we really just look for LF terminated lines. This works + * around a bug in internet explorer for the macintosh which sends mime + * boundaries that are only LF terminated when you use an image submit + * button in a multipart/form-data form. */ static char *next_line(multipart_buffer *self) { @@ -407,7 +400,7 @@ static char *next_line(multipart_buffer *self) /* bump the pointer */ self->buf_begin = ptr + 1; self->bytes_in_buffer -= (self->buf_begin - line); - + } else { /* no LF found */ /* buffer isn't completely full, fail */ @@ -423,7 +416,6 @@ static char *next_line(multipart_buffer *self) return line; } - /* returns the next CRLF terminated line from the client */ static char *get_line(multipart_buffer *self TSRMLS_DC) { @@ -437,7 +429,6 @@ static char *get_line(multipart_buffer *self TSRMLS_DC) return ptr; } - /* Free header entry */ static void php_free_hdr_entry(mime_header_entry *h) { @@ -449,7 +440,6 @@ static void php_free_hdr_entry(mime_header_entry *h) } } - /* finds a boundary */ static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC) { @@ -468,14 +458,13 @@ static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC) return 0; } - /* parse headers */ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header TSRMLS_DC) { char *line; mime_header_entry prev_entry, entry; int prev_len, cur_len; - + /* didn't find boundary, abort */ if (!find_boundary(self, self->boundary TSRMLS_CC)) { return 0; @@ -486,10 +475,9 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T while( (line = get_line(self TSRMLS_CC)) && strlen(line) > 0 ) { /* add header to table */ - char *key = line; char *value = NULL; - + /* space in the beginning means same header */ if (!isspace(line[0])) { value = strchr(line, ':'); @@ -513,7 +501,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T entry.value[cur_len + prev_len] = '\0'; entry.key = estrdup(prev_entry.key); - + zend_llist_remove_tail(header); } else { continue; @@ -526,7 +514,6 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T return 1; } - static char *php_mime_get_hdr_value(zend_llist header, char *key) { mime_header_entry *entry; @@ -534,7 +521,7 @@ static char *php_mime_get_hdr_value(zend_llist header, char *key) if (key == NULL) { return NULL; } - + entry = zend_llist_get_first(&header); while (entry) { if (!strcasecmp(entry->key, key)) { @@ -542,18 +529,16 @@ static char *php_mime_get_hdr_value(zend_llist header, char *key) } entry = zend_llist_get_next(&header); } - + return NULL; } - static char *php_ap_getword(char **line, char stop) { char *pos = *line, quote; char *res; while (*pos && *pos != stop) { - if ((quote = *pos) == '"' || quote == '\'') { ++pos; while (*pos && *pos != quote) { @@ -567,7 +552,6 @@ static char *php_ap_getword(char **line, char stop) ++pos; } } else ++pos; - } if (*pos == '\0') { res = estrdup(*line); @@ -585,7 +569,6 @@ static char *php_ap_getword(char **line, char stop) return res; } - static char *substring_conf(char *start, int len, char quote TSRMLS_DC) { char *result = emalloc(len + 2); @@ -616,7 +599,6 @@ static char *substring_conf(char *start, int len, char quote TSRMLS_DC) return result; } - static char *php_ap_getword_conf(char **line TSRMLS_DC) { char *str = *line, *strend, *res, quote; @@ -678,11 +660,10 @@ look_for_quote: return res; } - /* - search for a string in a fixed-length byte string. - if partial is true, partial matches are allowed at the end of the buffer. - returns NULL if not found, or a pointer to the start of the first match. + * Search for a string in a fixed-length byte string. + * If partial is true, partial matches are allowed at the end of the buffer. + * Returns NULL if not found, or a pointer to the start of the first match. */ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int needlen, int partial) { @@ -707,7 +688,6 @@ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int ne return ptr; } - /* read until a boundary condition */ static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, int *end TSRMLS_DC) { @@ -751,7 +731,6 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, int bytes, i return len; } - /* XXX: this is horrible memory-usage-wise, but we only expect to do this on small pieces of form data. @@ -772,20 +751,21 @@ static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int *le return out; } - +/* }}} */ /* * The combined READER/HANDLER * */ -SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) +SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ { - char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; - char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; - int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0; - int