clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-09-22 02:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
110,525 Commits 491 Branches 1,363 Tags 837 MiB
3cafa7f4df
Commit Graph

289 Commits

Author SHA1 Message Date
Ilia Alshanetsky
a96aa89ae3 Compiler warning fix. 2003-07-03 00:55:20 +00:00
Rui Hirokawa
2b44c63d50 Fixed corruption of multibyte character including 0x5c as second 
byte in multipart/form-data.
 2003-06-28 23:37:18 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sara Golemon
dccf33b4e8 MFB(r-1.122.2.10) 
Bug#23765 File upload handler should not care about case sensitivity of header values.
 2003-05-23 21:40:45 +00:00
Ilia Alshanetsky
4e6997ddf9 Fixed bug #22550 (overflow protection for upload_max_filesize ini setting). 2003-03-05 17:00:09 +00:00
Rasmus Lerdorf
d08a0e99c8 An input filter might not simply strip stuff, it might also turn things 
into entities or use some other mechanism which causes the filtered data
to be longer than the original data.  Ergo, pass in the address of the
buffer instead so the filter is free to reallocate it.
 2003-02-20 22:21:49 +00:00
Rasmus Lerdorf
7429c2dc3f Input Filter support. See README.input_filter for details. 
@- Input Filter support added. See  README.input_filter. (Rasmus)
 2003-02-19 19:41:09 +00:00
foobar
8e3f23e3c0 ws fixes + missing $Id$ tags, headers added 2003-02-19 08:40:19 +00:00
Stefan Esser
58d65abbcb Adding support for anonymous fileuploads (#21450) 2003-01-06 23:51:28 +00:00
Sebastian Bergmann
2c5d4b8c23 Bump year. 2002-12-31 15:59:15 +00:00
Ilia Alshanetsky
1f50681813 Fixed bug #21149 (fixed handling of unterminated '['). 2002-12-29 21:02:17 +00:00
Stefan Esser
75d8056e11 cleanup 2002-12-14 10:45:25 +00:00
Ilia Alshanetsky
3c9a6a8890 Removed one more unneeded check. 2002-12-10 15:58:31 +00:00
Ilia Alshanetsky
ecc9c539d2 Removed a pointless check. Thanks Stefan. 2002-12-10 15:36:26 +00:00
Ilia Alshanetsky
8425dbd0bc Fixed bugs #20725 & #20860. Post form variables get lost if the uploaded 
files cannot be written to disk.
 2002-12-07 00:48:13 +00:00
Stefan Esser
9dae1475ef little fix 2002-11-22 19:34:17 +00:00
Stefan Esser
658fd1ba8d Fixing possible remote overflow due to mbstring translation. 2002-11-14 16:30:07 +00:00
Moriyoshi Koizumi
e8be0db546 Fixed build when mbstring is not used - my previous patch is insufficient. 2002-10-24 02:59:01 +00:00
Moriyoshi Koizumi
73ca375f37 MFH; we would see a nasty problem again if it was not fixed... 2002-10-24 02:56:28 +00:00
Moriyoshi Koizumi
74883a9583 Make php_mb_is_mb_leadbyte() obsolete. It only works with double-byte chars. 
