diff -x '*.o' -x '*.lo' -c -r php-4.4.4.original/main/rfc1867.c php-4.4.4/main/rfc1867.c
*** php-4.4.4.original/main/rfc1867.c 2006-01-01 11:47:00.000000000 -0200
--- php-4.4.4/main/rfc1867.c 2006-12-17 21:53:19.000000000 -0200
***************
*** 34,39 ****
--- 34,41 ----
#undef DEBUG_FILE_UPLOAD
+ PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void **extra TSRMLS_DC) = NULL;
+
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
#include "ext/mbstring/mbstring.h"
***************
*** 128,133 ****
--- 130,136 ----
#define UPLOAD_ERROR_D 4 /* No file uploaded */
#define UPLOAD_ERROR_E 6 /* Missing /tmp or similar directory */
#define UPLOAD_ERROR_F 7 /* Failed to write file to disk */
+ #define UPLOAD_ERROR_X 8 /* File upload stopped by extension */
void php_rfc1867_register_constants(TSRMLS_D)
{
***************
*** 138,143 ****
--- 141,147 ----
REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_FILE", UPLOAD_ERROR_D, CONST_CS | CONST_PERSISTENT);
REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_NO_TMP_DIR", UPLOAD_ERROR_E, CONST_CS | CONST_PERSISTENT);
REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_CANT_WRITE", UPLOAD_ERROR_F, CONST_CS | CONST_PERSISTENT);
+ REGISTER_MAIN_LONG_CONSTANT("UPLOAD_ERR_EXTENSION", UPLOAD_ERROR_X, CONST_CS | CONST_PERSISTENT);
}
static void normalize_protected_variable(char *varname TSRMLS_DC)
***************
*** 749,755 ****
XXX: this is horrible memory-usage-wise, but we only expect
to do this on small pieces of form data.
*/
! static char *multipart_buffer_read_body(multipart_buffer *self TSRMLS_DC)
{
char buf[FILLUNIT], *out=NULL;
int total_bytes=0, read_bytes=0;
--- 753,759 ----
XXX: this is horrible memory-usage-wise, but we only expect
to do this on small pieces of form data.
*/
! static char *multipart_buffer_read_body(multipart_buffer *self, unsigned int *len TSRMLS_DC)
{
char buf[FILLUNIT], *out=NULL;
int total_bytes=0, read_bytes=0;
***************
*** 761,766 ****
--- 765,771 ----
}
if (out) out[total_bytes] = '\0';
+ *len = total_bytes;
return out;
}
***************
*** 786,797 ****
--- 791,805 ----
zval *array_ptr = (zval *) arg;
int fd=-1;
zend_llist header;
+ void *event_extra_data = NULL;
+ fprintf(stderr, "%s %ld %ld %ld\n", __FILE__, __LINE__, SG(request_info).content_length, SG(post_max_size));
if (SG(request_info).content_length > SG(post_max_size)) {
sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
return;
}
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
/* Get the boundary */
boundary = strstr(content_type_dup, "boundary");
if (!boundary || !(boundary=strchr(boundary, '='))) {
***************
*** 802,807 ****
--- 810,816 ----
boundary++;
boundary_len = strlen(boundary);
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
if (boundary[0] == '"') {
boundary++;
boundary_end = strchr(boundary, '"');
***************
*** 818,823 ****
--- 827,833 ----
boundary_len = boundary_end-boundary;
}
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
/* Initialize the buffer */
if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) {
sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer");
***************
*** 844,859 ****
#endif
zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0);
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
! int blen=0, wlen=0;
zend_llist_clean(&header);
if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) {
! SAFE_RETURN;
}
if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {
--- 854,881 ----
#endif
zend_llist_init(&header, sizeof(mime_header_entry), (llist_dtor_func_t) php_free_hdr_entry, 0);
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_start event_start;
+ fprintf(stderr, "%s %d\n", __FILE__, __LINE__);
+
+ event_start.content_length = SG(request_info).content_length;
+ if (php_rfc1867_callback(MULTIPART_EVENT_START, &event_start, &event_extra_data TSRMLS_CC) == FAILURE) {
+ goto fileupload_done;
+ }
+ }
+
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
! size_t blen=0, wlen=0;
! off_t offset;
zend_llist_clean(&header);
if (!multipart_buffer_headers(mbuff, &header TSRMLS_CC)) {
! goto fileupload_done;
}
if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {
***************
*** 895,907 ****
/* Normal form variable, safe to read all data into memory */
if (!filename && param) {
!
