clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-08 18:26:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
27,362 Commits 496 Branches 1,370 Tags 836 MiB
7daa1cfecc
Commit Graph

159 Commits

Author SHA1 Message Date
Sascha Schumann
96ba644e9f Make the code match the comment. 
Prior to this change, the upload code tried to add mangled names to
the global HTTP_POST_FILES array, resulting in all kind of weird behaviour.

After this change, multi-dimensional form elements are treated correctly
and consistently.
 2001-01-19 15:39:35 +00:00
Zeev Suraski
f8522c7fa9 Use free_estring() 2001-01-15 10:50:39 +00:00
Sascha Schumann
5d8e3c37d9 arr_index errorneusly included the trailing ']' character, so that 
variable names like Data_name[Image]] were passed to the register functions.
 2001-01-13 10:19:17 +00:00
Stanislav Malyshev
ea46f79a97 Fix #8486 (name= without quotes in MIME Content-Disposition header) 
Ported fix by kk/sas from PHP 3
 2001-01-03 10:52:26 +00:00
Rasmus Lerdorf
c9f1fe638d Fix off by one error in file upload code 2000-12-08 14:28:14 +00:00
Stanislav Malyshev
1f7a3b3b11 Remove empty temp file on failed upload 2000-10-30 15:30:27 +00:00
Sascha Schumann
836df2f798 Parse quoted boundary correctly 2000-10-20 23:40:07 +00:00
Zeev Suraski
9e5ef06ceb Fix warning 2000-10-17 18:13:35 +00:00
Andi Gutmans
824fc6a084 - Move php_open_temporary_file() out of file.c 2000-09-11 18:56:47 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches: 
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
 2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079 Security related updates: 
- Introduce php_open_temporary_file(), in place of tempnam().  Still
  needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
  (was it ever tested?).  Files moved with move_uploaded_file() will not be unlink()'d
  again, to avoid (albeit very unlikely) race conditions.
 2000-09-09 11:41:14 +00:00
Zeev Suraski
75086e3088 - Implemented is_upload_file() 2000-09-08 21:56:47 +00:00
Zeev Suraski
677d4b9913 Send $HTTP_POST_FILES to the right place 2000-09-07 04:12:31 +00:00
Zeev Suraski
eb32144902 - Remove track_vars - it is now always on 
- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
 2000-09-05 19:06:29 +00:00
Zeev Suraski
efdd39207c Protect arrays as well. 2000-09-04 22:26:01 +00:00
Zeev Suraski
5dca99232e Prevent exploit in [tmp_name] as well 2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88 Fix the logic. Tested. 2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5 3rd time's a charm 2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b Fix the fix 2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4 Fix the file upload security problem with no side effects (untested) 2000-09-04 19:07:50 +00:00
Rasmus Lerdorf
43fefff150 Quick-fix for the file upload security alert 
@Quick-fix for the file upload security alert (Rasmus)
 2000-09-04 05:09:46 +00:00
Rasmus Lerdorf
da1b7847b3 Support content-encoding headers in file upload mime parts 
@- Support content-encoding headers in file upload MIME parts
@  (Ragnar Kjørstad)
 2000-08-06 06:40:28 +00:00
Stanislav Malyshev
a790966b15 Fix file upload types array handling (#5836) 2000-07-30 11:22:18 +00:00
Rasmus Lerdorf
76061b701e @ Add support for both indexed and non-indexed arrays of file uploads 
@ eg. name="file[]" type="file" (Rasmus)
Add support for both indexed and non-indexed arrays of file uploads
eg. name="file[]" type="file" (Rasmus)
 2000-06-04 05:46:28 +00:00
Zeev Suraski
e043439ff6 Update the license with the new clause 6 2000-05-18 15:34:45 +00:00
Andi Gutmans
1665cba750 - Change PHP_ to V_ (directory & file functions) 2000-04-15 14:20:01 +00:00
Zeev Suraski
69ff396312 *** empty log message *** 2000-04-02 22:15:14 +00:00
Zeev Suraski
18e0850ba1 @- Add $HTTP_POST_FILES[filename][tmp_name] - it was previously impossible to 
@  retrieve the temporary name of an uploaded file using $HTTP_POST_FILES[] (Zeev)
- Changed IMAP Win32 definitions
 2000-04-02 21:27:32 +00:00
Andi Gutmans
9df7df3293 - Baby steps... Use PHP_FOPEN() 2000-03-30 22:41:13 +00:00
Zeev Suraski
e5c8aeb3f1 - Protect $HTTP_POST_FILES[] as well 2000-02-26 18:59:29 +00:00
Zeev Suraski
9b621d1c8f Get the license right... (this won't make it to RC1 of B4) 2000-02-19 23:21:46 +00:00
Zeev Suraski
739bdec582 Worked on beautifying rfc1867.c a bit 
@- Introduced $HTTP_POST_FILES[], that contains information about files uploaded
@  through HTTP upload (Zeev)
 2000-02-19 20:12:26 +00:00
Zeev Suraski
a6393de6f7 Make POST handling the way it should be. RFC1867, and any future POST handlers we might 
have in the future now obey to the variables_order directive, and there's a real way modular
way to handle POST content.
This is all untested, BEFORE_SAPI_POST_PATCH_17_FEB_2000 tagged before submission
@- Made multipart/form-data content obey to the variables_order directive (Zeev)
 2000-02-17 20:23:59 +00:00
Zeev Suraski
4a211a80fb @- Fixed RFC1867 file upload under Windows (Zeev) 
Fixed a memory leak
 2000-02-15 22:51:18 +00:00
Thies C. Arntzen
829f4f334b @- Workaround for bogus POST-Data from IE/Mac. (Thies) 
@  Patch by Alain Malek <alain@virtua.ch>
fix #2944
 2000-02-12 17:37:11 +00:00
Zeev Suraski
b2449f929c - Change the argument order of php_register_variable() to something more 
intuitive.
- Make the authentication variables be a part of the HTTP_SERVER_VARS[] array
 2000-01-29 11:55:44 +00:00
Zeev Suraski
9ab35ae393 Tried to centralize global variable registration as much as possible: 
- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly
  to $HTTP_GET_VARS[], contain environment and server variables.  Setting
  register_globals to Off will now also prevent registration of the
  environment and server variables into the global scope (Zeev)
- Renamed gpc_globals to register_globals (Zeev)
- Introduced variables_order that deprecates gpc_order, and allows control
  over the server and environment variables, in addition to GET/POST/Cookies
  (Zeev)
 2000-01-28 17:24:53 +00:00
Zeev Suraski
270eff1dfe Use a more general and descriptive name 2000-01-28 14:57:19 +00:00
Zeev Suraski
fc678100cd post.c really had nothing to do with POST anymore, and it belongs to the top level directory 2000-01-28 13:31:12 +00:00
Zeev Suraski
3a35a6955d Get rid of the old implementation 2000-01-28 12:53:05 +00:00
Sascha Schumann
43ae2bffbb Happy Y2K patch! Happy new year (or the new millennium, depending on whether 
you start counting at 0 or 1).
 2000-01-01 01:32:05 +00:00
Zeev Suraski
235386b245 Change ALLOC_ZVAL() semantics 1999-12-26 21:21:33 +00:00
Andi Gutmans
3bf1b04cb4 - Move more stuff to ALLOC_ZVAL(). We need to add those FREE_ZVAL()'s now. 1999-12-24 17:39:27 +00:00
Zeev Suraski
a3c6514332 More php3_ annihilation 1999-12-17 19:51:39 +00:00
Sascha Schumann
4a60eed469 Fix some warnings 1999-12-05 16:25:32 +00:00
Sascha Schumann
5b983c944f Clean up php3.*\.h files. The files itself are renamed, and references in all 
.*\.[ch] files were changed. There is a slight chance that my script missed
a few changes, please correct them manually.
 1999-12-04 19:19:57 +00:00
Thies C. Arntzen
b5c3c7bfc9 files are now resources, file.c is thread-safe, the le_ vars are no longer shared, 
but they are accessible thru "php_file_le_socket(), php_file_le_uploads()..."
i also updated the ftp, pdf and file-upload stuff to match the new requirements.
@- Cleaned up File-Module (Thies)
 1999-10-15 15:22:25 +00:00
Thies C. Arntzen
0cc1641447 starting to clean-up/new API'ize and resourcify the file-stuff - nothing happened yet - just renaming things around. 1999-10-12 18:50:05 +00:00
Zeev Suraski
98d95dd88e - Added support for unknown POST content types (Zeev) 
- Introduce the convert_to_*_ex() API in strlen()
 1999-09-16 23:18:15 +00:00
Zeev Suraski
b2c0acb9ec - Rewrote the GET/POST/Cookie data reader to support multi-dimensional 
arrays! (Zeev)