# Sorry Marcus, it seems we were working simultaneously :)
 2002-10-23 23:25:27 +00:00
Moriyoshi Koizumi
afa9f42f47 Function renaming. 2002-10-23 19:51:50 +00:00
Moriyoshi Koizumi
b7703551ed Remaned the functions for consistency 2002-10-23 16:54:31 +00:00
Stefan Esser
46f4a07d1c Closing protected variables hole 2002-10-07 11:23:24 +00:00
Stefan Esser
20693c1ad4 IE does not use quotes but now we are safe... 2002-08-17 11:48:21 +00:00
Stefan Esser
ecaa0a091a fixed the user supplied patch for bug #18792 2002-08-17 11:31:06 +00:00
Dan Kalowsky
6c22f90b4a Fix for bug #18792 submitted by t.bubeck@reinform.de 
# talked this over with sterling and he believes it shouldn't break anything
# although there might be a need/desire to check for both ',' and ';'
 2002-08-16 19:34:43 +00:00
Stefan Esser
6f822fdcb7 A full hard disk is no reason to leak memory... 2002-08-08 12:40:51 +00:00
Marcus Boerger
de8c36dcaa -use const to clarify code 
-fix tsrmls build (therefore rfc1867.c)
 2002-08-02 10:22:31 +00:00
Rui Hirokawa
7527bf0c58 made sapi_register_treat_data() to support multibyte input encoding translation without MBSTR_ENC_TRANS and changed php_treat_data to php_default_treat_data. 2002-08-02 06:53:48 +00:00
Stefan Esser
11ac4e035c use Zend API to access llist count 2002-07-15 16:37:15 +00:00
foobar
02d3e99bf2 IF --disable-mbstr-enc-trans is used OR mbstring is compiled as shared 
extension, these functions are not available.
 2002-07-14 00:27:52 +00:00
foobar
ed58d3a235 - Added predefined constants for the upload errors. 
- Removed the debugging error (not useful for end-users)
 2002-07-12 01:49:58 +00:00
foobar
6a83870c49 Fix typo 2002-07-05 18:32:08 +00:00
Rui Hirokawa
ead78e9125 fixed shift_jis character corruption including 0x5c as second byte following a slash on uploaded filename. 2002-07-05 15:06:39 +00:00
Sebastian Bergmann
0e52055f70 Fix ZTS build. 2002-07-03 21:07:24 +00:00
Rui Hirokawa
bb21c40738 fixed shift_jis character corruption including 0x5c as second byte on uploaded filename. 2002-07-03 13:36:19 +00:00
Stefan Esser
5956656864 - Stay always in buffer 2002-06-07 08:00:12 +00:00
Stefan Esser
23ceadfe2b fixed multiline header detection (':' is valid within following lines) 
fixed fill_buffer to fill the buffer always completely
 2002-06-05 13:35:34 +00:00
Stefan Esser
a06a3e1f7f fixing some crashbugs that can be triggered with bogus uploads. 2002-06-05 11:28:33 +00:00
Derick Rethans
f3c71c43b0 - Don't issue a notice when no file was uploaded 2002-05-31 09:05:39 +00:00
Zeev Suraski
19b7861d70 0 byte file uploads are valid, avoid choking on them 2002-05-11 11:58:16 +00:00
foobar
ae2e36a4e5 Changed the error for 'no upload' to E_NOTICE so that it doesn't 
pollute the logs too much.

@- Fixed possible crash bug in HTTP uploads. (Patch: Lucas Schroeder)
 2002-04-23 00:14:08 +00:00
foobar
bccfe80480 Prevent crashing with some bogus POSTs. 2002-04-01 23:02:16 +00:00
foobar
f43ca8d2bc Fixed a bug with file_uploads=off -> normal post variables not set. 2002-03-30 02:58:19 +00:00
Stefan Esser
2872bce78a Fix: Now returns correct Content-Type with Opera 6.01 2002-03-10 11:03:04 +00:00
jim winstead
e68095972e Move type-handling functions into ext/standard/type.c (which had 
a few otherwise unused functions in it).