! char *value = multipart_buffer_read_body(mbuff TSRMLS_CC);
if (!value) {
value = estrdup("");
}
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
if (php_mb_encoding_translation(TSRMLS_C)) {
php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
--- 917,941 ----
/* Normal form variable, safe to read all data into memory */
if (!filename && param) {
! unsigned int value_len;
! char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC);
! unsigned int new_val_len; /* Dummy variable */
if (!value) {
value = estrdup("");
}
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_formdata event_formdata;
+
+ event_formdata.post_bytes_processed = SG(read_post_bytes);
+ event_formdata.name = param;
+ event_formdata.value = &value;
+ event_formdata.length = value_len;
+ event_formdata.newlength = NULL;
+ php_rfc1867_callback(MULTIPART_EVENT_FORMDATA, &event_formdata, &event_extra_data TSRMLS_CC);
+ }
+
#if HAVE_MBSTRING && !defined(COMPILE_DL_MBSTRING)
if (php_mb_encoding_translation(TSRMLS_C)) {
php_mb_gpc_stack_variable(param, value, &val_list, &len_list,
***************
*** 923,944 ****
/* If file_uploads=off, skip the file part */
if (!PG(file_uploads)) {
! if (filename) {
! efree(filename);
! }
! if (param) {
! efree(param);
! }
! continue;
}
/* Return with an error if the posted data is garbled */
! if (!param) {
sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled");
! if (filename) {
! efree(filename);
! }
! SAFE_RETURN;
}
/* New Rule: never repair potential malicious user input */
--- 957,969 ----
/* If file_uploads=off, skip the file part */
if (!PG(file_uploads)) {
! skip_upload = 1;
}
/* Return with an error if the posted data is garbled */
! if (!param && !filename) {
sapi_module.sapi_error(E_WARNING, "File Upload Mime headers garbled");
! goto fileupload_done;
}
/* New Rule: never repair potential malicious user input */
***************
*** 974,979 ****
--- 999,1027 ----
cancel_upload = UPLOAD_ERROR_E;
}
}
+
+ if (!skip_upload && php_rfc1867_callback != NULL) {
+ multipart_event_file_start event_file_start;
+
+ event_file_start.post_bytes_processed = SG(read_post_bytes);
+ event_file_start.name = param;
+ event_file_start.filename = &filename;
+ if (php_rfc1867_callback(MULTIPART_EVENT_FILE_START, &event_file_start, &event_extra_data TSRMLS_CC) == FAILURE) {
+ if (temp_filename) {
+ if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */
+ close(fd);
+ unlink(temp_filename);
+ }
+ efree(temp_filename);
+ }
+ temp_filename="";
+ efree(param);
+ efree(filename);
+ continue;
+ }
+ }
+
+
if (skip_upload) {
efree(param);
efree(filename);
***************
*** 987,995 ****
--- 1035,1059 ----
cancel_upload = UPLOAD_ERROR_D;
}
+ offset = 0;
end = 0;
while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff), &end TSRMLS_CC)))
{
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_file_data event_file_data;
+
+ event_file_data.post_bytes_processed = SG(read_post_bytes);
+ event_file_data.offset = offset;
+ event_file_data.data = buff;
+ event_file_data.length = blen;
+ event_file_data.newlength = &blen;
+ if (php_rfc1867_callback(MULTIPART_EVENT_FILE_DATA, &event_file_data, &event_extra_data TSRMLS_CC) == FAILURE) {
+ cancel_upload = UPLOAD_ERROR_X;
+ continue;
+ }
+ }
+
+
if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) {
sapi_module.sapi_error(E_WARNING, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename);
cancel_upload = UPLOAD_ERROR_A;
***************
*** 1005,1010 ****
--- 1069,1076 ----
} else {
total_bytes += wlen;
}
+
+ offset += wlen;
}
}
if (fd!=-1) {
***************
*** 1025,1030 ****
--- 1091,1107 ----
}
#endif
+ if (php_rfc1867_callback != NULL) {
+ multipart_event_file_end event_file_end;
+
+ event_file_end.post_bytes_processed = SG(read_post_bytes);
+ event_file_end.temp_filename = temp_filename;
+ event_file_end.cancel_upload = cancel_upload;
+ if (php_rfc1867_callback(MULTIPART_EVENT_FILE_END, &event_file_end, &event_extra_data TSRMLS_CC) == FAILURE) {
+ cancel_upload = UPLOAD_ERROR_X;
+ }
+ }
+
if (cancel_upload) {
if (temp_filename) {
if (cancel_upload != UPLOAD_ERROR_E) { /* file creation failed */
***************
*** 1216,1222 ****
efree(param);
}
}
!