This still needs a lot of more testing, but it seems to work more or less.
 1999-09-12 23:51:12 +00:00
Zeev Suraski
1b6ccfe86c Cleanups & optimizations 1999-09-11 14:09:29 +00:00
Zeev Suraski
fb910c64cd Cleanups 1999-09-11 13:44:23 +00:00
Zeev Suraski
3cb1eb0471 Removed '3' from key functions in PHP (maintained compatibility through 
php3_compat.h)
 1999-08-02 19:17:14 +00:00
Zeev Suraski
c5724cbd14 License update 1999-07-16 13:13:16 +00:00
Zeev Suraski
c43c235427 Don't touch refcount and EA directly 1999-07-09 20:45:55 +00:00
Zeev Suraski
5f62c347c7 Step 2: 
Rename is_ref to EA
 1999-07-09 17:44:41 +00:00
Zeev Suraski
96bfbc7904 First attempt at moving the old RFC1867 support to the right place 1999-06-12 17:50:39 +00:00
Zeev Suraski
0eb1498fa8 * Get Apache module to compile again with the regex stuff. 
* Get Apache to propertly work with POST, and some SAPI fixes
 1999-05-28 22:41:48 +00:00
Zeev Suraski
cf58b7ef16 Add container for file-upload. It's not quite implemented yet. 1999-05-25 22:28:24 +00:00