 2002-01-09 23:47:46 +00:00
Jon Parise
2720dc3c05 Nuke unused variable warning (end_arr). 2002-01-04 22:57:36 +00:00
Stefan Esser
99e72c9ae5 whitespace. - now i know how code should look like ... 2001-12-16 21:59:13 +00:00
Stefan Esser
dce6ba9e0f fixed: php_ap_getword was unaware of quotes 
filenames with ; in it could not get uploaded

fixed: php_ap_getword_conf sometimes returned a static
	string that crashs php when freed
	(f.e. uploading the file "crash; name=  ;"
	crashed php)

fixed: magic_quotes was disabled while filling
	variables with user supplied input

fixed: memoryleak (some strings did not get freed)

fixed: assuming that adress of "" is always the same
	may fail on some compilers
 2001-12-16 13:34:52 +00:00
Stefan Esser
58a5b6bfda fixed some minor bugs and reordered some code to fix array uploads. 2001-12-13 18:12:58 +00:00
Sebastian Bergmann
38933514e1 Update headers. 2001-12-11 15:32:16 +00:00
foobar
2605bd4b30 Store the read bytes so that some sapi modules know how much to read. 2001-12-05 00:44:17 +00:00
foobar
6083eb1030 - Handle more error types when uploading files. 2001-11-24 18:23:35 +00:00
Zeev Suraski
ee111cf9c8 whitespace 2001-11-24 16:07:05 +00:00
Zeev Suraski
a25ccbec2e whitespace 2001-11-24 16:05:22 +00:00
foobar
1e5e73e0ae - Nuked some memleaks 
- Changed the error to be set always. Otherwise the index for error
  wouldn't be correct in case of uploading multiple files within array.
  ( <input type="file" name="test[]"> )
 2001-11-16 03:34:26 +00:00
foobar
37dec69a7c No use of populating the hash if there is no file saved. 2001-11-16 01:06:48 +00:00
foobar
ae82e1ccf2 In case of submitting form without any files selected don't set 
the tmp_name.
 2001-11-15 15:37:02 +00:00
foobar
b893e59095 Make the filesize 0 when upload fails. And changed the error messages to be different from each other. 2001-11-11 01:51:17 +00:00
foobar
7d479f4abb Fix for bug: #14008. Still needs some minor changes but should give idea about this. 2001-11-11 00:45:31 +00:00
foobar
d6adcc98b5 After discussing with Rasmus, this line should be enough. Speak up if it is not. 2001-10-29 19:12:43 +00:00
foobar
3be12d1d9b - Added myself to authors. 
- Modified the clause about Apache to say what exactly was borrowed.

  Should there be the Apache license included in this file?
 2001-10-29 18:58:15 +00:00
foobar
44b68122c2 @- Fixed HTTP file upload support to handle big files better. (Jani) 
# There are some minor memleaks still..I tried to eliminate them but
# without luck. I'd be glad if someone could check this code out.
# Also, this uses the Apache libapreq. So there might be need to add some
# license thingie there too?
 2001-10-27 05:26:24 +00:00
Jeroen van Wolffelaar
c033288573 Back-substitute for Z_* macro's. If it breaks some extension (the script isn't optimal, it parses for example var->zval.value incorrect) please let me know. 2001-09-25 21:58:48 +00:00
Andi Gutmans
315c894da8 - Commit fix for bug #11998 by Ralf Bolte <r.bolte@gmx.net> 2001-09-23 19:17:44 +00:00
Derick Rethans
78747bd2df - Don't wrap lines... this is annoying while coding. 2001-09-09 13:29:31 +00:00
foobar
e46decaa32 First step for chunkifying the HTTP uploads. 2001-09-03 02:31:56 +00:00
Daniel Beulshausen
0dab84d065 fix SAPI_POST_* exports 2001-08-15 18:01:48 +00:00
Zeev Suraski
1159c84ab7 - TSRMLS_FETCH work 
- whitespace fixes
 2001-08-05 01:43:02 +00:00
Zeev Suraski
d76cf1da18 More TSRMLS_FETCH work 2001-07-31 04:53:54 +00:00
Zeev Suraski
d87cc976e1 Redesigned thread safety mechanism - nua nua 2001-07-28 11:36:37 +00:00
Zeev Suraski
fe6f8712a4 - Get rid of ELS_*(), and use TSRMLS_*() instead. 
- Move to the new ts_allocate_id() API
This patch is *bound* to break some files, as I must have had typos somewhere.