SAFE_RETURN;
}
--- 1293,1306 ----
efree(param);
}
}
! fileupload_done:
! if (php_rfc1867_callback != NULL) {
! multipart_event_end event_end;
!
! event_end.post_bytes_processed = SG(read_post_bytes);
! php_rfc1867_callback(MULTIPART_EVENT_END, &event_end, &event_extra_data TSRMLS_CC);
! }
!
SAFE_RETURN;
}
diff -x '*.o' -x '*.lo' -c -r php-4.4.4.original/main/rfc1867.h php-4.4.4/main/rfc1867.h
*** php-4.4.4.original/main/rfc1867.h 2002-07-11 22:49:58.000000000 -0300
--- php-4.4.4/main/rfc1867.h 2006-12-17 21:51:56.000000000 -0200
***************
*** 1,13 ****
--- 1,76 ----
+ /*
+ +----------------------------------------------------------------------+
+ | PHP Version 5 |
+ +----------------------------------------------------------------------+
+ | Copyright (c) 1997-2006 The PHP Group |
+ +----------------------------------------------------------------------+
+ | This source file is subject to version 3.01 of the PHP license, |
+ | that is bundled with this package in the file LICENSE, and is |
+ | available through the world-wide-web at the following url: |
+ | http://www.php.net/license/3_01.txt |
+ | If you did not receive a copy of the PHP license and are unable to |
+ | obtain it through the world-wide-web, please send a note to |
+ | license@php.net so we can mail you a copy immediately. |
+ +----------------------------------------------------------------------+
+ | Author: |
+ +----------------------------------------------------------------------+
+ */
+
+ /* $Id: rfc1867.h,v 1.13.2.1.2.2 2006/07/26 13:22:06 tony2001 Exp $ */
+
#ifndef RFC1867_H
#define RFC1867_H
#include "SAPI.h"
#define MULTIPART_CONTENT_TYPE "multipart/form-data"
+ #define MULTIPART_EVENT_START 0
+ #define MULTIPART_EVENT_FORMDATA 1
+ #define MULTIPART_EVENT_FILE_START 2
+ #define MULTIPART_EVENT_FILE_DATA 3
+ #define MULTIPART_EVENT_FILE_END 4
+ #define MULTIPART_EVENT_END 5
+
+ typedef struct _multipart_event_start {
+ size_t content_length;
+ } multipart_event_start;
+
+ typedef struct _multipart_event_formdata {
+ size_t post_bytes_processed;
+ char *name;
+ char **value;
+ size_t length;
+ size_t *newlength;
+ } multipart_event_formdata;
+
+ typedef struct _multipart_event_file_start {
+ size_t post_bytes_processed;
+ char *name;
+ char **filename;
+ } multipart_event_file_start;
+
+ typedef struct _multipart_event_file_data {
+ size_t post_bytes_processed;
+ off_t offset;
+ char *data;
+ size_t length;
+ size_t *newlength;
+ } multipart_event_file_data;
+
+ typedef struct _multipart_event_file_end {
+ size_t post_bytes_processed;
+ char *temp_filename;
+ int cancel_upload;
+ } multipart_event_file_end;
+
+ typedef struct _multipart_event_end {
+ size_t post_bytes_processed;
+ } multipart_event_end;
SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler);
void destroy_uploaded_files_hash(TSRMLS_D);
void php_rfc1867_register_constants(TSRMLS_D);
+ extern PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void **extra TSRMLS_DC);
#endif /* RFC1867_H */
|