Ilia Alshanetsky
4e6997ddf9
Fixed bug #22550 (overflow protection for upload_max_filesize ini setting).
2003-03-05 17:00:09 +00:00
Rasmus Lerdorf
d08a0e99c8
An input filter might not simply strip stuff, it might also turn things
...
into entities or use some other mechanism which causes the filtered data
to be longer than the original data. Ergo, pass in the address of the
buffer instead so the filter is free to reallocate it.
2003-02-20 22:21:49 +00:00
Rasmus Lerdorf
7429c2dc3f
Input Filter support. See README.input_filter for details.
...
@- Input Filter support added. See README.input_filter. (Rasmus)
2003-02-19 19:41:09 +00:00
foobar
8e3f23e3c0
ws fixes + missing $Id$ tags, headers added
2003-02-19 08:40:19 +00:00
Stefan Esser
58d65abbcb
Adding support for anonymous fileuploads ( #21450 )
2003-01-06 23:51:28 +00:00
Sebastian Bergmann
2c5d4b8c23
Bump year.
2002-12-31 15:59:15 +00:00
Ilia Alshanetsky
1f50681813
Fixed bug #21149 (fixed handling of unterminated '[').
2002-12-29 21:02:17 +00:00
Stefan Esser
75d8056e11
cleanup
2002-12-14 10:45:25 +00:00
Ilia Alshanetsky
3c9a6a8890
Removed one more unneeded check.
2002-12-10 15:58:31 +00:00
Ilia Alshanetsky
ecc9c539d2
Removed a pointless check. Thanks Stefan.
2002-12-10 15:36:26 +00:00
Ilia Alshanetsky
8425dbd0bc
Fixed bugs #20725 & #20860 . Post form variables get lost if the uploaded
...
files cannot be written to disk.
2002-12-07 00:48:13 +00:00
Stefan Esser
9dae1475ef
little fix
2002-11-22 19:34:17 +00:00
Stefan Esser
658fd1ba8d
Fixing possible remote overflow due to mbstring translation.
2002-11-14 16:30:07 +00:00
Moriyoshi Koizumi
e8be0db546
Fixed build when mbstring is not used - my previous patch is insufficient.
2002-10-24 02:59:01 +00:00
Moriyoshi Koizumi
73ca375f37
MFH; we would see a nasty problem again if it was not fixed...
2002-10-24 02:56:28 +00:00
Moriyoshi Koizumi
74883a9583
Make php_mb_is_mb_leadbyte() obsolete. It only works with double-byte chars.
...
# Sorry Marcus, it seems we were working simultaneously :)
2002-10-23 23:25:27 +00:00
Moriyoshi Koizumi
afa9f42f47
Function renaming.
2002-10-23 19:51:50 +00:00
Moriyoshi Koizumi
b7703551ed
Remaned the functions for consistency
2002-10-23 16:54:31 +00:00
Stefan Esser
46f4a07d1c
Closing protected variables hole
2002-10-07 11:23:24 +00:00
Stefan Esser
20693c1ad4
IE does not use quotes but now we are safe...
2002-08-17 11:48:21 +00:00
Stefan Esser
ecaa0a091a
fixed the user supplied patch for bug #18792
2002-08-17 11:31:06 +00:00
Dan Kalowsky
6c22f90b4a
Fix for bug #18792 submitted by t.bubeck@reinform.de
...
# talked this over with sterling and he believes it shouldn't break anything
# although there might be a need/desire to check for both ',' and ';'
2002-08-16 19:34:43 +00:00
Stefan Esser
6f822fdcb7
A full hard disk is no reason to leak memory...
2002-08-08 12:40:51 +00:00
Marcus Boerger
de8c36dcaa
-use const to clarify code
...
-fix tsrmls build (therefore rfc1867.c)
2002-08-02 10:22:31 +00:00
Rui Hirokawa
7527bf0c58
made sapi_register_treat_data() to support multibyte input encoding translation without MBSTR_ENC_TRANS and changed php_treat_data to php_default_treat_data.