max_file_size=0, skip_upload=0, anonindex=0, is_anonymous; - zval *http_post_files=NULL; HashTable *uploaded_files=NULL; + char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; + char *temp_filename = NULL, *lbuf = NULL, *abuf = NULL; + int boundary_len = 0, total_bytes = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; + int max_file_size = 0, skip_upload = 0, anonindex = 0, is_anonymous; + zval *http_post_files = NULL; + HashTable *uploaded_files = NULL; #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL; char **val_list = NULL; @@ -797,8 +777,6 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) void *event_extra_data = NULL; int llen = 0; int upload_cnt = INI_INT("max_file_uploads"); - - if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) { sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size)); @@ -819,7 +797,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) efree(content_type_lcase); } - if (!boundary || !(boundary=strchr(boundary, '='))) { + if (!boundary || !(boundary = strchr(boundary, '='))) { sapi_module.sapi_error(E_WARNING, "Missing boundary in multipart/form-data POST data"); return; } @@ -830,7 +808,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (boundary[0] == '"') { boundary++; boundary_end = strchr(boundary, '"'); - if (!boundary_end) { + if (!boundary_end) { sapi_module.sapi_error(E_WARNING, "Invalid boundary in multipart/form-data POST data"); return; } @@ -881,8 +859,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; - char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; - size_t blen=0, wlen=0; + char *cd = NULL,*param = NULL, *filename = NULL, *tmp = NULL; + size_t blen = 0, wlen = 0; off_t offset; zend_llist_clean(&header); @@ -892,16 +870,16 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) { - char *pair=NULL; - int end=0; - + char *pair = NULL; + int end = 0; + while (isspace(*cd)) { ++cd; } while (*cd && (pair = php_ap_getword(&cd, ';'))) { - char *key=NULL, *word = pair; + char *key = NULL, *word = pair; while (isspace(*cd)) { ++cd; @@ -909,7 +887,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (strchr(pair, '=')) { key = php_ap_getword(&pair, '='); - + if (!strcasecmp(key, "name")) { if (param) { efree(param); @@ -958,8 +936,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) if (php_mb_encoding_translation(TSRMLS_C)) { - php_mb_gpc_stack_variable(param, value, &val_list, &len_list, - &num_vars, &num_vars_max TSRMLS_CC); + php_mb_gpc_stack_variable(param, value, &val_list, &len_list, &num_vars, &num_vars_max TSRMLS_CC); } else { safe_php_register_variable(param, value, new_val_len, array_ptr, 0 TSRMLS_CC); } @@ -999,7 +976,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled"); goto fileupload_done; } - + if (!param) { is_anonymous = 1; param = emalloc(MAX_SIZE_ANONNAME); @@ -1007,12 +984,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } else { is_anonymous = 0; } - + /* New Rule: never repair potential malicious user input */ if (!skip_upload) { char *tmp = param; long c = 0; - + while (*tmp) { if (*tmp == '[') { c++; @@ -1027,7 +1004,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) skip_upload = 1; break; } - tmp++; + tmp++; } } @@ -1037,12 +1014,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* Handle file */ fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC); upload_cnt--; - if (fd==-1) { + if (fd == -1) { sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); cancel_upload = UPLOAD_ERROR_E; } } - + if (!skip_upload && php_rfc1867_callback != NULL) { multipart_event_file_start event_file_start; @@ -1057,21 +1034,20 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } efree(temp_filename); } - temp_filename=""; + temp_filename = ""; efree(param); efree(filename); continue; } } - if (skip_upload) { efree(param); efree(filename); continue; } - if(strlen(filename) == 0) { + if (strlen(filename) == 0) { #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "No file uploaded"); #endif @@ -1095,8 +1071,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) continue; } } - - + if (PG(upload_max_filesize) > 0 && (total_bytes+blen) > PG(upload_max_filesize)) { #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename); @@ -1108,9 +1083,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #endif cancel_upload = UPLOAD_ERROR_B; } else if (blen > 0) { - + wlen = write(fd, buff, blen); - + if (wlen == -1) { /* write failed */ #if DEBUG_FILE_UPLOAD @@ -1125,11 +1100,10 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } else { total_bytes += wlen; } - offset += wlen; - } + } } - if (fd!