If you use any uncommon extension, please try to build it...
 2001-07-27 10:16:41 +00:00
Zeev Suraski
a9915bf69a Another layout fix 2001-07-16 20:43:18 +00:00
Zeev Suraski
b6064e5d3e Fix layout 
Guys - when submitting patches - please make sure you're not breaking
the layout of the code!  It's not less important than the patch
itself.
 2001-07-16 20:42:49 +00:00
foobar
b0ed727aee Fix one problem with Opera browsers. Tested with IE,NS,Opera. 
There can be also a \t before the 'filename=' part.
 2001-06-19 16:54:30 +00:00
Rasmus Lerdorf
81e2cf03ac Fix folding and clean up some extensions 2001-06-06 13:06:12 +00:00
Rasmus Lerdorf
25c3a3a39d vim-6 does folding - clean up a bunch of missing folding tags plus 
some misguided RINIT and RSHUTDOWN calls in a few fringe extensions
 2001-06-05 13:12:10 +00:00
foobar
bf417a3b72 Now the file uploads 'work' also on Lynx. This patch was submitted 
by Andreas Pistoor <andreas@erestor.f2s.com> and I have tested it a
quite long time now and didn't notive any problems. Bug: #9930
 2001-05-02 01:18:53 +00:00
Andi Gutmans
4c823e8a89 - Change macros from V_ to VCWD_ because of AIX name clash 2001-04-30 12:45:02 +00:00
Andi Gutmans
eb6ba01d1c - Fix copyright notices with 2001 2001-02-26 06:11:02 +00:00
Sascha Schumann
96ba644e9f Make the code match the comment. 
Prior to this change, the upload code tried to add mangled names to
the global HTTP_POST_FILES array, resulting in all kind of weird behaviour.

After this change, multi-dimensional form elements are treated correctly
and consistently.
 2001-01-19 15:39:35 +00:00
Zeev Suraski
f8522c7fa9 Use free_estring() 2001-01-15 10:50:39 +00:00
Sascha Schumann
5d8e3c37d9 arr_index errorneusly included the trailing ']' character, so that 
variable names like Data_name[Image]] were passed to the register functions.
 2001-01-13 10:19:17 +00:00
Stanislav Malyshev
ea46f79a97 Fix #8486 (name= without quotes in MIME Content-Disposition header) 
Ported fix by kk/sas from PHP 3
 2001-01-03 10:52:26 +00:00
Rasmus Lerdorf
c9f1fe638d Fix off by one error in file upload code 2000-12-08 14:28:14 +00:00
Stanislav Malyshev
1f7a3b3b11 Remove empty temp file on failed upload 2000-10-30 15:30:27 +00:00
Sascha Schumann
836df2f798 Parse quoted boundary correctly 2000-10-20 23:40:07 +00:00
Zeev Suraski
9e5ef06ceb Fix warning 2000-10-17 18:13:35 +00:00
Andi Gutmans
824fc6a084 - Move php_open_temporary_file() out of file.c 2000-09-11 18:56:47 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches: 
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
 2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079 Security related updates: 
- Introduce php_open_temporary_file(), in place of tempnam().  Still
  needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
  (was it ever tested?).  Files moved with move_uploaded_file() will not be unlink()'d
  again, to avoid (albeit very unlikely) race conditions.