2002-08-02 06:53:48 +00:00
Stefan Esser
11ac4e035c
use Zend API to access llist count
2002-07-15 16:37:15 +00:00
foobar
02d3e99bf2
IF --disable-mbstr-enc-trans is used OR mbstring is compiled as shared
...
extension, these functions are not available.
2002-07-14 00:27:52 +00:00
foobar
ed58d3a235
- Added predefined constants for the upload errors.
...
- Removed the debugging error (not useful for end-users)
2002-07-12 01:49:58 +00:00
foobar
6a83870c49
Fix typo
2002-07-05 18:32:08 +00:00
Rui Hirokawa
ead78e9125
fixed shift_jis character corruption including 0x5c as second byte following a slash on uploaded filename.
2002-07-05 15:06:39 +00:00
Sebastian Bergmann
0e52055f70
Fix ZTS build.
2002-07-03 21:07:24 +00:00
Rui Hirokawa
bb21c40738
fixed shift_jis character corruption including 0x5c as second byte on uploaded filename.
2002-07-03 13:36:19 +00:00
Stefan Esser
5956656864
- Stay always in buffer
2002-06-07 08:00:12 +00:00
Stefan Esser
23ceadfe2b
fixed multiline header detection (':' is valid within following lines)
...
fixed fill_buffer to fill the buffer always completely
2002-06-05 13:35:34 +00:00
Stefan Esser
a06a3e1f7f
fixing some crashbugs that can be triggered with bogus uploads.
2002-06-05 11:28:33 +00:00
Derick Rethans
f3c71c43b0
- Don't issue a notice when no file was uploaded
2002-05-31 09:05:39 +00:00
Zeev Suraski
19b7861d70
0 byte file uploads are valid, avoid choking on them
2002-05-11 11:58:16 +00:00
foobar
ae2e36a4e5
Changed the error for 'no upload' to E_NOTICE so that it doesn't
...
pollute the logs too much.
@- Fixed possible crash bug in HTTP uploads. (Patch: Lucas Schroeder)
2002-04-23 00:14:08 +00:00
foobar
bccfe80480
Prevent crashing with some bogus POSTs.
2002-04-01 23:02:16 +00:00
foobar
f43ca8d2bc
Fixed a bug with file_uploads=off -> normal post variables not set.
2002-03-30 02:58:19 +00:00
Stefan Esser
2872bce78a
Fix: Now returns correct Content-Type with Opera 6.01
2002-03-10 11:03:04 +00:00
jim winstead
e68095972e
Move type-handling functions into ext/standard/type.c (which had
...
a few otherwise unused functions in it).
2002-01-09 23:47:46 +00:00
Jon Parise
2720dc3c05
Nuke unused variable warning (end_arr).
2002-01-04 22:57:36 +00:00
Stefan Esser
99e72c9ae5
whitespace. - now i know how code should look like ...
2001-12-16 21:59:13 +00:00
Stefan Esser
dce6ba9e0f
fixed: php_ap_getword was unaware of quotes
...
filenames with ; in it could not get uploaded
fixed: php_ap_getword_conf sometimes returned a static
string that crashs php when freed
(f.e. uploading the file "crash; name= ;"
crashed php)
fixed: magic_quotes was disabled while filling
variables with user supplied input
fixed: memoryleak (some strings did not get freed)
fixed: assuming that adress of "" is always the same
may fail on some compilers
2001-12-16 13:34:52 +00:00
Stefan Esser
58a5b6bfda
fixed some minor bugs and reordered some code to fix array uploads.
2001-12-13 18:12:58 +00:00
Sebastian Bergmann
38933514e1
Update headers.
2001-12-11 15:32:16 +00:00
foobar
2605bd4b30
Store the read bytes so that some sapi modules know how much to read.
2001-12-05 00:44:17 +00:00
foobar
6083eb1030
- Handle more error types when uploading files.
2001-11-24 18:23:35 +00:00
Zeev Suraski
ee111cf9c8
whitespace
2001-11-24 16:07:05 +00:00
Zeev Suraski
a25ccbec2e
whitespace
2001-11-24 16:05:22 +00:00
foobar
1e5e73e0ae
- Nuked some memleaks
...