=-1) { /* may not be initialized if file could not be created */ + if (fd != -1) { /* may not be initialized if file could not be created */ close(fd); } if (!cancel_upload && !end) { @@ -1139,11 +1113,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) cancel_upload = UPLOAD_ERROR_C; } #if DEBUG_FILE_UPLOAD - if(strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) { + if (strlen(filename) > 0 && total_bytes == 0 && !cancel_upload) { sapi_module.sapi_error(E_WARNING, "Uploaded file size 0 - file [%s=%s] not saved", param, filename); cancel_upload = 5; } -#endif +#endif if (php_rfc1867_callback != NULL) { multipart_event_file_end event_file_end; @@ -1163,15 +1137,14 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } efree(temp_filename); } - temp_filename=""; + temp_filename = ""; } else { zend_hash_add(SG(rfc1867_uploaded_files), temp_filename, strlen(temp_filename) + 1, &temp_filename, sizeof(char *), NULL); } /* is_arr_upload is true when name of file upload field * ends in [.*] - * start_arr is set to point to 1st [ - */ + * start_arr is set to point to 1st [ */ is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']'); if (is_arr_upload) { @@ -1179,16 +1152,16 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (array_index) { efree(array_index); } - array_index = estrndup(start_arr+1, array_len-2); + array_index = estrndup(start_arr+1, array_len-2); } - + /* Add $foo_name */ if (llen < strlen(param) + MAX_SIZE_OF_INDEX + 1) { llen = strlen(param); lbuf = (char *) safe_erealloc(lbuf, llen, 1, MAX_SIZE_OF_INDEX + 1); llen += MAX_SIZE_OF_INDEX + 1; } - + if (is_arr_upload) { if (abuf) efree(abuf); abuf = estrndup(param, strlen(param)-array_len); @@ -1199,14 +1172,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) if (php_mb_encoding_translation(TSRMLS_C)) { - if (num_vars>=num_vars_max){ - php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max, - 1 TSRMLS_CC); + if (num_vars >= num_vars_max) { + php_mb_gpc_realloc_buffer(&val_list, &len_list, &num_vars_max, 1 TSRMLS_CC); } val_list[num_vars] = filename; len_list[num_vars] = strlen(filename); num_vars++; - if(php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { + if (php_mb_gpc_encoding_detector(val_list, len_list, num_vars, NULL TSRMLS_CC) == SUCCESS) { str_len = strlen(filename); php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC); } @@ -1217,13 +1189,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) num_vars--; goto filedone; } -#endif +#endif /* The \ check should technically be needed for win32 systems only where * it is a valid path separator. However, IE in all it's wisdom always sends * the full path of the file on the user's filesystem, which means that unless - * the user does basename() they get a bogus file name. Until IE's user base drops - * to nill or problem is fixed this code must remain enabled for all systems. - */ + * the user does basename() they get a bogus file name. Until IE's user base drops + * to nill or problem is fixed this code must remain enabled for all systems. */ s = strrchr(filename, '\\'); if ((tmp = strrchr(filename, '/')) > s) { s = tmp; @@ -1239,9 +1210,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) #endif #if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING) -filedone: +filedone: #endif - + if (!is_anonymous) { if (s && s > filename) { safe_php_register_variable(lbuf, s+1, strlen(s+1), NULL, 0 TSRMLS_CC); @@ -1263,11 +1234,11 @@ filedone: } efree(filename); s = NULL; - + /* Possible Content-Type: */ if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) { cd = ""; - } else { + } else { /* fix for Opera 6.01 */ s = strchr(cd, ';'); if (s != NULL) { @@ -1312,7 +1283,7 @@ filedone: ZVAL_STRING(&zfilename, temp_filename, 1); safe_php_register_variable_ex(param, &zfilename, NULL, 1 TSRMLS_CC); } - + /* Add $foo[tmp_name] */ if (is_arr_upload) { snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index); @@ -1337,8 +1308,8 @@ filedone: } else { file_size.value.lval = total_bytes; file_size.type = IS_LONG; - } - + } + if (is_arr_upload) { snprintf(lbuf, llen, "%s[error][%s]", abuf, array_index); } else { @@ -1354,7 +1325,7 @@ filedone: } if (!is_anonymous) { safe_php_register_variable_ex(lbuf, &file_size, NULL, 0 TSRMLS_CC); - } + } /* Add $foo[size] */ if (is_arr_upload) { @@ -1370,11 +1341,11 @@ filedone: fileupload_done: if (php_rfc1867_callback != NULL) { multipart_event_end event_end; - + event_end.post_bytes_processed = SG(read_post_bytes); php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC); } - + SAFE_RETURN; } |