diff options
Diffstat (limited to 'main/rfc1867.c')
-rw-r--r-- | main/rfc1867.c | 23 |
1 files changed, 6 insertions, 17 deletions
diff --git a/main/rfc1867.c b/main/rfc1867.c index 8bdc409296..8ef83f443d 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -1,7 +1,5 @@ /* +----------------------------------------------------------------------+ - | PHP Version 7 | - +----------------------------------------------------------------------+ | Copyright (c) The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | @@ -33,11 +31,6 @@ #include "ext/standard/php_string.h" #include "zend_smart_string.h" -#if defined(PHP_WIN32) && !defined(HAVE_ATOLL) -# define atoll(s) _atoi64(s) -# define HAVE_ATOLL 1 -#endif - #ifndef DEBUG_FILE_UPLOAD # define DEBUG_FILE_UPLOAD 0 #endif @@ -905,11 +898,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ } if (!strcasecmp(param, "MAX_FILE_SIZE")) { -#ifdef HAVE_ATOLL - max_file_size = atoll(value); -#else max_file_size = strtoll(value, NULL, 10); -#endif } efree(param); @@ -1139,11 +1128,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ snprintf(lbuf, llen, "%s_name", param); } - /* The \ check should technically be needed for win32 systems only where - * it is a valid path separator. However, IE in all it's wisdom always sends - * the full path of the file on the user's filesystem, which means that unless - * the user does basename() they get a bogus file name. Until IE's user base drops - * to nill or problem is fixed this code must remain enabled for all systems. */ + /* Pursuant to RFC 7578, strip any path components in the + * user-supplied file name: + * > If a "filename" parameter is supplied ... do not use + * > directory path information that may be present." + */ s = _basename(internal_encoding, filename); if (!s) { s = filename; @@ -1200,7 +1189,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ { /* store temp_filename as-is (in case upload_tmp_dir - * contains escapeable characters. escape only the variable name.) */ + * contains escapable characters. escape only the variable name.) */ zval zfilename; /* Initialize variables */ |