 2000-09-09 11:41:14 +00:00
Zeev Suraski
75086e3088 - Implemented is_upload_file() 2000-09-08 21:56:47 +00:00
Zeev Suraski
677d4b9913 Send $HTTP_POST_FILES to the right place 2000-09-07 04:12:31 +00:00
Zeev Suraski
eb32144902 - Remove track_vars - it is now always on 
- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
 2000-09-05 19:06:29 +00:00
Zeev Suraski
efdd39207c Protect arrays as well. 2000-09-04 22:26:01 +00:00
Zeev Suraski
5dca99232e Prevent exploit in [tmp_name] as well 2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88 Fix the logic. Tested. 2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5 3rd time's a charm 2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b Fix the fix 2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4 Fix the file upload security problem with no side effects (untested) 2000-09-04 19:07:50 +00:00
Rasmus Lerdorf
43fefff150 Quick-fix for the file upload security alert 
@Quick-fix for the file upload security alert (Rasmus)
 2000-09-04 05:09:46 +00:00
Rasmus Lerdorf
da1b7847b3 Support content-encoding headers in file upload mime parts 
@- Support content-encoding headers in file upload MIME parts
@  (Ragnar Kjørstad)
 2000-08-06 06:40:28 +00:00
Stanislav Malyshev
a790966b15 Fix file upload types array handling (#5836) 2000-07-30 11:22:18 +00:00
Rasmus Lerdorf
76061b701e @ Add support for both indexed and non-indexed arrays of file uploads 
@ eg. name="file[]" type="file" (Rasmus)
Add support for both indexed and non-indexed arrays of file uploads
eg. name="file[]" type="file" (Rasmus)
 2000-06-04 05:46:28 +00:00
Zeev Suraski
e043439ff6 Update the license with the new clause 6 2000-05-18 15:34:45 +00:00
Andi Gutmans
1665cba750 - Change PHP_ to V_ (directory & file functions) 2000-04-15 14:20:01 +00:00
Zeev Suraski
69ff396312 *** empty log message *** 2000-04-02 22:15:14 +00:00
Zeev Suraski
18e0850ba1 @- Add $HTTP_POST_FILES[filename][tmp_name] - it was previously impossible to 
@  retrieve the temporary name of an uploaded file using $HTTP_POST_FILES[] (Zeev)
- Changed IMAP Win32 definitions
 2000-04-02 21:27:32 +00:00
Andi Gutmans
9df7df3293 - Baby steps... Use PHP_FOPEN() 2000-03-30 22:41:13 +00:00
Zeev Suraski
e5c8aeb3f1 - Protect $HTTP_POST_FILES[] as well 2000-02-26 18:59:29 +00:00
Zeev Suraski
9b621d1c8f Get the license right... (this won't make it to RC1 of B4) 2000-02-19 23:21:46 +00:00
Zeev Suraski
739bdec582 Worked on beautifying rfc1867.c a bit 
@- Introduced $HTTP_POST_FILES[], that contains information about files uploaded
@  through HTTP upload (Zeev)
 2000-02-19 20:12:26 +00:00
Zeev Suraski
a6393de6f7 Make POST handling the way it should be. RFC1867, and any future POST handlers we might 
have in the future now obey to the variables_order directive, and there's a real way modular
way to handle POST content.
This is all untested, BEFORE_SAPI_POST_PATCH_17_FEB_2000 tagged before submission
@- Made multipart/form-data content obey to the variables_order directive (Zeev)
 2000-02-17 20:23:59 +00:00
Zeev Suraski
4a211a80fb @- Fixed RFC1867 file upload under Windows (Zeev) 
Fixed a memory leak
 2000-02-15 22:51:18 +00:00
Thies C. Arntzen
829f4f334b @- Workaround for bogus POST-Data from IE/Mac. (Thies) 
@  Patch by Alain Malek <alain@virtua.ch>
fix #2944
 2000-02-12 17:37:11 +00:00
Zeev Suraski
b2449f929c - Change the argument order of php_register_variable() to something more 
intuitive.
