diff options
| -rw-r--r-- | main/php_variables.c | 13 | ||||
| -rw-r--r-- | main/rfc1867.c | 7 |
2 files changed, 16 insertions, 4 deletions
diff --git a/main/php_variables.c b/main/php_variables.c index 8f02d0c541..842b5d47eb 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -192,7 +192,18 @@ void php_treat_data(int arg, char *str ELS_DC PLS_DC SLS_DC) INIT_PZVAL(array_ptr); switch (arg) { case PARSE_POST: - zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), array_ptr, sizeof(pval *),NULL); + if (zend_hash_add_ptr(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), array_ptr, sizeof(pval *),NULL)==FAILURE) { + zval **p; + + /* This could happen if we're in RFC 1867 file upload */ + /* The parsing portion of the POST reader should actually move + * to this function - Zeev + */ + zval_dtor(array_ptr); + FREE_ZVAL(array_ptr); + zend_hash_find(&EG(symbol_table), "HTTP_POST_VARS", sizeof("HTTP_POST_VARS"), (void **) &p); + array_ptr = *p; + } break; case PARSE_GET: zend_hash_add_ptr(&EG(symbol_table), "HTTP_GET_VARS", sizeof("HTTP_GET_VARS"), array_ptr, sizeof(pval *),NULL); diff --git a/main/rfc1867.c b/main/rfc1867.c index e9c430c1e5..ef01e1e3f8 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -67,8 +67,9 @@ static void php_mime_split(char *buf, int cnt, char *boundary) state = 1; eolsize = 2; - if(*(loc+len)==0x0a) + if(*(loc+len)==0x0a) { eolsize = 1; + } rem -= (loc - ptr) + len + eolsize; ptr = loc + len + eolsize; @@ -204,7 +205,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary) php_error(E_WARNING, "File Upload Error - No Mime boundary found after start of file header"); SAFE_RETURN; } - fn = tempnam(PG(upload_tmp_dir), "php"); + fn = tempnam(PG(upload_tmp_dir), "php"); if ((loc - ptr - 4) > PG(upload_max_filesize)) { php_error(E_WARNING, "Max file size of %ld bytes exceeded - file [%s] not saved", PG(upload_max_filesize),namebuf); bytes=0; @@ -217,7 +218,7 @@ static void php_mime_split(char *buf, int cnt, char *boundary) bytes = 0; SET_VAR_STRING(namebuf, estrdup("none")); } else { - fp = fopen(fn, "w"); + fp = fopen(fn, "wb"); if (!fp) { php_error(E_WARNING, "File Upload Error - Unable to open temporary file [%s]", fn); SAFE_RETURN; |