- Changed the error to be set always. Otherwise the index for error
wouldn't be correct in case of uploading multiple files within array.
( <input type="file" name="test[]"> )
2001-11-16 03:34:26 +00:00
foobar
37dec69a7c
No use of populating the hash if there is no file saved.
2001-11-16 01:06:48 +00:00
foobar
ae82e1ccf2
In case of submitting form without any files selected don't set
...
the tmp_name.
2001-11-15 15:37:02 +00:00
foobar
b893e59095
Make the filesize 0 when upload fails. And changed the error messages to be different from each other.
2001-11-11 01:51:17 +00:00
foobar
7d479f4abb
Fix for bug: #14008 . Still needs some minor changes but should give idea about this.
2001-11-11 00:45:31 +00:00
foobar
d6adcc98b5
After discussing with Rasmus, this line should be enough. Speak up if it is not.
2001-10-29 19:12:43 +00:00
foobar
3be12d1d9b
- Added myself to authors.
...
- Modified the clause about Apache to say what exactly was borrowed.
Should there be the Apache license included in this file?
2001-10-29 18:58:15 +00:00
foobar
44b68122c2
@- Fixed HTTP file upload support to handle big files better. (Jani)
...
# There are some minor memleaks still..I tried to eliminate them but
# without luck. I'd be glad if someone could check this code out.
# Also, this uses the Apache libapreq. So there might be need to add some
# license thingie there too?
2001-10-27 05:26:24 +00:00
Jeroen van Wolffelaar
c033288573
Back-substitute for Z_* macro's. If it breaks some extension (the script isn't optimal, it parses for example var->zval.value incorrect) please let me know.
2001-09-25 21:58:48 +00:00
Andi Gutmans
315c894da8
- Commit fix for bug #11998 by Ralf Bolte <r.bolte@gmx.net>
2001-09-23 19:17:44 +00:00
Derick Rethans
78747bd2df
- Don't wrap lines... this is annoying while coding.
2001-09-09 13:29:31 +00:00
foobar
e46decaa32
First step for chunkifying the HTTP uploads.
2001-09-03 02:31:56 +00:00
Daniel Beulshausen
0dab84d065
fix SAPI_POST_* exports
2001-08-15 18:01:48 +00:00
Zeev Suraski
1159c84ab7
- TSRMLS_FETCH work
...
- whitespace fixes
2001-08-05 01:43:02 +00:00
Zeev Suraski
d76cf1da18
More TSRMLS_FETCH work
2001-07-31 04:53:54 +00:00
Zeev Suraski
d87cc976e1
Redesigned thread safety mechanism - nua nua
2001-07-28 11:36:37 +00:00
Zeev Suraski
fe6f8712a4
- Get rid of ELS_*(), and use TSRMLS_*() instead.
...
- Move to the new ts_allocate_id() API
This patch is *bound* to break some files, as I must have had typos somewhere.
If you use any uncommon extension, please try to build it...
2001-07-27 10:16:41 +00:00
Zeev Suraski
a9915bf69a
Another layout fix
2001-07-16 20:43:18 +00:00
Zeev Suraski
b6064e5d3e
Fix layout
...
Guys - when submitting patches - please make sure you're not breaking
the layout of the code! It's not less important than the patch
itself.
2001-07-16 20:42:49 +00:00
foobar
b0ed727aee
Fix one problem with Opera browsers. Tested with IE,NS,Opera.
...
There can be also a \t before the 'filename=' part.
2001-06-19 16:54:30 +00:00
Rasmus Lerdorf
81e2cf03ac
Fix folding and clean up some extensions
2001-06-06 13:06:12 +00:00
Rasmus Lerdorf
25c3a3a39d
vim-6 does folding - clean up a bunch of missing folding tags plus
...
some misguided RINIT and RSHUTDOWN calls in a few fringe extensions
2001-06-05 13:12:10 +00:00
foobar
bf417a3b72
Now the file uploads 'work' also on Lynx. This patch was submitted
...
by Andreas Pistoor <andreas@erestor.f2s.com> and I have tested it a
quite long time now and didn't notive any problems. Bug: #9930
2001-05-02 01:18:53 +00:00
Andi Gutmans
4c823e8a89
- Change macros from V_ to VCWD_ because of AIX name clash
2001-04-30 12:45:02 +00:00
Andi Gutmans
eb6ba01d1c
- Fix copyright notices with 2001
2001-02-26 06:11:02 +00:00
Sascha Schumann
96ba644e9f
Make the code match the comment.