- Make the authentication variables be a part of the HTTP_SERVER_VARS[] array
 2000-01-29 11:55:44 +00:00
Zeev Suraski
9ab35ae393 Tried to centralize global variable registration as much as possible: 
- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly
  to $HTTP_GET_VARS[], contain environment and server variables.  Setting
  register_globals to Off will now also prevent registration of the
  environment and server variables into the global scope (Zeev)
- Renamed gpc_globals to register_globals (Zeev)
- Introduced variables_order that deprecates gpc_order, and allows control
  over the server and environment variables, in addition to GET/POST/Cookies
  (Zeev)
 2000-01-28 17:24:53 +00:00
Zeev Suraski
270eff1dfe Use a more general and descriptive name 2000-01-28 14:57:19 +00:00
Zeev Suraski
fc678100cd post.c really had nothing to do with POST anymore, and it belongs to the top level directory 2000-01-28 13:31:12 +00:00
Zeev Suraski
3a35a6955d Get rid of the old implementation 2000-01-28 12:53:05 +00:00
Sascha Schumann
43ae2bffbb Happy Y2K patch! Happy new year (or the new millennium, depending on whether 
you start counting at 0 or 1).
 2000-01-01 01:32:05 +00:00
Zeev Suraski
235386b245 Change ALLOC_ZVAL() semantics 1999-12-26 21:21:33 +00:00
Andi Gutmans
3bf1b04cb4 - Move more stuff to ALLOC_ZVAL(). We need to add those FREE_ZVAL()'s now. 1999-12-24 17:39:27 +00:00
Zeev Suraski
a3c6514332 More php3_ annihilation 1999-12-17 19:51:39 +00:00
Sascha Schumann
4a60eed469 Fix some warnings 1999-12-05 16:25:32 +00:00
Sascha Schumann
5b983c944f Clean up php3.*\.h files. The files itself are renamed, and references in all 
.*\.[ch] files were changed. There is a slight chance that my script missed
a few changes, please correct them manually.
 1999-12-04 19:19:57 +00:00
Thies C. Arntzen
b5c3c7bfc9 files are now resources, file.c is thread-safe, the le_ vars are no longer shared, 
but they are accessible thru "php_file_le_socket(), php_file_le_uploads()..."
i also updated the ftp, pdf and file-upload stuff to match the new requirements.
@- Cleaned up File-Module (Thies)
 1999-10-15 15:22:25 +00:00
Thies C. Arntzen
0cc1641447 starting to clean-up/new API'ize and resourcify the file-stuff - nothing happened yet - just renaming things around. 1999-10-12 18:50:05 +00:00
Zeev Suraski
98d95dd88e - Added support for unknown POST content types (Zeev) 
- Introduce the convert_to_*_ex() API in strlen()
 1999-09-16 23:18:15 +00:00
Zeev Suraski
b2c0acb9ec - Rewrote the GET/POST/Cookie data reader to support multi-dimensional 
arrays! (Zeev)

This still needs a lot of more testing, but it seems to work more or less.
 1999-09-12 23:51:12 +00:00
Zeev Suraski
1b6ccfe86c Cleanups & optimizations 1999-09-11 14:09:29 +00:00
Zeev Suraski
fb910c64cd Cleanups 1999-09-11 13:44:23 +00:00
Zeev Suraski
3cb1eb0471 Removed '3' from key functions in PHP (maintained compatibility through 
php3_compat.h)
 1999-08-02 19:17:14 +00:00
Zeev Suraski
c5724cbd14 License update 1999-07-16 13:13:16 +00:00
Zeev Suraski
c43c235427 Don't touch refcount and EA directly 1999-07-09 20:45:55 +00:00
Zeev Suraski
5f62c347c7 Step 2: 
Rename is_ref to EA
 1999-07-09 17:44:41 +00:00
Zeev Suraski
96bfbc7904 First attempt at moving the old RFC1867 support to the right place 1999-06-12 17:50:39 +00:00
Zeev Suraski
0eb1498fa8 * Get Apache module to compile again with the regex stuff. 
* Get Apache to propertly work with POST, and some SAPI fixes
 1999-05-28 22:41:48 +00:00
Zeev Suraski
cf58b7ef16 Add container for file-upload. It's not quite implemented yet. 1999-05-25 22:28:24 +00:00