...
Prior to this change, the upload code tried to add mangled names to
the global HTTP_POST_FILES array, resulting in all kind of weird behaviour.
After this change, multi-dimensional form elements are treated correctly
and consistently.
2001-01-19 15:39:35 +00:00
Zeev Suraski
f8522c7fa9
Use free_estring()
2001-01-15 10:50:39 +00:00
Sascha Schumann
5d8e3c37d9
arr_index errorneusly included the trailing ']' character, so that
...
variable names like Data_name[Image]] were passed to the register functions.
2001-01-13 10:19:17 +00:00
Stanislav Malyshev
ea46f79a97
Fix #8486 (name= without quotes in MIME Content-Disposition header)
...
Ported fix by kk/sas from PHP 3
2001-01-03 10:52:26 +00:00
Rasmus Lerdorf
c9f1fe638d
Fix off by one error in file upload code
2000-12-08 14:28:14 +00:00
Stanislav Malyshev
1f7a3b3b11
Remove empty temp file on failed upload
2000-10-30 15:30:27 +00:00
Sascha Schumann
836df2f798
Parse quoted boundary correctly
2000-10-20 23:40:07 +00:00
Zeev Suraski
9e5ef06ceb
Fix warning
2000-10-17 18:13:35 +00:00
Andi Gutmans
824fc6a084
- Move php_open_temporary_file() out of file.c
2000-09-11 18:56:47 +00:00
Zeev Suraski
b7ecaacd07
More security-related (control) patches:
...
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079
Security related updates:
...
- Introduce php_open_temporary_file(), in place of tempnam(). Still
needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
(was it ever tested?). Files moved with move_uploaded_file() will not be unlink()'d
again, to avoid (albeit very unlikely) race conditions.
2000-09-09 11:41:14 +00:00
Zeev Suraski
75086e3088
- Implemented is_upload_file()
2000-09-08 21:56:47 +00:00
Zeev Suraski
677d4b9913
Send $HTTP_POST_FILES to the right place
2000-09-07 04:12:31 +00:00
Zeev Suraski
eb32144902
- Remove track_vars - it is now always on
...
- Make the various $HTTP_*_VARS[] arrays be defined always,
even if they're empty
- Fix Win32 build and warnings
2000-09-05 19:06:29 +00:00
Zeev Suraski
efdd39207c
Protect arrays as well.
2000-09-04 22:26:01 +00:00
Zeev Suraski
5dca99232e
Prevent exploit in [tmp_name] as well
2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88
Fix the logic. Tested.
2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5
3rd time's a charm
2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b
Fix the fix
2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4
Fix the file upload security problem with no side effects (untested)
2000-09-04 19:07:50 +00:00
Rasmus Lerdorf
43fefff150
Quick-fix for the file upload security alert
...
@Quick-fix for the file upload security alert (Rasmus)
2000-09-04 05:09:46 +00:00
Rasmus Lerdorf
da1b7847b3
Support content-encoding headers in file upload mime parts
...
@- Support content-encoding headers in file upload MIME parts
@ (Ragnar Kjørstad)
2000-08-06 06:40:28 +00:00
Stanislav Malyshev
a790966b15
Fix file upload types array handling ( #5836 )
2000-07-30 11:22:18 +00:00
Rasmus Lerdorf
76061b701e
@ Add support for both indexed and non-indexed arrays of file uploads
...
@ eg. name="file[]" type="file" (Rasmus)
Add support for both indexed and non-indexed arrays of file uploads
eg. name="file[]" type="file" (Rasmus)
2000-06-04 05:46:28 +00:00